Kernel memory dumps are located in %systemroot%\MEMORY.DMP
(%systemroot%\minidump)
1. Open the MEMORY.DMP file using Windbg.
(Symbol setting : SRV*c:\[path]*http://msdl.microsoft.com/download/symbols)
2. Enter '!analyze -v' without quotes to get detailed debugging information.
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
...
SYMBOL_NAME: volmgrx!VMX_NOTIFICATION_
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: volmgrx
IMAGE_NAME: volmgrx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e01efd
FAILURE_BUCKET_ID: 0x7a_c000000e_volmgrx!
3. What process was calling volmgrx.sys?
kd> !thread
THREAD 9b75f2b0 Cid 18e4.1754 Teb: 7ffdb000 Win32Thread: ffb9f540 RUNNING on processor 1
IRP List:
872f9290: (0006,01d8) Flags: 00060000 Mdl: 00000000
Not impersonating
DeviceMap 8d405780
Owning Process 8abb30e0 Image: vds.exe
Attached Process N/A Image: N/A
Wait Start TickCount 153296998 Ticks: 0
Context Switch Count 205
UserTime 00:00:00.000
KernelTime 00:00:00.171
Win32 Start Address 0x76c70148
Stack Init 8c315000 Current 8c314978 Base 8c315000 Limit 8c312000 Call 0
Priority 10 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
...
4. Confirm that vds.exe process called the volmgrx.sys...
kd> !process 8abb30e0 0
PROCESS 8abb30e0 SessionId: 0 Cid: 18e4 Peb: 7ffd6000 ParentCid: 0294
DirBase: bff34bc0 ObjectTable: 9a5556f0 HandleCount: 193.
Image: vds.exe
...
