API tools faq
paste
Guest User

Untitled

a guest
Aug 5th, 2017
547
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 63.88 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4. Auto Dump Analyzer by gardenman
  5. Time to debug file(s): 00 hours and 05 minutes and 03 seconds
  6.  
  7. ========================================================================
  8. =================== Dump File: 080517-3656-01.dmp ====================
  9. ========================================================================
  10. Mini Kernel Dump File: Only registers and stack trace are available
  11. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  12. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  13. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  14. Kernel base = 0xfffff802`b5c91000 PsLoadedModuleList = 0xfffff802`b5f96060
  15. Debug session time: Sat Aug 5 08:01:16.295 2017 (UTC - 4:00)
  16. System Uptime: 0 days 0:00:27.969
  17.  
  18. BugCheck D1, {fffffa0ea67210f0, ff, 72, fffffa0ea67210f0}
  19. Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+247 )
  20. Followup: MachineOwner
  21.  
  22. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  23. An attempt was made to access a pageable (or completely invalid) address at an
  24. interrupt request level (IRQL) that is too high. This is usually
  25. caused by drivers using improper addresses.
  26. If kernel debugger is available get stack backtrace.
  27.  
  28. Arguments:
  29. Arg1: fffffa0ea67210f0, memory referenced
  30. Arg2: 00000000000000ff, IRQL
  31. Arg3: 0000000000000072, value 0 = read operation, 1 = write operation
  32. Arg4: fffffa0ea67210f0, address which referenced memory
  33.  
  34. Debugging Details:
  35. DUMP_CLASS: 1
  36. DUMP_QUALIFIER: 400
  37. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  38. SYSTEM_SKU: SKU
  39. BIOS_VENDOR: American Megatrends Inc.
  40. BIOS_VERSION: 3401
  41. BIOS_DATE: 01/25/2017
  42. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  43. BASEBOARD_PRODUCT: Z170-A
  44. BASEBOARD_VERSION: Rev 1.xx
  45. DUMP_TYPE: 2
  46. READ_ADDRESS: fffff802b6038338: Unable to get MiVisibleState
  47. fffffa0ea67210f0
  48. CURRENT_IRQL: 0
  49. FAULTING_IP:
  50. +0
  51. fffffa0e`a67210f0 ?? ???
  52. ADDITIONAL_DEBUG_TEXT: The trap occurred when interrupts are disabled on the target.
  53. BUGCHECK_STR: DISABLED_INTERRUPT_FAULT
  54. CPU_COUNT: 4
  55. CPU_MHZ: db0
  56. CPU_VENDOR: GenuineIntel
  57. CPU_FAMILY: 6
  58. CPU_MODEL: 5e
  59. CPU_STEPPING: 3
  60. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  61. CUSTOMER_CRASH_COUNT: 1
  62. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  63.  
  64. PROCESS_NAME: System
  65.  
  66. TRAP_FRAME: fffff802b7935700 -- (.trap 0xfffff802b7935700)
  67. NOTE: The trap frame does not contain all registers.
  68. Some register values may be zeroed or incorrect.
  69. rax=ffffcb83efa4a7d0 rbx=0000000000000000 rcx=ffffcb83efa4a9a8
  70. rdx=0000000000000032 rsi=0000000000000000 rdi=0000000000000000
  71. rip=fffffa0ea67210f0 rsp=fffff802b7935898 rbp=00000000000002c6
  72. r8=fffff802b5fd3180 r9=fffff802b604e100 r10=0000000005beee46
  73. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  74. r14=0000000000000000 r15=0000000000000000
  75. iopl=0 nv up di pl nz na po nc
  76. fffffa0e`a67210f0 ?? ???
  77. Resetting default scope
  78. LAST_CONTROL_TRANSFER: from fffff802b5de6129 to fffff802b5ddaf90
  79. FAILED_INSTRUCTION_ADDRESS:
  80. +0
  81. fffffa0e`a67210f0 ?? ???
  82. STACK_TEXT:
  83. fffff802`b79355b8 fffff802`b5de6129 : 00000000`0000000a fffffa0e`a67210f0 00000000`000000ff 00000000`00000072 : nt!KeBugCheckEx
  84. fffff802`b79355c0 fffff802`b5de4707 : 00000000`00000000 00000000`00000000 00000004`40435f7d fffff80e`a64fa489 : nt!KiBugCheckDispatch+0x69
  85. fffff802`b7935700 fffffa0e`a67210f0 : fffff802`b5cb5b22 00000000`0000101c 00000000`003436b6 00000000`00000000 : nt!KiPageFault+0x247
  86. fffff802`b7935898 fffff802`b5cb5b22 : 00000000`0000101c 00000000`003436b6 00000000`00000000 ffffcb83`efa4aaf0 : 0xfffffa0e`a67210f0
  87. fffff802`b79358a0 fffff802`b5cb46d7 : fffff80e`a4d27c50 000006fe`000006fe fffff80e`a47aa6b0 000006fe`000006fe : nt!PpmIdlePrepare+0x392
  88. fffff802`b7935a80 fffff802`b5dddfec : 00000000`00000000 fffff802`b5fd3180 fffff802`b604e940 ffffcb83`f134b080 : nt!PoIdle+0x1b7
  89. fffff802`b7935be0 00000000`00000000 : fffff802`b7936000 fffff802`b792f000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
  90. STACK_COMMAND: kb
  91. THREAD_SHA1_HASH_MOD_FUNC: bac30f8031bbad40506eeaabc9b982d6623c8637
  92. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c4a3d5988d8caf850812979859d924b3e96b0798
  93. THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
  94. FOLLOWUP_IP:
  95. nt!KiPageFault+247
  96. fffff802`b5de4707 33c0 xor eax,eax
  97. FAULT_INSTR_CODE: ffb0c033
  98. SYMBOL_STACK_INDEX: 2
  99. SYMBOL_NAME: nt!KiPageFault+247
  100. FOLLOWUP_NAME: MachineOwner
  101. MODULE_NAME: nt
  102.  
  103. IMAGE_NAME: ntkrnlmp.exe
  104.  
  105. DEBUG_FLR_IMAGE_TIMESTAMP: 578998f1
  106. IMAGE_VERSION: 10.0.14393.0
  107. BUCKET_ID_FUNC_OFFSET: 247
  108. FAILURE_BUCKET_ID: DISABLED_INTERRUPT_FAULT_CODE_AV_BAD_IP_nt!KiPageFault
  109. BUCKET_ID: DISABLED_INTERRUPT_FAULT_CODE_AV_BAD_IP_nt!KiPageFault
  110. PRIMARY_PROBLEM_CLASS: DISABLED_INTERRUPT_FAULT_CODE_AV_BAD_IP_nt!KiPageFault
  111. TARGET_TIME: 2017-08-05T12:01:16.000Z
  112. OSBUILD: 14393
  113. OSSERVICEPACK: 0
  114. SERVICEPACK_NUMBER: 0
  115. OS_REVISION: 0
  116. SUITE_MASK: 784
  117. PRODUCT_TYPE: 1
  118. OSPLATFORM_TYPE: x64
  119. OSNAME: Windows 10
  120. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  121. USER_LCID: 0
  122. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  123. BUILDDATESTAMP_STR: 160715-1616
  124. BUILDLAB_STR: rs1_release
  125. BUILDOSVER_STR: 10.0.14393.0
  126. ANALYSIS_SESSION_ELAPSED_TIME: 953
  127. ANALYSIS_SOURCE: KM
  128. FAILURE_ID_HASH_STRING: km:disabled_interrupt_fault_code_av_bad_ip_nt!kipagefault
  129. FAILURE_ID_HASH: {f2ab72c5-099d-9077-bfcf-ba12aa825b36}
  130. Followup: MachineOwner
  131.  
  132. ========================================================================
  133. ============================== Drivers ===============================
  134. ========================================================================
  135. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  136. Image name: TeeDriverW8x64.sys
  137. Info Link : http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
  138. ADA Info : Intel® Management Engine Interface
  139. Timestamp : Tue Apr 4 2017
  140.  
  141. Image path: \SystemRoot\System32\drivers\e1i63x64.sys
  142. Image name: e1i63x64.sys
  143. Info Link : http://www.carrona.org/drivers/driver.php?id=e1i63x64.sys
  144. Timestamp : Fri Mar 4 2016
  145.  
  146. Image path: \SystemRoot\System32\drivers\sshid.sys
  147. Image name: sshid.sys
  148. Info Link : http://www.carrona.org/drivers/driver.php?id=sshid.sys
  149. Timestamp : Mon Jun 26 2017
  150.  
  151. Unloaded modules:
  152. fffff80e`a58e0000 fffff80e`a58ef000 dump_storpor
  153. fffff80e`a50f0000 fffff80e`a5114000 dump_storahc
  154. fffff80e`a5120000 fffff80e`a513d000 dump_dumpfve
  155. fffff80e`a6310000 fffff80e`a6323000 dam.sys
  156. fffff80e`a5140000 fffff80e`a5171000 cdrom.sys
  157. fffff80e`a4a20000 fffff80e`a4a30000 WdBoot.sys
  158. fffff80e`a58e0000 fffff80e`a58ef000 hwpolicy.sys
  159.  
  160. ========================================================================
  161. ============================== BIOS INFO =============================
  162. ========================================================================
  163. [SMBIOS Data Tables v3.0]
  164. [DMI Version - 0]
  165. [2.0 Calling Convention - No]
  166. [Table Size - 4359 bytes]
  167. [BIOS Information (Type 0) - Length 24 - Handle 0000h]
  168. Vendor American Megatrends Inc.
  169. BIOS Version 3401
  170. BIOS Starting Address Segment f000
  171. BIOS Release Date 01/25/2017
  172. BIOS ROM Size 1000000
  173. BIOS Characteristics
  174. 07: - PCI Supported
  175. 10: - APM Supported
  176. 11: - Upgradeable FLASH BIOS
  177. 12: - BIOS Shadowing Supported
  178. 15: - CD-Boot Supported
  179. 16: - Selectable Boot Supported
  180. 17: - BIOS ROM Socketed
  181. 19: - EDD Supported
  182. 23: - 1.2MB Floppy Supported
  183. 24: - 720KB Floppy Supported
  184. 25: - 2.88MB Floppy Supported
  185. 26: - Print Screen Device Supported
  186. 27: - Keyboard Services Supported
  187. 28: - Serial Services Supported
  188. 29: - Printer Services Supported
  189. 32: - BIOS Vendor Reserved
  190. BIOS Characteristic Extensions
  191. 00: - ACPI Supported
  192. 01: - USB Legacy Supported
  193. 08: - BIOS Boot Specification Supported
  194. 10: - Specification Reserved
  195. 11: - Specification Reserved
  196. BIOS Major Revision 5
  197. BIOS Minor Revision 12
  198. EC Firmware Major Revision 255
  199. EC Firmware Minor Revision 255
  200. [System Information (Type 1) - Length 27 - Handle 0001h]
  201. Manufacturer System manufacturer
  202. Product Name System Product Name
  203. Version System Version
  204. UUID 00000000-0000-0000-0000-000000000000
  205. Wakeup Type Power Switch
  206. SKUNumber SKU
  207. [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
  208. Manufacturer ASUSTeK COMPUTER INC.
  209. Product Z170-A
  210. Version Rev 1.xx
  211. Feature Flags 09h
  212. 1591878152: - ?ÿU?ì?ì¡H.õ^3Å?Eü3ÀW?}?Eô?Eø?ÿu
  213. ¸@
  214. 1591878192: - ?ÿU?ì?ì¡H.õ^3Å?Eü3ÀW?}?Eô?Eø?ÿu
  215. ¸@
  216. Location Default string
  217. Chassis Handle 0003h
  218. Board Type 0ah - Processor/Memory Module
  219. Number of Child Handles 0
  220. [System Enclosure (Type 3) - Length 22 - Handle 0003h]
  221. Manufacturer Default string
  222. Chassis Type Desktop
  223. Version Default string
  224. Bootup State Safe
  225. Power Supply State Safe
  226. Thermal State Safe
  227. Security Status None
  228. OEM Defined 0
  229. Height 0U
  230. Number of Power Cords 1
  231. Number of Contained Elements 0
  232. Contained Element Size 3
  233. [Onboard Devices Information (Type 10) - Length 6 - Handle 0028h]
  234. Number of Devices 1
  235. 01: Type Video [enabled]
  236. [OEM Strings (Type 11) - Length 5 - Handle 0029h]
  237. Number of Strings 4
  238. 1 Default string
  239. 2 Default string
  240. 3 ORC
  241. 4 Default string
  242. [System Configuration Options (Type 12) - Length 5 - Handle 002ah]
  243. [Physical Memory Array (Type 16) - Length 23 - Handle 0045h]
  244. Location 03h - SystemBoard/Motherboard
  245. Use 03h - System Memory
  246. Memory Error Correction 03h - None
  247. Maximum Capacity 67108864KB
  248. Number of Memory Devices 4
  249. [Memory Device (Type 17) - Length 40 - Handle 0046h]
  250. Physical Memory Array Handle 0045h
  251. Total Width 64 bits
  252. Data Width 64 bits
  253. Size 8192MB
  254. Form Factor 09h - DIMM
  255. Device Locator ChannelA-DIMM1
  256. Bank Locator BANK 0
  257. Memory Type 1ah - Specification Reserved
  258. Type Detail 0080h - Synchronous
  259. Speed 2133MHz
  260. Manufacturer G-Skill
  261. Part Number F4-2133C15-8GRR
  262. [Memory Device (Type 17) - Length 40 - Handle 0047h]
  263. Physical Memory Array Handle 0045h
  264. Total Width 0 bits
  265. Data Width 0 bits
  266. Form Factor 02h - Unknown
  267. Device Locator ChannelA-DIMM2
  268. Bank Locator BANK 1
  269. Memory Type 02h - Unknown
  270. Type Detail 0000h -
  271. Speed 0MHz
  272. [Memory Device (Type 17) - Length 40 - Handle 0048h]
  273. Physical Memory Array Handle 0045h
  274. Total Width 64 bits
  275. Data Width 64 bits
  276. Size 8192MB
  277. Form Factor 09h - DIMM
  278. Device Locator ChannelB-DIMM1
  279. Bank Locator BANK 2
  280. Memory Type 1ah - Specification Reserved
  281. Type Detail 0080h - Synchronous
  282. Speed 2133MHz
  283. Manufacturer G-Skill
  284. Part Number F4-2133C15-8GRR
  285. [Memory Device (Type 17) - Length 40 - Handle 0049h]
  286. Physical Memory Array Handle 0045h
  287. Total Width 0 bits
  288. Data Width 0 bits
  289. Form Factor 02h - Unknown
  290. Device Locator ChannelB-DIMM2
  291. Bank Locator BANK 3
  292. Memory Type 02h - Unknown
  293. Type Detail 0000h -
  294. Speed 0MHz
  295. [Memory Array Mapped Address (Type 19) - Length 31 - Handle 004ah]
  296. Starting Address 00000000h
  297. Ending Address 00ffffffh
  298. Memory Array Handle 0045h
  299. Partition Width 02
  300. [Cache Information (Type 7) - Length 19 - Handle 004bh]
  301. Socket Designation L1 Cache
  302. Cache Configuration 0180h - WB Enabled Int NonSocketed L1
  303. Maximum Cache Size 0100h - 256K
  304. Installed Size 0100h - 256K
  305. Supported SRAM Type 0020h - Synchronous
  306. Current SRAM Type 0020h - Synchronous
  307. Cache Speed 0ns
  308. Error Correction Type ParitySingle-Bit ECC
  309. System Cache Type Unified
  310. Associativity 8-way Set-Associative
  311. [Cache Information (Type 7) - Length 19 - Handle 004ch]
  312. Socket Designation L2 Cache
  313. Cache Configuration 0181h - WB Enabled Int NonSocketed L2
  314. Maximum Cache Size 0400h - 1024K
  315. Installed Size 0400h - 1024K
  316. Supported SRAM Type 0020h - Synchronous
  317. Current SRAM Type 0020h - Synchronous
  318. Cache Speed 0ns
  319. Error Correction Type Multi-Bit ECC
  320. System Cache Type Unified
  321. Associativity 4-way Set-Associative
  322. [Cache Information (Type 7) - Length 19 - Handle 004dh]
  323. Socket Designation L3 Cache
  324. Cache Configuration 0182h - WB Enabled Int NonSocketed L3
  325. Maximum Cache Size 1800h - 6144K
  326. Installed Size 1800h - 6144K
  327. Supported SRAM Type 0020h - Synchronous
  328. Current SRAM Type 0020h - Synchronous
  329. Cache Speed 0ns
  330. Error Correction Type Specification Reserved
  331. System Cache Type Unified
  332. Associativity Specification Reserved
  333. [Processor Information (Type 4) - Length 48 - Handle 004eh]
  334. Socket Designation LGA1151
  335. Processor Type Central Processor
  336. Processor Family cdh - Specification Reserved
  337. Processor Manufacturer Intel(R) Corporation
  338. Processor ID e3060500fffbebbf
  339. Processor Version Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
  340. Processor Voltage 8bh - 1.1V
  341. External Clock 100MHz
  342. Max Speed 8300MHz
  343. Current Speed 3500MHz
  344. Status Enabled Populated
  345. Processor Upgrade Other
  346. L1 Cache Handle 004bh
  347. L2 Cache Handle 004ch
  348. L3 Cache Handle 004dh
  349. [Memory Device Mapped Address (Type 20) - Length 35 - Handle 004fh]
  350. Starting Address 00000000h
  351. Ending Address 007fffffh
  352. Memory Device Handle 0046h
  353. Mem Array Mapped Adr Handle 004ah
  354. Interleave Position 01
  355. Interleave Data Depth 02
  356. [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0050h]
  357. Starting Address 00800000h
  358. Ending Address 00ffffffh
  359. Memory Device Handle 0048h
  360. Mem Array Mapped Adr Handle 004ah
  361. Interleave Position 02
  362. Interleave Data Depth 02
  363.  
  364. ========================================================================
  365. =================== Dump File: 080517-3671-01.dmp ====================
  366. ========================================================================
  367. Mini Kernel Dump File: Only registers and stack trace are available
  368. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  369. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  370. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  371. Kernel base = 0xfffff800`d348e000 PsLoadedModuleList = 0xfffff800`d3793060
  372. Debug session time: Sat Aug 5 07:08:20.115 2017 (UTC - 4:00)
  373. System Uptime: 0 days 0:00:19.788
  374.  
  375. BugCheck F7, {67fad00a5be5, 675bd00a5be5, ffff98a42ff5a41a, 0}
  376. Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
  377. Followup: MachineOwner
  378.  
  379. DRIVER_OVERRAN_STACK_BUFFER (f7)
  380. A driver has overrun a stack-based buffer. This overrun could potentially
  381. allow a malicious user to gain control of this machine.
  382. DESCRIPTION
  383. A driver overran a stack-based buffer (or local variable) in a way that would
  384. have overwritten the function's return address and jumped back to an arbitrary
  385. address when the function returned. This is the classic "buffer overrun"
  386. hacking attack and the system has been brought down to prevent a malicious user
  387. from gaining complete control of it.
  388. Do a kb to get a stack backtrace -- the last routine on the stack before the
  389. buffer overrun handlers and bugcheck call is the one that overran its local
  390. variable(s).
  391.  
  392. Arguments:
  393. Arg1: 000067fad00a5be5, Actual security check cookie from the stack
  394. Arg2: 0000675bd00a5be5, Expected security check cookie
  395. Arg3: ffff98a42ff5a41a, Complement of the expected security check cookie
  396. Arg4: 0000000000000000, zero
  397.  
  398. Debugging Details:
  399. DUMP_CLASS: 1
  400. DUMP_QUALIFIER: 400
  401. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  402. SYSTEM_SKU: SKU
  403. BIOS_VENDOR: American Megatrends Inc.
  404. BIOS_VERSION: 3401
  405. BIOS_DATE: 01/25/2017
  406. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  407. BASEBOARD_PRODUCT: Z170-A
  408. BASEBOARD_VERSION: Rev 1.xx
  409. DUMP_TYPE: 2
  410. SECURITY_COOKIE: Expected 0000675bd00a5be5 found 000067fad00a5be5
  411. BUGCHECK_STR: 0xF7_THREE_BIT
  412. CPU_COUNT: 4
  413. CPU_MHZ: db0
  414. CPU_VENDOR: GenuineIntel
  415. CPU_FAMILY: 6
  416. CPU_MODEL: 5e
  417. CPU_STEPPING: 3
  418. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  419. CUSTOMER_CRASH_COUNT: 1
  420. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  421.  
  422. PROCESS_NAME: svchost.exe
  423.  
  424. CURRENT_IRQL: 0
  425. LAST_CONTROL_TRANSFER: from fffff800d3640225 to fffff800d35d7f90
  426. STACK_TEXT:
  427. ffffcb01`4a56f508 fffff800`d3640225 : 00000000`000000f7 000067fa`d00a5be5 0000675b`d00a5be5 ffff98a4`2ff5a41a : nt!KeBugCheckEx
  428. ffffcb01`4a56f510 fffff800`d34c7d17 : 00000000`00000001 00000000`00000000 ffffc701`48c5d178 ffff9880`000e88c0 : nt!_report_gsfailure+0x25
  429. ffffcb01`4a56f550 fffff800`d34c777f : ffffb70a`8f7c3090 ffffdf0f`bc45fcf0 ffffb70a`8fdcba80 fffff800`d38a2a1c : nt!KiSwapThread+0x1b7
  430. ffffcb01`4a56f600 fffff800`d34c9547 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x14f
  431. ffffcb01`4a56f6a0 fffff800`d34d7a18 : ffffb70a`90a036c0 ffffb70a`00000011 ffffb70a`8f79a901 ffffb70a`00000000 : nt!KeWaitForSingleObject+0x377
  432. ffffcb01`4a56f750 fffff800`d38a7868 : 00000000`00000000 ffffb70a`90a036c0 00000000`00000011 00000291`8ba2fc01 : nt!AlpcpSignalAndWait+0x1d8
  433. ffffcb01`4a56f7f0 fffff800`d38a6541 : ffffb70a`91070e20 00000291`8b2dc170 ffffffff`ffffffff 00000291`8b2dc170 : nt!AlpcpReceiveSynchronousReply+0x58
  434. ffffcb01`4a56f850 fffff800`d38a481d : ffffb70a`91070e20 fffff800`00020000 00000291`8b2dc170 00000291`8b94a298 : nt!AlpcpProcessSynchronousRequest+0x301
  435. ffffcb01`4a56f950 fffff800`d35e2c93 : ffffcb01`4a56fa28 ffffb70a`90a03080 ffffcb01`4a56fb00 000000be`aef7cd78 : nt!NtAlpcSendWaitReceivePort+0x23d
  436. ffffcb01`4a56fa10 00007ffc`6eff5f44 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  437. 000000be`aef7cd58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`6eff5f44
  438. STACK_COMMAND: kb
  439. THREAD_SHA1_HASH_MOD_FUNC: 1a4f76e5a3302c2ff033839ea052ccf8e056ac8a
  440. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 03a942cb1db6a46cf7dc687c70a3218e441511f6
  441. THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406
  442. FOLLOWUP_IP:
  443. nt!_report_gsfailure+25
  444. fffff800`d3640225 cc int 3
  445. FAULT_INSTR_CODE: 48cccccc
  446. SYMBOL_STACK_INDEX: 1
  447. SYMBOL_NAME: nt!_report_gsfailure+25
  448. FOLLOWUP_NAME: MachineOwner
  449. MODULE_NAME: nt
  450.  
  451. IMAGE_NAME: ntkrnlmp.exe
  452.  
  453. DEBUG_FLR_IMAGE_TIMESTAMP: 578998f1
  454. IMAGE_VERSION: 10.0.14393.0
  455. BUCKET_ID_FUNC_OFFSET: 25
  456. FAILURE_BUCKET_ID: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  457. BUCKET_ID: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  458. PRIMARY_PROBLEM_CLASS: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  459. TARGET_TIME: 2017-08-05T11:08:20.000Z
  460. OSBUILD: 14393
  461. OSSERVICEPACK: 0
  462. SERVICEPACK_NUMBER: 0
  463. OS_REVISION: 0
  464. SUITE_MASK: 784
  465. PRODUCT_TYPE: 1
  466. OSPLATFORM_TYPE: x64
  467. OSNAME: Windows 10
  468. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  469. USER_LCID: 0
  470. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  471. BUILDDATESTAMP_STR: 160715-1616
  472. BUILDLAB_STR: rs1_release
  473. BUILDOSVER_STR: 10.0.14393.0
  474. ANALYSIS_SESSION_ELAPSED_TIME: 988
  475. ANALYSIS_SOURCE: KM
  476. FAILURE_ID_HASH_STRING: km:0xf7_three_bit_missing_gsframe_nt!_report_gsfailure
  477. FAILURE_ID_HASH: {78a85278-f601-c152-78ea-701afde9cf45}
  478. Followup: MachineOwner
  479.  
  480. ========================================================================
  481. =================== Dump File: 080517-3703-01.dmp ====================
  482. ========================================================================
  483. Mini Kernel Dump File: Only registers and stack trace are available
  484. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  485. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  486. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  487. Kernel base = 0xfffff803`13c02000 PsLoadedModuleList = 0xfffff803`13f07060
  488. Debug session time: Sat Aug 5 07:00:45.356 2017 (UTC - 4:00)
  489. System Uptime: 0 days 0:00:11.030
  490.  
  491. BugCheck BE, {ffff82d00cd84a88, 8000000000400121, ffffd501b45f7700, a}
  492. *** WARNING: Unable to verify timestamp for win32k.sys
  493. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  494. Probably caused by : memory_corruption
  495. Followup: memory_corruption
  496.  
  497. ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
  498. An attempt was made to write to readonly memory. The guilty driver is on the
  499. stack trace (and is typically the current instruction pointer).
  500. When possible, the guilty driver's name (Unicode string) is printed on
  501. the bugcheck screen and saved in KiBugCheckDriver.
  502.  
  503. Arguments:
  504. Arg1: ffff82d00cd84a88, Virtual address for the attempted write.
  505. Arg2: 8000000000400121, PTE contents.
  506. Arg3: ffffd501b45f7700, (reserved)
  507. Arg4: 000000000000000a, (reserved)
  508.  
  509. Debugging Details:
  510. DUMP_CLASS: 1
  511. DUMP_QUALIFIER: 400
  512. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  513. SYSTEM_SKU: SKU
  514. BIOS_VENDOR: American Megatrends Inc.
  515. BIOS_VERSION: 3401
  516. BIOS_DATE: 01/25/2017
  517. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  518. BASEBOARD_PRODUCT: Z170-A
  519. BASEBOARD_VERSION: Rev 1.xx
  520. DUMP_TYPE: 2
  521. CPU_COUNT: 4
  522. CPU_MHZ: db0
  523. CPU_VENDOR: GenuineIntel
  524. CPU_FAMILY: 6
  525. CPU_MODEL: 5e
  526. CPU_STEPPING: 3
  527. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  528. CUSTOMER_CRASH_COUNT: 1
  529. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  530. BUGCHECK_STR: 0xBE
  531.  
  532. PROCESS_NAME: System
  533.  
  534. CURRENT_IRQL: 2
  535. TRAP_FRAME: ffffd501b45f7700 -- (.trap 0xffffd501b45f7700)
  536. NOTE: The trap frame does not contain all registers.
  537. Some register values may be zeroed or incorrect.
  538. rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000041
  539. rdx=000000000000007f rsi=0000000000000000 rdi=0000000000000000
  540. rip=fffff80313d26856 rsp=ffffd501b45f7890 rbp=ffffd501b45f7900
  541. r8=0000000fffffffff r9=0000000000000000 r10=0000000000000000
  542. r11=ffffc0877618897a r12=0000000000000000 r13=0000000000000000
  543. r14=0000000000000000 r15=0000000000000000
  544. iopl=0 nv up ei pl zr na po nc
  545. nt!MiZeroPageThread+0x656:
  546. fffff803`13d26856 f0480fba6e183f lock bts qword ptr [rsi+18h],3Fh ds:00000000`00000018=????????????????
  547. Resetting default scope
  548. LAST_CONTROL_TRANSFER: from fffff80313ded8aa to fffff80313d4bf90
  549. STACK_TEXT:
  550. ffffd501`b45f74a8 fffff803`13ded8aa : 00000000`000000be ffff82d0`0cd84a88 80000000`00400121 ffffd501`b45f7700 : nt!KeBugCheckEx
  551. ffffd501`b45f74b0 fffff803`13d7ec63 : 00000000`00000000 ffffd501`b45f7600 00000000`00000003 00000000`00000003 : nt!MiRaisedIrqlFault+0x122
  552. ffffd501`b45f7500 fffff803`13d555fc : ffffc087`75d5f040 fffff803`13c3b77f ffff8000`0cedb910 fffff803`13c6d39f : nt! ?? ::FNODOBFM::`string'+0x23aa3
  553. ffffd501`b45f7700 fffff803`13d26856 : ffffc087`00000002 ffffd501`b45f7968 fffff803`13f27580 ffffc087`00000008 : nt!KiPageFault+0x13c
  554. ffffd501`b45f7890 fffff803`13c9e4bd : 00000000`00000000 ffffc087`75d5f040 fffff803`13d26200 fffff803`13f26380 : nt!MiZeroPageThread+0x656
  555. ffffd501`b45f7b90 fffff803`13d51456 : fffff803`13f44180 ffffc087`75d5f040 fffff803`13c9e47c 00000000`00000000 : nt!PspSystemThreadStartup+0x41
  556. ffffd501`b45f7be0 00000000`00000000 : ffffd501`b45f8000 ffffd501`b45f1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  557. STACK_COMMAND: kb
  558. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  559. fffff80313c6d3e8-fffff80313c6d3e9 2 bytes - nt!MiGetSmallZeroPtes+ac
  560. [ 80 f6:00 88 ]
  561. fffff80313c6d478-fffff80313c6d479 2 bytes - nt!MiZeroPageWorkMapping+58 (+0x90)
  562. [ 80 f6:00 88 ]
  563. fffff80313ceccd8-fffff80313ceccd9 2 bytes - nt!MiReplacePageTablePage+5c (+0x7f860)
  564. [ 80 fa:00 80 ]
  565. fffff80313cf333d-fffff80313cf333e 2 bytes - nt!RemoveListEntryPte+31 (+0x6665)
  566. [ 80 f6:00 88 ]
  567. fffff80313d101dd-fffff80313d101de 2 bytes - nt!MiPurgeZeroList+6d (+0x1cea0)
  568. [ 80 fa:00 80 ]
  569. fffff80313d26880-fffff80313d26881 2 bytes - nt!MiZeroPageThread+680 (+0x166a3)
  570. [ 80 fa:00 80 ]
  571. fffff80313ded8e2-fffff80313ded8e3 2 bytes - nt!MiRaisedIrqlFault+15a (+0xc7062)
  572. [ 80 fa:00 80 ]
  573. fffff80313ded96b-fffff80313ded96c 2 bytes - nt!MiRaisedIrqlFault+1e3 (+0x89)
  574. [ ff f6:7f 88 ]
  575. 16 errors : !nt (fffff80313c6d3e8-fffff80313ded96c)
  576. MODULE_NAME: memory_corruption
  577.  
  578. IMAGE_NAME: memory_corruption
  579.  
  580. FOLLOWUP_NAME: memory_corruption
  581. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  582. MEMORY_CORRUPTOR: LARGE
  583. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  584. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  585. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  586. TARGET_TIME: 2017-08-05T11:00:45.000Z
  587. OSBUILD: 14393
  588. OSSERVICEPACK: 0
  589. SERVICEPACK_NUMBER: 0
  590. OS_REVISION: 0
  591. SUITE_MASK: 784
  592. PRODUCT_TYPE: 1
  593. OSPLATFORM_TYPE: x64
  594. OSNAME: Windows 10
  595. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  596. USER_LCID: 0
  597. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  598. BUILDDATESTAMP_STR: 160715-1616
  599. BUILDLAB_STR: rs1_release
  600. BUILDOSVER_STR: 10.0.14393.0
  601. ANALYSIS_SESSION_ELAPSED_TIME: 2953
  602. ANALYSIS_SOURCE: KM
  603. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  604. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  605. Followup: memory_corruption
  606.  
  607. ========================================================================
  608. =================== Dump File: 080517-4281-01.dmp ====================
  609. ========================================================================
  610. Mini Kernel Dump File: Only registers and stack trace are available
  611. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  612. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  613. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  614. Kernel base = 0xfffff803`1de81000 PsLoadedModuleList = 0xfffff803`1e186060
  615. Debug session time: Sat Aug 5 07:42:13.524 2017 (UTC - 4:00)
  616. System Uptime: 0 days 0:01:16.194
  617.  
  618. BugCheck F7, {d1d9dc65ee66, d1d1dc65ee66, ffff2e2e239a1199, 0}
  619. Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
  620. Followup: MachineOwner
  621.  
  622. DRIVER_OVERRAN_STACK_BUFFER (f7)
  623. A driver has overrun a stack-based buffer. This overrun could potentially
  624. allow a malicious user to gain control of this machine.
  625. DESCRIPTION
  626. A driver overran a stack-based buffer (or local variable) in a way that would
  627. have overwritten the function's return address and jumped back to an arbitrary
  628. address when the function returned. This is the classic "buffer overrun"
  629. hacking attack and the system has been brought down to prevent a malicious user
  630. from gaining complete control of it.
  631. Do a kb to get a stack backtrace -- the last routine on the stack before the
  632. buffer overrun handlers and bugcheck call is the one that overran its local
  633. variable(s).
  634.  
  635. Arguments:
  636. Arg1: 0000d1d9dc65ee66, Actual security check cookie from the stack
  637. Arg2: 0000d1d1dc65ee66, Expected security check cookie
  638. Arg3: ffff2e2e239a1199, Complement of the expected security check cookie
  639. Arg4: 0000000000000000, zero
  640.  
  641. Debugging Details:
  642. DUMP_CLASS: 1
  643. DUMP_QUALIFIER: 400
  644. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  645. SYSTEM_SKU: SKU
  646. BIOS_VENDOR: American Megatrends Inc.
  647. BIOS_VERSION: 3401
  648. BIOS_DATE: 01/25/2017
  649. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  650. BASEBOARD_PRODUCT: Z170-A
  651. BASEBOARD_VERSION: Rev 1.xx
  652. DUMP_TYPE: 2
  653. SECURITY_COOKIE: Expected 0000d1d1dc65ee66 found 0000d1d9dc65ee66
  654. BUGCHECK_STR: 0xF7_ONE_BIT
  655. CPU_COUNT: 4
  656. CPU_MHZ: db0
  657. CPU_VENDOR: GenuineIntel
  658. CPU_FAMILY: 6
  659. CPU_MODEL: 5e
  660. CPU_STEPPING: 3
  661. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  662. CUSTOMER_CRASH_COUNT: 1
  663. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  664.  
  665. PROCESS_NAME: System
  666.  
  667. CURRENT_IRQL: 0
  668. LAST_CONTROL_TRANSFER: from fffff8031e033225 to fffff8031dfcaf90
  669. STACK_TEXT:
  670. ffffb400`dc5cca88 fffff803`1e033225 : 00000000`000000f7 0000d1d9`dc65ee66 0000d1d1`dc65ee66 ffff2e2e`239a1199 : nt!KeBugCheckEx
  671. ffffb400`dc5cca90 fffff803`1debad17 : ffffb400`dc5ccd10 fffff80c`00000000 00000000`00000007 ffff8c02`11378111 : nt!_report_gsfailure+0x25
  672. ffffb400`dc5ccad0 fffff803`1deba77f : ffffc988`c755f040 ffffc988`c755f180 fffff803`1e23e280 ffffb400`dc5c7000 : nt!KiSwapThread+0x1b7
  673. ffffb400`dc5ccb80 fffff803`1debc547 : ffffc988`00000000 ffffb400`dc5cd220 ffffc988`c7353f30 00000000`00000000 : nt!KiCommitThreadWait+0x14f
  674. ffffb400`dc5ccc20 fffff80c`f74d8a75 : ffffb400`dc5cd148 ffffb400`00000000 ffff8c02`11378100 00000000`00000000 : nt!KeWaitForSingleObject+0x377
  675. ffffb400`dc5cccd0 fffff80c`f74e9d28 : ffff8c02`08241c10 00000000`2f345559 00000000`2f345559 ffff8c02`11378010 : NTFS!NtfsNonCachedIo+0x425
  676. ffffb400`dc5ccf70 fffff80c`f74e63a8 : ffffb400`dc5cd220 00000000`00000000 00000000`00000000 ffffb400`dc5cd220 : NTFS!NtfsCommonWrite+0x36e8
  677. ffffb400`dc5cd1f0 fffff80c`f6ad5206 : ffffc988`ca215c00 ffffc988`c9622ab0 ffffc988`c9622ab0 ffffc988`c9622f70 : NTFS!NtfsFsdWrite+0x1d8
  678. ffffb400`dc5cd4e0 fffff80c`f6ad3146 : ffffb400`dc5cd619 ffffb400`dc5cd6b0 00000000`00000001 ffffc988`c7560010 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a6
  679. ffffb400`dc5cd570 fffff803`1df5940c : ffffc988`c9622ab0 ffffb400`dc5cd7c0 ffffc988`ca07e8b0 ffffc988`c9622ab0 : FLTMGR!FltpDispatch+0xb6
  680. ffffb400`dc5cd5d0 fffff803`1df69c9a : 00000000`00000000 ffffb400`dc5cd670 ffffc988`ca07e8b0 fffff803`1deee3fd : nt!IoSynchronousPageWriteEx+0x138
  681. ffffb400`dc5cd610 fffff803`1ded121f : 00000000`00000011 ffff8c02`16561010 00000000`00000000 00000000`00000000 : nt!MiIssueSynchronousFlush+0x72
  682. ffffb400`dc5cd690 fffff803`1df0a5e4 : ffffb400`ddf5fa68 00000000`00002000 ffffc988`ca0f5860 ffffc988`c84c1bc0 : nt!MiFlushSectionInternal+0x7cf
  683. ffffb400`dc5cd8c0 fffff803`1deda67c : ffffb400`ddf5fa68 ffffc988`c755f040 00000000`00002000 00000000`00000000 : nt!MmFlushSection+0x1a8
  684. ffffb400`dc5cd970 fffff803`1ded9742 : ffffc988`ca0f7b08 00000000`00000000 ffffc988`00000001 00000000`00000000 : nt!CcFlushCachePriv+0x3fc
  685. ffffb400`dc5cda80 fffff803`1ded8d79 : fffff803`1e23e100 fffff803`1e28bb01 00000000`00000000 fffff803`00000007 : nt!CcWriteBehindInternal+0x15a
  686. ffffb400`dc5cdb00 fffff803`1df1d4bd : fffff803`1e1c3180 00000000`00000080 ffffc988`c62b46c0 ffffc988`c755f040 : nt!ExpWorkerThread+0xe9
  687. ffffb400`dc5cdb90 fffff803`1dfd0456 : fffff803`1e1c3180 ffffc988`c755f040 fffff803`1df1d47c 00000000`001e8080 : nt!PspSystemThreadStartup+0x41
  688. ffffb400`dc5cdbe0 00000000`00000000 : ffffb400`dc5ce000 ffffb400`dc5c7000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  689. STACK_COMMAND: kb
  690. THREAD_SHA1_HASH_MOD_FUNC: ab8ddea2ceccdb84e6e2057ec7370accf447746d
  691. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5d023df74d9046f48fabc1e1efc75c535e1cc0d0
  692. THREAD_SHA1_HASH_MOD: 3cbdb1db51dc7640045ce14a5cdc9c2a1bffd1b1
  693. FOLLOWUP_IP:
  694. nt!_report_gsfailure+25
  695. fffff803`1e033225 cc int 3
  696. FAULT_INSTR_CODE: 48cccccc
  697. SYMBOL_STACK_INDEX: 1
  698. SYMBOL_NAME: nt!_report_gsfailure+25
  699. FOLLOWUP_NAME: MachineOwner
  700. MODULE_NAME: nt
  701.  
  702. IMAGE_NAME: ntkrnlmp.exe
  703.  
  704. DEBUG_FLR_IMAGE_TIMESTAMP: 578998f1
  705. IMAGE_VERSION: 10.0.14393.0
  706. BUCKET_ID_FUNC_OFFSET: 25
  707. FAILURE_BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  708. BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  709. PRIMARY_PROBLEM_CLASS: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  710. TARGET_TIME: 2017-08-05T11:42:13.000Z
  711. OSBUILD: 14393
  712. OSSERVICEPACK: 0
  713. SERVICEPACK_NUMBER: 0
  714. OS_REVISION: 0
  715. SUITE_MASK: 784
  716. PRODUCT_TYPE: 1
  717. OSPLATFORM_TYPE: x64
  718. OSNAME: Windows 10
  719. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  720. USER_LCID: 0
  721. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  722. BUILDDATESTAMP_STR: 160715-1616
  723. BUILDLAB_STR: rs1_release
  724. BUILDOSVER_STR: 10.0.14393.0
  725. ANALYSIS_SESSION_ELAPSED_TIME: 97a
  726. ANALYSIS_SOURCE: KM
  727. FAILURE_ID_HASH_STRING: km:0xf7_one_bit_missing_gsframe_nt!_report_gsfailure
  728. FAILURE_ID_HASH: {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42}
  729. Followup: MachineOwner
  730.  
  731. ========================================================================
  732. =================== Dump File: 080517-4359-01.dmp ====================
  733. ========================================================================
  734. Mini Kernel Dump File: Only registers and stack trace are available
  735. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  736. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  737. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  738. Kernel base = 0xfffff803`c008b000 PsLoadedModuleList = 0xfffff803`c0390060
  739. Debug session time: Sat Aug 5 06:58:30.318 2017 (UTC - 4:00)
  740. System Uptime: 0 days 0:00:09.992
  741.  
  742. BugCheck A, {fffffe8c78556290, 2, 0, fffff803c01da22d}
  743. Probably caused by : msrpc.sys ( msrpc!LRPC_CASSOCIATION::Bind+2cf )
  744. Followup: MachineOwner
  745.  
  746. IRQL_NOT_LESS_OR_EQUAL (a)
  747. An attempt was made to access a pageable (or completely invalid) address at an
  748. interrupt request level (IRQL) that is too high. This is usually
  749. caused by drivers using improper addresses.
  750. If a kernel debugger is available get the stack backtrace.
  751.  
  752. Arguments:
  753. Arg1: fffffe8c78556290, memory referenced
  754. Arg2: 0000000000000002, IRQL
  755. Arg3: 0000000000000000, bitfield :
  756. bit 0 : value 0 = read operation, 1 = write operation
  757. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  758. Arg4: fffff803c01da22d, address which referenced memory
  759.  
  760. Debugging Details:
  761. DUMP_CLASS: 1
  762. DUMP_QUALIFIER: 400
  763. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  764. SYSTEM_SKU: SKU
  765. BIOS_VENDOR: American Megatrends Inc.
  766. BIOS_VERSION: 3401
  767. BIOS_DATE: 01/25/2017
  768. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  769. BASEBOARD_PRODUCT: Z170-A
  770. BASEBOARD_VERSION: Rev 1.xx
  771. DUMP_TYPE: 2
  772. READ_ADDRESS: fffff803c0432338: Unable to get MiVisibleState
  773. fffffe8c78556290
  774. CURRENT_IRQL: 2
  775. FAULTING_IP:
  776. nt!SwapContext+1cd
  777. fffff803`c01da22d 480b9650020000 or rdx,qword ptr [rsi+250h]
  778. CPU_COUNT: 4
  779. CPU_MHZ: db0
  780. CPU_VENDOR: GenuineIntel
  781. CPU_FAMILY: 6
  782. CPU_MODEL: 5e
  783. CPU_STEPPING: 3
  784. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  785. CUSTOMER_CRASH_COUNT: 1
  786. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  787. BUGCHECK_STR: AV
  788.  
  789. PROCESS_NAME: System
  790.  
  791. TRAP_FRAME: ffffc900a6db0820 -- (.trap 0xffffc900a6db0820)
  792. NOTE: The trap frame does not contain all registers.
  793. Some register values may be zeroed or incorrect.
  794. rax=0000000000004080 rbx=0000000000000000 rcx=fffff78000000000
  795. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  796. rip=fffff803c01da22d rsp=ffffc900a6db09b0 rbp=000000edb59bbfff
  797. r8=0000000000000002 r9=0000000000000000 r10=0000000000000008
  798. r11=ffffde8c791ffb50 r12=0000000000000000 r13=0000000000000000
  799. r14=0000000000000000 r15=0000000000000000
  800. iopl=0 nv up ei pl zr na po nc
  801. nt!SwapContext+0x1cd:
  802. fffff803`c01da22d 480b9650020000 or rdx,qword ptr [rsi+250h] ds:00000000`00000250=????????????????
  803. Resetting default scope
  804. LAST_CONTROL_TRANSFER: from fffff803c01e0129 to fffff803c01d4f90
  805. STACK_TEXT:
  806. ffffc900`a6db06d8 fffff803`c01e0129 : 00000000`0000000a fffffe8c`78556290 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  807. ffffc900`a6db06e0 fffff803`c01de707 : ffff8608`697af5d0 ffff8608`698e9ad0 00000000`00008814 00000000`00000003 : nt!KiBugCheckDispatch+0x69
  808. ffffc900`a6db0820 fffff803`c01da22d : 00000000`02141dc7 ffffde8c`78556040 ffffde8c`7eb4c540 00000000`0000012a : nt!KiPageFault+0x247
  809. ffffc900`a6db09b0 fffff803`c01d9da6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SwapContext+0x1cd
  810. ffffc900`a6db09f0 fffff803`c00c4cdc : 00000000`00000000 ffffc900`00000000 ffff8608`6841e7f0 fffff803`00000000 : nt!KiSwapContext+0x76
  811. ffffc900`a6db0b30 fffff803`c00c477f : ffffde8c`78556040 ffffde8c`78556180 fffff803`c0448280 fffff803`c049fa1c : nt!KiSwapThread+0x17c
  812. ffffc900`a6db0be0 fffff803`c00c6547 : ffffc900`00000000 ffffde8c`7ef745b0 ffffde8c`7ea5aa60 00000000`00000000 : nt!KiCommitThreadWait+0x14f
  813. ffffc900`a6db0c80 fffff803`c00d4a18 : ffffde8c`78556680 ffffde8c`00000011 00000000`00000000 ffffde8c`00000000 : nt!KeWaitForSingleObject+0x377
  814. ffffc900`a6db0d30 fffff803`c04a4868 : 00000000`00000000 ffffde8c`78556680 00000000`00000011 ffff8608`698ad000 : nt!AlpcpSignalAndWait+0x1d8
  815. ffffc900`a6db0dd0 fffff803`c04a3541 : ffffde8c`7ef745b0 ffff8608`63420000 ffffffff`ffffffff ffff8608`63420000 : nt!AlpcpReceiveSynchronousReply+0x58
  816. ffffc900`a6db0e30 fffff803`c04a181d : ffffde8c`7ef745b0 fffff803`00220000 ffff8608`63420000 ffff8608`698e5ab0 : nt!AlpcpProcessSynchronousRequest+0x301
  817. ffffc900`a6db0f30 fffff803`c01dfc93 : ffffc900`a6db1008 ffffde8c`78556040 ffffc900`a6db10e0 ffffc900`a6db1218 : nt!NtAlpcSendWaitReceivePort+0x23d
  818. ffffc900`a6db0ff0 fffff803`c01d8150 : fffff806`5cef8067 00000000`00000000 ffff8608`69897068 00000000`00000003 : nt!KiSystemServiceCopyEnd+0x13
  819. ffffc900`a6db11f8 fffff806`5cef8067 : 00000000`00000000 ffff8608`69897068 00000000`00000003 fffff806`5cef8990 : nt!KiServiceLinkage
  820. ffffc900`a6db1200 fffff806`5cef208e : ffff8608`698e5a40 fffff806`5ced3510 00000000`00000000 ffff8608`698e5ab0 : msrpc!LRPC_CASSOCIATION::Bind+0x2cf
  821. ffffc900`a6db12b0 fffff806`5cef2212 : ffff8608`698e5a40 ffffc900`a6db13e9 00000000`00000000 ffff8608`6986c010 : msrpc!LRPC_BIND_CCALL::BaseBind+0x92
  822. ffffc900`a6db1330 fffff806`5cef4f55 : 00000000`00000001 ffff8608`698e5a40 ffffc900`a6db13e9 ffff8608`6986c010 : msrpc!LRPC_FAST_BIND_CCALL::Bind+0x32
  823. ffffc900`a6db1380 fffff806`5cefe5f3 : ffff8608`6986c010 ffff8608`00000000 ffff8608`698e5f50 00000000`00000000 : msrpc!LRPC_FAST_BINDING_HANDLE::Bind+0x145
  824. ffffc900`a6db1450 fffff806`5cefe064 : ffff8608`698e5c90 00000000`00000000 00000000`00000000 fffff803`00000000 : msrpc!BindToEpMapper+0x6b
  825. ffffc900`a6db14b0 fffff806`5cefd8fe : 00000000`00000000 fffff806`5cf00a40 ffff8608`62a87898 fffff803`00000000 : msrpc!EP_LOOKUP_DATA::ResolveEndpoint+0x10c
  826. ffffc900`a6db1550 fffff806`5cefd877 : ffff8608`62a87898 ffff8608`62a87868 00000000`00000000 fffff806`5cefd9c8 : msrpc!ResolveEndpointWithEpMapper+0x82
  827. ffffc900`a6db15c0 fffff806`5cefd5a5 : ffff8608`62a87898 ffff8608`62a87868 00000000`00000000 fffff803`c00d3f4a : msrpc!ResolveEndpointIfNecessary+0xaf
  828. ffffc900`a6db1640 fffff806`5cefd6bd : 00000000`00000000 ffff8608`62a87850 ffff8608`698a61a0 ffff8608`62a878e0 : msrpc!LRPC_BASE_BINDING_HANDLE::SubmitResolveEndpointRequest+0xe5
  829. ffffc900`a6db16d0 fffff806`5cef5852 : 00000000`00000000 ffff8608`62a87850 fffff806`5db84200 00000000`00000000 : msrpc!LRPC_BASE_BINDING_HANDLE::ResolveEndpoint+0xe9
  830. ffffc900`a6db1750 fffff806`5cef4f33 : 00000000`00000001 ffff8608`698a6010 ffffc900`a6db1819 ffff8608`62a87850 : msrpc!LRPC_BASE_BINDING_HANDLE::DriveStateForward+0x2d6
  831. ffffc900`a6db17b0 fffff806`5db4af31 : fffff806`5db916b0 00000000`00000000 fffff806`5db916a0 00000000`00000000 : msrpc!LRPC_FAST_BINDING_HANDLE::Bind+0x123
  832. ffffc900`a6db1880 fffff806`5db4ad54 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!NsipRpcAcquireHandle+0x91
  833. ffffc900`a6db18c0 fffff806`5db4ace1 : fffff806`5db916a0 ffffc900`a6db19f0 ffffc900`a6db1a60 ffffc900`00000000 : NETIO!NsipNotifyUserMode+0x4c
  834. ffffc900`a6db19b0 fffff806`5daa3b32 : fffff806`5db916a0 ffffde8c`7de23a20 ffffc900`a6db1ad0 00000000`00000000 : NETIO!NsiParameterChange+0x171
  835. ffffc900`a6db1a40 fffff806`5da147be : ffffde8c`78556040 ffffde8c`7de23a20 ffffde8c`7eff80b0 ffffde8c`7eff80b0 : ndis!ndisNsiNotifyClientInterfaceChange+0xb2
  836. ffffc900`a6db1ab0 fffff803`c00e2d79 : ffffde8c`78556040 ffffde8c`7eff80c0 fffff803`00000000 ffffde8c`00000003 : ndis!ndisNsiQueuedIfBlockRodChangeNotification+0x5e
  837. ffffc900`a6db1b00 fffff803`c01274bd : 00000000`00000000 00000000`00000080 ffffde8c`784b46c0 ffffde8c`78556040 : nt!ExpWorkerThread+0xe9
  838. ffffc900`a6db1b90 fffff803`c01da456 : ffffc900`a6bc8180 ffffde8c`78556040 fffff803`c012747c 00000000`00000000 : nt!PspSystemThreadStartup+0x41
  839. ffffc900`a6db1be0 00000000`00000000 : ffffc900`a6db2000 ffffc900`a6dab000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  840. STACK_COMMAND: kb
  841. THREAD_SHA1_HASH_MOD_FUNC: 9f26870b7a04b6c2d0825825ec5f817a1ff62bbe
  842. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6529a765491b4f1d1e32d7bc5a6e538ae8d4e7de
  843. THREAD_SHA1_HASH_MOD: 0ef54a3bfa62f27a168cd0d0b7244acf0a33cdcf
  844. FOLLOWUP_IP:
  845. msrpc!LRPC_CASSOCIATION::Bind+2cf
  846. fffff806`5cef8067 bb170000c0 mov ebx,0C0000017h
  847. FAULT_INSTR_CODE: 17bb
  848. SYMBOL_STACK_INDEX: e
  849. SYMBOL_NAME: msrpc!LRPC_CASSOCIATION::Bind+2cf
  850. FOLLOWUP_NAME: MachineOwner
  851. MODULE_NAME: msrpc
  852.  
  853. IMAGE_NAME: msrpc.sys
  854.  
  855. DEBUG_FLR_IMAGE_TIMESTAMP: 57899a8a
  856. IMAGE_VERSION: 10.0.14393.0
  857. BUCKET_ID_FUNC_OFFSET: 2cf
  858. FAILURE_BUCKET_ID: AV_msrpc!LRPC_CASSOCIATION::Bind
  859. BUCKET_ID: AV_msrpc!LRPC_CASSOCIATION::Bind
  860. PRIMARY_PROBLEM_CLASS: AV_msrpc!LRPC_CASSOCIATION::Bind
  861. TARGET_TIME: 2017-08-05T10:58:30.000Z
  862. OSBUILD: 14393
  863. OSSERVICEPACK: 0
  864. SERVICEPACK_NUMBER: 0
  865. OS_REVISION: 0
  866. SUITE_MASK: 784
  867. PRODUCT_TYPE: 1
  868. OSPLATFORM_TYPE: x64
  869. OSNAME: Windows 10
  870. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  871. USER_LCID: 0
  872. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  873. BUILDDATESTAMP_STR: 160715-1616
  874. BUILDLAB_STR: rs1_release
  875. BUILDOSVER_STR: 10.0.14393.0
  876. ANALYSIS_SESSION_ELAPSED_TIME: 9ce
  877. ANALYSIS_SOURCE: KM
  878. FAILURE_ID_HASH_STRING: km:av_msrpc!lrpc_cassociation::bind
  879. FAILURE_ID_HASH: {ad2870fc-56c4-9fea-24a0-352948838279}
  880. Followup: MachineOwner
  881.  
  882. ========================================================================
  883. =================== Dump File: 080517-4796-01.dmp ====================
  884. ========================================================================
  885. Mini Kernel Dump File: Only registers and stack trace are available
  886. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  887. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  888. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  889. Kernel base = 0xfffff800`0b87c000 PsLoadedModuleList = 0xfffff800`0bb81060
  890. Debug session time: Sat Aug 5 07:37:39.576 2017 (UTC - 4:00)
  891. System Uptime: 0 days 0:22:47.247
  892.  
  893. BugCheck D1, {fffff80fd03d8440, 2, 0, fffff808baa1e7cd}
  894. *** WARNING: Unable to verify timestamp for e1i63x64.sys
  895. *** ERROR: Module load completed but symbols could not be loaded for e1i63x64.sys
  896. Probably caused by : e1i63x64.sys ( e1i63x64+16156 )
  897. Followup: MachineOwner
  898.  
  899. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  900. An attempt was made to access a pageable (or completely invalid) address at an
  901. interrupt request level (IRQL) that is too high. This is usually
  902. caused by drivers using improper addresses.
  903. If kernel debugger is available get stack backtrace.
  904.  
  905. Arguments:
  906. Arg1: fffff80fd03d8440, memory referenced
  907. Arg2: 0000000000000002, IRQL
  908. Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
  909. Arg4: fffff808baa1e7cd, address which referenced memory
  910.  
  911. Debugging Details:
  912. DUMP_CLASS: 1
  913. DUMP_QUALIFIER: 400
  914. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  915. SYSTEM_SKU: SKU
  916. BIOS_VENDOR: American Megatrends Inc.
  917. BIOS_VERSION: 3401
  918. BIOS_DATE: 01/25/2017
  919. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  920. BASEBOARD_PRODUCT: Z170-A
  921. BASEBOARD_VERSION: Rev 1.xx
  922. DUMP_TYPE: 2
  923. READ_ADDRESS: fffff8000bc23338: Unable to get MiVisibleState
  924. fffff80fd03d8440
  925. CURRENT_IRQL: 2
  926. FAULTING_IP:
  927. tcpip!TcpMatchReceive+16d
  928. fffff808`baa1e7cd 488b0a mov rcx,qword ptr [rdx]
  929. CPU_COUNT: 4
  930. CPU_MHZ: db0
  931. CPU_VENDOR: GenuineIntel
  932. CPU_FAMILY: 6
  933. CPU_MODEL: 5e
  934. CPU_STEPPING: 3
  935. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  936. CUSTOMER_CRASH_COUNT: 1
  937. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  938. BUGCHECK_STR: AV
  939.  
  940. PROCESS_NAME: amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f5
  941.  
  942. DPC_STACK_BASE: FFFFF8000D53DFB0
  943. TRAP_FRAME: fffff8000d53cb60 -- (.trap 0xfffff8000d53cb60)
  944. NOTE: The trap frame does not contain all registers.
  945. Some register values may be zeroed or incorrect.
  946. rax=ffff900fcb3163c0 rbx=0000000000000000 rcx=00000000918d8104
  947. rdx=fffff80fd03d8440 rsi=0000000000000000 rdi=0000000000000000
  948. rip=fffff808baa1e7cd rsp=fffff8000d53ccf0 rbp=fffff8000d53cdf0
  949. r8=ffff900fcb1b1730 r9=00000000918d8104 r10=fffff8000d53cdb8
  950. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  951. r14=0000000000000000 r15=0000000000000000
  952. iopl=0 nv up ei pl zr na po nc
  953. tcpip!TcpMatchReceive+0x16d:
  954. fffff808`baa1e7cd 488b0a mov rcx,qword ptr [rdx] ds:fffff80f`d03d8440=????????????????
  955. Resetting default scope
  956. LAST_CONTROL_TRANSFER: from fffff8000b9d1129 to fffff8000b9c5f90
  957. STACK_TEXT:
  958. fffff800`0d53ca18 fffff800`0b9d1129 : 00000000`0000000a fffff80f`d03d8440 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  959. fffff800`0d53ca20 fffff800`0b9cf707 : ffff900f`cb0eb860 00000000`00000001 ffff900f`cb5e8c80 00000000`00000000 : nt!KiBugCheckDispatch+0x69
  960. fffff800`0d53cb60 fffff808`baa1e7cd : ffff900f`ca5c40a0 00001f80`00000200 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x247
  961. fffff800`0d53ccf0 fffff808`baa1e310 : ffff900f`ca5f7220 00000000`003436b9 ffff900f`cb763640 fffff808`b9ef3d9a : tcpip!TcpMatchReceive+0x16d
  962. fffff800`0d53cfa0 fffff808`baa2eb81 : ffff900f`cb2ea6f0 fffff800`0b971a28 00000000`00000004 fffff800`0b97286b : tcpip!TcpPreValidatedReceive+0x460
  963. fffff800`0d53d090 fffff808`baa2c42e : ffff900f`cb785700 00000000`00000000 ffff900f`cc982406 fffff808`00000006 : tcpip!IpFlcReceivePreValidatedPackets+0x591
  964. fffff800`0d53d230 fffff800`0b8e0e75 : 00000000`00000002 ffff900f`cd415080 fffff808`baa2c2d0 fffff800`0d53d3e0 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x15e
  965. fffff800`0d53d360 fffff808`baa619b6 : ffff900f`cb1cc860 00000000`00000000 ffff900f`cb1d6880 ffff900f`cb70f900 : nt!KeExpandKernelStackAndCalloutInternal+0x85
  966. fffff800`0d53d3b0 fffff808`b9a4392e : 00000000`00000000 fffff800`0d53d4b0 00000000`00000002 ffff900f`cb6c9010 : tcpip!FlReceiveNetBufferListChain+0xb6
  967. fffff800`0d53d430 fffff808`b9a433c4 : 00000000`00000001 ffff900f`0000dd00 ffff900f`00000000 00000000`00000002 : ndis!ndisMIndicateNetBufferListsToOpen+0x11e
  968. fffff800`0d53d4f0 fffff808`b9a43e97 : ffff900f`cb3281a0 fffff808`00000000 ffff900f`cb3281a0 ffff900f`cb3281a0 : ndis!ndisMTopReceiveNetBufferLists+0x224
  969. fffff800`0d53d600 fffff808`b9a42ce5 : ffff900f`cb3281a0 fffff800`0d53d750 00000000`00000801 00000000`00000001 : ndis!ndisCallReceiveHandler+0x47
  970. fffff800`0d53d650 fffff808`ba956156 : ffff900f`cb70f950 ffff900f`cb70f950 ffff900f`cb51ee40 ffff900f`cb6d88c0 : ndis!NdisMIndicateReceiveNetBufferLists+0x735
  971. fffff800`0d53d840 ffff900f`cb70f950 : ffff900f`cb70f950 ffff900f`cb51ee40 ffff900f`cb6d88c0 00000000`00000801 : e1i63x64+0x16156
  972. fffff800`0d53d848 ffff900f`cb70f950 : ffff900f`cb51ee40 ffff900f`cb6d88c0 00000000`00000801 fffff800`0d53daa0 : 0xffff900f`cb70f950
  973. fffff800`0d53d850 ffff900f`cb51ee40 : ffff900f`cb6d88c0 00000000`00000801 fffff800`0d53daa0 ffff900f`cb70f950 : 0xffff900f`cb70f950
  974. fffff800`0d53d858 ffff900f`cb6d88c0 : 00000000`00000801 fffff800`0d53daa0 ffff900f`cb70f950 ffff900f`cb6d8950 : 0xffff900f`cb51ee40
  975. fffff800`0d53d860 00000000`00000801 : fffff800`0d53daa0 ffff900f`cb70f950 ffff900f`cb6d8950 00000000`00000000 : 0xffff900f`cb6d88c0
  976. fffff800`0d53d868 fffff800`0d53daa0 : ffff900f`cb70f950 ffff900f`cb6d8950 00000000`00000000 fffff800`0d53daa0 : 0x801
  977. fffff800`0d53d870 ffff900f`cb70f950 : ffff900f`cb6d8950 00000000`00000000 fffff800`0d53daa0 ffff900f`cb51e000 : 0xfffff800`0d53daa0
  978. fffff800`0d53d878 ffff900f`cb6d8950 : 00000000`00000000 fffff800`0d53daa0 ffff900f`cb51e000 fffff808`ba9573e3 : 0xffff900f`cb70f950
  979. fffff800`0d53d880 00000000`00000000 : fffff800`0d53daa0 ffff900f`cb51e000 fffff808`ba9573e3 ffff900f`cb6d8900 : 0xffff900f`cb6d8950
  980. STACK_COMMAND: kb
  981. THREAD_SHA1_HASH_MOD_FUNC: 9077c506bee4b68a48aa864340ae865029a9c2e7
  982. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9f38f11c9a6a01628ca8aa05adbfc062c41b817c
  983. THREAD_SHA1_HASH_MOD: 0d19b9c5761f833083dea77922c55dc8a7fd45cb
  984. FOLLOWUP_IP:
  985. e1i63x64+16156
  986. fffff808`ba956156 ?? ???
