Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\mordekk\Desktop\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- ************* Symbol Path validation summary **************
- Response Time (ms) Location
- Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
- Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
- Executable search path is:
- Windows 10 Kernel Version 10240 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 10240.16384.amd64fre.th1.150709-1700
- Machine Name:
- Kernel base = 0xfffff800`54a84000 PsLoadedModuleList = 0xfffff800`54da8f30
- Debug session time: Wed Feb 17 23:40:03.615 2016 (UTC + 1:00)
- System Uptime: 0 days 0:06:18.386
- Loading Kernel Symbols
- .............................................................Page 1040e6 not present in the dump file. Type ".hh dbgerr004" for details
- ..
- ................................................................
- .............................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000000`ff517018). Type ".hh dbgerr001" for details
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck 3B, {c0000096, fffff80054bd115c, ffffd0002060d0d0, 0}
- Page 10aa7a not present in the dump file. Type ".hh dbgerr004" for details
- Probably caused by : ntkrnlmp.exe ( nt!KiSaveDebugRegisterState+5c )
- Followup: MachineOwner
- ?-------
- 6: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000096, Exception code that caused the bugcheck
- Arg2: fffff80054bd115c, Address of the instruction which caused the bugcheck
- Arg3: ffffd0002060d0d0, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ?----------------
- Page 10aa7a not present in the dump file. Type ".hh dbgerr004" for details
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 10240.16384.amd64fre.th1.150709-1700
- SYSTEM_MANUFACTURER: QEMU
- SYSTEM_PRODUCT_NAME: Standard PC (i440FX + PIIX, 1996)
- SYSTEM_VERSION: pc-i440fx-2.6
- BIOS_VENDOR: EFI Development Kit II / OVMF
- BIOS_VERSION: 0.0.0
- BIOS_DATE: 02/06/2015
- DUMP_TYPE: 1
- BUGCHECK_P1: c0000096
- BUGCHECK_P2: fffff80054bd115c
- BUGCHECK_P3: ffffd0002060d0d0
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc0000096 - {EXCEPTION} Privileged instruction.
- FAULTING_IP:
- nt!KiSaveDebugRegisterState+5c
- fffff800`54bd115c 0f32 rdmsr
- CONTEXT: ffffd0002060d0d0 ? (.cxr 0xffffd0002060d0d0)
- rax=0000000000000000 rbx=ffffe0006f1d6080 rcx=00000000000001c9
- rdx=0000000000000555 rsi=0000000080000008 rdi=000000000ac59880
- rip=fffff80054bd115c rsp=ffffd0002060daf8 rbp=ffffd0002060db80
- r8=00000000000001c9 r9=ffffd000dca9c000 r10=000000000ac59750
- r11=0000000000000206 r12=00000000ff51c000 r13=0000000000e7fda0
- r14=000000000ac5973c r15=0000000050903560
- iopl=0 nv up di pl nz na po nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010006
- nt!KiSaveDebugRegisterState+0x5c:
- fffff800`54bd115c 0f32 rdmsr
- Resetting default scope
- CPU_COUNT: 8
- CPU_MHZ: da4
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1'00000000 (cache) 1'00000000 (init)
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: HeroesOfTheSto
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: DESKTOP-8DOH0HB
- ANALYSIS_SESSION_TIME: 02-19-2016 21:21:01.0482
- ANALYSIS_VERSION: 10.0.10586.567 amd64fre
- LAST_CONTROL_TRANSFER: from fffff80054bdb063 to fffff80054bd115c
- STACK_TEXT:
- ffffd000`2060daf8 fffff800`54bdb063 : ffffe000`6f1d6080 00000000`77618a80 ffffe000`00000000 ffffe000`6f4c3370 : nt!KiSaveDebugRegisterState+0x5c
- ffffd000`2060db00 00000000`50901e52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemCall64+0xa3
- 00000000`00e7ed38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x50901e52
- THREAD_SHA1_HASH_MOD_FUNC: 1a16e79f37cd23a2fc1ba3a74adb007df13e6c74
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 43c2614ab3a67bf2be580ddb387d2745a4b34e50
- THREAD_SHA1_HASH_MOD: 6997106dce080e0f247cffc7d244723501c73d61
- FOLLOWUP_IP:
- nt!KiSaveDebugRegisterState+5c
- fffff800`54bd115c 0f32 rdmsr
- FAULT_INSTR_CODE: 8b44320f
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: nt!KiSaveDebugRegisterState+5c
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 559f3c1a
- STACK_COMMAND: .cxr 0xffffd0002060d0d0 ; kb
- BUCKET_ID_FUNC_OFFSET: 5c
- FAILURE_BUCKET_ID: 0x3B_nt!KiSaveDebugRegisterState
- BUCKET_ID: 0x3B_nt!KiSaveDebugRegisterState
- PRIMARY_PROBLEM_CLASS: 0x3B_nt!KiSaveDebugRegisterState
- TARGET_TIME: 2016-02-17T22:40:03.000Z
- OSBUILD: 10240
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2015-07-10 05:29:30
- BUILDDATESTAMP_STR: 150709-1700
- BUILDLAB_STR: th1
- BUILDOSVER_STR: 10.0.10240.16384.amd64fre.th1.150709-1700
- ANALYSIS_SESSION_ELAPSED_TIME: 389
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x3b_nt!kisavedebugregisterstate
- FAILURE_ID_HASH: {0bc09705-4a2d-bc06-c38a-1d9dc057a547}
- Followup: MachineOwner
- ?-------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement