Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 00 minutes and 59 seconds
- ================================= CPU ==================================
- COUNT: 8
- MHZ: 4008
- VENDOR: GenuineIntel
- FAMILY: 6
- MODEL: 5e
- STEPPING: 3
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 18362.1.amd64fre.19h1_release.190318-1202
- BUILD_VERSION: 10.0.18362.778 (WinBuild.160101.0800)
- BUILD: 18362
- SERVICEPACK: 778
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- BUILD_TIMESTAMP: 2015-10-23 02:39:54
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.18362.778
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * Additional BIOS information was not included in the dump file(s). This
- can be caused by an outdated BIOS.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ====================== File: $R12LOKB - Copy.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (8 procs) Free x64
- Kernel base = 0xfffff803`7ba00000 PsLoadedModuleList = 0xfffff803`7be48150
- Debug session time: Sun Apr 19 16:06:20.387 2020 (UTC - 4:00)
- System Uptime: 0 days 0:27:48.091
- BugCheck DA, {504, ffffd24080e43d40, 0, 1c87a8}
- *** WARNING: Unable to verify timestamp for EasyAntiCheat.sys
- *** ERROR: Module load completed but symbols could not be loaded for EasyAntiCheat.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_PTE_MISUSE (da)
- A driver has corrupted system PTEs.
- Set HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\TrackPtes
- to a DWORD 3 value and reboot. If the same bugcheck occurs again the stack trace will
- identify the offending driver.
- Arguments:
- Arg1: 0000000000000504, Type of error.
- Arg2: ffffd24080e43d40
- Arg3: 0000000000000000
- Arg4: 00000000001c87a8
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0xDA
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 2
- LAST_CONTROL_TRANSFER: from fffff8037bbf0fb1 to fffff8037bbc2390
- STACK_TEXT:
- ffffcc82`62d8e3f8 fffff803`7bbf0fb1 : 00000000`000000da 00000000`00000504 ffffd240`80e43d40 00000000`00000000 : nt!KeBugCheckEx
- ffffcc82`62d8e400 fffff803`7ba35d94 : ffffd272`c3b11008 fffff803`7bb2d8c6 00000000`00000000 ffffe587`62201010 : nt!MiReplenishBitMap+0x1bb171
- ffffcc82`62d8e570 fffff803`7baba0a7 : 001c9d5e`0001c840 ffffe587`00000001 00000000`00000081 ffffd272`c3b11000 : nt!MiEmptyPteBins+0x124
- ffffcc82`62d8e5d0 fffff803`7bab956c : 00000000`00000001 ffffe587`00000003 ffffcc82`62d8e780 ffffe587`6acbd010 : nt!MiReservePtes+0x447
- ffffcc82`62d8e6a0 fffff803`7bfd7942 : ffffe587`6acbd010 00000000`00080000 00000000`00080000 ffffcc82`62d8e780 : nt!MmMapLockedPagesSpecifyCache+0xcc
- ffffcc82`62d8e700 fffff803`7c30aff4 : 00000000`00080000 00000000`00000000 ffffcc82`62d8e7d0 00000000`00000000 : nt!ExLockUserBuffer+0xfe
- ffffcc82`62d8e750 fffff803`7c1fcb8a : ffffe587`62180010 00000000`00000081 00000000`00081000 00000000`00000000 : nt!ExpGetHandleInformation+0x40
- ffffcc82`62d8e7a0 fffff803`7c0aab8b : ffffe587`6bf47000 fffff803`d5ffb765 ffffe587`6bf47080 00000000`00080010 : nt!ExpQuerySystemInformation+0x151eda
- ffffcc82`62d8e9b0 fffff803`d5fdf679 : ffffcc82`62d8ea78 fffff803`d5feea32 00000000`00080000 00000000`00080010 : nt!NtQuerySystemInformation+0x2b
- ffffcc82`62d8e9f0 ffffcc82`62d8ea78 : fffff803`d5feea32 00000000`00080000 00000000`00080010 00000000`00000010 : EasyAntiCheat+0xf679
- ffffcc82`62d8e9f8 fffff803`d5feea32 : 00000000`00080000 00000000`00080010 00000000`00000010 00000000`000030dc : 0xffffcc82`62d8ea78
