API tools faq
paste
Advertisement
Guest User

ERAM BSOD Analysis

a guest
Nov 16th, 2018
238
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.59 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Microsoft (R) Windows Debugger Version 10.0.17763.1 AMD64
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5. Opened \\.\pipe\win_pipe
  6. Waiting to reconnect...
  7. Connected to Windows 7 7601 x64 target at (Fri Nov 16 21:59:03.351 2018 (UTC - 5:00)), ptr64 TRUE
  8. Kernel Debugger connection established.
  9. Symbol search path is: srv*
  10. Executable search path is:
  11. Windows 7 Kernel Version 7601 MP (1 procs) Free x64
  12. Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
  13. Machine Name:
  14. Kernel base = 0xfffff800`02602000 PsLoadedModuleList = 0xfffff800`0283bc90
  15. System Uptime: not available
  16.  
  17. *** Fatal System Error: 0x0000007e
  18. (0xFFFFFFFFC0000005,0xFFFFF88001425E3A,0xFFFFF880009AE208,0xFFFFF880009ADA70)
  19.  
  20. Break instruction exception - code 80000003 (first chance)
  21.  
  22. A fatal system error has occurred.
  23. Debugger entered on first try; Bugcheck callbacks have not been invoked.
  24.  
  25. A fatal system error has occurred.
  26.  
  27. Connected to Windows 7 7601 x64 target at (Fri Nov 16 21:59:16.504 2018 (UTC - 5:00)), ptr64 TRUE
  28. Loading Kernel Symbols
  29. ..............................................
  30. Loading User Symbols
  31.  
  32. ERROR: FindPlugIns 8007007b
  33. ERROR: Some plugins may not be available [8007007b]
  34. *******************************************************************************
  35. * *
  36. * Bugcheck Analysis *
  37. * *
  38. *******************************************************************************
  39.  
  40. Use !analyze -v to get detailed debugging information.
  41.  
  42. BugCheck 7E, {ffffffffc0000005, fffff88001425e3a, fffff880009ae208, fffff880009ada70}
  43.  
  44. Probably caused by : eram.sys ( eram!EramMakeFAT+53a )
  45.  
  46. Followup: MachineOwner
  47. ---------
  48.  
  49. nt!DbgBreakPointWithStatus:
  50. fffff800`0269c200 cc int 3
  51. kd> !analyze -v
  52. ERROR: FindPlugIns 8007007b
  53. ERROR: Some plugins may not be available [8007007b]
  54. *******************************************************************************
  55. * *
  56. * Bugcheck Analysis *
  57. * *
  58. *******************************************************************************
  59.  
  60. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
  61. This is a very common bugcheck. Usually the exception address pinpoints
  62. the driver/function that caused the problem. Always note this address
  63. as well as the link date of the driver/image that contains this address.
  64. Arguments:
  65. Arg1: ffffffffc0000005, The exception code that was not handled
  66. Arg2: fffff88001425e3a, The address that the exception occurred at
  67. Arg3: fffff880009ae208, Exception Record Address
  68. Arg4: fffff880009ada70, Context Record Address
  69.  
  70. Debugging Details:
  71. ------------------
  72.  
  73.  
  74. KEY_VALUES_STRING: 1
  75.  
  76.  
  77. STACKHASH_ANALYSIS: 1
  78.  
  79. TIMELINE_ANALYSIS: 1
  80.  
  81.  
  82. DUMP_CLASS: 1
  83.  
  84. DUMP_QUALIFIER: 0
  85.  
  86. BUILD_VERSION_STRING: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
  87.  
  88. DUMP_TYPE: 0
  89.  
  90. BUGCHECK_P1: ffffffffc0000005
  91.  
  92. BUGCHECK_P2: fffff88001425e3a
  93.  
  94. BUGCHECK_P3: fffff880009ae208
  95.  
  96. BUGCHECK_P4: fffff880009ada70
  97.  
  98. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  99.  
  100. FAULTING_IP:
  101. eram!EramMakeFAT+53a [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 3017]
  102. fffff880`01425e3a 8908 mov dword ptr [rax],ecx
  103.  
  104. EXCEPTION_RECORD: fffff880009ae208 -- (.exr 0xfffff880009ae208)
  105. ExceptionAddress: fffff88001425e3a (eram!EramMakeFAT+0x000000000000053a)
  106. ExceptionCode: c0000005 (Access violation)
  107. ExceptionFlags: 00000000
  108. NumberParameters: 2
  109. Parameter[0]: 0000000000000001
  110. Parameter[1]: 0000000000400200
  111. Attempt to write to address 0000000000400200
  112.  
  113. CONTEXT: fffff880009ada70 -- (.cxr 0xfffff880009ada70)
  114. rax=0000000000400200 rbx=fffffa8001f2ca80 rcx=00000000fffffff8
  115. rdx=0000000000000006 rsi=fffff8a000270c33 rdi=fffff8a00040003e
  116. rip=fffff88001425e3a rsp=fffff880009ae440 rbp=0000000000000000
  117. r8=000000000001000e r9=0000000000000290 r10=0000000000000010
  118. r11=000000000000000b r12=fffffa8001ef5080 r13=0000000000000008
  119. r14=fffff8800141b000 r15=fffff8000081e8f0
  120. iopl=0 nv up ei ng nz na pe nc
  121. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
  122. eram!EramMakeFAT+0x53a:
  123. fffff880`01425e3a 8908 mov dword ptr [rax],ecx ds:002b:00000000`00400200=????????
  124. Resetting default scope
  125.  
  126. CPU_COUNT: 1
  127.  
  128. CPU_MHZ: a98
  129.  
  130. CPU_VENDOR: GenuineIntel
  131.  
  132. CPU_FAMILY: 6
  133.  
  134. CPU_MODEL: 5e
  135.  
  136. CPU_STEPPING: 3
  137.  
  138. DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
  139.  
  140. PROCESS_NAME: System
  141.  
  142. CURRENT_IRQL: 2
  143.  
  144. FOLLOWUP_IP:
  145. eram!EramMakeFAT+53a [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 3017]
  146. fffff880`01425e3a 8908 mov dword ptr [rax],ecx
  147.  
  148. BUGCHECK_STR: 0x7E
  149.  
  150. WRITE_ADDRESS: 0000000000400200
  151.  
  152. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  153.  
  154. EXCEPTION_CODE_STR: c0000005
  155.  
  156. EXCEPTION_PARAMETER1: 0000000000000001
  157.  
  158. EXCEPTION_PARAMETER2: 0000000000400200
  159.  
  160. ANALYSIS_SESSION_HOST: BRYAN-PC
  161.  
  162. ANALYSIS_SESSION_TIME: 11-16-2018 21:59:46.0995
  163.  
  164. ANALYSIS_VERSION: 10.0.17763.1 amd64fre
  165.  
  166. LAST_CONTROL_TRANSFER: from fffff8800142542c to fffff88001425e3a
  167.  
  168. STACK_TEXT:
  169. fffff880`009ae440 fffff880`0142542c : fffffa80`01f2c880 fffff8a0`00270c00 00000000`00000001 fffff800`026a7010 : eram!EramMakeFAT+0x53a [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 3017]
  170. fffff880`009ae4d0 fffff880`01424df2 : fffffa80`01f2c880 fffff8a0`00270c00 00000000`00000001 fffff800`026a7010 : eram!EramFormat+0x5c [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 2733]
  171. fffff880`009ae500 fffff880`014236b7 : fffffa80`01f2c880 fffff8a0`00270c00 fffff8a0`00270c00 fffff880`3d090000 : eram!EramFormatFat+0x42 [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 2508]
  172. fffff880`009ae530 fffff880`014231aa : fffffa80`01f2ca80 fffff8a0`00270c00 fffff880`009ae690 00000000`00000000 : eram!EramInitDisk+0x3d7 [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 1730]
  173. fffff880`009ae670 fffff800`02b88c78 : fffffa80`01f2ca80 fffff800`0081e8f0 fffffa80`01f2cbd0 fffffa80`01f2ca80 : eram!DriverEntry+0x19a [c:\users\olof.olofdom\source\eram-master\src\eramnt.c @ 1594]
  174. fffff880`009ae6e0 fffff800`02b88dce : fffff800`06c2cad0 fffff880`01427ba8 00000000`00000000 00000000`001c001a : nt!IopInitializeBuiltinDriver+0x368
  175. fffff880`009ae7b0 fffff800`02b8976a : fffff8a0`001e6eb0 00000000`00000045 fffff8a0`0026dab0 00000000`00000000 : nt!PnpInitializeBootStartDriver+0xbe
  176. fffff880`009ae830 fffff800`02b8a23f : fffff8a0`0026bfd0 fffff800`008128d0 00000000`00000003 ffffffff`800000c0 : nt!IopInitializeBootDrivers+0x44a
  177. fffff880`009ae900 fffff800`02b8d443 : 00000000`00000007 00000000`00000010 ffffffff`8000002c fffff800`0081e1c0 : nt!IoInitSystem+0x80f
  178. fffff880`009aea00 fffff800`02af1069 : 00000000`00000000 fffff8a0`00004040 00000000`00000080 00000000`00000001 : nt!Phase1InitializationDiscard+0x1293
  179. fffff880`009aebd0 fffff800`02943d10 : fffff8a0`00004040 00000000`00000080 00000000`00000001 fffff800`0269b999 : nt!Phase1Initialization+0x9
  180. fffff880`009aec00 fffff800`0269b9a6 : fffff800`027e6180 fffffa80`018f4b50 fffff800`027f61c0 fffff800`008128d0 : nt!PspSystemThreadStartup+0x194
  181. fffff880`009aec40 00000000`00000000 : fffff880`009af000 fffff880`009a9000 fffff880`009ae540 00000000`00000000 : nt!KiStartSystemThread+0x16
  182.  
  183.  
  184. THREAD_SHA1_HASH_MOD_FUNC: cdc4cd2b5849bfaf514d6f379e106fd8b557dd61
  185.  
  186. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c70994e3b9b40c24db617f6703c3b68c1b44e376
  187.  
  188. THREAD_SHA1_HASH_MOD: 49e65b0fc88baa6f0238449314a8bb5797234e32
  189.  
  190. FAULT_INSTR_CODE: 8b480889
  191.  
  192. FAULTING_SOURCE_LINE: c:\users\olof.olofdom\source\eram-master\src\eramnt.c
  193.  
  194. FAULTING_SOURCE_FILE: c:\users\olof.olofdom\source\eram-master\src\eramnt.c
  195.  
  196. FAULTING_SOURCE_LINE_NUMBER: 3017
  197.  
  198. FAULTING_SOURCE_CODE:
  199. 3013: }
  200. 3014: }
  201. 3015: /* Write the FAT sector */
  202. 3016: pdwFatSector = (PDWORD)((ULONG)pBootFat16 + pBootFat16->BPB.wNumResvSector * SECTOR);
  203. > 3017: pdwFatSector[0] = 0xffffff00 + pFatId->BPB.byMediaId;
  204. 3018: if (pEramExt->FAT_size == PARTITION_FAT_12) /* FAT12 */
  205. 3019: {
  206. 3020: if (pEramExt->uOptflag.Bits.MakeTempDir != 0) /* TEMP creation */
  207. 3021: {
  208. 3022: /* Make cluster 2 in use (total 36bits) */
  209.  
  210.  
  211. SYMBOL_STACK_INDEX: 0
  212.  
  213. SYMBOL_NAME: eram!EramMakeFAT+53a
  214.  
  215. FOLLOWUP_NAME: MachineOwner
  216.  
  217. MODULE_NAME: eram
  218.  
  219. IMAGE_NAME: eram.sys
  220.  
  221. DEBUG_FLR_IMAGE_TIMESTAMP: 5bef109f
  222.  
  223. IMAGE_VERSION: 2.23.0.0
  224.  
  225. STACK_COMMAND: .cxr 0xfffff880009ada70 ; kb
  226.  
  227. FAILURE_BUCKET_ID: X64_0x7E_eram!EramMakeFAT+53a
  228.  
  229. BUCKET_ID: X64_0x7E_eram!EramMakeFAT+53a
  230.  
  231. PRIMARY_PROBLEM_CLASS: X64_0x7E_eram!EramMakeFAT+53a
  232.  
  233. TARGET_TIME: 2018-11-17T02:59:14.000Z
  234.  
  235. OSBUILD: 7601
  236.  
  237. OSSERVICEPACK: 1000
  238.  
  239. SERVICEPACK_NUMBER: 0
  240.  
  241. OS_REVISION: 0
  242.  
  243. SUITE_MASK: 784
  244.  
  245. PRODUCT_TYPE: 1
  246.  
  247. OSPLATFORM_TYPE: x64
  248.  
  249. OSNAME: Windows 7
  250.  
  251. OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS Personal
  252.  
  253. OS_LOCALE:
  254.  
  255. USER_LCID: 0
  256.  
  257. OSBUILD_TIMESTAMP: 2018-11-10 19:44:59
  258.  
  259. BUILDDATESTAMP_STR: 181110-1429
  260.  
  261. BUILDLAB_STR: win7sp1_ldr_escrow
  262.  
  263. BUILDOSVER_STR: 6.1.7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
  264.  
  265. ANALYSIS_SESSION_ELAPSED_TIME: 904
  266.  
  267. ANALYSIS_SOURCE: KM
  268.  
  269. FAILURE_ID_HASH_STRING: km:x64_0x7e_eram!erammakefat+53a
  270.  
  271. FAILURE_ID_HASH: {a4522e8a-3dac-9324-8732-3a107e16e2fb}
  272.  
  273. Followup: MachineOwner
  274. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!