Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 02 minutes and 07 seconds
- ================================ SYSTEM ================================
- MANUFACTURER: Micro-Star International Co., Ltd.
- PRODUCT_NAME: MS-7A38
- VERSION: 2.0
- ================================= BIOS =================================
- VENDOR: American Megatrends Inc.
- VERSION: A.JQ
- DATE: 11/29/2019
- ============================= MOTHERBOARD ==============================
- MANUFACTURER: Micro-Star International Co., Ltd
- PRODUCT: B350M PRO-VDH (MS-7A38)
- VERSION: 2.0
- ================================= RAM ==================================
- Size Speed Manufacturer Part No.
- -------------- -------------- ------------------- ----------------------
- 2400MHz Unknown Unknown
- 8192MB 2400MHz Unknown CMV8GX4M1A2400C16
- 2400MHz Unknown Unknown
- 2400MHz Unknown Unknown
- ================================= CPU ==================================
- Processor Version: AMD Ryzen 3 1300X Quad-Core Processor
- COUNT: 4
- MHZ: 3500
- VENDOR: AuthenticAMD
- FAMILY: 17
- MODEL: 1
- STEPPING: 1
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS
- BUILD_VERSION: 10.0.19041.264 (WinBuild.160101.0800)
- BUILD: 19041
- SERVICEPACK: 264
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.19041.264
- Built by: 19041.1.amd64fre.vb_release.191206-1406
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * If the user updates the BIOS between dump files, two or more versions
- and dates may be shown above.
- * More RAM information can be found below in a full BIOS section.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ======================= File: 072320-9671-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff804`09c00000 PsLoadedModuleList = 0xfffff804`0a82a250
- Debug session time: Thu Jul 23 09:50:53.146 2020 (UTC - 4:00)
- System Uptime: 0 days 0:02:45.823
- BugCheck 1A, {41792, ffffb0bffa7e53c0, 10000000000000, 0}
- Probably caused by : memory_corruption ( ONE_BIT )
- Followup: MachineOwner
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
- the PTE. Parameters 3/4 contain the low/high parts of the PTE.
- Arg2: ffffb0bffa7e53c0
- Arg3: 0010000000000000
- Arg4: 0000000000000000
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- MEMORY_CORRUPTOR: ONE_BIT
- BUGCHECK_STR: 0x1a_41792
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 2
- STACK_TEXT:
- ffff8489`117e6e48 fffff804`0a05418e : 00000000`0000001a 00000000`00041792 ffffb0bf`fa7e53c0 00100000`00000000 : nt!KeBugCheckEx
- ffff8489`117e6e50 fffff804`09e119d1 : 00000000`00000003 ffffb0bf`fa7e5000 ffff8489`117e7320 00000000`00000003 : nt!MiDeleteVa+0x191e6e
- ffff8489`117e6f40 fffff804`09e11cf0 : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x301
- ffff8489`117e6fd0 fffff804`09e11cf0 : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000010 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e7060 fffff804`09e11cf0 : ffff8489`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000020 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e70f0 fffff804`09e0e5fb : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000030 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e7180 fffff804`09ec22d1 : ffff8489`117e7320 ffffb305`00000000 ffffb0be`00000002 ffff8489`00000000 : nt!MiWalkPageTables+0x36b
- ffff8489`117e7280 fffff804`09ea787f : 00000000`00000000 00000000`00000060 ffffb305`b05cb980 00000000`00000000 : nt!MiDeletePagablePteRange+0x491
- ffff8489`117e7700 fffff804`0a1ea999 : ffffb305`b05cb240 00000000`00000000 ffffb305`00000000 ffffb305`00000001 : nt!MiDeleteVad+0x41f
- ffff8489`117e7830 fffff804`0a266a00 : ffffb305`ac6370a0 ffffb305`b0224d60 ffffb305`b0524080 00000000`00000000 : nt!MiUnmapVad+0x49
- ffff8489`117e7860 fffff804`0a2678b3 : ffffb305`a7ab7e10 ffffb305`a7ab7e10 ffffb305`ac6370a0 ffffb305`b05cb240 : nt!MiCleanVad+0x30
- ffff8489`117e7890 fffff804`0a2b9e87 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffffb305`b05cb240 : nt!MmCleanProcessAddressSpace+0x137
- ffff8489`117e7910 fffff804`0a1e8c32 : ffffb305`b05cb240 ffff9e0a`a0f4a730 00000000`00000000 00000000`00000000 : nt!PspRundownSingleProcess+0x13b
- ffff8489`117e7990 fffff804`0a24e29e : ffffb305`00000000 00000000`00000001 00000000`00000000 00000001`5b00d000 : nt!PspExitThread+0x5f6
- ffff8489`117e7a90 fffff804`09fef378 : ffffb305`b05cb240 ffffb305`b0524080 ffff8489`117e7b80 ffffb305`ad57eae0 : nt!NtTerminateProcess+0xde
- ffff8489`117e7b00 00007ff9`3760b314 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- 00000001`5af5fd78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`3760b314
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 28819333630b094e437e8f4b5f5cbb772be47b43
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 94238bd61675a831ebf837a98bf71113a8b4fa41
- THREAD_SHA1_HASH_MOD: 9eef8c7ca0ce66f8b8b34848179f303828cff762
- SYMBOL_NAME: ONE_BIT
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware
- IMAGE_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
- BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BIT
- TARGET_TIME: 2020-07-23T13:50:53.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_one_bit
- FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
- Followup: MachineOwner
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Nov 18 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 06 2020 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Apr 10 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Nov 18 2019
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Fri Mar 6 2020
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Fri Apr 10 2020
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storport.sys Provides disk access during crash dump file generation (Microsoft)
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kdcom.dll Kernel Debugger HW Extension DLL (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate.dll Media Center Update (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WpdUpFltr.sys Portable Device Upper Class Filter driver (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector driver (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff804`076a0000 fffff804`076af000 dump_storpor
- fffff804`076f0000 fffff804`07723000 dump_storahc
- fffff804`07750000 fffff804`0776e000 dump_dumpfve
- fffff804`187e0000 fffff804`187ef000 dump_storpor
- fffff804`17e40000 fffff804`17e73000 dump_storahc
- fffff804`17ea0000 fffff804`17ebe000 dump_dumpfve
- fffff804`178a0000 fffff804`178af000 dump_storpor
- fffff804`178f0000 fffff804`17923000 dump_storahc
- fffff804`17950000 fffff804`1796e000 dump_dumpfve
- fffff804`17d20000 fffff804`17d3c000 dam.sys
- fffff804`0dc00000 fffff804`0dc11000 WdBoot.sys
- fffff804`0ec90000 fffff804`0eca0000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #1: Extra #1 ===========================
- 2: kd> !verifier
- fffff8040a82a660: Unable to get verifier list.
- ========================== Dump #1: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffb305b0524080 Cid 0f58.0f5c Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8040a81143c
- Owning Process ffffb305b05cb240 Image: svchost.exe
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 10612
- Context Switch Count 108 IdealProcessor: 1
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff78d4e4e80
- Stack Init ffff8489117e7c90 Current ffff8489117e7340
- Base ffff8489117e8000 Limit ffff8489117e2000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffff8489`117e6e48 fffff804`0a05418e : 00000000`0000001a 00000000`00041792 ffffb0bf`fa7e53c0 00100000`00000000 : nt!KeBugCheckEx
- ffff8489`117e6e50 fffff804`09e119d1 : 00000000`00000003 ffffb0bf`fa7e5000 ffff8489`117e7320 00000000`00000003 : nt!MiDeleteVa+0x191e6e
- ffff8489`117e6f40 fffff804`09e11cf0 : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x301
- ffff8489`117e6fd0 fffff804`09e11cf0 : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000010 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e7060 fffff804`09e11cf0 : ffff8489`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000020 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e70f0 fffff804`09e0e5fb : 00000000`00000000 ffffb305`b05cb8c0 00000000`00000000 00000000`00000030 : nt!MiWalkPageTablesRecursively+0x620
- ffff8489`117e7180 fffff804`09ec22d1 : ffff8489`117e7320 ffffb305`00000000 ffffb0be`00000002 ffff8489`00000000 : nt!MiWalkPageTables+0x36b
- ffff8489`117e7280 fffff804`09ea787f : 00000000`00000000 00000000`00000060 ffffb305`b05cb980 00000000`00000000 : nt!MiDeletePagablePteRange+0x491
- ffff8489`117e7700 fffff804`0a1ea999 : ffffb305`b05cb240 00000000`00000000 ffffb305`00000000 ffffb305`00000001 : nt!MiDeleteVad+0x41f
- ffff8489`117e7830 fffff804`0a266a00 : ffffb305`ac6370a0 ffffb305`b0224d60 ffffb305`b0524080 00000000`00000000 : nt!MiUnmapVad+0x49
- ffff8489`117e7860 fffff804`0a2678b3 : ffffb305`a7ab7e10 ffffb305`a7ab7e10 ffffb305`ac6370a0 ffffb305`b05cb240 : nt!MiCleanVad+0x30
- ffff8489`117e7890 fffff804`0a2b9e87 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffffb305`b05cb240 : nt!MmCleanProcessAddressSpace+0x137
- ffff8489`117e7910 fffff804`0a1e8c32 : ffffb305`b05cb240 ffff9e0a`a0f4a730 00000000`00000000 00000000`00000000 : nt!PspRundownSingleProcess+0x13b
- ffff8489`117e7990 fffff804`0a24e29e : ffffb305`00000000 00000000`00000001 00000000`00000000 00000001`5b00d000 : nt!PspExitThread+0x5f6
- ffff8489`117e7a90 fffff804`09fef378 : ffffb305`b05cb240 ffffb305`b0524080 ffff8489`117e7b80 ffffb305`ad57eae0 : nt!NtTerminateProcess+0xde
- ffff8489`117e7b00 00007ff9`3760b314 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffff8489`117e7b00)
- 00000001`5af5fd78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`3760b314
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- ======================= File: 072320-9265-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff800`54600000 PsLoadedModuleList = 0xfffff800`5522a250
- Debug session time: Thu Jul 23 09:47:39.936 2020 (UTC - 4:00)
- System Uptime: 0 days 0:01:24.613
- BugCheck 3B, {c0000094, fffff5adbcb8e88d, ffff8b8a29aada50, 0}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000094, Exception code that caused the bugcheck
- Arg2: fffff5adbcb8e88d, Address of the instruction which caused the bugcheck
- Arg3: ffff8b8a29aada50, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000094 - {EXCEPTION} Integer division by zero.
- FAULTING_IP:
- win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+219
- fffff5ad`bcb8e88d 48f7b1f0010000 div rax,qword ptr [rcx+1F0h]
- CONTEXT: ffff8b8a29aada50 -- (.cxr 0xffff8b8a29aada50)
- rax=0000000000000000 rbx=fffff5ce85fe0390 rcx=fffff5ce80609620
- rdx=0000000000000000 rsi=0000000000000000 rdi=fffff5ce80609620
- rip=fffff5adbcb8e88d rsp=ffff8b8a29aae450 rbp=ffff8b8a29aae610
- r8=0000000000000008 r9=7ffff5adbdc6b338 r10=0000000000000000
- r11=ffffc07a96200000 r12=fffff5ce85fb8bb0 r13=0000000000000001
- r14=0000000000000010 r15=ffff8b8a29aae7f8
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
- win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x219:
- fffff5ad`bcb8e88d 48f7b1f0010000 div rax,qword ptr [rcx+1F0h] ds:002b:fffff5ce`80609810=0000000000000000
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: SearchApp.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff5adbcb7d0f8 to fffff5adbcb8e88d
- STACK_TEXT:
- ffff8b8a`29aae450 fffff5ad`bcb7d0f8 : fffff5ce`80609620 00100000`00000000 fffff5ce`80608ec0 ffffc07a`96200000 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x219
- ffff8b8a`29aae480 fffff5ad`bcb7d056 : ffff8b8a`29aae610 fffff5ce`80608ec0 ffff9501`bbc68c90 00000000`0000006b : win32kbase!DirectComposition::CSystemChannel::ReleaseSystemResource+0x34
- ffff8b8a`29aae4b0 fffff5ad`bcb7aabd : ffff9501`bd025cf8 00000000`00000000 00000000`00000060 00000000`00000000 : win32kbase!DirectComposition::CConnection::ReleaseSystemResource+0x4a
- ffff8b8a`29aae4e0 fffff5ad`bcbbe84d : fffff5ce`80200340 fffff5ce`80201880 fffff5ce`80201ac0 00000000`00000060 : win32kbase!DirectComposition::CSharedSystemResource::Delete+0x2d