- ffffcc82`62d8ea00 00000000`00080000 : 00000000`00080010 00000000`00000010 00000000`000030dc 00000000`00080000 : EasyAntiCheat+0x1ea32
- ffffcc82`62d8ea08 00000000`00080010 : 00000000`00000010 00000000`000030dc 00000000`00080000 fffff803`d5fe8044 : 0x80000
- ffffcc82`62d8ea10 00000000`00000010 : 00000000`000030dc 00000000`00080000 fffff803`d5fe8044 ffffe587`62180010 : 0x80010
- ffffcc82`62d8ea18 00000000`000030dc : 00000000`00080000 fffff803`d5fe8044 ffffe587`62180010 00000000`01000000 : 0x10
- ffffcc82`62d8ea20 00000000`00080000 : fffff803`d5fe8044 ffffe587`62180010 00000000`01000000 00000000`00000000 : 0x30dc
- ffffcc82`62d8ea28 fffff803`d5fe8044 : ffffe587`62180010 00000000`01000000 00000000`00000000 fffff803`7bb11c32 : 0x80000
- ffffcc82`62d8ea30 ffffe587`62180010 : 00000000`01000000 00000000`00000000 fffff803`7bb11c32 00000000`00000001 : EasyAntiCheat+0x18044
- ffffcc82`62d8ea38 00000000`01000000 : 00000000`00000000 fffff803`7bb11c32 00000000`00000001 00000000`000030dc : 0xffffe587`62180010
- ffffcc82`62d8ea40 00000000`00000000 : fffff803`7bb11c32 00000000`00000001 00000000`000030dc 00000000`00000000 : 0x1000000
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8037bab9585-fffff8037bab9586 2 bytes - nt!MmMapLockedPagesSpecifyCache+e5
- [ 80 f6:00 d2 ]
- fffff8037bb2d558-fffff8037bb2d55c 5 bytes - nt!MiProbeAndLockPages+98 (+0x73fd3)
- [ d0 be 7d fb f6:40 9a 34 69 d2 ]
- fffff8037bb2d56a-fffff8037bb2d56e 5 bytes - nt!MiProbeAndLockPages+aa (+0x12)
- [ d7 be 7d fb f6:47 9a 34 69 d2 ]
- fffff8037bb2d975-fffff8037bb2d976 2 bytes - nt!MiProbeAndLockPages+4b5 (+0x40b)
- [ 80 f6:00 d2 ]
- fffff8037bbf1022-fffff8037bbf1023 2 bytes - nt!MiExpandPtes+1ba97a (+0xc36ad)
- [ 80 f6:00 d2 ]
- fffff8037bbf104e-fffff8037bbf104f 2 bytes - nt!MiExpandPtes+1ba9a6 (+0x2c)
- [ 80 f6:00 d2 ]
- 18 errors : !nt (fffff8037bab9585-fffff8037bbf104f)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-04-19T20:06:20.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Oct 03 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- May 04 2018 - ibtusb.sys - Intel(R) Wireless Bluetooth(R) Filter driver (Intel Corporation)
- Oct 22 2018 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- May 14 2019 - sshid.sys - SteelSeries Engine HID driver https://steelseries.com/
- Jun 21 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Jul 02 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Aug 27 2019 - Netwtw04.sys - Intel Wireless Wifi Link driver https://downloadcenter.intel.com/
- Jan 16 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Apr 16 2020 - EasyAntiCheat.sys - EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Tue Oct 3 2017
- Image path: \SystemRoot\System32\drivers\ibtusb.sys
- Image name: ibtusb.sys
- Search : https://www.google.com/search?q=ibtusb.sys
- ADA Info : Intel(R) Wireless Bluetooth(R) Filter driver (Intel Corporation)
- Timestamp : Fri May 4 2018
- Mapped memory image file: C:\ProgramData\dbg\sym\rt640x64.sys\5BCDE005a6000\rt640x64.sys
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Oct 22 2018
- File version: 9.1.409.2015
- Product version: 9.1.409.2015
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: Realtek
- ProductName: Realtek 8125/8136/8168/8169 PCI/PCIe Adapters
- InternalName: rt640x64.sys
- OriginalFilename: rt640x64.sys
- ProductVersion: 9.001.0409.2015
- FileVersion: 9.001.0409.2015
- FileDescription: Realtek 8125/8136/8168/8169 NDIS 6.40 64-bit Driver
- LegalCopyright: Copyright (C) 2018 Realtek Semiconductor Corporation. All Right Reserved.
- Image path: \SystemRoot\System32\drivers\sshid.sys
- Image name: sshid.sys
- Search : https://www.google.com/search?q=sshid.sys
- ADA Info : SteelSeries Engine HID driver https://steelseries.com/
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Fri Jun 21 2019
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Jul 2 2019
- Image path: \SystemRoot\System32\drivers\Netwtw04.sys
- Image name: Netwtw04.sys
- Search : https://www.google.com/search?q=Netwtw04.sys
- ADA Info : Intel Wireless Wifi Link driver https://downloadcenter.intel.com/
- Timestamp : Tue Aug 27 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nvhdc.inf_amd64_89d2f741860f43c6\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Thu Jan 16 2020
- Image path: \??\C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys
- Image name: EasyAntiCheat.sys
- Search : https://www.google.com/search?q=EasyAntiCheat.sys
- ADA Info : EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
- Timestamp : Thu Apr 16 2020
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- BthEnum.sys Bluetooth Bus Extender
- bthpan.sys Bluetooth Personal Area Networking
- bthport.sys Bluetooth Bus driver (Microsoft)
- BTHUSB.sys Bluetooth Miniport driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpstorport.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_stornvme.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- Microsoft.Bluetooth.Legacy.LEEnumerator.sys Microsoft Bluetooth Legacy LE Enumerator driver (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- MpKslDrv.sys Microsoft Anti-malware Protection driver
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- mshidkmdf.sys Pass-through HID to KMDF Filter driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rfcomm.sys Bluetooth RFCOMM driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- stornvme.sys NVM Express Storport Miniport driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- tpm.sys Trusted Platform Module Device driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBSTOR.SYS USB Mass Storage Class driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- wdiwifi.sys WDI Driver Framework driver (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WpdUpFltr.sys Portable Device Upper Class Filter driver (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector driver (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff803`923a0000 fffff803`923af000 dump_storpor
- fffff803`923e0000 fffff803`92408000 dump_stornvm
- fffff803`92430000 fffff803`9244e000 dump_dumpfve
- fffff803`d5da0000 fffff803`d5f0f000 EasyAntiChea
- fffff803`90920000 fffff803`9092f000 dump_storpor
- fffff803`90960000 fffff803`90988000 dump_stornvm
- fffff803`909b0000 fffff803`909ce000 dump_dumpfve
- fffff803`90bd0000 fffff803`90bee000 dam.sys
- fffff803`7d630000 fffff803`7d641000 WdBoot.sys
- fffff803`7e5d0000 fffff803`7e5e1000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #1: Extra #1 ===========================
- 4: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #1: Extra #2 ===========================
- 4: kd> !thread
- THREAD ffffe5876bf47080 Cid 30dc.0ba8 Teb: 000000d7a067b000 Win32Thread: 0000000000000000 RUNNING on processor 4
