!process -- Image name

PROCESS 852b8020  SessionId: 0  Cid: 1154    Peb: 7ffda000  ParentCid: 0ba4

    DirBase: ad036740  ObjectTable: b4061630  HandleCount:  53.

    Image: WerFault.exe

 From the _KPROCESS, it can't find the image name information, and it can be found in the _EPROCESS structure.

 

0: kd> dt _EPROCESS

nt!_EPROCESS

   +0x000 Pcb              : _KPROCESS

   +0x160 ProcessLock      : _EX_PUSH_LOCK

   +0x168 CreateTime       : _LARGE_INTEGER

   +0x170 ExitTime         : _LARGE_INTEGER

   +0x178 RundownProtect   : _EX_RUNDOWN_REF

   +0x180 UniqueProcessId  : Ptr64 Void

   +0x188 ActiveProcessLinks : _LIST_ENTRY

   +0x198 ProcessQuotaUsage : [2] Uint8B

   +0x1a8 ProcessQuotaPeak : [2] Uint8B

   +0x1b8 CommitCharge     : Uint8B

   +0x1c0 QuotaBlock       : Ptr64 _EPROCESS_QUOTA_BLOCK

   +0x1c8 CpuQuotaBlock    : Ptr64 _PS_CPU_QUOTA_BLOCK

   +0x1d0 PeakVirtualSize  : Uint8B

   +0x1d8 VirtualSize      : Uint8B

   +0x1e0 SessionProcessLinks : _LIST_ENTRY

   +0x1f0 DebugPort        : Ptr64 Void

   +0x1f8 ExceptionPortData : Ptr64 Void

   +0x1f8 ExceptionPortValue : Uint8B

   +0x1f8 ExceptionPortState : Pos 0, 3 Bits

   +0x200 ObjectTable      : Ptr64 _HANDLE_TABLE

   +0x208 Token            : _EX_FAST_REF

   +0x210 WorkingSetPage   : Uint8B

   +0x218 AddressCreationLock : _EX_PUSH_LOCK

   +0x220 RotateInProgress : Ptr64 _ETHREAD

   +0x228 ForkInProgress   : Ptr64 _ETHREAD

   +0x230 HardwareTrigger  : Uint8B

   +0x238 PhysicalVadRoot  : Ptr64 _MM_AVL_TABLE

   +0x240 CloneRoot        : Ptr64 Void

   +0x248 NumberOfPrivatePages : Uint8B

   +0x250 NumberOfLockedPages : Uint8B

   +0x258 Win32Process     : Ptr64 Void

   +0x260 Job              : Ptr64 _EJOB

   +0x268 SectionObject    : Ptr64 Void

   +0x270 SectionBaseAddress : Ptr64 Void

   +0x278 Cookie           : Uint4B

   +0x27c UmsScheduledThreads : Uint4B

   +0x280 WorkingSetWatch  : Ptr64 _PAGEFAULT_HISTORY

   +0x288 Win32WindowStation : Ptr64 Void

   +0x290 InheritedFromUniqueProcessId : Ptr64 Void

   +0x298 LdtInformation   : Ptr64 Void

   +0x2a0 Spare            : Ptr64 Void

   +0x2a8 ConsoleHostProcess : Uint8B

   +0x2b0 DeviceMap        : Ptr64 Void

   +0x2b8 EtwDataSource    : Ptr64 Void

   +0x2c0 FreeTebHint      : Ptr64 Void

   +0x2c8 FreeUmsTebHint   : Ptr64 Void

   +0x2d0 PageDirectoryPte : _HARDWARE_PTE

   +0x2d0 Filler           : Uint8B

   +0x2d8 Session          : Ptr64 Void

   +0x2e0 ImageFileName    : [15] UChar

CMFCMenuButton

The MFC examples are in the MFC\Visual C++ 2008 Feature Pack\NewControls.  The menu button work fine.  But it will meet the problem when I try it.  It can find more information in the http://stackoverflow.com/questions/3151790/why-isnt-the-dropdown-arrow-drawn-for-an-cmfcmenubutton

Can't load bitmap: 42b8.GetLastError() = 716
> CMenuImages. Can't load menu images 3f01

Rich Edit Control initialization

If you are using a rich edit control in a dialog box (regardless of whether your application is SDI, MDI, or dialog-based), you must callAfxInitRichEdit once before the dialog box is displayed. A typical place to call this function is in your program's InitInstance member function. You do not need to call it for each time you display the dialog box, only the first time. You do not have to call AfxInitRichEdit if you are working with CRichEditView.

AfxInitRichEdit2 for RichEditCtrl2.0

Call this function to load the RICHED20.DLL and initialize version 2.0 of the rich edit control. If you call the Create method of CRichEditCtrl,CRichEditView, or CRichEditDoc, you typically don't need to call this function, but in some cases it might be necessary.

Module information -- !lmi

0: kd> !lmi hpdskflt

Loaded Module Info: [hpdskflt] 

         Module: hpdskflt

   Base Address: fffffa6001a00000

     Image Name: hpdskflt.sys

   Machine Type: 34404 (X64)

     Time Stamp: 47e0334b Tue Mar 18 14:25:31 2008

           Size: a000

       CheckSum: e730

Characteristics: 22  

Debug Data Dirs: Type  Size     VA  Pointer

             CODEVIEW    55,  5220,    3a20 RSDS - GUID: {E531AC22-7E5E-4FC1-AB65-452496512564}

               Age: 30, Pdb: c:\prog\vendors\osr\hp3dgsr_vista\Release\amd64\hpdskflt.pdb

     Image Type: MEMORY   - Image read successfully from loaded memory.

    Symbol Type: NONE     - PDB not found from symbol server.

    Load Report: no symbols loaded

You can get more information in http://msdn.microsoft.com/en-us/library/windows/hardware/ff563955(v=vs.85).aspx.

The !lmi extension analyzes the module headers and displays a formatted summary of the information therein. If the module headers are paged out, an error message is displayed. To see a more extensive display of header information, use the !dh extension command.

You will need the PE and COFF knowledge for these two commands.  You can download the specification in the http://msdn.microsoft.com/library/windows/hardware/gg463125.

There is also a good website http://www.godevtool.com/Other/pdb.htm.

How to implement it?

IDebugSymbols::GetModuleParameters

then you will get the structure 

typedef struct _DEBUG_MODULE_PARAMETERS {
  ULONG64 Base;
  ULONG   Size;
  ULONG   TimeDateStamp;
  ULONG   Checksum;
  ULONG   Flags;
  ULONG   SymbolType;
  ULONG   ImageNameSize;
  ULONG   ModuleNameSize;
  ULONG   LoadedImageNameSize;
  ULONG   SymbolFileNameSize;
  ULONG   MappedImageNameSize;
  ULONG64 Reserved[2];
} DEBUG_MODULE_PARAMETERS, *PDEBUG_MODULE_PARAMETERS;

Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR -- WHEA_ERROR_RECORD

http://msdn.microsoft.com/en-us/library/ff559509(v=vs.85).aspx

Usually, the parameter 1 = 0 of BSOD 0x124, then the parameter 2 is the address of the WHEA_ERROR_RECORD structure.  http://msdn.microsoft.com/en-us/library/windows/hardware/ff560483(v=vs.85).aspx

Below is the detail information for the data structure information.

typedef struct _WHEA_ERROR_RECORD {
  WHEA_ERROR_RECORD_HEADER             Header;
  WHEA_ERROR_RECORD_SECTION_DESCRIPTOR SectionDescriptor[ANYSIZE_ARRAY];
} WHEA_ERROR_RECORD, *PWHEA_ERROR_RECORD;

typedef struct _WHEA_ERROR_RECORD_HEADER {
  ULONG                              Signature;
  WHEA_REVISION                      Revision;
  ULONG                              SignatureEnd;
  USHORT                             SectionCount;
  WHEA_ERROR_SEVERITY                Severity;
  WHEA_ERROR_RECORD_HEADER_VALIDBITS ValidBits;
  ULONG                              Length;
  WHEA_TIMESTAMP                     Timestamp;
  GUID                               PlatformId;
  GUID                               PartitionId;
  GUID                               CreatorId;
  GUID                               NotifyType;
  ULONGLONG                          RecordId;
  WHEA_ERROR_RECORD_HEADER_FLAGS     Flags;
  WHEA_PERSISTENCE_INFO              PersistenceInfo;
  UCHAR                              Reserved[12];
} WHEA_ERROR_RECORD_HEADER, *PWHEA_ERROR_RECORD_HEADER;

Signature = 'REPC'
typedef union _WHEA_REVISION {
  struct {
    UCHAR MinorRevision;
    UCHAR MajorRevision;
  };
  USHORT AsUSHORT;
} WHEA_REVISION, *PWHEA_REVISION;


typedef enum _WHEA_ERROR_SEVERITY {
  WheaErrSevRecoverable     = 0,
  WheaErrSevFatal           = 1,
  WheaErrSevCorrected       = 2,
  WheaErrSevInformational   = 3 
} WHEA_ERROR_SEVERITY, *PWHEA_ERROR_SEVERITY;

typedef union _WHEA_ERROR_RECORD_HEADER_VALIDBITS {
  struct {
    ULONG PlatformId  :1;
    ULONG Timestamp  :1;
    ULONG PartitionId  :1;
    ULONG Reserved  :29;
  };
  ULONG  AsULONG;
} WHEA_ERROR_RECORD_HEADER_VALIDBITS, *PWHEA_ERROR_RECORD_HEADER_VALIDBITS;
Length = The length, in bytes, of the error record.
typedef union _WHEA_TIMESTAMP {
  struct {
    ULONGLONG Seconds  :8;
    ULONGLONG Minutes  :8;
    ULONGLONG Hours  :8;
    ULONGLONG Precise  :1;
    ULONGLONG Reserved  :7;
    ULONGLONG Day  :8;
    ULONGLONG Month  :8;
    ULONGLONG Year  :8;
    ULONGLONG Century  :8;
  };
  LARGE_INTEGER AsLARGE_INTEGER;
} WHEA_TIMESTAMP, *PWHEA_TIMESTAMP;


typedef union _WHEA_ERROR_RECORD_HEADER_FLAGS {
  struct {
    ULONG  Recovered:1;
    ULONG  PreviousError:1;
    ULONG  Simulated:1;
    ULONG  Reserved:29;
  };
  ULONG  AsULONG;
} WHEA_ERROR_RECORD_HEADER_FLAGS, *PWHEA_ERROR_RECORD_HEADER_FLAGS;
typedef union _WHEA_PERSISTENCE_INFO {
  struct {
    ULONGLONG Signature  :16;
    ULONGLONG Length  :24;
    ULONGLONG Identifier  :16;
    ULONGLONG Attributes  :2;
    ULONGLONG DoNotLog  :1;
    ULONGLONG Reserved  :5;
  };
  ULONGLONG AsULONGLONG;
} WHEA_PERSISTENCE_INFO, *PWHEA_PERSISTENCE_INFO;
//--------------------------------------------------------------------------------------
typedef struct _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR {
  ULONG                                          SectionOffset;
  ULONG                                          SectionLength;
  WHEA_REVISION                                  Revision;
  WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS ValidBits;
  UCHAR                                          Reserved;
  WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS     Flags;
  GUID                                           SectionType;
  GUID                                           FRUId;
  WHEA_ERROR_SEVERITY                            SectionSeverity;
  CCHAR                                          FRUText[20];
} WHEA_ERROR_RECORD_SECTION_DESCRIPTOR, *PWHEA_ERROR_RECORD_SECTION_DESCRIPTOR;
typedef union _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS {
  struct {
    UCHAR FRUId  :1;
    UCHAR FRUText  :1;
    UCHAR Reserved  :6;
  };
  UCHAR  AsUCHAR;
} WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS, *PWHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS;

typedef union _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS {
  struct {
    ULONG  Primary:1;
    ULONG  ContainmentWarning:1;
    ULONG  Reset:1;
    ULONG  ThresholdExceeded:1;
    ULONG  ResourceNotAvailable:1;
    ULONG  LatentError:1;
    ULONG  Reserved:26;
  };
  ULONG  AsULONG;
} WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS, *PWHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS;


//////////////////////////////////////////////////////////////////////////////////////////////////

typedef struct _WHEA_PROCESSOR_GENERIC_ERROR_SECTION {
  WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS ValidBits;
  UCHAR                                          ProcessorType;
  UCHAR                                          InstructionSet;
  UCHAR                                          ErrorType;
  UCHAR                                          Operation;
  UCHAR                                          Flags;
  UCHAR                                          Level;
  USHORT                                         Reserved;
  ULONGLONG                                      CPUVersion;
  UCHAR                                          CPUBrandString[128];
  ULONGLONG                                      ProcessorId;
  ULONGLONG                                      TargetAddress;
  ULONGLONG                                      RequesterId;
  ULONGLONG                                      ResponderId;
  ULONGLONG                                      InstructionPointer;
} WHEA_PROCESSOR_GENERIC_ERROR_SECTION, *PWHEA_PROCESSOR_GENERIC_ERROR_SECTION;

typedef union _WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS {
  struct {
    ULONGLONG ProcessorType  :1;
    ULONGLONG InstructionSet  :1;
    ULONGLONG ErrorType  :1;
    ULONGLONG Operation  :1;
    ULONGLONG Flags  :1;
    ULONGLONG Level  :1;
    ULONGLONG CPUVersion  :1;
    ULONGLONG CPUBrandString  :1;
    ULONGLONG ProcessorId  :1;
    ULONGLONG TargetAddress  :1;
    ULONGLONG RequesterId  :1;
    ULONGLONG ResponderId  :1;
    ULONGLONG InstructionPointer  :1;
    ULONGLONG Reserved  :51;
  };
  ULONGLONG ValidBits;
} WHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS, *PWHEA_PROCESSOR_GENERIC_ERROR_SECTION_VALIDBITS;

#define WHEA_ERROR_PACKET_V1_SIGNATURE  'tPrE'

#define WHEA_ERROR_PACKET_V1_VERSION    2

#define WHEA_ERROR_PACKET_V2_SIGNATURE 'AEHW'

#define WHEA_ERROR_PACKET_V2_VERSION   3

typedef union _WHEA_ERROR_PACKET_FLAGS {

  struct {

    ULONG PreviousError  :1;

    ULONG Reserved1  :1;

    ULONG HypervisorError  :1;

    ULONG Simulated  :1;

    ULONG PlatformPfaControl  :1;

    ULONG PlatformDirectedOffline  :1;

    ULONG Reserved2  :26;

  };

  ULONG  AsULONG;

} WHEA_ERROR_PACKET_FLAGS, *PWHEA_ERROR_PACKET_FLAGS;

typedef enum _WHEA_ERROR_TYPE {

  WheaErrTypeProcessor    = 0,

  WheaErrTypeMemory,

  WheaErrTypePCIExpress,

  WheaErrTypeNMI,

  WheaErrTypePCIXBus,

  WheaErrTypePCIXDevice,

  WheaErrTypeGeneric 

} WHEA_ERROR_TYPE, *PWHEA_ERROR_TYPE;

typedef enum _WHEA_ERROR_SOURCE_TYPE {

  WheaErrSrcTypeMCE          = 0x00,

  WheaErrSrcTypeCMC          = 0x01,

  WheaErrSrcTypeCPE          = 0x02,

  WheaErrSrcTypeNMI          = 0x03,

  WheaErrSrcTypePCIe         = 0x04,

  WheaErrSrcTypeGeneric      = 0x05,

  WheaErrSrcTypeINIT         = 0x06,

  WheaErrSrcTypeBOOT         = 0x07,

  WheaErrSrcTypeSCIGeneric   = 0x08,

  WheaErrSrcTypeIPFMCA       = 0x09,

  WheaErrSrcTypeIPFCMC       = 0x0a,

  WheaErrSrcTypeIPFCPE       = 0x0b,

  WheaErrSrcTypeMax 

} WHEA_ERROR_SOURCE_TYPE, *PWHEA_ERROR_SOURCE_TYPE;

typedef enum _WHEA_ERROR_PACKET_DATA_FORMAT {

  WheaDataFormatIPFSalRecord   = 0,

  WheaDataFormatXPFMCA,

  WheaDataFormatMemory,

  WheaDataFormatPCIExpress,

  WheaDataFormatNMIPort,

  WheaDataFormatPCIXBus,

  WheaDataFormatPCIXDevice,

  WheaDataFormatGeneric,

  WheaDataFormatMax 

} WHEA_ERROR_PACKET_DATA_FORMAT, *PWHEA_ERROR_PACKET_DATA_FORMAT;

typedef union _WHEA_MEMORY_ERROR_SECTION_VALIDBITS {

  struct {

    ULONGLONG ErrorStatus  :1;

    ULONGLONG PhysicalAddress  :1;

    ULONGLONG PhysicalAddressMask  :1;

    ULONGLONG Node  :1;

    ULONGLONG Card  :1;

    ULONGLONG Module  :1;

    ULONGLONG Bank  :1;

    ULONGLONG Device  :1;

    ULONGLONG Row  :1;

    ULONGLONG Column  :1;

    ULONGLONG BitPosition  :1;

    ULONGLONG RequesterId  :1;

    ULONGLONG ResponderId  :1;

    ULONGLONG TargetId  :1;

    ULONGLONG ErrorType  :1;

    ULONGLONG Reserved  :49;

  };

  ULONGLONG ValidBits;

} WHEA_MEMORY_ERROR_SECTION_VALIDBITS, *PWHEA_MEMORY_ERROR_SECTION_VALIDBITS;

typedef union _WHEA_ERROR_STATUS {

  ULONGLONG ErrorStatus;

  struct {

    ULONGLONG Reserved1  :8;

    ULONGLONG ErrorType  :8;

    ULONGLONG Address  :1;

    ULONGLONG Control  :1;

    ULONGLONG Data  :1;

    ULONGLONG Responder  :1;

    ULONGLONG Requester  :1;

    ULONGLONG FirstError  :1;

    ULONGLONG Overflow  :1;

    ULONGLONG Reserved2  :41;

  };