  987. SYMBOL_STACK_INDEX: d
  988. SYMBOL_NAME: e1i63x64+16156
  989. FOLLOWUP_NAME: MachineOwner
  990. MODULE_NAME: e1i63x64
  991.  
  992. IMAGE_NAME: e1i63x64.sys
  993.  
  994. DEBUG_FLR_IMAGE_TIMESTAMP: 56da0235
  995. BUCKET_ID_FUNC_OFFSET: 16156
  996. FAILURE_BUCKET_ID: AV_e1i63x64!unknown_function
  997. BUCKET_ID: AV_e1i63x64!unknown_function
  998. PRIMARY_PROBLEM_CLASS: AV_e1i63x64!unknown_function
  999. TARGET_TIME: 2017-08-05T11:37:39.000Z
  1000. OSBUILD: 14393
  1001. OSSERVICEPACK: 0
  1002. SERVICEPACK_NUMBER: 0
  1003. OS_REVISION: 0
  1004. SUITE_MASK: 784
  1005. PRODUCT_TYPE: 1
  1006. OSPLATFORM_TYPE: x64
  1007. OSNAME: Windows 10
  1008. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  1009. USER_LCID: 0
  1010. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  1011. BUILDDATESTAMP_STR: 160715-1616
  1012. BUILDLAB_STR: rs1_release
  1013. BUILDOSVER_STR: 10.0.14393.0
  1014. ANALYSIS_SESSION_ELAPSED_TIME: 97c
  1015. ANALYSIS_SOURCE: KM
  1016. FAILURE_ID_HASH_STRING: km:av_e1i63x64!unknown_function
  1017. FAILURE_ID_HASH: {e02c4228-6ee3-a4f6-d146-ca73b3992c57}
  1018. Followup: MachineOwner
  1019.  
  1020. ========================================================================
  1021. =================== Dump File: 080517-4812-01.dmp ====================
  1022. ========================================================================
  1023. Could not open dump file [C:\Users\UserName\Desktop\ssd2\080517-4812-01.dmp], NTSTATUS 0xC000011E
  1024. "An attempt was made to map a file of size zero with the maximum size specified as zero."
  1025. Debuggee initialization failed, NTSTATUS 0xC000011E
  1026. An attempt was made to map a file of size zero with the maximum size specified as zero.
  1027.  
  1028. ========================================================================
  1029. =================== Dump File: 080517-3312-01.dmp ====================
  1030. ========================================================================
  1031. Mini Kernel Dump File: Only registers and stack trace are available
  1032. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  1033. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  1034. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  1035. Kernel base = 0xfffff802`eac92000 PsLoadedModuleList = 0xfffff802`eaf97060
  1036. Debug session time: Sat Aug 5 07:07:06.708 2017 (UTC - 4:00)
  1037. System Uptime: 0 days 0:01:08.382
  1038.  
  1039. BugCheck 1E, {ffffffffc0000005, fffff802eacd4fd5, 0, ffffffffffffffff}
  1040. Probably caused by : memory_corruption
  1041. Followup: memory_corruption
  1042.  
  1043. KMODE_EXCEPTION_NOT_HANDLED (1e)
  1044. This is a very common bugcheck. Usually the exception address pinpoints
  1045. the driver/function that caused the problem. Always note this address
  1046. as well as the link date of the driver/image that contains this address.
  1047.  
  1048. Arguments:
  1049. Arg1: ffffffffc0000005, The exception code that was not handled
  1050. Arg2: fffff802eacd4fd5, The address that the exception occurred at
  1051. Arg3: 0000000000000000, Parameter 0 of the exception
  1052. Arg4: ffffffffffffffff, Parameter 1 of the exception
  1053.  
  1054. Debugging Details:
  1055. DUMP_CLASS: 1
  1056. DUMP_QUALIFIER: 400
  1057. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  1058. SYSTEM_SKU: SKU
  1059. BIOS_VENDOR: American Megatrends Inc.
  1060. BIOS_VERSION: 3401
  1061. BIOS_DATE: 01/25/2017
  1062. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  1063. BASEBOARD_PRODUCT: Z170-A
  1064. BASEBOARD_VERSION: Rev 1.xx
  1065. DUMP_TYPE: 2
  1066. READ_ADDRESS: fffff802eb039338: Unable to get MiVisibleState
  1067. ffffffffffffffff
  1068. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  1069. FAULTING_IP:
  1070. nt!MiRemoveAnyPage+145
  1071. fffff802`eacd4fd5 f0480fba69183f lock bts qword ptr [rcx+18h],3Fh
  1072. EXCEPTION_PARAMETER2: ffffffffffffffff
  1073. BUGCHECK_STR: 0x1E_c0000005_R
  1074. CPU_COUNT: 4
  1075. CPU_MHZ: db0
  1076. CPU_VENDOR: GenuineIntel
  1077. CPU_FAMILY: 6
  1078. CPU_MODEL: 5e
  1079. CPU_STEPPING: 3
  1080. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  1081. CUSTOMER_CRASH_COUNT: 1
  1082. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1083.  
  1084. PROCESS_NAME: consent.exe
  1085.  
  1086. CURRENT_IRQL: 2
  1087. LAST_CONTROL_TRANSFER: from fffff802eae1514e to fffff802eaddbf90
  1088. STACK_TEXT:
  1089. ffffd980`d2cfa568 fffff802`eae1514e : 00000000`0000001e ffffffff`c0000005 fffff802`eacd4fd5 00000000`00000000 : nt!KeBugCheckEx
  1090. ffffd980`d2cfa570 fffff802`eade7202 : 00000000`00000000 fffff802`ead02946 ffff990a`9c541ac0 fffff802`00000000 : nt! ?? ::FNODOBFM::`string'+0x29f8e
  1091. ffffd980`d2cfac40 fffff802`eade54bd : ffffac80`00ca39e0 ffffd980`d2cfae80 00000000`0000000a 00000000`00000002 : nt!KiExceptionDispatch+0xc2
  1092. ffffd980`d2cfae20 fffff802`eacd4fd5 : 00000000`00000000 ffffaf80`00003800 00000000`00000002 fffff802`ead082a0 : nt!KiGeneralProtectionFault+0xfd
  1093. ffffd980`d2cfafb0 fffff802`ead086b5 : 00000000`00000002 fffff802`eafb6380 00000000`00000002 fffff802`eafb6380 : nt!MiRemoveAnyPage+0x145
  1094. ffffd980`d2cfb070 fffff802`ead082a0 : fffff802`eafb6380 ffffd980`00000077 00000000`00000002 00000000`00000002 : nt!MiGetFreeOrZeroPage+0x265
  1095. ffffd980`d2cfb140 fffff802`ead07e96 : fffff802`eafb6380 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiGetPage+0x80
  1096. ffffd980`d2cfb1c0 fffff802`ead06058 : ffff990a`a2109040 fffff802`eace1a0b ffffd980`d2cfb4a0 fffff802`ead0c8e5 : nt!MiGetPageChain+0x156
  1097. ffffd980`d2cfb2f0 fffff802`ead09813 : 01000000`00000002 ffffd980`d2cfb4b0 00000000`00000020 00000000`00000004 : nt!MiResolvePrivateZeroFault+0x128
  1098. ffffd980`d2cfb3b0 fffff802`eace2cce : 00000000`00000080 00000000`0003870f 00000000`0003870f fffff600`00000000 : nt!MmAccessFault+0xab3
  1099. ffffd980`d2cfb5b0 fffff802`eb0b1b31 : 00000000`070e1eaf ffffd980`d2cfb724 00000000`00000003 00000000`00000000 : nt!MiCommitExistingVad+0x75e
  1100. ffffd980`d2cfb6c0 fffff802`eb0b17a0 : 00000000`00000002 fffff802`eade7eef 00000000`00000010 00000000`00010202 : nt!MiAllocateVirtualMemory+0x381
  1101. ffffd980`d2cfb8b0 fffff802`eade6c93 : ffff990a`9c5415c0 fffff802`eb0cce2b ffff990a`a2109040 fffff802`eacfac0c : nt!NtAllocateVirtualMemory+0x40
  1102. ffffd980`d2cfb910 fffff802`eaddf150 : fffff802`eb0b9c48 00000000`00000087 ffff990a`000001ee fffff802`eafcbde0 : nt!KiSystemServiceCopyEnd+0x13
  1103. ffffd980`d2cfbb18 fffff802`eb0b9c48 : 00000000`00000087 ffff990a`000001ee fffff802`eafcbde0 00000000`00000000 : nt!KiServiceLinkage
  1104. ffffd980`d2cfbb20 fffff802`eb0b9a30 : 00000000`00002000 00000000`00080000 ffffd980`d2cfc4f0 00000070`e1eae000 : nt!RtlCreateUserStack+0x174
  1105. ffffd980`d2cfbbe0 fffff802`eb0baa81 : ffff990a`a2109420 00000000`00001968 ffffd980`d2cfcb00 ffff990a`a18b9730 : nt!PspSetupUserStack+0x74
  1106. ffffd980`d2cfbca0 fffff802`eb0c8dd6 : 00000000`00000000 ffffd980`d2cfcb00 00000000`00000001 ffffd980`00000000 : nt!PspAllocateThread+0x39d
  1107. ffffd980`d2cfbe30 fffff802`eade6c93 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x7c6
  1108. ffffd980`d2cfca10 00007ff9`b94d65e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  1109. 00000060`652fd518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`b94d65e4
  1110. STACK_COMMAND: kb
  1111. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1112. fffff802eacd4c1e - nt!MiReplenishPageSlist+1ae
  1113. [ fa:ac ]
  1114. fffff802eacd4f9e - nt!MiRemoveAnyPage+10e (+0x380)
  1115. [ fa:ac ]
  1116. fffff802ead06f21 - nt!MiAllocateWsle+421 (+0x31f83)
  1117. [ 80:00 ]
  1118. fffff802ead07eaa - nt!MiGetPageChain+16a (+0xf89)
  1119. [ fa:ac ]
  1120. fffff802ead082b8 - nt!MiGetPage+98 (+0x40e)
  1121. [ fa:ac ]
  1122. fffff802ead08733 - nt!MiGetFreeOrZeroPage+2e3 (+0x47b)
  1123. [ fa:ac ]
  1124. fffff802ead08789 - nt!MiGetFreeOrZeroPage+339 (+0x56)
  1125. [ fa:ac ]
  1126. fffff802ead098a3 - nt!MmAccessFault+b43 (+0x111a)
  1127. [ 80:00 ]
  1128. fffff802eada01de - nt!MiPurgeZeroList+6e (+0x9693b)
  1129. [ fa:ac ]
  1130. 9 errors : !nt (fffff802eacd4c1e-fffff802eada01de)
  1131. MODULE_NAME: memory_corruption
  1132.  
  1133. IMAGE_NAME: memory_corruption
  1134.  
  1135. FOLLOWUP_NAME: memory_corruption
  1136. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1137. MEMORY_CORRUPTOR: LARGE
  1138. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1139. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1140. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1141. TARGET_TIME: 2017-08-05T11:07:06.000Z
  1142. OSBUILD: 14393
  1143. OSSERVICEPACK: 0
  1144. SERVICEPACK_NUMBER: 0
  1145. OS_REVISION: 0
  1146. SUITE_MASK: 784
  1147. PRODUCT_TYPE: 1
  1148. OSPLATFORM_TYPE: x64
  1149. OSNAME: Windows 10
  1150. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  1151. USER_LCID: 0
  1152. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  1153. BUILDDATESTAMP_STR: 160715-1616
  1154. BUILDLAB_STR: rs1_release
  1155. BUILDOSVER_STR: 10.0.14393.0
  1156. ANALYSIS_SESSION_ELAPSED_TIME: 3858
  1157. ANALYSIS_SOURCE: KM
  1158. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1159. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1160. Followup: memory_corruption
  1161.  
  1162. ========================================================================
  1163. =================== Dump File: 080517-3421-01.dmp ====================
  1164. ========================================================================
  1165. Mini Kernel Dump File: Only registers and stack trace are available
  1166. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  1167. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  1168. Built by: 14393.0.amd64fre.rs1_release.160715-1616
  1169. Kernel base = 0xfffff803`dc200000 PsLoadedModuleList = 0xfffff803`dc505060
  1170. Debug session time: Sat Aug 5 07:54:25.501 2017 (UTC - 4:00)
  1171. System Uptime: 0 days 0:01:50.173
  1172.  
  1173. BugCheck 50, {ffffcb65bee1e730, 0, fffff803dc26f40c, 2}
  1174. Could not read faulting driver name
  1175. Probably caused by : memory_corruption
  1176. Followup: memory_corruption
  1177.  
  1178. PAGE_FAULT_IN_NONPAGED_AREA (50)
  1179. Invalid system memory was referenced. This cannot be protected by try-except.
  1180. Typically the address is just plain bad or it is pointing at freed memory.
  1181.  
  1182. Arguments:
  1183. Arg1: ffffcb65bee1e730, memory referenced.
  1184. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
  1185. Arg3: fffff803dc26f40c, If non-zero, the instruction address which referenced the bad memory
  1186. address.
  1187. Arg4: 0000000000000002, (reserved)
  1188.  
  1189. Debugging Details:
  1190. Could not read faulting driver name
  1191. DUMP_CLASS: 1
  1192. DUMP_QUALIFIER: 400
  1193. BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616)
  1194. SYSTEM_SKU: SKU
  1195. BIOS_VENDOR: American Megatrends Inc.
  1196. BIOS_VERSION: 3401
  1197. BIOS_DATE: 01/25/2017
  1198. BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
  1199. BASEBOARD_PRODUCT: Z170-A
  1200. BASEBOARD_VERSION: Rev 1.xx
  1201. DUMP_TYPE: 2
  1202. READ_ADDRESS: fffff803dc5a7338: Unable to get MiVisibleState
  1203. ffffcb65bee1e730 Paged pool
  1204. FAULTING_IP:
  1205. nt!MmCheckCachedPageStates+bc
  1206. fffff803`dc26f40c 488b1401 mov rdx,qword ptr [rcx+rax]
  1207. MM_INTERNAL_CODE: 2
  1208. CPU_COUNT: 4
  1209. CPU_MHZ: db0
  1210. CPU_VENDOR: GenuineIntel
  1211. CPU_FAMILY: 6
  1212. CPU_MODEL: 5e
  1213. CPU_STEPPING: 3
  1214. CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
  1215. CUSTOMER_CRASH_COUNT: 1
  1216. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1217. BUGCHECK_STR: AV
  1218.  
  1219. PROCESS_NAME: svchost.exe
  1220.  
  1221. CURRENT_IRQL: 0
  1222. TRAP_FRAME: ffff82818f3cf060 -- (.trap 0xffff82818f3cf060)
  1223. NOTE: The trap frame does not contain all registers.
  1224. Some register values may be zeroed or incorrect.
  1225. rax=ffffcb0000000000 rbx=0000000000000000 rcx=00000065bee1e730
  1226. rdx=0000000000002000 rsi=0000000000000000 rdi=0000000000000000
  1227. rip=fffff803dc26f40c rsp=ffff82818f3cf1f0 rbp=ffff82818f3cf2f0
  1228. r8=0000000000000000 r9=0000000000000000 r10=fffffb879cd9e000
  1229. r11=0000007ffffffff8 r12=0000000000000000 r13=0000000000000000
  1230. r14=0000000000000000 r15=0000000000000000
  1231. iopl=0 nv up ei pl nz na po nc
  1232. nt!MmCheckCachedPageStates+0xbc:
  1233. fffff803`dc26f40c 488b1401 mov rdx,qword ptr [rcx+rax] ds:ffffcb65`bee1e730=????????????????
  1234. Resetting default scope
  1235. LAST_CONTROL_TRANSFER: from fffff803dc3623be to fffff803dc349f90
  1236. STACK_TEXT:
  1237. ffff8281`8f3ced68 fffff803`dc3623be : 00000000`00000050 ffffcb65`bee1e730 00000000`00000000 ffff8281`8f3cf060 : nt!KeBugCheckEx
  1238. ffff8281`8f3ced70 fffff803`dc27772a : 00000000`00000000 00000000`00000000 ffff8281`8f3cf060 ffffa786`00000001 : nt! ?? ::FNODOBFM::`string'+0x91fe
  1239. ffff8281`8f3cee60 fffff803`dc3535fc : 00000000`00000011 00000001`00000000 ffffd185`1ce274f0 00000000`00000002 : nt!MmAccessFault+0x9ca
  1240. ffff8281`8f3cf060 fffff803`dc26f40c : ffff8281`8f3cf248 fffff803`dc2889b9 00000000`00000000 ffffa786`fba2c920 : nt!KiPageFault+0x13c
  1241. ffff8281`8f3cf1f0 fffff803`dc26e88e : 00000000`00002000 00000000`00002000 00000000`00002000 00000000`04e9e000 : nt!MmCheckCachedPageStates+0xbc
  1242. ffff8281`8f3cf3a0 fffff803`dc62df3c : 00000000`04e9e000 00000000`00000000 00000000`00000001 ffff8281`8f3cf4b0 : nt!CcFetchDataForRead+0x8e
  1243. ffff8281`8f3cf400 fffff803`dc26e645 : ffffa786`f8dd4da0 00000000`04e9e000 ffff8281`00022000 fffff809`6f71d801 : nt!CcMapAndCopyFromCache+0xdc
  1244. ffff8281`8f3cf4a0 fffff809`6f7f5905 : ffff8281`8f3cf5a0 00000000`00000001 ffffa786`00002000 fffff809`6dcd7222 : nt!CcCopyReadEx+0x125
  1245. ffff8281`8f3cf530 fffff809`6dcd5ae4 : 00000000`000002b0 00000000`00000000 ffffa786`fcafc590 0000014b`82742e50 : NTFS!NtfsCopyReadA+0x245
  1246. ffff8281`8f3cf7c0 fffff809`6dcd2f9d : ffffa786`fcbd8c00 ffff8281`8f3cf8b0 ffffa786`fcafc500 ffffa786`fcbd8cf0 : FLTMGR!FltpPerformFastIoCall+0xc4
  1247. ffff8281`8f3cf820 fffff809`6dd03ce9 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : FLTMGR!FltpPassThroughFastIo+0xbd
  1248. ffff8281`8f3cf880 fffff803`dc5fedc8 : ffffa786`fcafc590 00000000`00000001 ffff8281`8f3cfb00 ffffa786`fcafc590 : FLTMGR!FltpFastIoRead+0x159
  1249. ffff8281`8f3cf920 fffff803`dc354c93 : 00000000`00002938 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x408
  1250. ffff8281`8f3cfa10 00007ff9`3fdd4f14 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  1251. 00000039`3ab7eff8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`3fdd4f14
  1252. STACK_COMMAND: kb
  1253. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1254. fffff803dc240995 - nt!MiInsertAndUnlockStandbyPages+105
  1255. [ fa:bb ]
  1256. fffff803dc26f3dd-fffff803dc26f3de 2 bytes - nt!MmCheckCachedPageStates+8d (+0x2ea48)
  1257. [ 80 f6:00 cb ]
  1258. fffff803dc26f428 - nt!MmCheckCachedPageStates+d8 (+0x4b)
  1259. [ fa:bb ]
  1260. fffff803dc26f44f-fffff803dc26f451 3 bytes - nt!MmCheckCachedPageStates+ff (+0x27)
  1261. [ 40 fb f6:80 65 cb ]
  1262. fffff803dc26f46d - nt!MmCheckCachedPageStates+11d (+0x1e)
  1263. [ fa:bb ]
  1264. fffff803dc26f7c2-fffff803dc26f7c3 2 bytes - nt!MmCheckCachedPageStates+472 (+0x355)
  1265. [ 80 f6:00 cb ]
  1266. fffff803dc26f939 - nt!MmCheckCachedPageStates+5e9 (+0x177)
  1267. [ fa:bb ]
  1268. fffff803dc26fa67 - nt!MmCheckCachedPageStates+717 (+0x12e)
  1269. [ fa:bb ]
  1270. fffff803dc2dd736 - nt!MiDeleteParentDecayNode+26 (+0x6dccf)
  1271. [ fa:bb ]
  1272. fffff803dc44b717-fffff803dc44b719 3 bytes - nt!ExFreePoolWithTag+387
  1273. [ 40 fb f6:80 65 cb ]
  1274. 16 errors : !nt (fffff803dc240995-fffff803dc44b719)
  1275. MODULE_NAME: memory_corruption
  1276.  
  1277. IMAGE_NAME: memory_corruption
  1278.  
  1279. FOLLOWUP_NAME: memory_corruption
  1280. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1281. MEMORY_CORRUPTOR: LARGE
  1282. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1283. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1284. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1285. TARGET_TIME: 2017-08-05T11:54:25.000Z
  1286. OSBUILD: 14393
  1287. OSSERVICEPACK: 0
  1288. SERVICEPACK_NUMBER: 0
  1289. OS_REVISION: 0
  1290. SUITE_MASK: 784
  1291. PRODUCT_TYPE: 1
  1292. OSPLATFORM_TYPE: x64
  1293. OSNAME: Windows 10
  1294. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  1295. USER_LCID: 0
  1296. OSBUILD_TIMESTAMP: 2016-07-15 22:16:17
  1297. BUILDDATESTAMP_STR: 160715-1616
  1298. BUILDLAB_STR: rs1_release
  1299. BUILDOSVER_STR: 10.0.14393.0
  1300. ANALYSIS_SESSION_ELAPSED_TIME: 2aea
  1301. ANALYSIS_SOURCE: KM
  1302. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1303. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1304. Followup: memory_corruption
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!