API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 13th, 2017
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.83 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4. ========================================================================
  5. =================== Dump File: 071417-13406-01.dmp ====================
  6. ========================================================================
  7. Mini Kernel Dump File: Only registers and stack trace are available
  8. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  9. Product: WinNt, suite: TerminalServer SingleUserTS
  10. Kernel base = 0xfffff802`1ea8c000 PsLoadedModuleList = 0xfffff802`1edd85a0
  11. Debug session time: Thu Jul 13 12:51:05.852 2017 (UTC - 4:00)
  12. System Uptime: 0 days 0:00:46.494
  13.  
  14. BugCheck EF, {ffff988cc624b7c0, 0, 0, 0}
  15. ETW minidump data unavailable
  16. Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+c9 )
  17. Followup: MachineOwner
  18.  
  19. CRITICAL_PROCESS_DIED (ef)
  20. A critical system process died
  21.  
  22. Arguments:
  23. Arg1: ffff988cc624b7c0, Process object or thread object
  24. Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
  25. Arg3: 0000000000000000
  26. Arg4: 0000000000000000
  27.  
  28. Debugging Details:
  29. ETW minidump data unavailable
  30. DUMP_CLASS: 1
  31. DUMP_QUALIFIER: 400
  32. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  33. SYSTEM_MANUFACTURER: System manufacturer
  34. SYSTEM_PRODUCT_NAME: System Product Name
  35. SYSTEM_SKU: SKU
  36. SYSTEM_VERSION: System Version
  37. BIOS_VENDOR: American Megatrends Inc.
  38. BIOS_VERSION: 3401
  39. BIOS_DATE: 01/25/2017
  40. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  41. BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
  42. BASEBOARD_VERSION: Rev 1.xx
  43. DUMP_TYPE: 2
  44. DUMP_FILE_ATTRIBUTES: 0x8
  45. Kernel Generated Triage Dump
  46.  
  47. PROCESS_NAME: svchost.exe
  48.  
  49. CRITICAL_PROCESS: svchost.exe
  50. EXCEPTION_CODE: (NTSTATUS) 0xc8889080 - <Unable to get error code text>
  51. ERROR_CODE: (NTSTATUS) 0xc8889080 - <Unable to get error code text>
  52. CPU_COUNT: 4
  53. CPU_MHZ: ed0
  54. CPU_VENDOR: GenuineIntel
  55. CPU_FAMILY: 6
  56. CPU_MODEL: 9e
  57. CPU_STEPPING: 9
  58. CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
  59. CUSTOMER_CRASH_COUNT: 1
  60. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  61. BUGCHECK_STR: 0xEF
  62. CURRENT_IRQL: 0
  63. ANALYSIS_SESSION_HOST: USERNAME-PC
  64. ANALYSIS_SESSION_TIME: 07-13-2017 13:28:02.0950
  65. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  66. LAST_CONTROL_TRANSFER: from fffff8021f16c521 to fffff8021ebf7fd0
  67. STACK_COMMAND: kb
  68. THREAD_SHA1_HASH_MOD_FUNC: 042a2b51772309c39e12d732cc93cacf0af3064e
  69. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6b62f4c7c374c10f1fc21cb41e4b63d4d9c2c353
  70. THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
  71. FOLLOWUP_IP:
  72. nt!PspCatchCriticalBreak+c9
  73. fffff802`1f16c521 cc int 3
  74. FAULT_INSTR_CODE: ff8440cc
  75. SYMBOL_STACK_INDEX: 1
  76. SYMBOL_NAME: nt!PspCatchCriticalBreak+c9
  77. FOLLOWUP_NAME: MachineOwner
  78. MODULE_NAME: nt
  79.  
  80. IMAGE_NAME: ntkrnlmp.exe
  81.  
  82. DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
  83. IMAGE_VERSION: 10.0.15063.0
  84. BUCKET_ID_FUNC_OFFSET: c9
  85. FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
  86. BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
  87. PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
  88. TARGET_TIME: 2017-07-13T16:51:05.000Z
  89. OSBUILD: 15063
  90. OSSERVICEPACK: 0
  91. SERVICEPACK_NUMBER: 0
  92. OS_REVISION: 0
  93. SUITE_MASK: 272
  94. PRODUCT_TYPE: 1
  95. OSPLATFORM_TYPE: x64
  96. OSNAME: Windows 10
  97. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  98. USER_LCID: 0
  99. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  100. BUILDDATESTAMP_STR: 160101.0800
  101. BUILDLAB_STR: WinBuild
  102. BUILDOSVER_STR: 10.0.15063.0
  103. ANALYSIS_SESSION_ELAPSED_TIME: 82d
  104. ANALYSIS_SOURCE: KM
  105. FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_c8889080_nt!pspcatchcriticalbreak
  106. FAILURE_ID_HASH: {f64387ae-6ed5-8689-e982-0ec88c9ad0f6}
  107. Followup: MachineOwner
  108.  
  109. ========================================================================
  110. =================== Dump File: 071417-13734-01.dmp ====================
  111. ========================================================================
  112. Mini Kernel Dump File: Only registers and stack trace are available
  113. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  114. Product: WinNt, suite: TerminalServer SingleUserTS
  115. Kernel base = 0xfffff800`36e87000 PsLoadedModuleList = 0xfffff800`371d35a0
  116. Debug session time: Thu Jul 13 12:57:06.597 2017 (UTC - 4:00)
  117. System Uptime: 0 days 0:00:25.240
  118.  
  119. BugCheck 3B, {c0000005, fffff800ba4fb43b, ffffd3004614e780, 0}
  120. *** WARNING: Unable to verify timestamp for nvlddmkm.sys
  121. *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
  122. Probably caused by : nvlddmkm.sys ( nvlddmkm+2cb43b )
  123. Followup: MachineOwner
  124.  
  125. SYSTEM_SERVICE_EXCEPTION (3b)
  126. An exception happened while executing a system service routine.
  127.  
  128. Arguments:
  129. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  130. Arg2: fffff800ba4fb43b, Address of the instruction which caused the bugcheck
  131. Arg3: ffffd3004614e780, Address of the context record for the exception that caused the bugcheck
  132. Arg4: 0000000000000000, zero.
  133.  
  134. Debugging Details:
  135. DUMP_CLASS: 1
  136. DUMP_QUALIFIER: 400
  137. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  138. DUMP_TYPE: 2
  139. DUMP_FILE_ATTRIBUTES: 0x8
  140. Kernel Generated Triage Dump
  141. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  142. FAULTING_IP:
  143. nvlddmkm+2cb43b
  144. fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8]
  145. CONTEXT: ffffd3004614e780 -- (.cxr 0xffffd3004614e780)
  146. rax=8189480000020089 rbx=0000000000000000 rcx=ffffbd0667189260
  147. rdx=00000000caf0013a rsi=0000000000000000 rdi=ffffbd06671891e0
  148. rip=fffff800ba4fb43b rsp=ffffd3004614f180 rbp=ffffd3004614f230
  149. r8=8189480000020089 r9=ffffbd06653f1298 r10=00000000caf0013a
  150. r11=0000000000000801 r12=ffffbd0667210cb0 r13=0000000000000002
  151. r14=0000000000000000 r15=00000000c1d00000
  152. iopl=0 nv up ei ng nz na pe nc
  153. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
  154. nvlddmkm+0x2cb43b:
  155. fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8] ds:002b:81894800`00020091=????????????????
  156. Resetting default scope
  157. CPU_COUNT: 4
  158. CPU_MHZ: ed0
  159. CPU_VENDOR: GenuineIntel
  160. CPU_FAMILY: 6
  161. CPU_MODEL: 9e
  162. CPU_STEPPING: 9
  163. CUSTOMER_CRASH_COUNT: 1
  164. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  165. BUGCHECK_STR: 0x3B
  166.  
  167. PROCESS_NAME: ShellExperienc
  168.  
  169. CURRENT_IRQL: 0
  170. ANALYSIS_SESSION_HOST: USERNAME-PC
  171. ANALYSIS_SESSION_TIME: 07-13-2017 13:30:05.0199
  172. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  173. LAST_CONTROL_TRANSFER: from 00000000c1d00000 to fffff800ba4fb43b
  174. THREAD_SHA1_HASH_MOD_FUNC: d79c3f9e9541b50dff558588ee91b494a55f2aae
  175. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: aec45d7f8a6ffa744cacd570be4de2306ffa003f
  176. THREAD_SHA1_HASH_MOD: d79c3f9e9541b50dff558588ee91b494a55f2aae
  177. FOLLOWUP_IP:
  178. nvlddmkm+2cb43b
  179. fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8]
  180. FAULT_INSTR_CODE: 8503b48
  181. SYMBOL_STACK_INDEX: 0
  182. SYMBOL_NAME: nvlddmkm+2cb43b
  183. FOLLOWUP_NAME: MachineOwner
  184. MODULE_NAME: nvlddmkm
  185.  
  186. IMAGE_NAME: nvlddmkm.sys
  187.  
  188. DEBUG_FLR_IMAGE_TIMESTAMP: 5952b9c9
  189. STACK_COMMAND: .cxr 0xffffd3004614e780 ; kb
  190. BUCKET_ID_FUNC_OFFSET: 2cb43b
  191. FAILURE_BUCKET_ID: 0x3B_nvlddmkm!unknown_function
  192. BUCKET_ID: 0x3B_nvlddmkm!unknown_function
  193. PRIMARY_PROBLEM_CLASS: 0x3B_nvlddmkm!unknown_function
  194. TARGET_TIME: 2017-07-13T16:57:06.000Z
  195. OSBUILD: 15063
  196. OSSERVICEPACK: 0
  197. SERVICEPACK_NUMBER: 0
  198. OS_REVISION: 0
  199. SUITE_MASK: 272
  200. PRODUCT_TYPE: 1
  201. OSPLATFORM_TYPE: x64
  202. OSNAME: Windows 10
  203. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  204. USER_LCID: 0
  205. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  206. BUILDDATESTAMP_STR: 160101.0800
  207. BUILDLAB_STR: WinBuild
  208. BUILDOSVER_STR: 10.0.15063.0
  209. ANALYSIS_SESSION_ELAPSED_TIME: 930
  210. ANALYSIS_SOURCE: KM
  211. FAILURE_ID_HASH_STRING: km:0x3b_nvlddmkm!unknown_function
  212. FAILURE_ID_HASH: {5faea9a9-bcb0-9dde-d8e2-ecf171c18fe4}
  213. Followup: MachineOwner
  214.  
  215. ========================================================================
  216. =================== Dump File: 071417-4015-01.dmp ====================
  217. ========================================================================
  218. Mini Kernel Dump File: Only registers and stack trace are available
  219. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  220. Product: WinNt, suite: TerminalServer SingleUserTS
  221. Kernel base = 0xfffff800`2800d000 PsLoadedModuleList = 0xfffff800`283595a0
  222. Debug session time: Thu Jul 13 12:39:18.021 2017 (UTC - 4:00)
  223. System Uptime: 0 days 0:03:02.664
  224.  
  225. BugCheck 139, {3, ffff8181b6ae1520, ffff8181b6ae1478, 0}
  226. Probably caused by : win32kbase.sys ( win32kbase!UserDeleteAtomFromAtomTable+1b )
  227. Followup: MachineOwner
  228.  
  229. KERNEL_SECURITY_CHECK_FAILURE (139)
  230. A kernel component has corrupted a critical data structure. The corruption
  231. could potentially allow a malicious user to gain control of this machine.
  232.  
  233. Arguments:
  234. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  235. Arg2: ffff8181b6ae1520, Address of the trap frame for the exception that caused the bugcheck
  236. Arg3: ffff8181b6ae1478, Address of the exception record for the exception that caused the bugcheck
  237. Arg4: 0000000000000000, Reserved
  238.  
  239. Debugging Details:
  240. DUMP_CLASS: 1
  241. DUMP_QUALIFIER: 400
  242. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  243. SYSTEM_MANUFACTURER: System manufacturer
  244. SYSTEM_PRODUCT_NAME: System Product Name
  245. SYSTEM_SKU: SKU
  246. SYSTEM_VERSION: System Version
  247. BIOS_VENDOR: American Megatrends Inc.
  248. BIOS_VERSION: 3401
  249. BIOS_DATE: 01/25/2017
  250. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  251. BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
  252. BASEBOARD_VERSION: Rev 1.xx
  253. DUMP_TYPE: 2
  254. DUMP_FILE_ATTRIBUTES: 0x8
  255. Kernel Generated Triage Dump
  256. TRAP_FRAME: ffff8181b6ae1520 -- (.trap 0xffff8181b6ae1520)
  257. NOTE: The trap frame does not contain all registers.
  258. Some register values may be zeroed or incorrect.
  259. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000003
  260. rdx=ffffa78c895c88d0 rsi=0000000000000000 rdi=0000000000000000
  261. rip=fffff800280f9490 rsp=ffff8181b6ae16b0 rbp=ffffa78c895c88d0
  262. r8=0000000000000000 r9=0000000000000000 r10=ffffce8840892170
  263. r11=ffff8181b6ae1708 r12=0000000000000000 r13=0000000000000000
  264. r14=0000000000000000 r15=0000000000000000
  265. iopl=0 nv up ei pl nz na pe cy
  266. nt!RtlpFreeAllAtom+0xa0:
  267. fffff800`280f9490 cd29 int 29h
  268. Resetting default scope
  269. EXCEPTION_RECORD: ffff8181b6ae1478 -- (.exr 0xffff8181b6ae1478)
  270. ExceptionAddress: fffff800280f9490 (nt!RtlpFreeAllAtom+0x00000000000000a0)
  271. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  272. ExceptionFlags: 00000001
  273. NumberParameters: 1
  274. Parameter[0]: 0000000000000003
  275. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  276. CPU_COUNT: 4
  277. CPU_MHZ: ed0
  278. CPU_VENDOR: GenuineIntel
  279. CPU_FAMILY: 6
  280. CPU_MODEL: 9e
  281. CPU_STEPPING: 9
  282. CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
  283. CUSTOMER_CRASH_COUNT: 1
  284. DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
  285. BUGCHECK_STR: 0x139
  286.  
  287. PROCESS_NAME: RzSynapse.exe
  288.  
  289. CURRENT_IRQL: 0
  290. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  291. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  292. EXCEPTION_CODE_STR: c0000409
  293. EXCEPTION_PARAMETER1: 0000000000000003
  294. ANALYSIS_SESSION_HOST: USERNAME-PC
  295. ANALYSIS_SESSION_TIME: 07-13-2017 13:31:24.0725
  296. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  297. LAST_CONTROL_TRANSFER: from fffff800281843a9 to fffff80028178fd0
  298. STACK_COMMAND: kb
  299. THREAD_SHA1_HASH_MOD_FUNC: e8c1230e398c69eddd21d4164cafe21b2e2c193f
  300. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 95b8451929028513ecbe2e107c80dd5cd8010dcc
  301. THREAD_SHA1_HASH_MOD: c985323f44347fa523f7f40e7694bd09fd578e04
  302. FOLLOWUP_IP:
  303. win32kbase!UserDeleteAtomFromAtomTable+1b
  304. ffffceb6`10e8a8cb 8bc8 mov ecx,eax
  305. FAULT_INSTR_CODE: c033c88b
  306. SYMBOL_STACK_INDEX: 7
  307. SYMBOL_NAME: win32kbase!UserDeleteAtomFromAtomTable+1b
  308. FOLLOWUP_NAME: MachineOwner
  309. MODULE_NAME: win32kbase
  310.  
  311. IMAGE_NAME: win32kbase.sys
  312.  
  313. DEBUG_FLR_IMAGE_TIMESTAMP: 494848c5
  314. IMAGE_VERSION: 10.0.15063.0
  315. BUCKET_ID_FUNC_OFFSET: 1b
  316. FAILURE_BUCKET_ID: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
  317. BUCKET_ID: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
  318. PRIMARY_PROBLEM_CLASS: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
  319. TARGET_TIME: 2017-07-13T16:39:18.000Z
  320. OSBUILD: 15063
  321. OSSERVICEPACK: 0
  322. SERVICEPACK_NUMBER: 0
  323. OS_REVISION: 0
  324. SUITE_MASK: 272
  325. PRODUCT_TYPE: 1
  326. OSPLATFORM_TYPE: x64
  327. OSNAME: Windows 10
  328. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  329. USER_LCID: 0
  330. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  331. BUILDDATESTAMP_STR: 160101.0800
  332. BUILDLAB_STR: WinBuild
  333. BUILDOSVER_STR: 10.0.15063.0
  334. ANALYSIS_SESSION_ELAPSED_TIME: 5cb
  335. ANALYSIS_SOURCE: KM
  336. FAILURE_ID_HASH_STRING: km:0x139_3_win32kbase!userdeleteatomfromatomtable
  337. FAILURE_ID_HASH: {86421495-38f3-3f26-dfcf-ff319ff927ba}
  338. Followup: MachineOwner
  339.  
  340. ========================================================================
  341. =================== Dump File: 071417-4031-01.dmp ====================
  342. ========================================================================
  343. Mini Kernel Dump File: Only registers and stack trace are available
  344. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  345. Product: WinNt, suite: TerminalServer SingleUserTS
  346. Kernel base = 0xfffff802`14c9b000 PsLoadedModuleList = 0xfffff802`14fe75a0
  347. Debug session time: Thu Jul 13 12:35:44.668 2017 (UTC - 4:00)
  348. System Uptime: 0 days 0:00:10.310
  349.  
  350. BugCheck 139, {3, ffffae80fd567510, ffffae80fd567468, 0}
  351. Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
  352. Followup: MachineOwner
  353.  
  354. KERNEL_SECURITY_CHECK_FAILURE (139)
  355. A kernel component has corrupted a critical data structure. The corruption
  356. could potentially allow a malicious user to gain control of this machine.
  357.  
  358. Arguments:
  359. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  360. Arg2: ffffae80fd567510, Address of the trap frame for the exception that caused the bugcheck
  361. Arg3: ffffae80fd567468, Address of the exception record for the exception that caused the bugcheck
  362. Arg4: 0000000000000000, Reserved
  363.  
  364. Debugging Details:
  365. DUMP_CLASS: 1
  366. DUMP_QUALIFIER: 400
  367. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  368. SYSTEM_MANUFACTURER: System manufacturer
  369. SYSTEM_PRODUCT_NAME: System Product Name
  370. SYSTEM_SKU: SKU
  371. SYSTEM_VERSION: System Version
  372. BIOS_VENDOR: American Megatrends Inc.
  373. BIOS_VERSION: 3401
  374. BIOS_DATE: 01/25/2017
  375. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  376. BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
  377. BASEBOARD_VERSION: Rev 1.xx
  378. DUMP_TYPE: 2
  379. DUMP_FILE_ATTRIBUTES: 0x8
  380. Kernel Generated Triage Dump
  381. TRAP_FRAME: ffffae80fd567510 -- (.trap 0xffffae80fd567510)
  382. NOTE: The trap frame does not contain all registers.
  383. Some register values may be zeroed or incorrect.
  384. rax=ffffc083fc5b2990 rbx=0000000000000000 rcx=0000000000000003
  385. rdx=ffffc083fc15bd30 rsi=0000000000000000 rdi=0000000000000000
  386. rip=fffff80d72bb8f49 rsp=ffffae80fd5676a0 rbp=0000000000000705
  387. r8=0000000000000001 r9=0000000000000000 r10=ffffd78cadb02ac0
  388. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  389. r14=0000000000000000 r15=0000000000000000
  390. iopl=0 nv up ei ng nz na po cy
  391. FLTMGR!DeleteStreamListCtrlCallback+0xa9:
  392. fffff80d`72bb8f49 cd29 int 29h
  393. Resetting default scope
  394. EXCEPTION_RECORD: ffffae80fd567468 -- (.exr 0xffffae80fd567468)
  395. ExceptionAddress: fffff80d72bb8f49 (FLTMGR!DeleteStreamListCtrlCallback+0x00000000000000a9)
  396. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  397. ExceptionFlags: 00000001
  398. NumberParameters: 1
  399. Parameter[0]: 0000000000000003
  400. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  401. CPU_COUNT: 4
  402. CPU_MHZ: ed0
  403. CPU_VENDOR: GenuineIntel
  404. CPU_FAMILY: 6
  405. CPU_MODEL: 9e
  406. CPU_STEPPING: 9
  407. CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
  408. CUSTOMER_CRASH_COUNT: 1
  409. DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
  410. BUGCHECK_STR: 0x139
  411.  
  412. PROCESS_NAME: System
  413.  
  414. CURRENT_IRQL: 0
  415. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  416. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  417. EXCEPTION_CODE_STR: c0000409
  418. EXCEPTION_PARAMETER1: 0000000000000003
  419. ANALYSIS_SESSION_HOST: USERNAME-PC
  420. ANALYSIS_SESSION_TIME: 07-13-2017 13:33:33.0551
  421. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  422. LAST_CONTROL_TRANSFER: from fffff80214e123a9 to fffff80214e06fd0
  423. STACK_COMMAND: kb
  424. THREAD_SHA1_HASH_MOD_FUNC: 7c19ae7fe4384875900e36a0756fa38cc023c596
  425. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 31cb24abf7f6bddfa275114ebaa96cf7131ebdb3
  426. THREAD_SHA1_HASH_MOD: 78965af67db007e7c01c95a37ac89a4fc9c5727a
  427. FOLLOWUP_IP:
  428. nt!KiFastFailDispatch+d0
  429. fffff802`14e12710 c644242000 mov byte ptr [rsp+20h],0
  430. FAULT_INSTR_CODE: 202444c6
  431. SYMBOL_STACK_INDEX: 2
  432. SYMBOL_NAME: nt!KiFastFailDispatch+d0
  433. FOLLOWUP_NAME: MachineOwner
  434. MODULE_NAME: nt
  435.  
  436. IMAGE_NAME: ntkrnlmp.exe
  437.  
  438. DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
  439. IMAGE_VERSION: 10.0.15063.0
  440. BUCKET_ID_FUNC_OFFSET: d0
  441. FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
  442. BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
  443. PRIMARY_PROBLEM_CLASS: 0x139_3_nt!KiFastFailDispatch
  444. TARGET_TIME: 2017-07-13T16:35:44.000Z
  445. OSBUILD: 15063
  446. OSSERVICEPACK: 0
  447. SERVICEPACK_NUMBER: 0
  448. OS_REVISION: 0
  449. SUITE_MASK: 272
  450. PRODUCT_TYPE: 1
  451. OSPLATFORM_TYPE: x64
  452. OSNAME: Windows 10
  453. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  454. USER_LCID: 0
  455. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  456. BUILDDATESTAMP_STR: 160101.0800
  457. BUILDLAB_STR: WinBuild
  458. BUILDOSVER_STR: 10.0.15063.0
  459. ANALYSIS_SESSION_ELAPSED_TIME: 5be
  460. ANALYSIS_SOURCE: KM
  461. FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
  462. FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
  463. Followup: MachineOwner
  464.  
  465. ========================================================================
  466. =================== Dump File: 071417-4250-01.dmp ====================
  467. ========================================================================
  468. Mini Kernel Dump File: Only registers and stack trace are available
  469. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  470. Product: WinNt, suite: TerminalServer SingleUserTS
  471. Kernel base = 0xfffff802`a0686000 PsLoadedModuleList = 0xfffff802`a09d25a0
  472. Debug session time: Thu Jul 13 12:59:10.507 2017 (UTC - 4:00)
  473. System Uptime: 0 days 0:01:11.150
  474.  
  475. BugCheck 1A, {41792, ffff9c3ffdef9068, 9000, 0}
  476. Probably caused by : memory_corruption ( nt!MiDeleteVirtualAddresses+1334a2 )
  477. Followup: MachineOwner
  478.  
  479. MEMORY_MANAGEMENT (1a)
  480. # Any other values for parameter 1 must be individually examined.
  481.  
  482. Arguments:
  483. Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
  484. the PTE. Parameters 3/4 contain the low/high parts of the PTE.
  485. Arg2: ffff9c3ffdef9068
  486. Arg3: 0000000000009000
  487. Arg4: 0000000000000000
  488.  
  489. Debugging Details:
  490. DUMP_CLASS: 1
  491. DUMP_QUALIFIER: 400
  492. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  493. SYSTEM_MANUFACTURER: System manufacturer
  494. SYSTEM_PRODUCT_NAME: System Product Name
  495. SYSTEM_SKU: SKU
  496. SYSTEM_VERSION: System Version
  497. BIOS_VENDOR: American Megatrends Inc.
  498. BIOS_VERSION: 3401
  499. BIOS_DATE: 01/25/2017
  500. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  501. BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
  502. BASEBOARD_VERSION: Rev 1.xx
  503. DUMP_TYPE: 2
  504. DUMP_FILE_ATTRIBUTES: 0x8
  505. Kernel Generated Triage Dump
  506. BUGCHECK_STR: 0x1a_41792
  507. CPU_COUNT: 4
  508. CPU_MHZ: ed0
  509. CPU_VENDOR: GenuineIntel
  510. CPU_FAMILY: 6
  511. CPU_MODEL: 9e
  512. CPU_STEPPING: 9
  513. CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
  514. CUSTOMER_CRASH_COUNT: 1
  515. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  516.  
  517. PROCESS_NAME: mobsync.exe
  518.  
  519. CURRENT_IRQL: 2
  520. ANALYSIS_SESSION_HOST: USERNAME-PC
  521. ANALYSIS_SESSION_TIME: 07-13-2017 13:34:58.0001
  522. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  523. LAST_CONTROL_TRANSFER: from fffff802a081ec82 to fffff802a07f1fd0
  524. STACK_COMMAND: kb
  525. THREAD_SHA1_HASH_MOD_FUNC: b34de76feae571fa519e22f15eb8906b50278b74
  526. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d7d808c457dfba8ec523ce7071abb5b9e8792ce1
  527. THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
  528. FOLLOWUP_IP:
  529. nt!MiDeleteVirtualAddresses+1334a2
  530. fffff802`a081ec82 cc int 3
  531. FAULT_INSTR_CODE: b70f41cc
  532. SYMBOL_STACK_INDEX: 1
  533. SYMBOL_NAME: nt!MiDeleteVirtualAddresses+1334a2
  534. FOLLOWUP_NAME: MachineOwner
  535. MODULE_NAME: nt
  536. DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
  537. IMAGE_VERSION: 10.0.15063.0
  538.  
  539. IMAGE_NAME: memory_corruption
  540.  
  541. BUCKET_ID_FUNC_OFFSET: 1334a2
  542. FAILURE_BUCKET_ID: 0x1a_41792_nt!MiDeleteVirtualAddresses
  543. BUCKET_ID: 0x1a_41792_nt!MiDeleteVirtualAddresses
  544. PRIMARY_PROBLEM_CLASS: 0x1a_41792_nt!MiDeleteVirtualAddresses
  545. TARGET_TIME: 2017-07-13T16:59:10.000Z
  546. OSBUILD: 15063
  547. OSSERVICEPACK: 0
  548. SERVICEPACK_NUMBER: 0
  549. OS_REVISION: 0
  550. SUITE_MASK: 272
  551. PRODUCT_TYPE: 1
  552. OSPLATFORM_TYPE: x64
  553. OSNAME: Windows 10
  554. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  555. USER_LCID: 0
  556. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  557. BUILDDATESTAMP_STR: 160101.0800
  558. BUILDLAB_STR: WinBuild
  559. BUILDOSVER_STR: 10.0.15063.0
  560. ANALYSIS_SESSION_ELAPSED_TIME: 5b0
  561. ANALYSIS_SOURCE: KM
  562. FAILURE_ID_HASH_STRING: km:0x1a_41792_nt!mideletevirtualaddresses
  563. FAILURE_ID_HASH: {415d883e-e5d4-b664-6ba0-61892eb78682}
  564. Followup: MachineOwner
  565.  
  566. ========================================================================
  567. =================== Dump File: 071417-5078-01.dmp ====================
  568. ========================================================================
  569. Mini Kernel Dump File: Only registers and stack trace are available
  570. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  571. Product: WinNt, suite: TerminalServer SingleUserTS
  572. Kernel base = 0xfffff800`4ec1f000 PsLoadedModuleList = 0xfffff800`4ef6b5a0
  573. Debug session time: Thu Jul 13 12:56:14.618 2017 (UTC - 4:00)
  574. System Uptime: 0 days 0:00:51.260
  575.  
  576. BugCheck 1A, {41201, ffff87bffede24d8, 1452f0025, ffff8909db2ab9c0}
  577. Probably caused by : memory_corruption ( nt!MiGetPageProtection+12ff01 )
  578. Followup: MachineOwner
  579.  
  580. MEMORY_MANAGEMENT (1a)
  581. # Any other values for parameter 1 must be individually examined.
  582.  
  583. Arguments:
  584. Arg1: 0000000000041201, The subtype of the bugcheck.
  585. Arg2: ffff87bffede24d8
  586. Arg3: 00000001452f0025
  587. Arg4: ffff8909db2ab9c0
  588.  
  589. Debugging Details:
  590. DUMP_CLASS: 1
  591. DUMP_QUALIFIER: 400
  592. BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
  593. SYSTEM_MANUFACTURER: System manufacturer
  594. SYSTEM_PRODUCT_NAME: System Product Name
  595. SYSTEM_SKU: SKU
  596. SYSTEM_VERSION: System Version
  597. BIOS_VENDOR: American Megatrends Inc.
  598. BIOS_VERSION: 3401
  599. BIOS_DATE: 01/25/2017
  600. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  601. BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
  602. BASEBOARD_VERSION: Rev 1.xx
  603. DUMP_TYPE: 2
  604. DUMP_FILE_ATTRIBUTES: 0x8
  605. Kernel Generated Triage Dump
  606. BUGCHECK_STR: 0x1a_41201
  607. CPU_COUNT: 4
  608. CPU_MHZ: ed0
  609. CPU_VENDOR: GenuineIntel
  610. CPU_FAMILY: 6
  611. CPU_MODEL: 9e
  612. CPU_STEPPING: 9
  613. CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
  614. CUSTOMER_CRASH_COUNT: 1
  615. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  616.  
  617. PROCESS_NAME: chrome.exe
  618.  
  619. CURRENT_IRQL: 2
  620. ANALYSIS_SESSION_HOST: USERNAME-PC
  621. ANALYSIS_SESSION_TIME: 07-13-2017 13:36:39.0596
  622. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  623. LAST_CONTROL_TRANSFER: from fffff8004edb8621 to fffff8004ed8afd0
  624. STACK_COMMAND: kb
  625. THREAD_SHA1_HASH_MOD_FUNC: daeab5d68ba3ecb3234b5b8938d47aee75235996
  626. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 66411f2c1c75e6ba4c6365f47c618f2cd51d8012
  627. THREAD_SHA1_HASH_MOD: 30a3e915496deaace47137d5b90c3ecc03746bf6
  628. FOLLOWUP_IP:
  629. nt!MiGetPageProtection+12ff01
  630. fffff800`4edb8621 cc int 3
  631. FAULT_INSTR_CODE: a88d49cc
  632. SYMBOL_STACK_INDEX: 1
  633. SYMBOL_NAME: nt!MiGetPageProtection+12ff01
  634. FOLLOWUP_NAME: MachineOwner
  635. MODULE_NAME: nt
  636. DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
  637. IMAGE_VERSION: 10.0.15063.0
  638.  
  639. IMAGE_NAME: memory_corruption
  640.  
  641. BUCKET_ID_FUNC_OFFSET: 12ff01
  642. FAILURE_BUCKET_ID: 0x1a_41201_nt!MiGetPageProtection
  643. BUCKET_ID: 0x1a_41201_nt!MiGetPageProtection
  644. PRIMARY_PROBLEM_CLASS: 0x1a_41201_nt!MiGetPageProtection
  645. TARGET_TIME: 2017-07-13T16:56:14.000Z
  646. OSBUILD: 15063
  647. OSSERVICEPACK: 0
  648. SERVICEPACK_NUMBER: 0
  649. OS_REVISION: 0
  650. SUITE_MASK: 272
  651. PRODUCT_TYPE: 1
  652. OSPLATFORM_TYPE: x64
  653. OSNAME: Windows 10
  654. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  655. USER_LCID: 0
  656. OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
  657. BUILDDATESTAMP_STR: 160101.0800
  658. BUILDLAB_STR: WinBuild
  659. BUILDOSVER_STR: 10.0.15063.0
  660. ANALYSIS_SESSION_ELAPSED_TIME: 5b8
  661. ANALYSIS_SOURCE: KM
  662. FAILURE_ID_HASH_STRING: km:0x1a_41201_nt!migetpageprotection
  663. FAILURE_ID_HASH: {c1fe3b27-3ba8-d99e-656f-85f3d58dc669}
  664. Followup: MachineOwner
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!