Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64Copyright (c) Micr

1.  
2. Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
3. Copyright (c) Microsoft Corporation. All rights reserved.
4.  
5.  
6. Loading Dump File [C:\Temp\082718-36546-01.dmp]
7. Mini Kernel Dump File: Only registers and stack trace are available
8.  
9. Symbol search path is: srv*
10. Executable search path is:
11. Windows 8.1 Kernel Version 9600 MP (12 procs) Free x64
12. Product: Server, suite: TerminalServer
13. Built by: 9600.18821.amd64fre.winblue_ltsb.170914-0600
14. Machine Name:
15. Kernel base = 0xfffff802`32412000 PsLoadedModuleList = 0xfffff802`326e4650
16. Debug session time: Mon Aug 27 07:44:13.184 2018 (UTC - 5:00)
17. System Uptime: 48 days 13:29:49.008
18. Loading Kernel Symbols
19. ..
20.  
21. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
22. Run !sym noisy before .reload to track down problems loading symbols.
23.  
24. .............................................................
25. ................................................................
26. .................
27. Loading User Symbols
28. Loading unloaded module list
29. .................
30. *******************************************************************************
31. * *
32. * Bugcheck Analysis *
33. * *
34. *******************************************************************************
35.  
36. Use !analyze -v to get detailed debugging information.
37.  
38. BugCheck 3B, {c0000005, fffff80150254c63, ffffd0002e61eb50, 0}
39.  
40. *** WARNING: Unable to verify timestamp for kprocesshacker.sys
41. *** ERROR: Module load completed but symbols could not be loaded for kprocesshacker.sys
42. Probably caused by : kprocesshacker.sys ( kprocesshacker+1c63 )
43.  
44. Followup: MachineOwner
45. ---------
46.  
47. 6: kd> !analyze -v
48. *******************************************************************************
49. * *
50. * Bugcheck Analysis *
51. * *
52. *******************************************************************************
53.  
54. SYSTEM_SERVICE_EXCEPTION (3b)
55. An exception happened while executing a system service routine.
56. Arguments:
57. Arg1: 00000000c0000005, Exception code that caused the bugcheck
58. Arg2: fffff80150254c63, Address of the instruction which caused the bugcheck
59. Arg3: ffffd0002e61eb50, Address of the context record for the exception that caused the bugcheck
60. Arg4: 0000000000000000, zero.
61.  
62. Debugging Details:
63. ------------------
64.  
65.  
66. KEY_VALUES_STRING: 1
67.  
68.  
69. TIMELINE_ANALYSIS: 1
70.  
71.  
72. DUMP_CLASS: 1
73.  
74. DUMP_QUALIFIER: 400
75.  
76. BUILD_VERSION_STRING: 9600.18821.amd64fre.winblue_ltsb.170914-0600
77.  
78. SYSTEM_MANUFACTURER: VMware, Inc.
79.  
80. VIRTUAL_MACHINE: VMware
81.  
82. SYSTEM_PRODUCT_NAME: VMware Virtual Platform
83.  
84. SYSTEM_VERSION: None
85.  
86. BIOS_VENDOR: Phoenix Technologies LTD
87.  
88. BIOS_VERSION: 6.00
89.  
90. BIOS_DATE: 07/30/2013
91.  
92. BASEBOARD_MANUFACTURER: Intel Corporation
93.  
94. BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
95.  
96. BASEBOARD_VERSION: None
97.  
98. DUMP_TYPE: 2
99.  
100. DUMP_FILE_ATTRIBUTES: 0x8
101. Kernel Generated Triage Dump
102.  
103. BUGCHECK_P1: c0000005
104.  
105. BUGCHECK_P2: fffff80150254c63
106.  
107. BUGCHECK_P3: ffffd0002e61eb50
108.  
109. BUGCHECK_P4: 0
110.  
111. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
112.  
113. FAULTING_IP:
114. kprocesshacker+1c63
115. fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx]
116.  
117. CONTEXT: ffffd0002e61eb50 -- (.cxr 0xffffd0002e61eb50)
118. rax=ffffc001541c003f rbx=0000000000000000 rcx=ffffc001541c003e
119. rdx=00003ffeabe3ffc4 rsi=ffffe5555737c9c0 rdi=000000000000003b
120. rip=fffff80150254c63 rsp=ffffd0002e61f588 rbp=000000000000000f
121. r8=0000000000000003 r9=0000000000000000 r10=ffffc00128810cc0
122. r11=ffffc001541c003c r12=ffffc001541c0010 r13=ffffc001541c003c
123. r14=ffffd0002e61f624 r15=0000000000000200
124. iopl=0 nv up ei ng nz na pe nc
125. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
126. kprocesshacker+0x1c63:
127. fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx] ds:002b:00000000`00000002=??
128. Resetting default scope
129.  
130. CPU_COUNT: c
131.  
132. CPU_MHZ: a28
133.  
134. CPU_VENDOR: GenuineIntel
135.  
136. CPU_FAMILY: 6
137.  
138. CPU_MODEL: 2d
139.  
140. CPU_STEPPING: 2
141.  
142. CPU_MICROCODE: 6,2d,2,0 (F,M,S,R) SIG: 428'00000000 (cache) 428'00000000 (init)
143.  
144. CUSTOMER_CRASH_COUNT: 1
145.  
146. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
147.  
148. BUGCHECK_STR: 0x3B
149.  
150. PROCESS_NAME: ProcessHacker.
151.  
152. CURRENT_IRQL: 0
153.  
154. ANALYSIS_SESSION_HOST: GCPLT007
155.  
156. ANALYSIS_SESSION_TIME: 08-27-2018 14:23:26.0349
157.  
158. ANALYSIS_VERSION: 10.0.17134.12 amd64fre
159.  
160. LAST_CONTROL_TRANSFER: from fffff8015025893e to fffff80150254c63
161.  
162. STACK_TEXT:
163. ffffd000`2e61f588 fffff801`5025893e : 00000000`00000000 00000000`00000008 00000016`8e64f601 00000016`8fe0d0a0 : kprocesshacker+0x1c63
164. ffffd000`2e61f590 00000000`00000000 : 00000000`00000008 00000016`8e64f601 00000016`8fe0d0a0 ffffe800`2ba9e430 : kprocesshacker+0x593e
165.  
166.  
167. THREAD_SHA1_HASH_MOD_FUNC: 913a0e052f8b7a99525e34d1bef15aa0275f6ffd
168.  
169. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4b313b69eb5f4b4ac1147f9168c9454a2a161a4f
170.  
171. THREAD_SHA1_HASH_MOD: 913a0e052f8b7a99525e34d1bef15aa0275f6ffd
172.  
173. FOLLOWUP_IP:
174. kprocesshacker+1c63
175. fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx]
176.  
177. FAULT_INSTR_CODE: 490a048a
178.  
179. SYMBOL_STACK_INDEX: 0
180.  
181. SYMBOL_NAME: kprocesshacker+1c63
182.  
183. FOLLOWUP_NAME: MachineOwner
184.  
185. MODULE_NAME: kprocesshacker
186.  
187. IMAGE_NAME: kprocesshacker.sys
188.  
189. DEBUG_FLR_IMAGE_TIMESTAMP: 56f975fa
190.  
191. STACK_COMMAND: .cxr 0xffffd0002e61eb50 ; kb
192.  
193. BUCKET_ID_FUNC_OFFSET: 1c63
194.  
195. FAILURE_BUCKET_ID: 0x3B_kprocesshacker!unknown_function
196.  
197. BUCKET_ID: 0x3B_kprocesshacker!unknown_function
198.  
199. PRIMARY_PROBLEM_CLASS: 0x3B_kprocesshacker!unknown_function
200.  
201. TARGET_TIME: 2018-08-27T12:44:13.000Z
202.  
203. OSBUILD: 9600
204.  
205. OSSERVICEPACK: 18821
206.  
207. SERVICEPACK_NUMBER: 0
208.  
209. OS_REVISION: 0
210.  
211. SUITE_MASK: 16
212.  
213. PRODUCT_TYPE: 3
214.  
215. OSPLATFORM_TYPE: x64
216.  
217. OSNAME: Windows 8.1
218.  
219. OSEDITION: Windows 8.1 Server TerminalServer
220.  
221. OS_LOCALE:
222.  
223. USER_LCID: 0
224.  
225. OSBUILD_TIMESTAMP: 2017-09-14 08:34:00
226.  
227. BUILDDATESTAMP_STR: 170914-0600
228.  
229. BUILDLAB_STR: winblue_ltsb
230.  
231. BUILDOSVER_STR: 6.3.9600.18821.amd64fre.winblue_ltsb.170914-0600
232.  
233. ANALYSIS_SESSION_ELAPSED_TIME: 5d9
234.  
235. ANALYSIS_SOURCE: KM
236.  
237. FAILURE_ID_HASH_STRING: km:0x3b_kprocesshacker!unknown_function
238.  
239. FAILURE_ID_HASH: {2a048a66-a586-6e81-4e4a-7e5ba9b774b9}
240.  
241. Followup: MachineOwner
242. ---------