Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 10586 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 10586.17.amd64fre.th2_release.151121-2308
- Machine Name:
- Kernel base = 0xfffff802`24e1d000 PsLoadedModuleList = 0xfffff802`250fbc70
- Debug session time: Thu Dec 24 06:38:48.348 2015 (UTC + 3:00)
- System Uptime: 0 days 13:19:07.164
- Loading Kernel Symbols
- ...............................................................
- .........................................................Page 10854a not present in the dump file. Type ".hh dbgerr004" for details
- .Page 10856d not present in the dump file. Type ".hh dbgerr004" for details
- ..Page 1088fa not present in the dump file. Type ".hh dbgerr004" for details
- ....
- ............Page 1ca8da not present in the dump file. Type ".hh dbgerr004" for details
- .Page 129edc not present in the dump file. Type ".hh dbgerr004" for details
- ....................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000000`002c8018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- ....................
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck 3B, {c0000005, fffff800efc10e28, ffffd001e8787260, 0}
- *** ERROR: Module load completed but symbols could not be loaded for adgnetworkwfpdrv.sys
- Page 10854a not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Probably caused by : NETIO.SYS ( NETIO!StreamInvokeCalloutAndNormalizeAction+60 )
- Followup: MachineOwner
- ---------
- 2: kd> adgnetworkwfpdrv.sys
- ^ No information found error in 'adgnetworkwfpdrv.sys'
- 2: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff800efc10e28, Address of the instruction which caused the bugcheck
- Arg3: ffffd001e8787260, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ------------------
- Page 10854a not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- Page 1b0 not present in the dump file. Type ".hh dbgerr004" for details
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- ...emptied MB info by me
- DUMP_TYPE: 1
- BUGCHECK_P1: c0000005
- BUGCHECK_P2: fffff800efc10e28
- BUGCHECK_P3: ffffd001e8787260
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
- FAULTING_IP:
- NETIO!StreamInvokeCalloutAndNormalizeAction+60
- fffff800`efc10e28 488b7008 mov rsi,qword ptr [rax+8]
- CONTEXT: ffffd001e8787260 -- (.cxr 0xffffd001e8787260)
- rax=0000000000000000 rbx=ffffd001e8787e18 rcx=ffffd001e8787ce0
- rdx=0000000000000000 rsi=ffffd001e8788180 rdi=ffffe0019b2f3780
- rip=fffff800efc10e28 rsp=ffffd001e8787c80 rbp=ffffd001e8787d09
- r8=0000000000000040 r9=0000000000000000 r10=0000000000000000
- r11=ffffe0019b2f3780 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000158 r15=ffffe0019776b270
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
- NETIO!StreamInvokeCalloutAndNormalizeAction+0x60:
- fffff800`efc10e28 488b7008 mov rsi,qword ptr [rax+8] ds:002b:00000000`00000008=????????????????
- Resetting default scope
- CPU_COUNT: 4
- CPU_MHZ: c2a
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 10
- CPU_MODEL: 5
- CPU_STEPPING: 3
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: AdguardSvc.exe
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: DESKTOP-XXXXXXXXXXX
- ANALYSIS_SESSION_TIME: 12-24-2015 06:52:28.0206
- ANALYSIS_VERSION: 10.0.10586.567 amd64fre
- LAST_CONTROL_TRANSFER: from fffff800efc10d01 to fffff800efc10e28
- STACK_TEXT:
- ffffd001`e8787c80 fffff800`efc10d01 : ffffe001`9776b270 ffffe001`9b2f3780 00000000`00000000 ffffd001`e8788180 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x60
- ffffd001`e8787d60 fffff800`efc0f1ca : ffffe001`937a0014 fffff800`f167cac0 ffffd001`00000000 ffffe001`94461c50 : NETIO!StreamProcessCallout+0x711
- ffffd001`e8787ea0 fffff800`efc0e060 : ffffd001`e8780014 ffffe001`94461c50 ffffe001`9793f320 ffffd001`e87886a0 : NETIO!ProcessCallout+0x6ba
- ffffd001`e8788010 fffff800`efc0cc0f : 6dbba38f`80c5930a ffffd001`e8788300 00000000`00000000 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x4a0
- ffffd001`e8788200 fffff800`efc4ec60 : fffff6e8`00100000 ffffd001`e8788731 ffffe001`939df580 fffff800`efc01ee5 : NETIO!KfdClassify+0x32f
- ffffd001`e8788650 fffff800`efc4e6fc : 00000000`00000000 ffffd001`e8788801 00000000`00000158 00000000`00000000 : NETIO!StreamInternalClassify+0x110
- ffffd001`e8788780 fffff800`efc4be15 : 00000000`00000014 ffffe001`9793f170 00000000`00000000 ffffe001`97aef2f0 : NETIO!StreamInject+0x214
- ffffd001`e8788850 fffff800`eff267dd : ffffe001`9793f170 00000000`00000109 00000000`00000000 ffffe001`00000011 : NETIO!FwppStreamInject+0x135
- ffffd001`e87888e0 fffff800`f063630a : ffffe001`938de700 ffffe001`938de848 ffffe001`93f9a0d0 ffffd001`e6d80000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
- ffffd001`e8788940 fffff800`f0637ae5 : ffffe001`97aef2f0 ffffe001`95da3270 ffffd001`e8788a91 00000000`00000000 : adgnetworkwfpdrv+0x630a
- ffffd001`e87889d0 fffff802`2521faf6 : ffffe001`975b55b0 ffffd001`e8788a91 00000000`00000000 fffff680`00037ef8 : adgnetworkwfpdrv+0x7ae5
- ffffd001`e8788a10 fffff802`25220a98 : ffffe001`970c96f0 ffffe001`95da3270 ffffe001`975b54e0 ffffe001`95da3270 : nt!IopSynchronousServiceTail+0x176
- ffffd001`e8788ae0 fffff802`24f69fa3 : 00000000`00000000 00000000`000007ec 00000000`00000001 00000000`06fdf6e8 : nt!NtWriteFile+0x678
- ffffd001`e8788bd0 00000000`526221bc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`0653f248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x526221bc
- THREAD_SHA1_HASH_MOD_FUNC: 79befbb4d87ccf797286429df19979ef0f361ff7
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b9c5ad8eb97c0c2d9735bbd46284a67f6ae42471
- THREAD_SHA1_HASH_MOD: 6b873ba2174495954cb6e32224326330d081df7b
- FOLLOWUP_IP:
- NETIO!StreamInvokeCalloutAndNormalizeAction+60
- fffff800`efc10e28 488b7008 mov rsi,qword ptr [rax+8]
- FAULT_INSTR_CODE: 8708b48
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: NETIO!StreamInvokeCalloutAndNormalizeAction+60
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 5632d715
- STACK_COMMAND: .cxr 0xffffd001e8787260 ; kb
- BUCKET_ID_FUNC_OFFSET: 60
- FAILURE_BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction
- BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction
- PRIMARY_PROBLEM_CLASS: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction
- TARGET_TIME: 2015-12-24T03:38:48.000Z
- OSBUILD: 10586
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2015-11-22 12:24:24
- BUILDDATESTAMP_STR: 151121-2308
- BUILDLAB_STR: th2_release
- BUILDOSVER_STR: 10.0.10586.17.amd64fre.th2_release.151121-2308
- ANALYSIS_SESSION_ELAPSED_TIME: 3299
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x3b_netio!streaminvokecalloutandnormalizeaction
- FAILURE_ID_HASH: {5c8d1e60-d80c-cb2d-a65a-8d02e5eeeffd}
- Followup: MachineOwner
- ---------
Add Comment
Please, Sign In to add comment