- Impersonation token: ffffa883bfe57730 (Level Impersonation)
- GetUlongFromAddress: unable to read from fffff8037be2ca14
- Owning Process ffffe5876dde5080 Image: svchost.exe
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 106757
- Context Switch Count 18 IdealProcessor: 0
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ffaf0713ce0
- Stack Init ffffcc8262d8fb90 Current ffffcc8262d8e140
- Base ffffcc8262d90000 Limit ffffcc8262d89000 Call 0000000000000000
- Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffcc82`62d8e3f8 fffff803`7bbf0fb1 : 00000000`000000da 00000000`00000504 ffffd240`80e43d40 00000000`00000000 : nt!KeBugCheckEx
- ffffcc82`62d8e400 fffff803`7ba35d94 : ffffd272`c3b11008 fffff803`7bb2d8c6 00000000`00000000 ffffe587`62201010 : nt!MiReplenishBitMap+0x1bb171
- ffffcc82`62d8e570 fffff803`7baba0a7 : 001c9d5e`0001c840 ffffe587`00000001 00000000`00000081 ffffd272`c3b11000 : nt!MiEmptyPteBins+0x124
- ffffcc82`62d8e5d0 fffff803`7bab956c : 00000000`00000001 ffffe587`00000003 ffffcc82`62d8e780 ffffe587`6acbd010 : nt!MiReservePtes+0x447
- ffffcc82`62d8e6a0 fffff803`7bfd7942 : ffffe587`6acbd010 00000000`00080000 00000000`00080000 ffffcc82`62d8e780 : nt!MmMapLockedPagesSpecifyCache+0xcc
- ffffcc82`62d8e700 fffff803`7c30aff4 : 00000000`00080000 00000000`00000000 ffffcc82`62d8e7d0 00000000`00000000 : nt!ExLockUserBuffer+0xfe
- ffffcc82`62d8e750 fffff803`7c1fcb8a : ffffe587`62180010 00000000`00000081 00000000`00081000 00000000`00000000 : nt!ExpGetHandleInformation+0x40
- ffffcc82`62d8e7a0 fffff803`7c0aab8b : ffffe587`6bf47000 fffff803`d5ffb765 ffffe587`6bf47080 00000000`00080010 : nt!ExpQuerySystemInformation+0x151eda
- ffffcc82`62d8e9b0 fffff803`d5fdf679 : ffffcc82`62d8ea78 fffff803`d5feea32 00000000`00080000 00000000`00080010 : nt!NtQuerySystemInformation+0x2b
- ffffcc82`62d8e9f0 ffffcc82`62d8ea78 : fffff803`d5feea32 00000000`00080000 00000000`00080010 00000000`00000010 : EasyAntiCheat+0xf679
- ffffcc82`62d8e9f8 fffff803`d5feea32 : 00000000`00080000 00000000`00080010 00000000`00000010 00000000`000030dc : 0xffffcc82`62d8ea78
- ffffcc82`62d8ea00 00000000`00080000 : 00000000`00080010 00000000`00000010 00000000`000030dc 00000000`00080000 : EasyAntiCheat+0x1ea32
- ffffcc82`62d8ea08 00000000`00080010 : 00000000`00000010 00000000`000030dc 00000000`00080000 fffff803`d5fe8044 : 0x80000
- ffffcc82`62d8ea10 00000000`00000010 : 00000000`000030dc 00000000`00080000 fffff803`d5fe8044 ffffe587`62180010 : 0x80010
- ffffcc82`62d8ea18 00000000`000030dc : 00000000`00080000 fffff803`d5fe8044 ffffe587`62180010 00000000`01000000 : 0x10
- ffffcc82`62d8ea20 00000000`00080000 : fffff803`d5fe8044 ffffe587`62180010 00000000`01000000 00000000`00000000 : 0x30dc
- ffffcc82`62d8ea28 fffff803`d5fe8044 : ffffe587`62180010 00000000`01000000 00000000`00000000 fffff803`7bb11c32 : 0x80000
- ffffcc82`62d8ea30 ffffe587`62180010 : 00000000`01000000 00000000`00000000 fffff803`7bb11c32 00000000`00000001 : EasyAntiCheat+0x18044
- ffffcc82`62d8ea38 00000000`01000000 : 00000000`00000000 fffff803`7bb11c32 00000000`00000001 00000000`000030dc : 0xffffe587`62180010
- ffffcc82`62d8ea40 00000000`00000000 : fffff803`7bb11c32 00000000`00000001 00000000`000030dc 00000000`00000000 : 0x1000000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement