Microsoft (R) Windows Debugger Version 10.0.17134.1 AMD64Copyright (c) Microso

1. Microsoft (R) Windows Debugger Version 10.0.17134.1 AMD64
2. Copyright (c) Microsoft Corporation. All rights reserved.
3.  
4.  
5. Loading Dump File [C:\Windows\MEMORY.DMP]
6. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
7.  
8. Symbol search path is: srv*
9. Executable search path is:
10. Windows 10 Kernel Version 17134 MP (4 procs) Free x64
11. Product: WinNt, suite: TerminalServer SingleUserTS
12. Built by: 17134.1.amd64fre.rs4_release.180410-1804
13. Machine Name:
14. Kernel base = 0xfffff803`e849b000 PsLoadedModuleList = 0xfffff803`e88551f0
15. Debug session time: Wed Aug 1 16:25:29.362 2018 (UTC + 2:00)
16. System Uptime: 0 days 0:28:53.276
17. Loading Kernel Symbols
18. ...............................................................
19. ................................................................
20. ................................................................
21. .....................
22. Loading User Symbols
23. PEB is paged out (Peb.Ldr = 00000058`358a5018). Type ".hh dbgerr001" for details
24. Loading unloaded module list
25. ..............
26. *******************************************************************************
27. * *
28. * Bugcheck Analysis *
29. * *
30. *******************************************************************************
31.  
32. Use !analyze -v to get detailed debugging information.
33.  
34. BugCheck 3B, {c0000096, fffff803fce00795, ffffc587d79a6cf0, 0}
35.  
36. *** ERROR: Module load completed but symbols could not be loaded for GAGCQKOKLFAH.sys
37. Probably caused by : GAGCQKOKLFAH.sys ( GAGCQKOKLFAH+795 )
38.  
39. Followup: MachineOwner
40. ---------
41.  
42. 2: kd> !analyze -v
43. *******************************************************************************
44. * *
45. * Bugcheck Analysis *
46. * *
47. *******************************************************************************
48.  
49. SYSTEM_SERVICE_EXCEPTION (3b)
50. An exception happened while executing a system service routine.
51. Arguments:
52. Arg1: 00000000c0000096, Exception code that caused the bugcheck
53. Arg2: fffff803fce00795, Address of the instruction which caused the bugcheck
54. Arg3: ffffc587d79a6cf0, Address of the context record for the exception that caused the bugcheck
55. Arg4: 0000000000000000, zero.
56.  
57. Debugging Details:
58. ------------------
59.  
60.  
61. KEY_VALUES_STRING: 1
62.  
63.  
64. TIMELINE_ANALYSIS: 1
65.  
66.  
67. DUMP_CLASS: 1
68.  
69. DUMP_QUALIFIER: 401
70.  
71. BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
72.  
73. SYSTEM_MANUFACTURER: Microsoft Corporation
74.  
75. SYSTEM_PRODUCT_NAME: Surface Pro 4
76.  
77. SYSTEM_SKU: Surface_Pro_4
78.  
79. SYSTEM_VERSION: D:0B:08F:1C:03P:38
80.  
81. BIOS_VENDOR: Microsoft Corporation
82.  
83. BIOS_VERSION: 108.1926.769
84.  
85. BIOS_DATE: 12/06/2017
86.  
87. BASEBOARD_MANUFACTURER: Microsoft Corporation
88.  
89. BASEBOARD_PRODUCT: Surface Pro 4
90.  
91. DUMP_TYPE: 1
92.  
93. BUGCHECK_P1: c0000096
94.  
95. BUGCHECK_P2: fffff803fce00795
96.  
97. BUGCHECK_P3: ffffc587d79a6cf0
98.  
99. BUGCHECK_P4: 0
100.  
101. EXCEPTION_CODE: (NTSTATUS) 0xc0000096 - {AUSNAHME} Privilegierte Anweisung
102.  
103. FAULTING_IP:
104. GAGCQKOKLFAH+795
105. fffff803`fce00795 0f22e0 mov cr4,rax
106.  
107. CONTEXT: ffffc587d79a6cf0 -- (.cxr 0xffffc587d79a6cf0)
108. rax=0000000000070678 rbx=ffffc80eba1440b0 rcx=ffffc587d79a7710
109. rdx=00000000aa013044 rsi=0000000000000004 rdi=ffffc80eb96f2500
110. rip=fffff803fce00795 rsp=ffffc587d79a76e8 rbp=ffffc80eb9fbf080
111. r8=0000000000000004 r9=0000000000000008 r10=00000000aa013044
112. r11=00000000aa012044 r12=ffffc80eb9fbf080 r13=ffffc80eb42bcc60
113. r14=0000000000000002 r15=0000000000000000
114. iopl=0 nv up di pl nz na po nc
115. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000006
116. GAGCQKOKLFAH+0x795:
117. fffff803`fce00795 0f22e0 mov cr4,rax
118. Resetting default scope
119.  
120. CPU_COUNT: 4
121.  
122. CPU_MHZ: 9c0
123.  
124. CPU_VENDOR: GenuineIntel
125.  
126. CPU_FAMILY: 6
127.  
128. CPU_MODEL: 4e
129.  
130. CPU_STEPPING: 3
131.  
132. CPU_MICROCODE: 6,4e,3,0 (F,M,S,R) SIG: C2'00000000 (cache) C2'00000000 (init)
133.  
134. BLACKBOXBSD: 1 (!blackboxbsd)
135.  
136.  
137. BLACKBOXPNP: 1 (!blackboxpnp)
138.  
139.  
140. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
141.  
142. BUGCHECK_STR: 0x3B
143.  
144. PROCESS_NAME: PerfectInjector.exe
145.  
146. CURRENT_IRQL: 0
147.  
148. ANALYSIS_SESSION_HOST: DESKTOP-K3NKTIF
149.  
150. ANALYSIS_SESSION_TIME: 08-01-2018 16:27:00.0678
151.  
152. ANALYSIS_VERSION: 10.0.17134.1 amd64fre
153.  
154. LAST_CONTROL_TRANSFER: from fffff803fce0056e to fffff803fce00795
155.  
156. STACK_TEXT:
157. ffffc587`d79a76e8 fffff803`fce0056e : ffffc587`d79a7940 00000001`5fb7f820 ffffc587`d79a7978 00000000`00001001 : GAGCQKOKLFAH+0x795
158. ffffc587`d79a76f0 fffff803`fce00613 : 00000195`99500008 00000000`00000000 00007ff7`d691036f 00000000`0358ed20 : GAGCQKOKLFAH+0x56e
159. ffffc587`d79a7740 fffff803`e851f1a9 : ffffc80e`b85d5580 fffff803`e851cc75 ffffc80e`ba1440b0 00000000`20206f49 : GAGCQKOKLFAH+0x613
160. ffffc587`d79a7780 fffff803`e89922eb : ffffc80e`ba1440b0 ffffc587`d79a7b00 00000000`00000001 00000000`00000000 : nt!IofCallDriver+0x59
161. ffffc587`d79a77c0 fffff803`e899e22f : ffffc80e`00000000 ffffc80e`b9fbf0d0 00000000`00000000 ffffc587`d79a7b00 : nt!IopSynchronousServiceTail+0x1ab
162. ffffc587`d79a7870 fffff803`e899e9d6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x66f
163. ffffc587`d79a79a0 fffff803`e8643a43 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
164. ffffc587`d79a7a10 00007fff`56b69f94 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
165. 00000058`35aff648 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`56b69f94
166.  
167.  
168. THREAD_SHA1_HASH_MOD_FUNC: 1669e19263841d1c39148faa3487b006d89509c3
169.  
170. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e175c5c28cc3a96e2e55c9c54c4eeb9a701b4b56
171.  
172. THREAD_SHA1_HASH_MOD: ff7cfd54b792af039a639cbf768a3584e617f180
173.  
174. FOLLOWUP_IP:
175. GAGCQKOKLFAH+795
176. fffff803`fce00795 0f22e0 mov cr4,rax
177.  
178. FAULT_INSTR_CODE: c3e0220f
179.  
180. SYMBOL_STACK_INDEX: 0
181.  
182. SYMBOL_NAME: GAGCQKOKLFAH+795
183.  
184. FOLLOWUP_NAME: MachineOwner
185.  
186. MODULE_NAME: GAGCQKOKLFAH
187.  
188. IMAGE_NAME: GAGCQKOKLFAH.sys
189.  
190. DEBUG_FLR_IMAGE_TIMESTAMP: 57cd1415
191.  
192. STACK_COMMAND: .cxr 0xffffc587d79a6cf0 ; kb
193.  
194. BUCKET_ID_FUNC_OFFSET: 795
195.  
196. FAILURE_BUCKET_ID: 0x3B_GAGCQKOKLFAH!unknown_function
197.  
198. BUCKET_ID: 0x3B_GAGCQKOKLFAH!unknown_function
199.  
200. PRIMARY_PROBLEM_CLASS: 0x3B_GAGCQKOKLFAH!unknown_function
201.  
202. TARGET_TIME: 2018-08-01T14:25:29.000Z
203.  
204. OSBUILD: 17134
205.  
206. OSSERVICEPACK: 0
207.  
208. SERVICEPACK_NUMBER: 0
209.  
210. OS_REVISION: 0
211.  
212. SUITE_MASK: 272
213.  
214. PRODUCT_TYPE: 1
215.  
216. OSPLATFORM_TYPE: x64
217.  
218. OSNAME: Windows 10
219.  
220. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
221.  
222. OS_LOCALE:
223.  
224. USER_LCID: 0
225.  
226. OSBUILD_TIMESTAMP: 2018-07-13 06:03:11
227.  
228. BUILDDATESTAMP_STR: 180410-1804
229.  
230. BUILDLAB_STR: rs4_release
231.  
232. BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
233.  
234. ANALYSIS_SESSION_ELAPSED_TIME: fe6
235.  
236. ANALYSIS_SOURCE: KM
237.  
238. FAILURE_ID_HASH_STRING: km:0x3b_gagcqkoklfah!unknown_function
239.  
240. FAILURE_ID_HASH: {c17f572d-033a-b643-835e-72ee026d2c8e}
241.  
242. Followup: MachineOwner
243. ---------