API tools faq
paste
Guest User

Dump

a guest
Apr 16th, 2013
298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.83 KB | None | 0 0
raw download clone embed print report
  1. PROCESS_HAS_LOCKED_PAGES (76)
  2. Caused by a driver not cleaning up correctly after an I/O.
  3. Arguments:
  4. Arg1: 0000000000000000, Locked memory pages found in process being terminated.
  5. Arg2: fffffa800df23060, Process address.
  6. Arg3: 000000000000057f, Number of locked pages.
  7. Arg4: 0000000000000000, Pointer to driver stacks (if enabled) or 0 if not.
  8. Issue a !search over all of physical memory for the current process pointer.
  9. This will yield at least one MDL which points to it. Then do another !search
  10. for each MDL found, this will yield the IRP(s) that point to it, revealing
  11. which driver is leaking the pages.
  12. Otherwise, set HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
  13. Management\TrackLockedPages to a DWORD 1 value and reboot. Then the system
  14. will save stack traces so the guilty driver can be easily identified.
  15. When you enable this flag, if the driver commits the error again you will
  16. see a different bugcheck - DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (0xCB) -
  17. which can identify the offending driver(s).
  18.  
  19. Debugging Details:
  20. ------------------
  21.  
  22.  
  23. PROCESS_NAME: MediaExpress.e
  24.  
  25. DEFAULT_BUCKET_ID: DRIVER_FAULT_0x76
  26.  
  27. CUSTOMER_CRASH_COUNT: 1
  28.  
  29. BUGCHECK_STR: 0x76
  30.  
  31. CURRENT_IRQL: 0
  32.  
  33. LAST_CONTROL_TRANSFER: from fffff80002f3c019 to fffff80002cdbc40
  34.  
  35. STACK_TEXT:
  36. fffff880`097b58f8 fffff800`02f3c019 : 00000000`00000076 00000000`00000000 fffffa80`0df23060 00000000`0000057f : nt!KeBugCheckEx
  37. fffff880`097b5900 fffff800`02f97a37 : fffffa80`0df23060 fffffa80`066b1b40 fffffa80`00000000 fffffa80`00000006 : nt! ?? ::NNGAKEGL::`string'+0x17e46
  38. fffff880`097b5940 fffff800`02ce5174 : 00000000`00000000 fffffa80`0d630230 fffffa80`0df23030 fffffa80`0d9d0360 : nt!PspProcessDelete+0x177
  39. fffff880`097b59a0 fffff800`02fd6184 : fffffa80`0d630230 00000000`00000000 fffffa80`0d81c8b0 00000000`00000000 : nt!ObfDereferenceObject+0xd4
  40. fffff880`097b5a00 fffff800`02fd6734 : 00000000`00000690 fffffa80`0d630230 fffff8a0`025b6550 00000000`00000690 : nt!ObpCloseHandleTableEntry+0xc4
  41. fffff880`097b5a90 fffff800`02cdaed3 : fffffa80`0d81c8b0 fffff880`097b5b60 00000000`7ef77000 00000000`00000000 : nt!ObpCloseHandle+0x94
  42. fffff880`097b5ae0 00000000`771a140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  43. 00000000`079ce808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771a140a
  44.  
  45.  
  46. STACK_COMMAND: kb
  47.  
  48. FOLLOWUP_IP:
  49. nt! ?? ::NNGAKEGL::`string'+17e46
  50. fffff800`02f3c019 cc int 3
  51.  
  52. SYMBOL_STACK_INDEX: 1
  53.  
  54. SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+17e46
  55.  
  56. FOLLOWUP_NAME: MachineOwner
  57.  
  58. MODULE_NAME: nt
  59.  
  60. IMAGE_NAME: ntkrnlmp.exe
  61.  
  62. DEBUG_FLR_IMAGE_TIMESTAMP: 50e79935
  63.  
  64. FAILURE_BUCKET_ID: X64_0x76_MediaExpress.e_nt!_??_::NNGAKEGL::_string_+17e46
  65.  
  66. BUCKET_ID: X64_0x76_MediaExpress.e_nt!_??_::NNGAKEGL::_string_+17e46
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!