- ffff8b8a`29aae510 fffff5ad`bc8110d0 : 00000000`c000001c fffff5ce`80602080 00000000`756d4344 ffff8b8a`29aae7f8 : win32kbase!W32CalloutDispatch+0x5fd
- ffff8b8a`29aae720 fffff800`54c613a9 : ffff8b8a`29aae7f8 00000000`00000015 fffff800`5521de80 ffff8b8a`29aae940 : win32k!W32CalloutDispatchThunk+0x30
- ffff8b8a`29aae760 fffff800`54c6172d : 00000000`00000015 ffff8b8a`29aae7e0 00000000`00000000 ffffc07a`96200000 : nt!ExCallCallBack+0x3d
- ffff8b8a`29aae790 fffff800`54d03326 : ffff9501`bd025cb0 ffff8b8a`29aae7e0 00000000`00000000 00000000`00000000 : nt!PsInvokeWin32Callout+0xbd
- ffff8b8a`29aae7c0 fffff800`54c0c2f0 : ffff9501`00000001 ffff9501`bd025ce0 00000000`00000024 fffff5ad`bcb8e2ca : nt!ExpWin32DeleteProcedure+0x76
- ffff8b8a`29aae7f0 fffff800`54824e97 : 00000000`00000000 00000000`00000000 fffff5ce`85fb8bb0 ffff9501`bd025ce0 : nt!ObpRemoveObjectRoutine+0x80
- ffff8b8a`29aae850 fffff800`5480198e : fffff5ce`80768330 00000000`00000000 fffff5ad`bcc009c0 ffffc07a`96200000 : nt!ObfDereferenceObjectWithTag+0xc7
- ffff8b8a`29aae890 fffff5ad`bcc009ec : fffff5ce`841d0020 ffff8b8a`29aae9b1 ffff8b8a`29aae9b1 ffff8b8a`29aae940 : nt!HalPutDmaAdapter+0xe
- ffff8b8a`29aae8c0 fffff5ad`bcb8e78f : fffff5ce`80768330 fffff5ad`bcc01011 00000000`00000000 00000000`00000000 : win32kbase!DirectComposition::CSharedInteractionMarshaler::ReleaseAllReferences+0x2c
- ffff8b8a`29aae8f0 fffff5ad`bcb8e62a : 00000000`00000000 fffff5ad`bcc00fc4 fffff5ce`841d0008 ffff8b8a`29aaea39 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x11b
- ffff8b8a`29aae920 fffff5ad`bcb8cfd5 : fffff5ce`85fb8bb0 ffff8b8a`29aaeb80 fffff5ce`841d0008 fffff800`54822a59 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x82
- ffff8b8a`29aae960 fffff5ad`bcb8c971 : fffff5ce`85fb8bb0 00000000`00000000 00000000`00000000 ffff9501`bd806e01 : win32kbase!DirectComposition::CApplicationChannel::ProcessCommandBufferIterator+0x5a5
- ffff8b8a`29aaea20 fffff5ad`bc81edfd : 00000000`00000000 0000020a`00000018 000000bf`c953e494 000000bf`c953e4e0 : win32kbase!NtDCompositionProcessChannelBatchBuffer+0x1a1
- ffff8b8a`29aaeac0 fffff800`549ef378 : ffff9501`bd87a000 ffff9501`bb5a1080 ffff8b8a`29aaeb80 ffff9501`00000000 : win32k!NtDCompositionProcessChannelBatchBuffer+0x15
- ffff8b8a`29aaeb00 00007ffb`19f83724 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- 000000bf`c953e408 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`19f83724
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k
- fffff5adbc8110cb-fffff5adbc8110d0 6 bytes - win32k!W32CalloutDispatchThunk+2b
- [ ff 15 8f 38 07 00:e8 d0 91 09 00 90 ]
- fffff5adbc81111f-fffff5adbc811124 6 bytes - win32k!W32CalloutDispatchThunk+7f (+0x54)
- [ ff 15 3b 38 07 00:e8 7c 91 09 00 90 ]
- fffff5adbc81113a-fffff5adbc81113f 6 bytes - win32k!W32CalloutDispatchThunk+9a (+0x1b)
- [ ff 15 20 38 07 00:e8 61 91 09 00 90 ]
- fffff5adbc811150-fffff5adbc811151 2 bytes - win32k!W32CalloutDispatchThunk+b0 (+0x16)
- [ 48 ff:4c 8b ]
- fffff5adbc811157-fffff5adbc81115a 4 bytes - win32k!W32CalloutDispatchThunk+b7 (+0x07)
- [ 0f 1f 44 00:e8 c4 92 09 ]
- fffff5adbc811177-fffff5adbc81117c 6 bytes - win32k!W32CalloutDispatchThunk+d7 (+0x20)
- [ ff 15 e3 37 07 00:e8 24 91 09 00 90 ]
- fffff5adbc811198-fffff5adbc811199 2 bytes - win32k!W32CalloutDispatchThunk+f8 (+0x21)
- [ 48 ff:4c 8b ]
- fffff5adbc81119f - win32k!W32CalloutDispatchThunk+ff (+0x07)
- [ 0f:e8 ]
- fffff5adbc8154b9 - win32k!NtUserDispatchMessage+15 (+0x431a)
- [ 00:90 ]
- fffff5adbc8154d8-fffff5adbc8154dd 6 bytes - win32k!NtUserDoSoundConnect+10 (+0x1f)
- [ ff 15 82 f4 06 00:e8 c3 4d 09 00 90 ]
- fffff5adbc815504-fffff5adbc815509 6 bytes - win32k!NtUserDoSoundDisconnect+10 (+0x2c)
- [ ff 15 56 f4 06 00:e8 97 4d 09 00 90 ]
- fffff5adbc815530-fffff5adbc815535 6 bytes - win32k!NtUserDragDetect+10 (+0x2c)
- [ ff 15 2a f4 06 00:e8 6b 4d 09 00 90 ]
- fffff5adbc81555e-fffff5adbc815563 6 bytes - win32k!NtUserDragObject+1a (+0x2e)
- [ ff 15 fc f3 06 00:e8 3d 4d 09 00 90 ]
- fffff5adbc815580-fffff5adbc815585 6 bytes - win32k!NtUserDrawAnimatedRects+10 (+0x22)
- [ ff 15 da f3 06 00:e8 1b 4d 09 00 90 ]
- fffff5adbc8155a4-fffff5adbc8155a9 6 bytes - win32k!NtUserDrawCaption+10 (+0x24)
- [ ff 15 b6 f3 06 00:e8 f7 4c 09 00 90 ]
- 70 errors : !win32k (fffff5adbc8110cb-fffff5adbc8155a9)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffff8b8a29aada50 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-07-23T13:47:39.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Nov 18 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 06 2020 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Apr 10 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Nov 18 2019
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Fri Mar 6 2020
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Fri Apr 10 2020
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WpdUpFltr.sys Portable Device Upper Class Filter driver (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector driver (Microsoft)
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff800`61d90000 fffff800`61d9f000 dump_storpor
- fffff800`61400000 fffff800`61433000 dump_storahc
- fffff800`61460000 fffff800`6147e000 dump_dumpfve
- fffff800`61e30000 fffff800`61e4c000 dam.sys
- fffff800`58000000 fffff800`58011000 WdBoot.sys
- fffff800`59090000 fffff800`590a0000 hwpolicy.sys
- ====================== Dump #2: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #2: Extra #1 ===========================
- 3: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #2: Extra #2 ===========================
- 3: kd> !thread
- THREAD ffff9501bd87a080 Cid 17b8.1c60 Teb: 000000bfc4c74000 Win32Thread: ffff9501bd6e9bd0 RUNNING on processor 3
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8005521143c
- Owning Process ffff9501bb44f080 Image: SearchApp.exe
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 5415
- Context Switch Count 206 IdealProcessor: 0
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ffaf8238e00
- Stack Init ffff8b8a29aaec90 Current ffff8b8a29aae120
- Base ffff8b8a29aaf000 Limit ffff8b8a29aa9000 Call 0000000000000000
- Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
- Scheduling Group: ffff9501b8944090 <Cannot find Rank field of nt!_KSCB> KSCB: ffff9501b8944608 rank 0
- Child-SP RetAddr : Args to Child : Call Site
- ffff8b8a`29aad148 fffff800`549ef929 : 00000000`0000003b 00000000`c0000094 fffff5ad`bcb8e88d ffff8b8a`29aada50 : nt!KeBugCheckEx
- ffff8b8a`29aad150 fffff800`549eed7c : ffff8b8a`29aad8f0 fffff800`546e68e0 ffff8b8a`29aad340 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffff8b8a`29aad290 fffff800`549e68e2 : fffff800`549eed00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceHandler+0x7c
- ffff8b8a`29aad2d0 fffff800`54832fb7 : ffff8b8a`29aad840 00000000`00000000 ffff8b8a`29aaeb00 fffff800`549ef378 : nt!RtlpExecuteHandlerForException+0x12
- ffff8b8a`29aad300 fffff800`5487b226 : ffff8b8a`29aae218 ffff8b8a`29aadf50 ffff8b8a`29aae218 fffff5ce`80609620 : nt!RtlDispatchException+0x297
- ffff8b8a`29aada20 fffff800`549efa6c : ffff8b8a`29aae4f4 00000000`00000000 ffff8b8a`29aae278 ffffe406`0cb4e770 : nt!KiDispatchException+0x186
- ffff8b8a`29aae0e0 fffff800`549e870a : 00000000`00000001 00001000`00000001 000860f6`be34ffff 00000000`54cf27ff : nt!KiExceptionDispatch+0x12c
- ffff8b8a`29aae2c0 fffff5ad`bcb8e88d : 00000000`00000000 ffff9501`bbc68cf0 00000000`00000000 00000000`00000000 : nt!KiDivideErrorFault+0x30a (TrapFrame @ ffff8b8a`29aae2c0)
- ffff8b8a`29aae450 fffff5ad`bcb7d0f8 : fffff5ce`80609620 00100000`00000000 fffff5ce`80608ec0 ffffc07a`96200000 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x219
- ffff8b8a`29aae480 fffff5ad`bcb7d056 : ffff8b8a`29aae610 fffff5ce`80608ec0 ffff9501`bbc68c90 00000000`0000006b : win32kbase!DirectComposition::CSystemChannel::ReleaseSystemResource+0x34
- ffff8b8a`29aae4b0 fffff5ad`bcb7aabd : ffff9501`bd025cf8 00000000`00000000 00000000`00000060 00000000`00000000 : win32kbase!DirectComposition::CConnection::ReleaseSystemResource+0x4a
- ffff8b8a`29aae4e0 fffff5ad`bcbbe84d : fffff5ce`80200340 fffff5ce`80201880 fffff5ce`80201ac0 00000000`00000060 : win32kbase!DirectComposition::CSharedSystemResource::Delete+0x2d
- ffff8b8a`29aae510 fffff5ad`bc8110d0 : 00000000`c000001c fffff5ce`80602080 00000000`756d4344 ffff8b8a`29aae7f8 : win32kbase!W32CalloutDispatch+0x5fd
- ffff8b8a`29aae720 fffff800`54c613a9 : ffff8b8a`29aae7f8 00000000`00000015 fffff800`5521de80 ffff8b8a`29aae940 : win32k!W32CalloutDispatchThunk+0x30
- ffff8b8a`29aae760 fffff800`54c6172d : 00000000`00000015 ffff8b8a`29aae7e0 00000000`00000000 ffffc07a`96200000 : nt!ExCallCallBack+0x3d
- ffff8b8a`29aae790 fffff800`54d03326 : ffff9501`bd025cb0 ffff8b8a`29aae7e0 00000000`00000000 00000000`00000000 : nt!PsInvokeWin32Callout+0xbd
- ffff8b8a`29aae7c0 fffff800`54c0c2f0 : ffff9501`00000001 ffff9501`bd025ce0 00000000`00000024 fffff5ad`bcb8e2ca : nt!ExpWin32DeleteProcedure+0x76
- ffff8b8a`29aae7f0 fffff800`54824e97 : 00000000`00000000 00000000`00000000 fffff5ce`85fb8bb0 ffff9501`bd025ce0 : nt!ObpRemoveObjectRoutine+0x80
- ffff8b8a`29aae850 fffff800`5480198e : fffff5ce`80768330 00000000`00000000 fffff5ad`bcc009c0 ffffc07a`96200000 : nt!ObfDereferenceObjectWithTag+0xc7
- ffff8b8a`29aae890 fffff5ad`bcc009ec : fffff5ce`841d0020 ffff8b8a`29aae9b1 ffff8b8a`29aae9b1 ffff8b8a`29aae940 : nt!HalPutDmaAdapter+0xe
- ffff8b8a`29aae8c0 fffff5ad`bcb8e78f : fffff5ce`80768330 fffff5ad`bcc01011 00000000`00000000 00000000`00000000 : win32kbase!DirectComposition::CSharedInteractionMarshaler::ReleaseAllReferences+0x2c
- ffff8b8a`29aae8f0 fffff5ad`bcb8e62a : 00000000`00000000 fffff5ad`bcc00fc4 fffff5ce`841d0008 ffff8b8a`29aaea39 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x11b
- ffff8b8a`29aae920 fffff5ad`bcb8cfd5 : fffff5ce`85fb8bb0 ffff8b8a`29aaeb80 fffff5ce`841d0008 fffff800`54822a59 : win32kbase!DirectComposition::CApplicationChannel::ReleaseResource+0x82
- ffff8b8a`29aae960 fffff5ad`bcb8c971 : fffff5ce`85fb8bb0 00000000`00000000 00000000`00000000 ffff9501`bd806e01 : win32kbase!DirectComposition::CApplicationChannel::ProcessCommandBufferIterator+0x5a5
- ffff8b8a`29aaea20 fffff5ad`bc81edfd : 00000000`00000000 0000020a`00000018 000000bf`c953e494 000000bf`c953e4e0 : win32kbase!NtDCompositionProcessChannelBatchBuffer+0x1a1
- ffff8b8a`29aaeac0 fffff800`549ef378 : ffff9501`bd87a000 ffff9501`bb5a1080 ffff8b8a`29aaeb80 ffff9501`00000000 : win32k!NtDCompositionProcessChannelBatchBuffer+0x15
- ffff8b8a`29aaeb00 00007ffb`19f83724 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffff8b8a`29aaeb00)
- 000000bf`c953e408 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`19f83724
- ========================================================================
- ======================= Dump #3: ANALYZE VERBOSE =======================
- ======================= File: 072320-6812-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff803`3b200000 PsLoadedModuleList = 0xfffff803`3be2a250
- Debug session time: Thu Jul 23 10:04:45.468 2020 (UTC - 4:00)
- System Uptime: 0 days 0:04:43.126
- BugCheck 139, {3, ffffef09610fb750, ffffef09610fb6a8, 0}
- Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
- Followup: MachineOwner
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffef09610fb750, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffef09610fb6a8, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- TRAP_FRAME: ffffef09610fb750 -- (.trap 0xffffef09610fb750)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffdf034808e378 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffdf03484763b8 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8033b40a30b rsp=ffffef09610fb8e0 rbp=ffffdf0346f19240
- r8=0000000000000001 r9=0000000000000000 r10=0000fffff8033b00
- r11=ffffaa0088b28180 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po cy
- nt!KeTerminateThread+0x31f:
- fffff803`3b40a30b cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffef09610fb6a8 -- (.exr 0xffffef09610fb6a8)
- ExceptionAddress: fffff8033b40a30b (nt!KeTerminateThread+0x000000000000031f)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
- BUGCHECK_STR: 0x139
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- LAST_CONTROL_TRANSFER: from fffff8033b5ef929 to fffff8033b5dda20
- STACK_TEXT:
- ffffef09`610fb428 fffff803`3b5ef929 : 00000000`00000139 00000000`00000003 ffffef09`610fb750 ffffef09`610fb6a8 : nt!KeBugCheckEx
- ffffef09`610fb430 fffff803`3b5efd50 : ffffdf03`484d7080 fffff803`3b5e47a6 00000000`00000000 fffff803`3b5e4475 : nt!KiBugCheckDispatch+0x69
- ffffef09`610fb570 fffff803`3b5ee0e3 : ffffffff`ffffffff 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffef09`610fb750 fffff803`3b40a30b : ffffdf03`48485080 fffff803`00000000 ffffdf03`00000000 ffffdf03`48485080 : nt!KiRaiseSecurityCheckFailure+0x323
- ffffef09`610fb8e0 fffff803`3b7e8ac5 : ffffdf03`484854b8 00000000`00000000 000000c1`fd125000 00000000`00000000 : nt!KeTerminateThread+0x31f
- ffffef09`610fb970 fffff803`3b7e8003 : 00000000`00000000 ffffdf03`46bc2500 00000000`00000000 000000c1`fd125000 : nt!PspExitThread+0x489
- ffffef09`610fba70 fffff803`3b7e7f8a : 00000000`00000000 00000000`00000000 ffffdf03`48485080 ffffdf03`46bc25e0 : nt!PspTerminateThreadByPointer+0x53
- ffffef09`610fbab0 fffff803`3b5ef378 : 00000000`00000000 ffffdf03`48485080 ffffef09`610fbb80 ffffdf03`00000000 : nt!NtTerminateThread+0x4a
- ffffef09`610fbb00 00007ff8`a824b7f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- 000000c1`fd8ff478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`a824b7f4
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: bc28c396bd6d9725c9c176d532b910141b010cf2
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e5e9b277f9e54f456a521b75c48f0a73a1f695eb
- THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
- FOLLOWUP_IP:
- nt!KiFastFailDispatch+d0
- fffff803`3b5efd50 c644242000 mov byte ptr [rsp+20h],0
- FAULT_INSTR_CODE: 202444c6
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- IMAGE_VERSION: 10.0.19041.264
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- PRIMARY_PROBLEM_CLASS: 0x139_3_nt!KiFastFailDispatch
- TARGET_TIME: 2020-07-23T14:04:45.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
- FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
- Followup: MachineOwner
- ====================== Dump #3: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Nov 18 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 06 2020 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Apr 10 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- ================== Dump #3: 3RD PARTY DRIVERS (FULL) ===================
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Nov 18 2019
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Fri Mar 6 2020
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Fri Apr 10 2020
- ====================== Dump #3: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storport.sys Provides disk access during crash dump file generation (Microsoft)
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kdcom.dll Kernel Debugger HW Extension DLL (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate.dll Media Center Update (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #3: UNLOADED MODULES =======================
- fffff803`48a30000 fffff803`48a3f000 dump_storpor
- fffff803`48a80000 fffff803`48ab3000 dump_storahc
- fffff803`48ae0000 fffff803`48afe000 dump_dumpfve
- fffff803`49330000 fffff803`4934c000 dam.sys
- fffff803`3f600000 fffff803`3f611000 WdBoot.sys
- fffff803`40690000 fffff803`406a0000 hwpolicy.sys
- ====================== Dump #3: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #3: Extra #1 ===========================
- 2: kd> !verifier
- fffff8033be2a660: Unable to get verifier list.
- ========================== Dump #3: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffdf0348485080 Cid 16cc.1a8c Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8033be1143c
- Owning Process ffffdf0346f19240 Image:
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 18120
- Context Switch Count 476 IdealProcessor: 1
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff8a81c20e0
- Stack Init ffffef09610fbc90 Current ffffef09610fb540
- Base ffffef09610fc000 Limit ffffef09610f6000 Call 0000000000000000
- Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffef09`610fb428 fffff803`3b5ef929 : 00000000`00000139 00000000`00000003 ffffef09`610fb750 ffffef09`610fb6a8 : nt!KeBugCheckEx
- ffffef09`610fb430 fffff803`3b5efd50 : ffffdf03`484d7080 fffff803`3b5e47a6 00000000`00000000 fffff803`3b5e4475 : nt!KiBugCheckDispatch+0x69
- ffffef09`610fb570 fffff803`3b5ee0e3 : ffffffff`ffffffff 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffef09`610fb750 fffff803`3b40a30b : ffffdf03`48485080 fffff803`00000000 ffffdf03`00000000 ffffdf03`48485080 : nt!KiRaiseSecurityCheckFailure+0x323 (TrapFrame @ ffffef09`610fb750)
- ffffef09`610fb8e0 fffff803`3b7e8ac5 : ffffdf03`484854b8 00000000`00000000 000000c1`fd125000 00000000`00000000 : nt!KeTerminateThread+0x31f
- ffffef09`610fb970 fffff803`3b7e8003 : 00000000`00000000 ffffdf03`46bc2500 00000000`00000000 000000c1`fd125000 : nt!PspExitThread+0x489
- ffffef09`610fba70 fffff803`3b7e7f8a : 00000000`00000000 00000000`00000000 ffffdf03`48485080 ffffdf03`46bc25e0 : nt!PspTerminateThreadByPointer+0x53
- ffffef09`610fbab0 fffff803`3b5ef378 : 00000000`00000000 ffffdf03`48485080 ffffef09`610fbb80 ffffdf03`00000000 : nt!NtTerminateThread+0x4a
- ffffef09`610fbb00 00007ff8`a824b7f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffef09`610fbb00)
- 000000c1`fd8ff478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`a824b7f4
- ========================================================================
- ======================= Dump #4: ANALYZE VERBOSE =======================
- ======================= File: 072320-6703-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff804`55200000 PsLoadedModuleList = 0xfffff804`55e2a250
- Debug session time: Thu Jul 23 10:06:36.976 2020 (UTC - 4:00)
- System Uptime: 0 days 0:01:19.636
- BugCheck 1A, {41792, ffff94bffffe13c0, 10000000000000, 0}
- Probably caused by : memory_corruption ( ONE_BIT )
- Followup: MachineOwner
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
- the PTE. Parameters 3/4 contain the low/high parts of the PTE.
- Arg2: ffff94bffffe13c0
- Arg3: 0010000000000000
- Arg4: 0000000000000000
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- MEMORY_CORRUPTOR: ONE_BIT
- BUGCHECK_STR: 0x1a_41792
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: browser_broker
- CURRENT_IRQL: 2
- STACK_TEXT:
- fffffe02`8e02fc18 fffff804`5565418e : 00000000`0000001a 00000000`00041792 ffff94bf`fffe13c0 00100000`00000000 : nt!KeBugCheckEx
- fffffe02`8e02fc20 fffff804`554119d1 : 00000000`00000003 ffff94bf`fffe1000 fffffe02`8e0300f0 00000000`00000003 : nt!MiDeleteVa+0x191e6e
- fffffe02`8e02fd10 fffff804`55411cf0 : 00000000`00000000 ffff9605`059ec940 00000000`00000000 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x301
- fffffe02`8e02fda0 fffff804`55411cf0 : 00000000`00000000 ffff9605`059ec940 ffff94ca`00000000 00000000`00000010 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02fe30 fffff804`55411cf0 : fffffe02`8e0300f0 ffff9605`059ec940 00000000`00000000 00000000`00000020 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02fec0 fffff804`5540e5fb : 00000000`00000000 ffff9605`059ec940 00000000`00000000 00000000`00000030 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02ff50 fffff804`554c22d1 : fffffe02`8e0300f0 ffff9605`00000000 ffff94bf`00000002 fffffe02`00000000 : nt!MiWalkPageTables+0x36b
- fffffe02`8e030050 fffff804`554a787f : 00000000`00000000 00000000`00000060 ffff9605`059eca00 00000000`00000000 : nt!MiDeletePagablePteRange+0x491
- fffffe02`8e0304d0 fffff804`557ea999 : ffff9605`059ec2c0 00000000`00000000 ffff9605`00000000 ffff9605`00000001 : nt!MiDeleteVad+0x41f
- fffffe02`8e030600 fffff804`55866a00 : ffff9605`05cadbc0 ffff9605`03d43d10 ffff9605`0596a080 00000000`00000000 : nt!MiUnmapVad+0x49
- fffffe02`8e030630 fffff804`558678b3 : ffff9605`05c79c80 ffff9605`05c79c80 ffff9605`05cadbc0 ffff9605`059ec2c0 : nt!MiCleanVad+0x30
- fffffe02`8e030660 fffff804`558b9e87 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffff9605`059ec2c0 : nt!MmCleanProcessAddressSpace+0x137
- fffffe02`8e0306e0 fffff804`557e8c32 : ffff9605`059ec2c0 ffff8002`2c6f0770 fffffe02`8e030920 00000000`00000000 : nt!PspRundownSingleProcess+0x13b
- fffffe02`8e030760 fffff804`558f4c98 : 00000000`40010004 00000000`00000001 00000000`00000000 00000066`72f58000 : nt!PspExitThread+0x5f6
- fffffe02`8e030860 fffff804`5542a4e7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSchedulerApcTerminate+0x38
- fffffe02`8e0308a0 fffff804`555e1fc0 : 00000000`00000000 fffffe02`8e030950 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x487
- fffffe02`8e030950 fffff804`555ef41f : 00000000`000001e0 00000000`00000000 00000000`00000000 ffff9605`05c4de60 : nt!KiInitiateUserApc+0x70
- fffffe02`8e030a90 00007fff`fea8a104 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
- 00000066`7307f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`fea8a104
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: c091b23167a9747ad03bff889b67c15ac126f525
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1ddc7aee47fd16b761fbaba61b7c38b17300b4a6
- THREAD_SHA1_HASH_MOD: 82d14546c43bd06881f781d6d197c4c7f7ceb9cb
- SYMBOL_NAME: ONE_BIT
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware
- IMAGE_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
- BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BIT
- TARGET_TIME: 2020-07-23T14:06:36.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_one_bit
- FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
- Followup: MachineOwner
- ====================== Dump #4: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Nov 18 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Mar 06 2020 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Apr 10 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- ================== Dump #4: 3RD PARTY DRIVERS (FULL) ===================
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Nov 18 2019
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Fri Mar 6 2020
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Fri Apr 10 2020
- ====================== Dump #4: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storport.sys Provides disk access during crash dump file generation (Microsoft)
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kdcom.dll Kernel Debugger HW Extension DLL (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate.dll Media Center Update (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #4: UNLOADED MODULES =======================
- fffff804`64e30000 fffff804`64e3f000 WpdUpFltr.sy
- fffff804`64dd0000 fffff804`64e25000 WUDFRd.sys
- fffff804`64da0000 fffff804`64dc6000 USBSTOR.SYS
- fffff804`575c0000 fffff804`575dd000 EhStorClass.
- fffff804`61480000 fffff804`6148f000 dump_storpor
- fffff804`614d0000 fffff804`61503000 dump_storahc
- fffff804`61530000 fffff804`6154e000 dump_dumpfve
- fffff804`60f10000 fffff804`60f2c000 dam.sys
- fffff804`571f0000 fffff804`57201000 WdBoot.sys
- fffff804`58290000 fffff804`582a0000 hwpolicy.sys
- ====================== Dump #4: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #4: Extra #1 ===========================
- 0: kd> !verifier
- fffff80455e2a660: Unable to get verifier list.
- ========================== Dump #4: Extra #2 ===========================
- 0: kd> !thread
- THREAD ffff96050596a080 Cid 1a98.1a9c Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 0
- Not impersonating
- GetUlongFromAddress: unable to read from fffff80455e1143c
- Owning Process ffff9605059ec2c0 Image: browser_broker
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 5096
- Context Switch Count 215 IdealProcessor: 1
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff6db801ff0
- Stack Init fffffe028e030c90 Current fffffe028e030120
- Base fffffe028e031000 Limit fffffe028e02b000 Call 0000000000000000
- Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffffe02`8e02fc18 fffff804`5565418e : 00000000`0000001a 00000000`00041792 ffff94bf`fffe13c0 00100000`00000000 : nt!KeBugCheckEx
- fffffe02`8e02fc20 fffff804`554119d1 : 00000000`00000003 ffff94bf`fffe1000 fffffe02`8e0300f0 00000000`00000003 : nt!MiDeleteVa+0x191e6e
- fffffe02`8e02fd10 fffff804`55411cf0 : 00000000`00000000 ffff9605`059ec940 00000000`00000000 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x301
- fffffe02`8e02fda0 fffff804`55411cf0 : 00000000`00000000 ffff9605`059ec940 ffff94ca`00000000 00000000`00000010 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02fe30 fffff804`55411cf0 : fffffe02`8e0300f0 ffff9605`059ec940 00000000`00000000 00000000`00000020 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02fec0 fffff804`5540e5fb : 00000000`00000000 ffff9605`059ec940 00000000`00000000 00000000`00000030 : nt!MiWalkPageTablesRecursively+0x620
- fffffe02`8e02ff50 fffff804`554c22d1 : fffffe02`8e0300f0 ffff9605`00000000 ffff94bf`00000002 fffffe02`00000000 : nt!MiWalkPageTables+0x36b
- fffffe02`8e030050 fffff804`554a787f : 00000000`00000000 00000000`00000060 ffff9605`059eca00 00000000`00000000 : nt!MiDeletePagablePteRange+0x491
- fffffe02`8e0304d0 fffff804`557ea999 : ffff9605`059ec2c0 00000000`00000000 ffff9605`00000000 ffff9605`00000001 : nt!MiDeleteVad+0x41f
- fffffe02`8e030600 fffff804`55866a00 : ffff9605`05cadbc0 ffff9605`03d43d10 ffff9605`0596a080 00000000`00000000 : nt!MiUnmapVad+0x49
- fffffe02`8e030630 fffff804`558678b3 : ffff9605`05c79c80 ffff9605`05c79c80 ffff9605`05cadbc0 ffff9605`059ec2c0 : nt!MiCleanVad+0x30
- fffffe02`8e030660 fffff804`558b9e87 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffff9605`059ec2c0 : nt!MmCleanProcessAddressSpace+0x137
- fffffe02`8e0306e0 fffff804`557e8c32 : ffff9605`059ec2c0 ffff8002`2c6f0770 fffffe02`8e030920 00000000`00000000 : nt!PspRundownSingleProcess+0x13b
- fffffe02`8e030760 fffff804`558f4c98 : 00000000`40010004 00000000`00000001 00000000`00000000 00000066`72f58000 : nt!PspExitThread+0x5f6
- fffffe02`8e030860 fffff804`5542a4e7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSchedulerApcTerminate+0x38
- fffffe02`8e0308a0 fffff804`555e1fc0 : 00000000`00000000 fffffe02`8e030950 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x487
- fffffe02`8e030950 fffff804`555ef41f : 00000000`000001e0 00000000`00000000 00000000`00000000 ffff9605`05c4de60 : nt!KiInitiateUserApc+0x70
- fffffe02`8e030a90 00007fff`fea8a104 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f (TrapFrame @ fffffe02`8e030b00)
- 00000066`7307f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`fea8a104
- ========================================================================
- ======================= Dump #5: ANALYZE VERBOSE =======================
- ======================= File: 072320-5156-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff801`08400000 PsLoadedModuleList = 0xfffff801`0902a250
- Debug session time: Thu Jul 23 08:57:45.073 2020 (UTC - 4:00)
- System Uptime: 0 days 0:00:13.750
- BugCheck 3B, {c0000005, fffff8010869057d, ffffc900a21bc920, 0}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff8010869057d, Address of the instruction which caused the bugcheck
- Arg3: ffffc900a21bc920, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- nt!MiFinishHardFault+31d
- fffff801`0869057d f0490fba6f183f lock bts qword ptr [r15+18h],3Fh
- CONTEXT: ffffc900a21bc920 -- (.cxr 0xffffc900a21bc920)
- rax=fffff98000000000 rbx=0000000000000001 rcx=0000000000000000
- rdx=0000000000000000 rsi=0000000000000000 rdi=ffffde0934689028
- rip=fffff8010869057d rsp=ffffd908ba5b7fe0 rbp=0000000000000000
- r8=fffff98000000000 r9=8000000000000000 r10=00000000c000003f
- r11=ffffaf3fffffff78 r12=ffffde09346883c0 r13=0000000000000002
- r14=0000000000000000 r15=02fff98004e40aa0
- iopl=0 nv up ei pl nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
- nt!MiFinishHardFault+0x31d:
- fffff801`0869057d f0490fba6f183f lock bts qword ptr [r15+18h],3Fh ds:002b:02fff980`04e40ab8=????????????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: msoobe.exe
- CURRENT_IRQL: 2
- BAD_STACK_POINTER: ffffc900a21bc018
- LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff8010869057d
- STACK_TEXT:
- ffffd908`ba5b7fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiFinishHardFault+0x31d
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
- fffff80104dd6d06-fffff80104dd6d07 2 bytes - FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+2c6
- [ 48 ff:4c 8b ]
- fffff80104dd6d0d-fffff80104dd6d11 5 bytes - FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+2cd (+0x07)
- [ 0f 1f 44 00 00:e8 8e 50 87 03 ]
- 7 errors : !FLTMGR (fffff80104dd6d06-fffff80104dd6d11)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffc900a21bc920 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-07-23T12:57:45.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #5: 3RD PARTY DRIVERS ======================
- Feb 07 2019 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- May 24 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- ================== Dump #5: 3RD PARTY DRIVERS (FULL) ===================
- Mapped memory image file: C:\ProgramData\dbg\sym\amdgpio2.sys\5C5BFB24c000\amdgpio2.sys
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Thu Feb 7 2019
- File version: 2.2.0.71
- Product version: 2.2.0.71
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Advanced Micro Devices, Inc
- ProductName: AMD GPIO Controller Driver
- InternalName: amdgpio2.sys
- OriginalFilename: amdgpio2.sys
- ProductVersion: 2.2.0.71
- FileVersion: 2.2.0.71
- FileDescription: AMD GPIO Controller Driver
- LegalCopyright: Copyright © 2012-2019 Advanced Micro Devices, Inc
- Mapped memory image file: C:\ProgramData\dbg\sym\rt640x64.sys\5CE7AF86ad000\rt640x64.sys
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Fri May 24 2019
- File version: 9.1.410.2015
- Product version: 9.1.410.2015
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: Realtek
- ProductName: Realtek 8125/8136/8168/8169 PCI/PCIe Adapters
- InternalName: rt640x64.sys
- OriginalFilename: rt640x64.sys
- ProductVersion: 9.001.0410.2015
- FileVersion: 9.001.0410.2015
- FileDescription: Realtek 8125/8136/8168/8169 NDIS 6.40 64-bit Driver
- LegalCopyright: Copyright (C) 2019 Realtek Semiconductor Corporation. All Right Reserved.
