Command - Dump C:UsersLoverDesktopdumpsFlashUtil32_32_0_0_303_pepper.exe_200126_092325.dmp - WinDbg:6.12.0002.633 AMD64

1.  
2. Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
3. Copyright (c) Microsoft Corporation. All rights reserved.
4.  
5.  
6. Loading Dump File [C:UsersLoverDesktopdumpsFlashUtil32_32_0_0_303_pepper.exe_200126_092325.dmp]
7. User Mini Dump File with Full Memory: Only application data is available
8.  
9. Comment: '
10. *** "C:Program FilesSysinternalsSuiteprocdump.exe" -accepteula -ma -j "C:UsersLoverDesktopdumps" 5056 220 02D00000
11. *** Just-In-Time debugger. PID: 5056 Event Handle: 220 JIT Context: .jdinfo 0x2d00000'
12. Symbol search path is: *** Invalid ***
13. ****************************************************************************
14. * Symbol loading may be unreliable without a symbol search path. *
15. * Use .symfix to have the debugger choose a symbol path. *
16. * After setting your symbol path, use .reload to refresh symbol locations. *
17. ****************************************************************************
18. Executable search path is:
19. Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
20. Product: WinNt, suite: SingleUserTS
21. Machine Name:
22. Debug session time: Sun Jan 26 09:23:25.000 2020 (UTC - 8:00)
23. System Uptime: 0 days 0:00:50.889
24. Process Uptime: 0 days 0:00:35.000
25. ...................................................
26. Loading unloaded module list
27. ................................................................
28. This dump file has an exception of interest stored in it.
29. The stored exception information can be accessed via .ecxr.
30. (13c0.13c4): Access violation - code c0000005 (first/second chance not available)
31. eax=00000000 ebx=0035e36c ecx=02e007d0 edx=0064bf0c esi=00000002 edi=00000000
32. eip=7781015d esp=0035e31c ebp=0035e3b8 iopl=0 nv up ei pl zr na pe nc
33. cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
34. *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
35. ntdll!ZwWaitForMultipleObjects+0x15:
36. 7781015d 83c404 add esp,4
37. 0:000>
38. 0:000> !analyze -v
39. *******************************************************************************
40. * *
41. * Exception Analysis *
42. * *
43. *******************************************************************************
44.  
45. *** ERROR: Module load completed but symbols could not be loaded for FlashUtil32_32_0_0_303_pepper.exe
46. ***** OS symbols are WRONG. Please fix symbols to do analysis.
47.  
48. ***** OS (WOW64 kernel32) symbols are WRONG. Please fix symbols to do analysis.
49.  
50. *************************************************************************
51. *** ***
52. *** ***
53. *** Your debugger is not using the correct symbols ***
54. *** ***
55. *** In order for this command to work properly, your symbol path ***
56. *** must point to .pdb files that have full type information. ***
57. *** ***
58. *** Certain .pdb files (such as the public OS symbols) do not ***
59. *** contain the required information. Contact the group that ***
60. *** provided you with these symbols if you need this command to ***
61. *** work. ***
62. *** ***
63. *** Type referenced: ntdll!_PEB ***
64. *** ***
65. *************************************************************************
66. *************************************************************************
67. *** ***
68. *** ***
69. *** Your debugger is not using the correct symbols ***
70. *** ***
71. *** In order for this command to work properly, your symbol path ***
72. *** must point to .pdb files that have full type information. ***
73. *** ***
74. *** Certain .pdb files (such as the public OS symbols) do not ***
75. *** contain the required information. Contact the group that ***
76. *** provided you with these symbols if you need this command to ***
77. *** work. ***
78. *** ***
79. *** Type referenced: nt!IMAGE_NT_HEADERS32 ***
80. *** ***
81. *************************************************************************
82. *********************************************************************
83. * Symbols can not be loaded because symbol path is not initialized. *
84. * *
85. * The Symbol Path can be set by: *
86. * using the _NT_SYMBOL_PATH environment variable. *
87. * using the -y <symbol_path> argument when starting the debugger. *
88. * using .sympath and .sympath+ *
89. *********************************************************************
90. *********************************************************************
91. * Symbols can not be loaded because symbol path is not initialized. *
92. * *
93. * The Symbol Path can be set by: *
94. * using the _NT_SYMBOL_PATH environment variable. *
95. * using the -y <symbol_path> argument when starting the debugger. *
96. * using .sympath and .sympath+ *
97. *********************************************************************
98. *********************************************************************
99. * Symbols can not be loaded because symbol path is not initialized. *
100. * *
101. * The Symbol Path can be set by: *
102. * using the _NT_SYMBOL_PATH environment variable. *
103. * using the -y <symbol_path> argument when starting the debugger. *
104. * using .sympath and .sympath+ *
105. *********************************************************************
106. *********************************************************************
107. * Symbols can not be loaded because symbol path is not initialized. *
108. * *
109. * The Symbol Path can be set by: *
110. * using the _NT_SYMBOL_PATH environment variable. *
111. * using the -y <symbol_path> argument when starting the debugger. *
112. * using .sympath and .sympath+ *
113. *********************************************************************
114. *********************************************************************
115. * Symbols can not be loaded because symbol path is not initialized. *
116. * *
117. * The Symbol Path can be set by: *
118. * using the _NT_SYMBOL_PATH environment variable. *
119. * using the -y <symbol_path> argument when starting the debugger. *
120. * using .sympath and .sympath+ *
121. *********************************************************************
122. *********************************************************************
123. * Symbols can not be loaded because symbol path is not initialized. *
124. * *
125. * The Symbol Path can be set by: *
126. * using the _NT_SYMBOL_PATH environment variable. *
127. * using the -y <symbol_path> argument when starting the debugger. *
128. * using .sympath and .sympath+ *
129. *********************************************************************
130. *********************************************************************
131. * Symbols can not be loaded because symbol path is not initialized. *
132. * *
133. * The Symbol Path can be set by: *
134. * using the _NT_SYMBOL_PATH environment variable. *
135. * using the -y <symbol_path> argument when starting the debugger. *
136. * using .sympath and .sympath+ *
137. *********************************************************************
138. *********************************************************************
139. * Symbols can not be loaded because symbol path is not initialized. *
140. * *
141. * The Symbol Path can be set by: *
142. * using the _NT_SYMBOL_PATH environment variable. *
143. * using the -y <symbol_path> argument when starting the debugger. *
144. * using .sympath and .sympath+ *
145. *********************************************************************
146. *********************************************************************
147. * Symbols can not be loaded because symbol path is not initialized. *
148. * *
149. * The Symbol Path can be set by: *
150. * using the _NT_SYMBOL_PATH environment variable. *
151. * using the -y <symbol_path> argument when starting the debugger. *
152. * using .sympath and .sympath+ *
153. *********************************************************************
154. *********************************************************************
155. * Symbols can not be loaded because symbol path is not initialized. *
156. * *
157. * The Symbol Path can be set by: *
158. * using the _NT_SYMBOL_PATH environment variable. *
159. * using the -y <symbol_path> argument when starting the debugger. *
160. * using .sympath and .sympath+ *
161. *********************************************************************
162. *********************************************************************
163. * Symbols can not be loaded because symbol path is not initialized. *
164. * *
165. * The Symbol Path can be set by: *
166. * using the _NT_SYMBOL_PATH environment variable. *
167. * using the -y <symbol_path> argument when starting the debugger. *
168. * using .sympath and .sympath+ *
169. *********************************************************************
170. *********************************************************************
171. * Symbols can not be loaded because symbol path is not initialized. *
172. * *
173. * The Symbol Path can be set by: *
174. * using the _NT_SYMBOL_PATH environment variable. *
175. * using the -y <symbol_path> argument when starting the debugger. *
176. * using .sympath and .sympath+ *
177. *********************************************************************
178. *********************************************************************
179. * Symbols can not be loaded because symbol path is not initialized. *
180. * *
181. * The Symbol Path can be set by: *
182. * using the _NT_SYMBOL_PATH environment variable. *
183. * using the -y <symbol_path> argument when starting the debugger. *
184. * using .sympath and .sympath+ *
185. *********************************************************************
186. *********************************************************************
187. * Symbols can not be loaded because symbol path is not initialized. *
188. * *
189. * The Symbol Path can be set by: *
190. * using the _NT_SYMBOL_PATH environment variable. *
191. * using the -y <symbol_path> argument when starting the debugger. *
192. * using .sympath and .sympath+ *
193. *********************************************************************
194. *********************************************************************
195. * Symbols can not be loaded because symbol path is not initialized. *
196. * *
197. * The Symbol Path can be set by: *
198. * using the _NT_SYMBOL_PATH environment variable. *
199. * using the -y <symbol_path> argument when starting the debugger. *
200. * using .sympath and .sympath+ *
201. *********************************************************************
202.  
203. FAULTING_IP:
204. LvHook+6461a
205. 3aa6461a ?? ???
206.  
207. EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
208. ExceptionAddress: 3aa6461a (<Unloaded_LvHook.dll>+0x0006461a)
209. ExceptionCode: c0000005 (Access violation)
210. ExceptionFlags: 00000000
211. NumberParameters: 2
212. Parameter[0]: 00000008
213. Parameter[1]: 3aa6461a
214. Attempt to execute non-executable address 3aa6461a
215.  
216. PROCESS_NAME: FlashUtil32_32_0_0_303_pepper.exe
217.  
218. ADDITIONAL_DEBUG_TEXT:
219. Use '!findthebuild' command to search for the target build information.
220. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
221.  
222. FAULTING_MODULE: 76f80000 kernel32
223.  
224. DEBUG_FLR_IMAGE_TIMESTAMP: 4ef99d42
225.  
226. MODULE_NAME: LvHook
227.  
228. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
229.  
230. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
231.  
232. EXCEPTION_PARAMETER1: 00000008
233.  
234. EXCEPTION_PARAMETER2: 3aa6461a
235.  
236. WRITE_ADDRESS: 3aa6461a
237.  
238. FOLLOWUP_IP:
239. LvHook+6461a
240. 3aa6461a ?? ???
241.  
242. MOD_LIST: <ANALYSIS/>
243.  
244. FAULTING_THREAD: 000013c4
245.  
246. BUGCHECK_STR: APPLICATION_FAULT_BAD_INSTRUCTION_PTR_SOFTWARE_NX_FAULT_INVALID_WRONG_SYMBOLS_SHUTDOWN
247.  
248. PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR_INVALID_SHUTDOWN
249.  
250. DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR_INVALID_SHUTDOWN
251.  
252. LAST_CONTROL_TRANSFER: from 77829b01 to 3aa6461a
253.  
254. STACK_TEXT:
255. WARNING: Frame IP not in any known module. Following frames may be wrong.
256. 0035eb18 77829b01 02e007d0 7efde000 7efdd000 <Unloaded_LvHook.dll>+0x6461a
257. 0035eb34 7783d658 0064bcb0 77baf56c 778f20c0 ntdll!RtlIsCurrentThreadAttachExempt+0x5f
258. 0035ebcc 7783d5a4 0065d0a0 0065d0a0 00000400 ntdll!LdrShutdownProcess+0x97
259. 0035ebe0 76f97a0d 00000000 77e8f3b0 ffffffff ntdll!RtlExitUserProcess+0x74
260. 0035ebf4 011cadd4 0000040f 0065d2f0 0065d0a0 kernel32!ExitProcess+0x15
261. 0035ec08 011cd5b6 0000040f 3e7c567b 0065d0a0 FlashUtil32_32_0_0_303_pepper+0xadd4
262. 0035ec38 011d0605 00000000 00000002 0000040f FlashUtil32_32_0_0_303_pepper+0xd5b6
263. 0035ed0c 011d5ab1 00000000 0121aac4 7efde000 FlashUtil32_32_0_0_303_pepper+0x10605
264. 0035f7a4 011e8176 011c0000 00000000 0062698f FlashUtil32_32_0_0_303_pepper+0x15ab1
265. 0035f7f0 76f933aa 7efde000 0035f83c 77829f72 FlashUtil32_32_0_0_303_pepper+0x28176
266. 0035f7fc 77829f72 7efde000 77bae69c 00000000 kernel32!BaseThreadInitThunk+0x12
267. 0035f83c 77829f45 011e81e8 7efde000 ffffffff ntdll!RtlInitializeExceptionChain+0x63
268. 0035f854 00000000 011e81e8 7efde000 00000000 ntdll!RtlInitializeExceptionChain+0x36
269.  
270.  
271. STACK_COMMAND: ~0s; .ecxr ; kb
272.  
273. SYMBOL_STACK_INDEX: 0
274.  
275. SYMBOL_NAME: lvhook!unloaded+6461a
276.  
277. FOLLOWUP_NAME: MachineOwner
278.  
279. IMAGE_NAME: LvHook.dll
280.  
281. BUCKET_ID: WRONG_SYMBOLS
282.  
283. FAILURE_BUCKET_ID: BAD_INSTRUCTION_PTR_INVALID_SHUTDOWN_c0000005_LvHook.dll!unloaded
284.  
285. Followup: MachineOwner
286. ---------