0: kd> k
# Child-SP RetAddr Call Site
00 fffff802`d2afe568 fffff802`d103db86 nt!KeBugCheckEx
01 fffff802`d2afe570 fffff802`d0fc652d nt!KiFatalExceptionHandler+0×22
02 fffff802`d2afe5b0 fffff802`d0e83139 nt!RtlpExecuteHandlerForException+0xd
03 fffff802`d2afe5e0 fffff802`d0e815a8 nt!RtlDispatchException+0×429
04 fffff802`d2afece0 fffff802`d0fcb0c2 nt!KiDispatchException+0×144
05 fffff802`d2aff3c0 fffff802`d0fc957d nt!KiExceptionDispatch+0xc2
06 fffff802`d2aff5a0 fffff802`d10af119 nt!KiGeneralProtectionFault+0xfd
*** ERROR: Module load completed but symbols could not be loaded for vmci.sys
07 fffff802`d2aff730 fffff800`84456159 nt!ExAllocatePoolWithTag+0×7c9
08 fffff802`d2aff810 fffff800`84457131 vmci+0×6159
09 fffff802`d2aff840 fffff800`8445398b vmci+0×7131
0a fffff802`d2aff890 fffff802`d0eec3c0 vmci+0×398b
0b fffff802`d2aff8c0 fffff802`d0eebad9 nt!KiExecuteAllDpcs+0×270
0c fffff802`d2affa10 fffff802`d0fc323a nt!KiRetireDpcList+0xe9
0d fffff802`d2affc60 00000000`00000000 nt!KiIdleLoop+0×5a

You can contact Memory Dump Analysis Services for an audit of memory dump analysis: http://www.dumpanalysis.com and choose an SLA:

http://www.dumpanalysis.com/memory-dump-analysis-audit-service

Thanks,
Dmitry

I have a similar problem with a Citrix server running windows 2003 R2 Standar x64 edition SP2.Today morning it crashed and left a 4gb size memory.dmp file.

I used Winddebug and could get this information:
I’m new in this field so if someone has a an explanation or a work around please go slow with details.

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff97fc2872d4c, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff97fff1a730d, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)

Debugging Details:
——————

Page 89c8d not present in the dump file. Type “.hh dbgerr004″ for details
Page 905da not present in the dump file. Type “.hh dbgerr004″ for details
Page 905da not present in the dump file. Type “.hh dbgerr004″ for details
Page 905da not present in the dump file. Type “.hh dbgerr004″ for details
Page 905da not present in the dump file. Type “.hh dbgerr004″ for details
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type “.hh dbgerr001″ for details
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type “.hh dbgerr001″ for details

READ_ADDRESS: fffff97fc2872d4c

FAULTING_IP:
win32k!xxxScanSysQueue+3984
fffff97f`ff1a730d 0fba600c16 bt dword ptr [rax+0Ch],16h

MM_INTERNAL_CODE: 0

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4de79c43

MODULE_NAME: win32k

FAULTING_MODULE: fffff97fff000000 win32k

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD5

PROCESS_NAME: EXCEL.EXE

CURRENT_IRQL: 1

TRAP_FRAME: fffffaddcbbaaea0 — (.trap 0xfffffaddcbbaaea0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff97fc2872d40 rbx=0000000000000000 rcx=fffff97fc42b0eb0
rdx=fffff97fc3ea8fa0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff97fff1a730d rsp=fffffaddcbbab030 rbp=fffffaddcbbab5b0
r8=fffffaddcbbab100 r9=0000000000000000 r10=fffffaddcbbaa760
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
win32k!xxxScanSysQueue+0×3984:
fffff97f`ff1a730d 0fba600c16 bt dword ptr [rax+0Ch],16h ds:b250:2d4c=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800010a699d to fffff8000102eb50

STACK_TEXT:
fffffadd`cbbaadc8 fffff800`010a699d : 00000000`00000050 fffff97f`c2872d4c 00000000`00000000 fffffadd`cbbaaea0 : nt!KeBugCheckEx
fffffadd`cbbaadd0 fffff800`0102d719 : 00000000`00000000 00000000`00000201 fffffadd`cbbaaf00 fffff97f`f8443e60 : nt!MmAccessFault+0xa1f
fffffadd`cbbaaea0 fffff97f`ff1a730d : 00000000`00030078 00000000`00002001 00000000`00000000 fffff97f`ff000000 : nt!KiPageFault+0×119
fffffadd`cbbab030 fffff97f`ff0a0d98 : fffff97f`c3cacd80 fffffadd`cbbab458 00000000`00000000 00000000`00000100 : win32k!xxxScanSysQueue+0×3984
fffffadd`cbbab360 fffff97f`ff0a5dd2 : 00000000`00000000 fffffadd`00000000 fffffaae`00000100 fffffaae`00000100 : win32k!xxxRealInternalGetMessage+0×483
fffffadd`cbbab420 fffff800`0102e5fd : 00000000`00000000 fffff6fb`7dbed000 fffffaae`96d6cf90 fffffadd`cbbab5b0 : win32k!NtUserPeekMessage+0xad
fffffadd`cbbab4c0 00000000`6b2b5e2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0×3
00000000`0013bf58 fffff800`010267d0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0×6b2b5e2a
fffffadd`cbbab8c0 00000000`00000000 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : nt!KiCallUserMode

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxScanSysQueue+3984
fffff97f`ff1a730d 0fba600c16 bt dword ptr [rax+0Ch],16h

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: win32k!xxxScanSysQueue+3984

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xD5_VRF_win32k!xxxScanSysQueue+3984

BUCKET_ID: X64_0xD5_VRF_win32k!xxxScanSysQueue+3984

Followup: MachineOwner

I had a similar problem once related with Symantec, where Symantec’s KB said the following:
Problem

A blue screen appears with the error message “STOP: 0×000000c4 DRIVER_VERIFIER_DETECTED_VIOLATION.” Driver Verifier points to Spbbcdrv.sys as the offending driver with either Symantec AntiVirus or Symantec Endpoint Protection installed and tamper protection enabled.

Solution

To fix the problem, disable Driver Verifier and then restart the computer.

To disable Driver Verifier

On the Windows taskbar, click Start > Run.
In the Run box, type verifier and click OK.
Click Delete existing settings and then click Finish.
Click Yes.
Click OK.
Restart the computer.

I performed those steps and worked, but know i have another dump i want to hear opinions of people who know more about this field and check If I can apply any of those sugestions.

Thanks in advance

Ppen is from PnP manager

If we search for this stack trace frame:

PipMakeGloballyUniqueId+0×3a9

we find a discussion of similar BSOD and perhaps a solution:

http://social.microsoft.com/Forums/en/whssoftware/thread/98b381be-edff-43fb-b1d9-5307e6204733

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: e173c1d8, The pool entry we were looking for within the page.
Arg3: e173c1f8, The next pool entry.
Arg4: 0c040404, (reserved)

Debugging Details:
——————

BUGCHECK_STR: 0×19_20

POOL_ADDRESS: e173c1d8

CUSTOMER_CRASH_COUNT: 6

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: System

LOCK_ADDRESS: 8055b4e0 — (!locks 8055b4e0)

Resource @ nt!PiEngineLock (0×8055b4e0) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.

WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0×8055b4e0
Thread Count : 0
Thread address: 0×00000000
Thread wait : 0×0

LAST_CONTROL_TRANSFER: from 8054b583 to 804f9f33

STACK_TEXT:
f79f392c 8054b583 00000019 00000020 e173c1d8 nt!KeBugCheckEx+0×1b
f79f397c 8058fc05 e173c1e0 00000000 00000000 nt!ExFreePoolWithTag+0×2a3
f79f39dc 8059161d 85804dd0 e10f29a8 f79f3a48 nt!PipMakeGloballyUniqueId+0×3a9
f79f3ad0 8059222b 8593a7c8 861d33e8 8593a7c8 nt!PipProcessNewDeviceNode+0×185
f79f3d24 805927fa 8593a7c8 00000001 00000000 nt!PipProcessDevNodeTree+0×16b
f79f3d54 804f698e 00000003 8055b5c0 8056485c nt!PiRestartDevice+0×80
f79f3d7c 8053876d 00000000 00000000 863c1da8 nt!PipDeviceActionWorker+0×168
f79f3dac 805cff64 00000000 00000000 00000000 nt!ExpWorkerThread+0xef
f79f3ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0×34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0×16

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a3
8054b583 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a

FAILURE_BUCKET_ID: 0×19_20_nt!ExFreePoolWithTag+2a3

BUCKET_ID: 0×19_20_nt!ExFreePoolWithTag+2a3

Followup: MachineOwner
———

0: kd> !IRP 000000020
00000020: Could not read Irp
0: kd> !POOL 00000020
The pool page you have specified is not in this dump.
0: kd> !pool e173c1d8
Pool page e173c1d8 region is Unknown
e173c000 size: 28 previous size: 0 (Allocated) CMVa
e173c028 size: 8 previous size: 28 (Free) 0…
e173c030 size: 10 previous size: 8 (Allocated) MmSt
e173c040 size: 48 previous size: 10 (Allocated) ScSh
e173c088 size: 68 previous size: 48 (Allocated) ScNc
e173c0f0 size: 8 previous size: 68 (Free) Ntf0
e173c0f8 size: 10 previous size: 8 (Allocated) ObDi
e173c108 size: 28 previous size: 10 (Allocated) CMVa
e173c130 size: 80 previous size: 28 (Allocated) IoNm
e173c1b0 size: 8 previous size: 80 (Free) Sect
e173c1b8 size: 20 previous size: 8 (Allocated) CMVa
*e173c1d8 size: 20 previous size: 20 (Allocated) *Ppen
Pooltag Ppen : routines to perform device enumeration, Binary : nt!pnp
GetUlongFromAddress: unable to read from 80565d50
e173c1f8 is not a valid small pool allocation, checking large pool…
unable to get pool big page table - either wrong symbols or pool tagging is disabled
e173c1f8 is freed (or corrupt) pool
Bad previous allocation size @e173c1f8, last size was 4

***
*** An error (or corruption) in the pool was detected;
*** Pool Region unknown (0xFFFFFFFFE173C1F8)
***
*** Use !poolval e173c000 for more details.
***

0: kd> !poolval e173c000
Pool page e173c000 region is Unknown

Validating Pool headers for pool page: e173c000

Pool page [ e173c000 ] is __inVALID.

Analyzing linked list…
[ e173c1d8 –> e173c2c0 (size = 0xe8 bytes)]: Corrupt region

Scanning for single bit errors…

None found

0: kd> dps e173c1d8
e173c1d8 0c040404
e173c1dc 6e657050
e173c1e0 00260032
e173c1e4 00370061
e173c1e8 00360035
e173c1ec 00370035
e173c1f0 00260032
e173c1f4 004e0030
e173c1f8 00520054
e173c1fc 004c004f
e173c200 002e0053
e173c204 0055004d
e173c208 005c0049
e173c20c 002e0036
e173c210 002e0030
e173c214 00360032
e173c218 00300030
e173c21c 0c12040a
e173c220 e24e4d43
e173c224 00010001
e173c228 7224c689
e173c22c e17b53a4
e173c230 23230077
e173c234 4448233f
e173c238 49445541
e173c23c 5546234f
e173c240 305f434e
e173c244 45562631
e173c248 31315f4e
e173c24c 44264431
e173c250 375f5645
e173c254 26353036