} WHEA_ERROR_STATUS, *PWHEA_ERROR_STATUS;

typedef struct _WHEA_MEMORY_ERROR_SECTION {

  WHEA_MEMORY_ERROR_SECTION_VALIDBITS ValidBits;

  WHEA_ERROR_STATUS                   ErrorStatus;

  ULONGLONG                           PhysicalAddress;

  ULONGLONG                           PhysicalAddressMask;

  USHORT                              Node;

  USHORT                              Card;

  USHORT                              Module;

  USHORT                              Bank;

  USHORT                              Device;

  USHORT                              Row;

  USHORT                              Column;

  USHORT                              BitPosition;

  ULONGLONG                           RequesterId;

  ULONGLONG                           ResponderId;

  ULONGLONG                           TargetId;

  UCHAR                               ErrorType;

} WHEA_MEMORY_ERROR_SECTION, *PWHEA_MEMORY_ERROR_SECTION;

typedef union _WHEA_NMI_ERROR_SECTION_FLAGS {

  struct {

    ULONG  HypervisorError:1;

    ULONG  Reserved:31;

  };

  ULONG  AsULONG;

} WHEA_NMI_ERROR_SECTION_FLAGS, *PWHEA_NMI_ERROR_SECTION_FLAGS;

typedef struct _WHEA_NMI_ERROR_SECTION {

  UCHAR                        Data[8];

  WHEA_NMI_ERROR_SECTION_FLAGS Flags;

} WHEA_NMI_ERROR_SECTION, *PWHEA_NMI_ERROR_SECTION;

typedef union _WHEA_PCIEXPRESS_ERROR_SECTION_VALIDBITS {

  struct {

    ULONGLONG PortType  :1;

    ULONGLONG Version  :1;

    ULONGLONG CommandStatus  :1;

    ULONGLONG DeviceId  :1;

    ULONGLONG DeviceSerialNumber  :1;

    ULONGLONG BridgeControlStatus  :1;

    ULONGLONG ExpressCapability  :1;

    ULONGLONG AerInfo  :1;

    ULONGLONG Reserved  :56;

  };

  ULONGLONG ValidBits;

} WHEA_PCIEXPRESS_ERROR_SECTION_VALIDBITS, *PWHEA_PCIEXPRESS_ERROR_SECTION_VALIDBITS;

typedef enum {

    WheaPciExpressEndpoint = 0,

    WheaPciExpressLegacyEndpoint,

    WheaPciExpressRootPort = 4,

    WheaPciExpressUpstreamSwitchPort,

    WheaPciExpressDownstreamSwitchPort,

    WheaPciExpressToPciXBridge,

    WheaPciXToExpressBridge,

    WheaPciExpressRootComplexIntegratedEndpoint,

    WheaPciExpressRootComplexEventCollector

} WHEA_PCIEXPRESS_DEVICE_TYPE;

typedef union _WHEA_PCIEXPRESS_VERSION {

  struct {

    UCHAR  MinorVersion;

    UCHAR  MajorVersion;

    USHORT  Reserved;

  };

  ULONG  AsULONG;

} WHEA_PCIEXPRESS_VERSION, *PWHEA_PCIEXPRESS_VERSION;

typedef union _WHEA_PCIEXPRESS_COMMAND_STATUS {

  struct {

    USHORT  Command;

    USHORT  Status;

  };

  ULONG  AsULONG;

} WHEA_PCIEXPRESS_COMMAND_STATUS, *PWHEA_PCIEXPRESS_COMMAND_STATUS;

typedef struct _WHEA_PCIEXPRESS_DEVICE_ID {

  USHORT  VendorID;

  USHORT  DeviceID;

  ULONG  ClassCode:24;

  ULONG  FunctionNumber:8;

  ULONG  DeviceNumber:8;

  ULONG  Segment:16;

  ULONG  PrimaryBusNumber:8;

  ULONG  SecondaryBusNumber:8;

  ULONG Reserved1:3;

  ULONG SlotNumber:13;  ULONG  Reserved2:8;

} WHEA_PCIEXPRESS_DEVICE_ID, *PWHEA_PCIEXPRESS_DEVICE_ID;

typedef union _WHEA_PCIEXPRESS_BRIDGE_CONTROL_STATUS {

  struct {

    USHORT  BridgeSecondaryStatus;

    USHORT  BridgeControl;

  };

  ULONG  AsULONG;

} WHEA_PCIEXPRESS_BRIDGE_CONTROL_STATUS, *PWHEA_PCIEXPRESS_BRIDGE_CONTROL_STATUS;

typedef struct _WHEA_PCIEXPRESS_ERROR_SECTION {

  WHEA_PCIEXPRESS_ERROR_SECTION_VALIDBITS ValidBits;

  WHEA_PCIEXPRESS_DEVICE_TYPE             PortType;

  WHEA_PCIEXPRESS_VERSION                 Version;

  WHEA_PCIEXPRESS_COMMAND_STATUS          CommandStatus;

  ULONG                                   Reserved;

  WHEA_PCIEXPRESS_DEVICE_ID               DeviceId;

  ULONGLONG                               DeviceSerialNumber;

  WHEA_PCIEXPRESS_BRIDGE_CONTROL_STATUS   BridgeControlStatus;

  UCHAR                                   ExpressCapability[60];

  UCHAR                                   AerInfo[96];

} WHEA_PCIEXPRESS_ERROR_SECTION, *PWHEA_PCIEXPRESS_ERROR_SECTION;

typedef union _WHEA_PCIXBUS_ERROR_SECTION_VALIDBITS {

  struct {

    ULONGLONG ErrorStatus  :1;

    ULONGLONG ErrorType  :1;

    ULONGLONG BusId  :1;

    ULONGLONG BusAddress  :1;

    ULONGLONG BusData  :1;

    ULONGLONG BusCommand  :1;

    ULONGLONG RequesterId  :1;

    ULONGLONG CompleterId  :1;

    ULONGLONG TargetId  :1;

    ULONGLONG Reserved  :55;

  };

  ULONGLONG ValidBits;

} WHEA_PCIXBUS_ERROR_SECTION_VALIDBITS, *PWHEA_PCIXBUS_ERROR_SECTION_VALIDBITS;

typedef union _WHEA_PCIXBUS_ID {

  struct {

    UCHAR  BusNumber;

    UCHAR  BusSegment;

  };

  USHORT  AsUSHORT;

} WHEA_PCIXBUS_ID, *PWHEA_PCIXBUS_ID;

typedef union _WHEA_PCIXBUS_COMMAND {

  struct {

    ULONGLONG  Command:56;

    ULONGLONG  PCIXCommand:1;

    ULONGLONG  Reserved:7;

  };

  ULONGLONG  AsULONGLONG;

} WHEA_PCIXBUS_COMMAND, *PWHEA_PCIXBUS_COMMAND;

typedef struct _WHEA_PCIXBUS_ERROR_SECTION {

  WHEA_PCIXBUS_ERROR_SECTION_VALIDBITS ValidBits;

  WHEA_ERROR_STATUS                    ErrorStatus;

  USHORT                               ErrorType;

  WHEA_PCIXBUS_ID                      BusId;

  ULONG                                Reserved;

  ULONGLONG                            BusAddress;

  ULONGLONG                            BusData;

  WHEA_PCIXBUS_COMMAND                 BusCommand;

  ULONGLONG                            RequesterId;

  ULONGLONG                            CompleterId;

  ULONGLONG                            TargetId;

} WHEA_PCIXBUS_ERROR_SECTION, *PWHEA_PCIXBUS_ERROR_SECTION;

typedef union _WHEA_PCIXDEVICE_ERROR_SECTION_VALIDBITS {

  struct {

    ULONGLONG ErrorStatus  :1;

    ULONGLONG IdInfo  :1;

    ULONGLONG MemoryNumber  :1;

    ULONGLONG IoNumber  :1;

    ULONGLONG RegisterDataPairs  :1;

    ULONGLONG Reserved  :59;

  };

  ULONGLONG ValidBits;

} WHEA_PCIXDEVICE_ERROR_SECTION_VALIDBITS, *PWHEA_PCIXDEVICE_ERROR_SECTION_VALIDBITS;

typedef struct _WHEA_PCIXDEVICE_ID {

  USHORT  VendorId;

  USHORT  DeviceId;

  ULONG  ClassCode:24;

  ULONG  FunctionNumber:8;

  ULONG  DeviceNumber:8;

  ULONG  BusNumber:8;

  ULONG  SegmentNumber:8;

  ULONG  Reserved1:8;

  ULONG  Reserved2;

} WHEA_PCIXDEVICE_ID, *PWHEA_PCIXDEVICE_ID;

typedef struct WHEA_PCIXDEVICE_REGISTER_PAIR {

  ULONGLONG  Register;

  ULONGLONG  Data;

} WHEA_PCIXDEVICE_REGISTER_PAIR, *PWHEA_PCIXDEVICE_REGISTER_PAIR;

typedef struct _WHEA_PCIXDEVICE_ERROR_SECTION {

  WHEA_PCIXDEVICE_ERROR_SECTION_VALIDBITS ValidBits;

  WHEA_ERROR_STATUS                       ErrorStatus;

  WHEA_PCIXDEVICE_ID                      IdInfo;

  ULONG                                   MemoryNumber;

  ULONG                                   IoNumber;

  WHEA_PCIXDEVICE_REGISTER_PAIR           RegisterDataPairs[ANYSIZE_ARRAY];

} WHEA_PCIXDEVICE_ERROR_SECTION, *PWHEA_PCIXDEVICE_ERROR_SECTION;

typedef enum _WHEA_RAW_DATA_FORMAT {

  WheaRawDataFormatIPFSalRecord   = 0x00,

  WheaRawDataFormatIA32MCA,

  WheaRawDataFormatIntel64MCA,

  WheaRawDataFormatAMD64MCA,

  WheaRawDataFormatMemory,

  WheaRawDataFormatPCIExpress,

  WheaRawDataFormatNMIPort,

  WheaRawDataFormatPCIXBus,

  WheaRawDataFormatPCIXDevice,

  WheaRawDataFormatGeneric,

  WheaRawDataFormatMax 

} WHEA_RAW_DATA_FORMAT, *PWHEA_RAW_DATA_FORMAT;

typedef struct _WHEA_ERROR_PACKET_V1 {

  ULONG                   Signature;

  WHEA_ERROR_PACKET_FLAGS Flags;

  ULONG                   Size;

  ULONG                   RawDataLength;

  ULONGLONG               Reserved1;

  ULONGLONG               Context;

  WHEA_ERROR_TYPE         ErrorType;

  WHEA_ERROR_SEVERITY     ErrorSeverity;

  ULONG                   ErrorSourceId;

  WHEA_ERROR_SOURCE_TYPE  ErrorSourceType;

  ULONG                   Reserved2;

  ULONG                   Version;

  ULONGLONG               Cpu;

  union {

    WHEA_PROCESSOR_GENERIC_ERROR_SECTION ProcessorError;

    WHEA_MEMORY_ERROR_SECTION            MemoryError;

    WHEA_NMI_ERROR_SECTION               NmiError;

    WHEA_PCIEXPRESS_ERROR_SECTION        PciExpressError;

    WHEA_PCIXBUS_ERROR_SECTION           PciXBusError;

    WHEA_PCIXDEVICE_ERROR_SECTION        PciXDeviceError;

  } u;

  WHEA_RAW_DATA_FORMAT    RawDataFormat;

  ULONG                   RawDataOffset;

  UCHAR                   RawData[1];

} WHEA_ERROR_PACKET_V1, *PWHEA_ERROR_PACKET_V1;

typedef struct _WHEA_ERROR_PACKET_V2 {

  ULONG                         Signature;

  ULONG                         Version;

  ULONG                         Length;

  WHEA_ERROR_PACKET_FLAGS       Flags;

  WHEA_ERROR_TYPE               ErrorType;

  WHEA_ERROR_SEVERITY           ErrorSeverity;

  ULONG                         ErrorSourceId;

  WHEA_ERROR_SOURCE_TYPE        ErrorSourceType;

  GUID                          NotifyType;

  ULONGLONG                     Context;

  WHEA_ERROR_PACKET_DATA_FORMAT DataFormat;

  ULONG                         Reserved1;

  ULONG                         DataOffset;

  ULONG                         DataLength;

  ULONG                         PshedDataOffset;

  ULONG                         PshedDataLength;

} WHEA_ERROR_PACKET_V2, *PWHEA_ERROR_PACKET_V2;

typedef union _MCI_STATS {

  struct {

    USHORT  McaCod;

    USHORT  MsCod;

    ULONG  OtherInfo   : 25;

    ULONG  Damage    : 1;

    ULONG  AddressValid  : 1;

    ULONG  MiscValid  : 1;

    ULONG  Enabled    : 1;

    ULONG  UnCorrected  : 1;

    ULONG  OverFlow  : 1;

    ULONG  Valid    : 1;

  } MciStats;

  ULONGLONG  QuadPart;

} MCI_STATS, *PMCI_STATS;

 

typedef union _MCI_ADDR{

  struct {

    ULONG Address;

    ULONG Reserved;

  } MciAddr;

 

  ULONGLONG  QuadPart;

} MCI_ADDR, *PMCI_ADDR;

typedef enum 

{

         HAL_MCE_RECORD = 0,

         HAL_MCA_RECORD = 1

} MCA_EXCEPTION_TYPE;

 

typedef struct _MCA_EXCEPTION {

 

  ULONG  VersionNumber;  // Version number of this record type

  MCA_EXCEPTION_TYPE  ExceptionType;  // MCA or MCE

  LARGE_INTEGER  TimeStamp;  // exception recording timestamp

  ULONG  ProcessorNumber;// processor number

 

  union {

    struct {

      UCHAR  BankNumber;  // bank number

      MCI_STATS  Status;  

      MCI_ADDR  Address;

      ULONGLONG  Misc;

    } Mca;

 

    struct {

      ULONGLONG  McAddress;  // physical address for the cycle causing the error

      ULONGLONG  McType;   // cycle specification causing the error

    } Mce;

  } u;

} MCA_EXCEPTION, *PMCA_EXCEPTION;

Module information

For windbg debug..You can use lm (list module) command  http://msdn.microsoft.com/en-us/library/windows/hardware/ff552026(v=vs.85).aspx

1: kd> lmvm nt

start             end                 module name

fffff800`02c49000 fffff800`03226000   nt         (export symbols)       ntkrnlmp.exe

    Loaded symbol image file: ntkrnlmp.exe

    Image path: ntkrnlmp.exe

    Image name: ntkrnlmp.exe

    Timestamp:        Mon Jul 13 16:40:48 2009 (4A5BC600)

    CheckSum:         0054B487

    ImageSize:        005DD000

    File version:     6.1.7600.16385

    Product version:  6.1.7600.16385

    File flags:       0 (Mask 3F)

    File OS:          40004 NT Win32

    File type:        1.0 App

    File date:        00000000.00000000

    Translations:     0409.04b0

    CompanyName:      Microsoft Corporation

    ProductName:      Microsoft® Windows® Operating System

    InternalName:     ntkrnlmp.exe

    OriginalFilename: ntkrnlmp.exe

    ProductVersion:   6.1.7600.16385

    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)

    FileDescription:  NT Kernel & System

    LegalCopyright:   © Microsoft Corporation. All rights reserved.

If you want to implement lmvm command by dbgeng.dll.  You can try GetModuleVersionInformation.

Status = g_Symbols->GetModuleByModuleName (name,0,&index, &base);

Status =  g_Symbols2->GetModuleVersionInformation (DEBUG_ANY_ID,base, 

"\\VarFileInfo\\Translation",   (LPVOID*)&lpTranslate, sizeof(LANGANDCODEPAGE), &size);

tmps.Format ("\\StringFileInfo\\%04x%04x\\CompanyName",lpTranslate.wLanguage,lpTranslate.wCodePage );

Status =  g_Symbols2->GetModuleVersionInformation (DEBUG_ANY_ID,base, tmps, buffer, 128, &size);

BSOD 0xC4 DRIVER_VERIFIER_DETECTED_VIOLATION

There is the MSDN document http://msdn.microsoft.com/en-us/library/windows/hardware/ff560187(v=vs.85).aspx for this.

There is also a good document in the http://social.msdn.microsoft.com/Forums/zh-TW/1295/thread/f0bf8b0c-35d6-4d70-83fb-3ff02943dc6f  about the Arg1=0x62

Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior t
o unloading.
Arg2: fffffadfcebce290, name of the driver having the issue.
Arg3: fffffadfcebce1f0, verifier internal structure with driver information.
Arg4: 0000000000000004, total # of (paged+nonpaged) allocations that weren't free
d.
Type !verifier 3 drivername.sys for info on the allocations
that were leaked that caused the bugcheck. Debugging Details:
------------------ *** No owner thread found for resource fffff800011dca60
*** No owner thread found for resource fffff800011dca60 BUGCHECK_STR: 0xc4_
62 IMAGE_NAME: usbser.sys DEBUG_FLR_IMAGE_TIMESTAMP: 42435eb6 MOD
ULE_NAME: usbser FAULTING_MODULE: fffffadfc66c1000 usbser VERIFIER_DRIV
ER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffadfcebce1f0
+0x000 Links : _LIST_ENTRY [ 0xfffff800`011dac50 - 0xfffff800`011dac50]
+0x010 Loads : 9
+0x014 Unloads : 8
+0x018 BaseName : _UNICODE_STRING "usbser.sys"
+0x028 StartAddress : 0xfffffadf`c66c1000
+0x030 EndAddress : 0xfffffadf`c66d2000
+0x038 Flags : 1
+0x040 Signature : 0x98761940
+0x050 PoolPageHeaders : _SLIST_HEADER
+0x060 PoolTrackers : _SLIST_HEADER
+0x070 CurrentPagedPoolAllocations : 2
+0x074 CurrentNonPagedPoolAllocations : 2
+0x078 PeakPagedPoolAllocations : 9
+0x07c PeakNonPagedPoolAllocations : 0xb
+0x080 PagedBytes : 0x30
+0x088 NonPagedBytes : 0x100
+0x090 PeakPagedBytes : 0x438
+0x098 PeakNonPagedBytes : 0xe2c0