- ====================== Dump #5: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WpdUpFltr.sys Portable Device Upper Class Filter driver (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector driver (Microsoft)
- ====================== Dump #5: UNLOADED MODULES =======================
- fffff801`13c00000 fffff801`13c0f000 dump_storpor
- fffff801`13c50000 fffff801`13c83000 dump_storahc
- fffff801`13cb0000 fffff801`13cce000 dump_dumpfve
- fffff801`14670000 fffff801`1468c000 dam.sys
- fffff801`0a800000 fffff801`0a811000 WdBoot.sys
- fffff801`0b860000 fffff801`0b870000 hwpolicy.sys
- ====================== Dump #5: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2444 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version A.JQ
- BIOS Starting Address Segment f000
- BIOS Release Date 11/29/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7A38
- Version 2.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd
- Product B350M PRO-VDH (MS-7A38)
- Version 2.0
- Feature Flags 09h
- -1856522528: - -1856522480: - «?Íû
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 2.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 4
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Array Handle 000fh
- Partition Width 01
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0180h - 384K
- Installed Size 0180h - 384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0800h - 2048K
- Installed Size 0800h - 2048K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 2000h - 8192K
- Installed Size 2000h - 8192K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 110f8000fffb8b17
- Processor Version AMD Ryzen 3 1300X Quad-Core Processor
- Processor Voltage 8ch - 1.2V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3500MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 40 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Form Factor 02h - Unknown
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 2400MHz
- Manufacturer Unknown
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0017h]
- [Memory Device (Type 17) - Length 40 - Handle 0018h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0017h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 1
- Bank Locator P0 CHANNEL A
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Unknown
- Part Number CMV8GX4M1A2400C16
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0019h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 0018h
- Mem Array Mapped Adr Handle 0010h
- Interleave Position [None]
- Interleave Data Depth [None]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 001ah]
- [Memory Device (Type 17) - Length 40 - Handle 001bh]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 001ah
- Form Factor 02h - Unknown
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 2400MHz
- Manufacturer Unknown
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 001ch]
- [Memory Device (Type 17) - Length 40 - Handle 001dh]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 001ch
- Form Factor 02h - Unknown
- Device Locator DIMM 1
- Bank Locator P0 CHANNEL B
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 2400MHz
- Manufacturer Unknown
- Part Number Unknown
- ========================== Dump #5: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #5: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffde0934395080 Cid 0508.0598 Teb: 00000098be7cd000 Win32Thread: ffffde0934224370 RUNNING on processor 2
- IRP List:
- Unable to read nt!_IRP @ ffffde0934c698b0
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8010901143c
- Owning Process ffffde09342e0080 Image: msoobe.exe
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 879
- Context Switch Count 841 IdealProcessor: 2
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff982b820e0
- Stack Init ffffd908ba5b8c90 Current ffffd908ba5b7cd0
- Base ffffd908ba5b9000 Limit ffffd908ba5b3000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffc900`a21bc018 fffff801`087ef929 : 00000000`0000003b 00000000`c0000005 fffff801`0869057d ffffc900`a21bc920 : nt!KeBugCheckEx
- ffffc900`a21bc020 fffff801`087eed7c : ffffd908`ba5b7da8 fffff801`084e68e0 ffffc900`a21bc210 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffffc900`a21bc160 fffff801`087e68e2 : fffff801`087eed00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceHandler+0x7c
- ffffc900`a21bc1a0 fffff801`08632fb7 : ffffc900`a21bc710 00000000`00000000 ffffd908`ba5b8a90 fffff801`087ef378 : nt!RtlpExecuteHandlerForException+0x12
- ffffc900`a21bc1d0 fffff801`0867b226 : ffffd908`ba5b7da8 ffffc900`a21bce20 ffffd908`ba5b7da8 ffffde09`34689028 : nt!RtlDispatchException+0x297
- ffffc900`a21bc8f0 fffff801`087de8b2 : b60f4400`1de7df88 000000c0`248c88c9 fffffe5a`e901b641 4ccb8b4c`4c24448b : nt!KiDispatchException+0x186
- ffffc900`a21bcfb0 fffff801`087de880 : fffff801`087efa65 00000000`0000020d 00000000`00000000 00000000`00000000 : nt!KxExceptionDispatchOnExceptionStack+0x12 (TrapFrame @ ffffc900`a21bce70)
- ffffd908`ba5b7c68 fffff801`087efa65 : 00000000`0000020d 00000000`00000000 00000000`00000000 fffff801`08793a63 : nt!KiExceptionDispatchOnExceptionStackContinue
- ffffd908`ba5b7c70 fffff801`087eb7a0 : ffffc900`fffffffe 00000000`ffffffff 00000000`000001d0 00000000`00000000 : nt!KiExceptionDispatch+0x125
- ffffd908`ba5b7e50 fffff801`0869057d : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x320 (TrapFrame @ ffffd908`ba5b7e50)
- ffffd908`ba5b7fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiFinishHardFault+0x31d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement