Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 5: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- PAGE_FAULT_IN_NONPAGED_AREA (50)
- Invalid system memory was referenced. This cannot be protected by try-except.
- Typically the address is just plain bad or it is pointing at freed memory.
- Arguments:
- Arg1: ffffc000a70d1b01, memory referenced.
- Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
- Arg3: fffff801d1a60654, If non-zero, the instruction address which referenced the bad memory
- address.
- Arg4: 0000000000000000, (reserved)
- Debugging Details:
- ------------------
- *** WARNING: Unable to verify timestamp for EX64.SYS
- Could not read faulting driver name
- GetUlongPtrFromAddress: unable to read from fffff801b11c4308
- KEY_VALUES_STRING: 1
- PROCESSES_ANALYSIS: 1
- SERVICE_ANALYSIS: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 9600.19478.amd64fre.winblue_ltsb.190831-0600
- SYSTEM_MANUFACTURER: Microsoft Corporation
- VIRTUAL_MACHINE: HyperV
- SYSTEM_PRODUCT_NAME: Virtual Machine
- SYSTEM_SKU: None
- SYSTEM_VERSION: Hyper-V UEFI Release v1.0
- BIOS_VENDOR: Microsoft Corporation
- BIOS_VERSION: Hyper-V UEFI Release v1.0
- BIOS_DATE: 11/26/2012
- BASEBOARD_MANUFACTURER: Microsoft Corporation
- BASEBOARD_PRODUCT: Virtual Machine
- BASEBOARD_VERSION: Hyper-V UEFI Release v1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: ffffc000a70d1b01
- BUGCHECK_P2: 0
- BUGCHECK_P3: fffff801d1a60654
- BUGCHECK_P4: 0
- READ_ADDRESS: GetUlongPtrFromAddress: unable to read from fffff801b11c42a8
- GetUlongPtrFromAddress: unable to read from fffff801b11c4530
- ffffc000a70d1b01 Paged pool
- FAULTING_IP:
- EX64+54654
- fffff801`d1a60654 448a0401 mov r8b,byte ptr [rcx+rax]
- MM_INTERNAL_CODE: 0
- CPU_COUNT: 14
- CPU_MHZ: a25
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3f
- CPU_STEPPING: 2
- CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: SAC-ALEXDPC
- ANALYSIS_SESSION_TIME: 11-14-2019 08:00:19.0152
- ANALYSIS_VERSION: 10.0.18362.1 amd64fre
- TRAP_FRAME: ffffd000edee8f90 -- (.trap 0xffffd000edee8f90)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffc000a70d0bd2 rbx=0000000000000000 rcx=0000000000000f2f
- rdx=0000000000007979 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff801d1a60654 rsp=ffffd000edee9128 rbp=0000000000000006
- r8=ffffc000a2a02000 r9=ffffc000a2a022b8 r10=0000000000000000
- r11=ffffc000a2bc3e72 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl zr ac po cy
- EX64+0x54654:
- fffff801`d1a60654 448a0401 mov r8b,byte ptr [rcx+rax] ds:ffffc000`a70d1b01=??
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff801b105b898 to fffff801b0fb63a0
- STACK_TEXT:
- ffffd000`edee8df8 fffff801`b105b898 : 00000000`00000050 ffffc000`a70d1b01 00000000`00000000 ffffd000`edee8f90 : nt!KeBugCheckEx
- ffffd000`edee8e00 fffff801`b0eb4509 : 00000000`00000000 ffffc000`a70d1b01 ffffd000`edee8f90 ffffc000`a70d1b01 : nt!MiSystemFault+0x1048
- ffffd000`edee8e90 fffff801`b0fc3a9d : ffffc000`a2bc3e6d 00000000`00000000 00000000`00000000 00000000`000010a0 : nt!MmAccessFault+0x219
- ffffd000`edee8f90 fffff801`d1a60654 : ffffd000`edee9370 ffffc000`a2a02000 fffff801`d1a62b20 ffffc000`a78533c0 : nt!KiPageFault+0x31d
- ffffd000`edee9128 ffffd000`edee9370 : ffffc000`a2a02000 fffff801`d1a62b20 ffffc000`a78533c0 ffffd000`edee9370 : EX64+0x54654
- ffffd000`edee9130 ffffc000`a2a02000 : fffff801`d1a62b20 ffffc000`a78533c0 ffffd000`edee9370 ffffc000`d691c650 : 0xffffd000`edee9370
- ffffd000`edee9138 fffff801`d1a62b20 : ffffc000`a78533c0 ffffd000`edee9370 ffffc000`d691c650 00000000`00000e3c : 0xffffc000`a2a02000
- ffffd000`edee9140 ffffc000`a78533c0 : ffffd000`edee9370 ffffc000`d691c650 00000000`00000e3c 00000000`00000000 : EX64+0x56b20
- ffffd000`edee9148 ffffd000`edee9370 : ffffc000`d691c650 00000000`00000e3c 00000000`00000000 00000000`00000211 : 0xffffc000`a78533c0
- ffffd000`edee9150 ffffc000`d691c650 : 00000000`00000e3c 00000000`00000000 00000000`00000211 00000000`00000002 : 0xffffd000`edee9370
- ffffd000`edee9158 00000000`00000e3c : 00000000`00000000 00000000`00000211 00000000`00000002 fffff801`d1a4f88b : 0xffffc000`d691c650
- ffffd000`edee9160 00000000`00000000 : 00000000`00000211 00000000`00000002 fffff801`d1a4f88b 00000000`00000000 : 0xe3c
- THREAD_SHA1_HASH_MOD_FUNC: 47e8eefce965628f61e4e0cdbffe16196f895f04
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b005decf448f68def4f724794ef48e36d76ff9b2
- THREAD_SHA1_HASH_MOD: 438f0a4d702ceaf1cfa4419dd2817de56ee93d79
- FOLLOWUP_IP:
- EX64+54654
- fffff801`d1a60654 448a0401 mov r8b,byte ptr [rcx+rax]
- FAULT_INSTR_CODE: 1048a44
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: EX64+54654
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: EX64
- IMAGE_NAME: EX64.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 5b177aeb
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 54654
- FAILURE_BUCKET_ID: AV_EX64!unknown_function
- BUCKET_ID: AV_EX64!unknown_function
- PRIMARY_PROBLEM_CLASS: AV_EX64!unknown_function
- TARGET_TIME: 2019-11-14T14:53:02.000Z
- OSBUILD: 9600
- OSSERVICEPACK: 19478
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 16
- PRODUCT_TYPE: 3
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 8.1
- OSEDITION: Windows 8.1 Server TerminalServer
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2019-08-31 08:06:47
- BUILDDATESTAMP_STR: 190831-0600
- BUILDLAB_STR: winblue_ltsb
- BUILDOSVER_STR: 6.3.9600.19478.amd64fre.winblue_ltsb.190831-0600
- ANALYSIS_SESSION_ELAPSED_TIME: cf7
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:av_ex64!unknown_function
- FAILURE_ID_HASH: {36c0e73b-48b3-22e8-78ad-b2ca7320b916}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement