Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.19494.1001 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\WINDOWS\Minidump\102219-7593-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- ************* Path validation summary **************
- Response Time (ms) Location
- Deferred srv*
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 18362 MP (12 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Machine Name:
- Kernel base = 0xfffff804`37800000 PsLoadedModuleList = 0xfffff804`37c48210
- Debug session time: Tue Oct 22 20:56:50.041 2019 (UTC - 6:00)
- System Uptime: 0 days 5:41:56.787
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ................................................................
- ..................
- Loading User Symbols
- Loading unloaded module list
- ..........
- For analysis of this file, run !analyze -v
- nt!KeBugCheckEx:
- fffff804`379c1220 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffa0e`931ee4b0=00000000000000be
- 9: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
- An attempt was made to write to readonly memory. The guilty driver is on the
- stack trace (and is typically the current instruction pointer).
- When possible, the guilty driver's name (Unicode string) is printed on
- the bugcheck screen and saved in KiBugCheckDriver.
- Arguments:
- Arg1: ffffe7802b98b208, Virtual address for the attempted write.
- Arg2: 8a00000000200021, PTE contents.
- Arg3: fffffa0e931ee690, (reserved)
- Arg4: 000000000000000a, (reserved)
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- Key : Analysis.CPU.Sec
- Value: 1
- Key : Analysis.DebugAnalysisProvider.CPP
- Value: Create: 8007007e on DESKTOP-1CBU1CD
- Key : Analysis.DebugData
- Value: CreateObject
- Key : Analysis.DebugModel
- Value: CreateObject
- Key : Analysis.Elapsed.Sec
- Value: 1
- Key : Analysis.Memory.CommitPeak.Mb
- Value: 78
- Key : Analysis.System
- Value: CreateObject
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- BUGCHECK_CODE: be
- BUGCHECK_P1: ffffe7802b98b208
- BUGCHECK_P2: 8a00000000200021
- BUGCHECK_P3: fffffa0e931ee690
- BUGCHECK_P4: a
- CUSTOMER_CRASH_COUNT: 1
- PROCESS_NAME: MsMpEng.exe
- TRAP_FRAME: fffffa0e931ee690 -- (.trap 0xfffffa0e931ee690)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffe78000000000 rbx=0000000000000000 rcx=0000000fffffffff
- rdx=ffffeb75badd6000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8043780ef03 rsp=fffffa0e931ee820 rbp=0000000000000040
- r8=cfffffffffffffff r9=0000000000000000 r10=fffff80437c6c480
- r11=ffffeb75badd6fff r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt!MmUnmapViewInSystemCache+0x6a3:
- fffff804`3780ef03 f0480fba6e183f lock bts qword ptr [rsi+18h],3Fh ds:00000000`00000018=????????????????
- Resetting default scope
- STACK_TEXT:
- fffffa0e`931ee4a8 fffff804`37a4edbd : 00000000`000000be ffffe780`2b98b208 8a000000`00200021 fffffa0e`931ee690 : nt!KeBugCheckEx
- fffffa0e`931ee4b0 fffff804`3787301a : 8a000000`00200021 00000000`00000003 fffffa0e`931ee5f0 00000000`00000000 : nt!MiRaisedIrqlFault+0x12e99d
- fffffa0e`931ee4f0 fffff804`379cf320 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x48a
- fffffa0e`931ee690 fffff804`3780ef03 : fffff804`37c6c480 ffffc202`7291d038 ffffc202`7291e038 1a000001`f6b36863 : nt!KiPageFault+0x360
- fffffa0e`931ee820 fffff804`37dd5a7f : ffff858c`560c0000 ffffb10f`575dc2c0 00000000`00000000 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x6a3
- fffffa0e`931ee930 fffff804`3780b672 : 00000000`1a680000 ffffc202`7d042c40 ffffc202`72be0a40 00000000`00000001 : nt!CcUnmapVacb+0x63
- fffffa0e`931ee970 fffff804`3787e95c : 00000000`1a700001 ffffc202`7290aa80 00000000`1a600000 00000000`00000001 : nt!CcUnmapVacbArray+0x202
- fffffa0e`931ee9e0 fffff804`37e1e6e5 : ffffc202`00000000 ffffc202`00000001 fffffa0e`931eeaf0 fffffa0e`931eeb08 : nt!CcGetVirtualAddress+0x39c
- fffffa0e`931eea80 fffff804`3de89778 : fffffa0e`931eeb58 ffffc202`8708b9a8 ffffc202`7d26f180 fffff804`3dbfc47a : nt!CcMapData+0x75
- fffffa0e`931eeaf0 fffff804`3ddbe8c0 : 00000000`00000000 fffff804`3ddb3644 ffffc202`87fc0010 ffffc202`7a1d8020 : Ntfs!NtfsReadMftRecord+0xf8
- fffffa0e`931eec00 fffff804`3dec8a6a : 00000000`00000000 fffffa0e`931ef2c0 ffffc202`8708b9a8 00000000`00000000 : Ntfs!NtfsQueryMftRecord+0x30
- fffffa0e`931eec60 fffff804`3de99f23 : ffffc202`8708b9a8 ffffc202`82c81010 00000000`00000000 00010000`00069c4f : Ntfs!NtfsOpenFcbById+0x122
- fffffa0e`931eed60 fffff804`3de9bcde : ffffc202`8708b9a8 fffffa0e`931ef020 ffffc202`8708b9a8 ffffc202`82c81010 : Ntfs!NtfsCommonCreate+0x1a93
- fffffa0e`931eef50 fffff804`37831f39 : ffffc202`7d26f030 ffffc202`82c81010 ffffc202`7a10e700 ffffc202`7d253090 : Ntfs!NtfsFsdCreate+0x1fe
- fffffa0e`931ef180 fffff804`3c6c55de : ffffc202`82c81010 ffffc202`82c81400 ffffc202`82c81010 ffffc202`88404120 : nt!IofCallDriver+0x59
- fffffa0e`931ef1c0 fffff804`3c6fcd27 : fffffa0e`931ef280 00000000`00000050 00000000`00000001 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15e
- fffffa0e`931ef240 fffff804`37831f39 : 00000000`00000000 ffffc202`81ae6304 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x307
- fffffa0e`931ef2f0 fffff804`37830fe4 : 00000000`00000003 00000000`00000000 00000000`00000000 fffff804`378317a3 : nt!IofCallDriver+0x59
- fffffa0e`931ef330 fffff804`37de5ffb : fffffa0e`931ef601 ffffc202`81ae6304 fffffa0e`931ef5d0 ffffc202`81ae63d0 : nt!IoCallDriverWithTracing+0x34
- fffffa0e`931ef380 fffff804`37ebccc7 : ffffc202`7d061d60 00000000`00000004 ffffc202`85de7a70 00000000`00120001 : nt!IopParseDevice+0x62b
- fffffa0e`931ef4f0 fffff804`37decfcf : fffff804`37ebcc00 fffffa0e`931ef660 ffffc202`8092f520 00000000`000000f5 : nt!IopParseFile+0xc7
- fffffa0e`931ef560 fffff804`37deb431 : ffffc202`85de7a00 fffffa0e`931ef7a8 00000000`00000040 ffffc202`728fdc40 : nt!ObpLookupObjectName+0x78f
- fffffa0e`931ef720 fffff804`37e30300 : ffffc202`00000001 0000009f`cd97f1c8 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x201
- fffffa0e`931ef860 fffff804`37e2fac9 : 0000009f`cd97f1a0 00000000`00100080 0000009f`cd97f1c8 0000009f`cd97f1b8 : nt!IopCreateFile+0x820
- fffffa0e`931ef900 fffff804`379d2b15 : 00000000`00001038 00000000`00000001 00007ffc`a025cb50 fffffa0e`931efa80 : nt!NtCreateFile+0x79
- fffffa0e`931ef990 00007ffc`a025cb64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 0000009f`cd97f138 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`a025cb64
- SYMBOL_NAME: nt!MiRaisedIrqlFault+12e99d
- MODULE_NAME: nt
- IMAGE_VERSION: 10.0.18362.418
- STACK_COMMAND: .thread ; .cxr ; kb
- IMAGE_NAME: memory_corruption
- BUCKET_ID_FUNC_OFFSET: 12e99d
- FAILURE_BUCKET_ID: 0xBE_nt!MiRaisedIrqlFault
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- FAILURE_ID_HASH: {1c5b4d11-09e0-def3-d2d0-70a11d69b92d}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement