Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Temp\082718-36546-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 8.1 Kernel Version 9600 MP (12 procs) Free x64
- Product: Server, suite: TerminalServer
- Built by: 9600.18821.amd64fre.winblue_ltsb.170914-0600
- Machine Name:
- Kernel base = 0xfffff802`32412000 PsLoadedModuleList = 0xfffff802`326e4650
- Debug session time: Mon Aug 27 07:44:13.184 2018 (UTC - 5:00)
- System Uptime: 48 days 13:29:49.008
- Loading Kernel Symbols
- ..
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- .............................................................
- ................................................................
- .................
- Loading User Symbols
- Loading unloaded module list
- .................
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck 3B, {c0000005, fffff80150254c63, ffffd0002e61eb50, 0}
- *** WARNING: Unable to verify timestamp for kprocesshacker.sys
- *** ERROR: Module load completed but symbols could not be loaded for kprocesshacker.sys
- Probably caused by : kprocesshacker.sys ( kprocesshacker+1c63 )
- Followup: MachineOwner
- ---------
- 6: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff80150254c63, Address of the instruction which caused the bugcheck
- Arg3: ffffd0002e61eb50, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 9600.18821.amd64fre.winblue_ltsb.170914-0600
- SYSTEM_MANUFACTURER: VMware, Inc.
- VIRTUAL_MACHINE: VMware
- SYSTEM_PRODUCT_NAME: VMware Virtual Platform
- SYSTEM_VERSION: None
- BIOS_VENDOR: Phoenix Technologies LTD
- BIOS_VERSION: 6.00
- BIOS_DATE: 07/30/2013
- BASEBOARD_MANUFACTURER: Intel Corporation
- BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
- BASEBOARD_VERSION: None
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- BUGCHECK_P1: c0000005
- BUGCHECK_P2: fffff80150254c63
- BUGCHECK_P3: ffffd0002e61eb50
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
- FAULTING_IP:
- kprocesshacker+1c63
- fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx]
- CONTEXT: ffffd0002e61eb50 -- (.cxr 0xffffd0002e61eb50)
- rax=ffffc001541c003f rbx=0000000000000000 rcx=ffffc001541c003e
- rdx=00003ffeabe3ffc4 rsi=ffffe5555737c9c0 rdi=000000000000003b
- rip=fffff80150254c63 rsp=ffffd0002e61f588 rbp=000000000000000f
- r8=0000000000000003 r9=0000000000000000 r10=ffffc00128810cc0
- r11=ffffc001541c003c r12=ffffc001541c0010 r13=ffffc001541c003c
- r14=ffffd0002e61f624 r15=0000000000000200
- iopl=0 nv up ei ng nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
- kprocesshacker+0x1c63:
- fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx] ds:002b:00000000`00000002=??
- Resetting default scope
- CPU_COUNT: c
- CPU_MHZ: a28
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 2d
- CPU_STEPPING: 2
- CPU_MICROCODE: 6,2d,2,0 (F,M,S,R) SIG: 428'00000000 (cache) 428'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: ProcessHacker.
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: GCPLT007
- ANALYSIS_SESSION_TIME: 08-27-2018 14:23:26.0349
- ANALYSIS_VERSION: 10.0.17134.12 amd64fre
- LAST_CONTROL_TRANSFER: from fffff8015025893e to fffff80150254c63
- STACK_TEXT:
- ffffd000`2e61f588 fffff801`5025893e : 00000000`00000000 00000000`00000008 00000016`8e64f601 00000016`8fe0d0a0 : kprocesshacker+0x1c63
- ffffd000`2e61f590 00000000`00000000 : 00000000`00000008 00000016`8e64f601 00000016`8fe0d0a0 ffffe800`2ba9e430 : kprocesshacker+0x593e
- THREAD_SHA1_HASH_MOD_FUNC: 913a0e052f8b7a99525e34d1bef15aa0275f6ffd
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4b313b69eb5f4b4ac1147f9168c9454a2a161a4f
- THREAD_SHA1_HASH_MOD: 913a0e052f8b7a99525e34d1bef15aa0275f6ffd
- FOLLOWUP_IP:
- kprocesshacker+1c63
- fffff801`50254c63 8a040a mov al,byte ptr [rdx+rcx]
- FAULT_INSTR_CODE: 490a048a
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: kprocesshacker+1c63
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: kprocesshacker
- IMAGE_NAME: kprocesshacker.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 56f975fa
- STACK_COMMAND: .cxr 0xffffd0002e61eb50 ; kb
- BUCKET_ID_FUNC_OFFSET: 1c63
- FAILURE_BUCKET_ID: 0x3B_kprocesshacker!unknown_function
- BUCKET_ID: 0x3B_kprocesshacker!unknown_function
- PRIMARY_PROBLEM_CLASS: 0x3B_kprocesshacker!unknown_function
- TARGET_TIME: 2018-08-27T12:44:13.000Z
- OSBUILD: 9600
- OSSERVICEPACK: 18821
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 16
- PRODUCT_TYPE: 3
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 8.1
- OSEDITION: Windows 8.1 Server TerminalServer
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-09-14 08:34:00
- BUILDDATESTAMP_STR: 170914-0600
- BUILDLAB_STR: winblue_ltsb
- BUILDOSVER_STR: 6.3.9600.18821.amd64fre.winblue_ltsb.170914-0600
- ANALYSIS_SESSION_ELAPSED_TIME: 5d9
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x3b_kprocesshacker!unknown_function
- FAILURE_ID_HASH: {2a048a66-a586-6e81-4e4a-7e5ba9b774b9}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement