Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
- Copyright (c) Microsoft Corporation. All rights reserved.
- Auto Dump Analyzer by gardenman
- Time to debug file(s): 00 hours and 12 minutes and 34 seconds
- ============================= SYSTEM INFO ==============================
- SYSTEM_VERSION: 01
- SYSTEM_SKU: Inspiron 5458
- SYSTEM_PRODUCT_NAME: Inspiron 5458
- SYSTEM_MANUFACTURER: Dell Inc.
- =========================== BRIEF BIOS INFO ============================
- BIOS_DATE: 11/22/2016
- BIOS_VERSION: A14
- BIOS_VENDOR: Dell Inc.
- =========================== MOTHERBOARD INFO ===========================
- BASEBOARD_VERSION: A00
- BASEBOARD_PRODUCT: 0P6G1P
- BASEBOARD_MANUFACTURER: Dell Inc.
- =============================== CPU INFO ===============================
- CPU_MICROCODE: 6,3d,4,0 (F,M,S,R) SIG: 22'00000000 (cache) 22'00000000 (init)
- CPU_STEPPING: 4
- CPU_MODEL: 3d
- CPU_FAMILY: 6
- CPU_VENDOR: GenuineIntel
- CPU_MHZ: 95a
- CPU_COUNT: 4
- =============================== OS INFO ================================
- BUILDOSVER_STR: 10.0.15063.483
- BUILDLAB_STR: WinBuild
- BUILDDATESTAMP_STR: 160101.0800
- OSBUILD_TIMESTAMP: 2017-07-07 02:06:35
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OSNAME: Windows 10
- OSPLATFORM_TYPE: x64
- OSSERVICEPACK: 483
- OSBUILD: 15063
- BUILD_VERSION_STRING: 10.0.15063.483 (WinBuild.160101.0800)
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- ========================================================================
- ==================== Dump File: 080717-35343-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff800`b9c13000 PsLoadedModuleList = 0xfffff800`b9f5f5e0
- Debug session time: Mon Aug 7 06:52:52.668 2017 (UTC - 4:00)
- System Uptime: 0 days 12:13:13.348
- BugCheck F7, {413da32b7268, 413da32b726c, ffffbec25cd48d93, 0}
- Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
- Followup: MachineOwner
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: 0000413da32b7268, Actual security check cookie from the stack
- Arg2: 0000413da32b726c, Expected security check cookie
- Arg3: ffffbec25cd48d93, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- SECURITY_COOKIE: Expected 0000413da32b726c found 0000413da32b7268
- BUGCHECK_STR: 0xF7_ONE_BIT
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: OfficeClickToRun.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff800b9ded905 to fffff800b9d7f4c0
- STACK_TEXT:
- ffffd680`f10c6808 fffff800`b9ded905 : 00000000`000000f7 0000413d`a32b7268 0000413d`a32b726c ffffbec2`5cd48d93 : nt!KeBugCheckEx
- ffffd680`f10c6810 fffff800`b9c43e0c : ffff818a`64b13080 00000ff7`1ecd635c 00000000`00000004 ffffd680`f10c69f8 : nt!_report_gsfailure+0x25
- ffffd680`f10c6850 fffff800`b9d8a413 : ffff818a`6a934080 0000004d`527ff648 ffffd680`f10c6aa8 00000000`00002710 : nt!NtWaitForWorkViaWorkerFactory+0x52c
- ffffd680`f10c6a90 00007ffc`72ce8c34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 0000004d`527ff718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`72ce8c34
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 2108b7abc0e792c7844ee6a3281c515ec010d93a
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e93e4efaaf8144361e260ff91eff4eada852c462
- THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
- FOLLOWUP_IP:
- nt!_report_gsfailure+25
- fffff800`b9ded905 cc int 3
- FAULT_INSTR_CODE: cccccccc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!_report_gsfailure+25
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 595f24eb
- IMAGE_VERSION: 10.0.15063.483
- BUCKET_ID_FUNC_OFFSET: 25
- FAILURE_BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- PRIMARY_PROBLEM_CLASS: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- TARGET_TIME: 2017-08-07T10:52:52.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: a31
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xf7_one_bit_missing_gsframe_nt!_report_gsfailure
- FAILURE_ID_HASH: {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42}
- Followup: MachineOwner
- ========================================================================
- =============================== DRIVERS ================================
- ========================================================================
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
- ADA Info : Realtek Audio Driver system driver http://www.realtek.com.tw
- Timestamp : Tue May 2 2017
- Image path: \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43DBC86F-FBE3-4794-87D1-A416983A3E8A}\MpKsl381753d3.sys
- Image name: MpKsl381753d3.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=MpKsl381753d3.sys
- ADA Info : Microsoft Anti-malware Protection driver
- Timestamp : Tue May 19 2015
- Image path: \SystemRoot\System32\Drivers\dump_iaStorA.sys
- Image name: dump_iaStorA.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
- ADA Info : IASTOR.SYS is a Intel SATA driver for hard drives
- Timestamp : Tue Nov 17 2015
- Image path: \SystemRoot\system32\Drivers\RtsUer.sys
- Image name: RtsUer.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=RtsUer.sys
- Timestamp : Tue May 17 2016
- Image path: \SystemRoot\system32\drivers\npf.sys
- Image name: npf.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=npf.sys
- ADA Info : NetGroup Packet Filter driver, a component of WinPCap by Riverbed
- Timestamp : Thu Feb 28 2013
- Image path: \SystemRoot\System32\drivers\iaStorA.sys
- Image name: iaStorA.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
- ADA Info : Intel SATA Storage Device RAID Controller
- Timestamp : Tue Nov 17 2015
- Image path: \SystemRoot\system32\DRIVERS\ibtusb.sys
- Image name: ibtusb.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=ibtusb.sys
- Timestamp : Mon Apr 17 2017
- Image path: \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
- Image name: CLVirtualDrive.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=CLVirtualDrive.sys
- Timestamp : Mon Nov 11 2013
- Image path: \SystemRoot\System32\drivers\usb3Hub.sys
- Image name: usb3Hub.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=usb3Hub.sys
- Timestamp : Tue Oct 7 2014
- Image path: \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
- Image name: MBAMSwissArmy.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
- ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- Timestamp : Fri Jun 2 2017
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=ScpVBus.sys
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\drivers\DDDriver64Dcsa.sys
- Image name: DDDriver64Dcsa.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=DDDriver64Dcsa.sys
- Timestamp : Wed Jan 11 2017
- Image path: \SystemRoot\system32\drivers\DellProf.sys
- Image name: DellProf.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=DellProf.sys
- Timestamp : Mon Apr 3 2017
- Image path: \SystemRoot\System32\drivers\Netwbw02.sys
- Image name: Netwbw02.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys
- Timestamp : Wed Apr 5 2017
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver http://www.realtek.com.tw
- Timestamp : Tue May 5 2015
- Image path: \SystemRoot\System32\drivers\DellRbtn.sys
- Image name: DellRbtn.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=DellRbtn.sys
- Timestamp : Wed Oct 26 2016
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio Driver http://www.nvidia.com/
- Timestamp : Sun May 28 2017
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvhci.sys
- ADA Info : Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Tue Dec 27 2016
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
- ADA Info : Intel® Management Engine Interface
- Timestamp : Tue Jul 7 2015
- Image path: \SystemRoot\system32\DRIVERS\igdkmd64.sys
- Image name: igdkmd64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Thu Sep 29 2016
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nvdm.inf_amd64_516fa225cd24ab77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Mon May 1 2017
- Image path: \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
- Image name: iaLPSSi_I2C.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaLPSSi_I2C.sys
- Timestamp : Tue Feb 24 2015
- Unloaded modules:
- fffff800`c2250000 fffff800`c2260000 MSKSSRV.sys
- fffff800`c2330000 fffff800`c2356000 bthpan.sys
- fffff800`c2300000 fffff800`c2321000 BthEnum.sys
- fffff800`c2390000 fffff800`c23b0000 hidbth.sys
- fffff800`c2380000 fffff800`c238e000 btampm.sys
- fffff800`c2360000 fffff800`c2371000 BthAvrcpTg.s
- fffff800`c2240000 fffff800`c2273000 rfcomm.sys
- fffff800`c2220000 fffff800`c223e000 Microsoft.Bl
- fffff800`c2280000 fffff800`c22f7000 IntcDAud.sys
- fffff800`c31d0000 fffff800`c31db000 cldflt.sys
- fffff802`746c0000 fffff802`746cf000 dump_storpor
- fffff802`75200000 fffff802`75774000 dump_iaStorA
- fffff802`757a0000 fffff802`757bd000 dump_dumpfve
- fffff802`75df0000 fffff802`75e10000 dam.sys
- fffff802`731f0000 fffff802`731fd000 tbs.sys
- fffff802`731d0000 fffff802`731e9000 mfeelamk.sys
- fffff802`731c0000 fffff802`731cf000 WdBoot.sys
- fffff802`749c0000 fffff802`749cf000 hwpolicy.sys
- ========================================================================
- ============================== BIOS INFO ===============================
- ========================================================================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================================================================
- ==================== Dump File: 080617-50250-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff800`dd87c000 PsLoadedModuleList = 0xfffff800`ddbc85e0
- Debug session time: Sun Aug 6 17:25:06.708 2017 (UTC - 4:00)
- System Uptime: 4 days 12:49:56.372
- BugCheck 197, {1, ffffbdca808403d0, ffffbdca80405d40, 1}
- Probably caused by : win32kfull.sys ( win32kfull!InkDevice::`vector deleting destructor'+1ffe4 )
- Followup: MachineOwner
- WIN32K_SECURITY_FAILURE (197)
- A security failure was detected in win32k.
- Arguments:
- Arg1: 0000000000000001, An objects handle entry didn't point back to the object.
- Arg2: ffffbdca808403d0, Pointer to the object
- Arg3: ffffbdca80405d40, Pointer to the object handle entry
- Arg4: 0000000000000001, Expected object type
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x197
- PROCESS_NAME: flux.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from ffffbda5cf155324 to fffff800dd9e84c0
- STACK_TEXT:
- ffff9981`055cbef8 ffffbda5`cf155324 : 00000000`00000197 00000000`00000001 ffffbdca`808403d0 ffffbdca`80405d40 : nt!KeBugCheckEx
- ffff9981`055cbf00 ffffbda5`cf04ff4c : ffffbdca`808403d0 ffffbdca`82514ab0 00000000`00000000 00000000`00000000 : win32kfull!InkDevice::`vector deleting destructor'+0x1ffe4
- ffff9981`055cc060 ffffbda5`cf045072 : ffffbdca`808403d0 ffffbdca`808403d0 ffffbdca`8083dd30 00000000`00000004 : win32kfull!xxxSendMessage+0x2c
- ffff9981`055cc0c0 ffffbda5`cf0441f4 : ffffbdca`808403d0 00000000`00000000 00000000`00000000 ffffbdca`00000000 : win32kfull!xxxDW_SendDestroyMessages+0x6e
- ffff9981`055cc120 ffffbda5`cf045665 : ffffbdca`00000000 ffffbdca`80612e40 ffffbdca`00000000 ffffbdca`808403d0 : win32kfull!xxxDestroyWindow+0x264
- ffff9981`055cc210 ffffbda5`cf04416b : ffffbdca`8083f070 ffff9981`055cc2e9 00000000`00000000 ffffbdca`82514ab0 : win32kfull!xxxDW_DestroyOwnedWindows+0xe5
- ffff9981`055cc260 ffffbda5`cf045665 : ffffbdca`00000000 ffff9981`055cc380 ffffbdca`00000000 ffffbdca`8083f070 : win32kfull!xxxDestroyWindow+0x1db
- ffff9981`055cc350 ffffbda5`cf04416b : ffffbdca`8083ee90 ffff9981`055cc429 00000000`00000000 ffffbdca`82514ab0 : win32kfull!xxxDW_DestroyOwnedWindows+0xe5
- ffff9981`055cc3a0 ffffbda5`cfa3f93e : 00000000`00000000 00000000`00000001 ffffbdca`00000000 ffffbdca`8083ee90 : win32kfull!xxxDestroyWindow+0x1db
- ffff9981`055cc490 ffffbda5`cf9ff371 : ffffbdca`82514ab0 ffffbdca`81d603d0 ffffbdca`81d603d0 ffffbda5`00000001 : win32kbase!xxxDestroyWindowIfSupported+0x1e
- ffff9981`055cc4c0 ffffbda5`cf9fdf2b : 00000000`00000000 00000000`000002e6 00000000`00000000 ffffbdca`82514ab0 : win32kbase!HMDestroyUnlockedObject+0x71
- ffff9981`055cc4f0 ffffbda5`cf9db770 : 00000000`00000000 00000000`00000000 ffffbdca`82514ab0 00000000`00000000 : win32kbase!DestroyThreadsObjects+0x11b
- ffff9981`055cc520 ffffbda5`cf9e27bb : 00000000`00000001 ffffd108`b60fa080 ffffbdca`82514ab0 00000000`40010004 : win32kbase!xxxDestroyThreadInfo+0x420
- ffff9981`055cc670 ffffbda5`cf0de9ab : 00000000`00000000 ffffd108`b60fa080 00000000`00000001 ffffd108`b2a6d080 : win32kbase!UserThreadCallout+0x25b
- ffff9981`055cc6c0 ffffbda5`cf9e2d98 : ffff9981`055cc818 00000000`00000001 fffff800`ddbc1ea0 fffff800`dddd5df7 : win32kfull!W32pThreadCallout+0x5b
- ffff9981`055cc6f0 fffff800`ddcba0d1 : ffff9981`055cc818 ffff9981`055cc818 00000000`00000001 fffff800`ddbc1ea0 : win32kbase!W32CalloutDispatch+0x388
- ffff9981`055cc750 fffff800`ddcb6780 : ffffd108`bb95acb0 ffff9981`055cc910 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x3d
- ffff9981`055cc780 fffff800`dddb6313 : 00000000`40010004 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x44c
- ffff9981`055cc880 fffff800`dd8b15d3 : ffffd108`bd9d9080 fffff800`dd8d759f ffffd108`b60fa080 ffff9980`fd1a6180 : nt!KiSchedulerApcTerminate+0x33
- ffff9981`055cc8c0 fffff800`dd9ebb60 : 00000000`00000001 00000000`00000000 00000000`00000003 00000000`00000000 : nt!KiDeliverApc+0x313
- ffff9981`055cc950 fffff800`dd9f34ba : ffffbdca`82514ab0 00000000`0023ae20 00000000`00000000 ffffd108`c7285070 : nt!KiInitiateUserApc+0x70
- ffff9981`055cca90 00000000`6dad21cc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
- 00000000`0009ef08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6dad21cc
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 0c06ea954b5c18919e4a963fa22b0a7452a5d6f6
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8c5c28452fa65245f20928a474f880edacdda243
- THREAD_SHA1_HASH_MOD: 3ebb1da82d0d88326eecf4cc2327ff7dea417ccb
- FOLLOWUP_IP:
- win32kfull!InkDevice::`vector deleting destructor'+1ffe4
- ffffbda5`cf155324 90 nop
- FAULT_INSTR_CODE: 4166cc90
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: win32kfull!InkDevice::`vector deleting destructor'+1ffe4
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: win32kfull
- IMAGE_NAME: win32kfull.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 41105314
- IMAGE_VERSION: 10.0.15063.478
- BUCKET_ID_FUNC_OFFSET: 1ffe4
- FAILURE_BUCKET_ID: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
- BUCKET_ID: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
- PRIMARY_PROBLEM_CLASS: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
- TARGET_TIME: 2017-08-06T21:25:06.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 95d
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x197_win32kfull!inkdevice::_vector_deleting_destructor_
- FAILURE_ID_HASH: {7ed81d44-b665-fb6d-54e2-424ad59d5f64}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073117-33375-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff803`50e0d000 PsLoadedModuleList = 0xfffff803`511595e0
- Debug session time: Mon Jul 31 15:51:38.992 2017 (UTC - 4:00)
- System Uptime: 0 days 1:13:29.655
- BugCheck D1, {57, ff, 0, fffff8035b751014}
- Probably caused by : hardware ( intelppm!PerfReadWrappingCounter+4 )
- Followup: MachineOwner
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: 0000000000000057, memory referenced
- Arg2: 00000000000000ff, IRQL
- Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
- Arg4: fffff8035b751014, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- READ_ADDRESS: fffff803511ee358: Unable to get MiVisibleState
- 0000000000000057
- CURRENT_IRQL: 0
- FAULTING_IP:
- intelppm!PerfReadWrappingCounter+4
- fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
- ADDITIONAL_DEBUG_TEXT: The trap occurred when interrupts are disabled on the target.
- BUGCHECK_STR: DISABLED_INTERRUPT_FAULT
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: System
- TRAP_FRAME: fffff80353254640 -- (.trap 0xfffff80353254640)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff8035b751014 rbx=0000000000000000 rcx=ffff800082bd5e88
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8035b751014 rsp=fffff803532547d8 rbp=0000000000000000
- r8=fffff80353254810 r9=fffff80353254818 r10=0000000000000000
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up di pl zr na po nc
- intelppm!PerfReadWrappingCounter+0x4:
- fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl ds:00000000`00000057=??
- Resetting default scope
- MISALIGNED_IP:
- intelppm!PerfReadWrappingCounter+4
- fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
- LAST_CONTROL_TRANSFER: from fffff80350f848a9 to fffff80350f794c0
- STACK_TEXT:
- fffff803`532544f8 fffff803`50f848a9 : 00000000`0000000a 00000000`00000057 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
- fffff803`53254500 fffff803`50f82e7d : 00000000`00000002 00000000`00000001 00000001`40180088 fffffff6`00000002 : nt!KiBugCheckDispatch+0x69
- fffff803`53254640 fffff803`5b751014 : fffff803`50e83d46 00000245`52916102 fffff803`50e84c42 00000000`00000008 : nt!KiPageFault+0x23d
- fffff803`532547d8 fffff803`50e83d46 : 00000245`52916102 fffff803`50e84c42 00000000`00000008 00000000`00000008 : intelppm!PerfReadWrappingCounter+0x4
- fffff803`532547e0 fffff803`50e8356c : 00000000`00000000 00000020`00000002 00000000`00000000 00000000`00000092 : nt!PpmUpdatePerformanceFeedback+0x136
- fffff803`53254890 fffff803`50e82f53 : 00000000`00000003 00000000`00000002 ffff8000`8150c000 00000000`00000000 : nt!PpmIdleExecuteTransition+0x48c
- fffff803`53254b00 fffff803`50f7c53c : 00000000`00000000 fffff803`4f86c180 fffff803`51206a40 ffff8000`7340e700 : nt!PoIdle+0x343
- fffff803`53254c60 00000000`00000000 : fffff803`53255000 fffff803`5324f000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 8cfc593ba61765474c574df60d7e86d380d30b03
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0688c4233ec5f41425e03e357a74783c5594a574
- THREAD_SHA1_HASH_MOD: 1e22ecde62cec1bd43b13b355e774b25d572d400
- FOLLOWUP_IP:
- intelppm!PerfReadWrappingCounter+4
- fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
- FAULT_INSTR_CODE: 41575610
- SYMBOL_STACK_INDEX: 3
- SYMBOL_NAME: intelppm!PerfReadWrappingCounter+4
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware
- IMAGE_NAME: hardware
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- IMAGE_VERSION: 10.0.15058.0
- FAILURE_BUCKET_ID: IP_MISALIGNED_intelppm.sys
- BUCKET_ID: IP_MISALIGNED_intelppm.sys
- PRIMARY_PROBLEM_CLASS: IP_MISALIGNED_intelppm.sys
- TARGET_TIME: 2017-07-31T19:51:38.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 54f8
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:ip_misaligned_intelppm.sys
- FAILURE_ID_HASH: {f96a22c3-9c8a-7e50-c61d-a0f13b050574}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073117-27421-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff803`80a7c000 PsLoadedModuleList = 0xfffff803`80dc85e0
- Debug session time: Mon Jul 31 14:34:21.608 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:08.315
- BugCheck C4, {2000, fffff8028f964d45, 0, 0}
- *** WARNING: Unable to verify timestamp for CLVirtualDrive.sys
- *** ERROR: Module load completed but symbols could not be loaded for CLVirtualDrive.sys
- Probably caused by : CLVirtualDrive.sys ( CLVirtualDrive+4d45 )
- Followup: MachineOwner
- DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
- A device driver attempting to corrupt the system has been caught. This is
- because the driver was specified in the registry as being suspect (by the
- administrator) and the kernel has enabled substantial checking of this driver.
- If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
- be among the most commonly seen crashes.
- Arguments:
- Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
- Arg2: fffff8028f964d45, The address in the driver's code where the error was detected.
- Arg3: 0000000000000000, Pool Type.
- Arg4: 0000000000000000, Pool Tag (if provided).
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- BUGCHECK_STR: 0xc4_2000
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff803811e803f to fffff80380be84c0
- STACK_TEXT:
- ffffc281`9f9945f8 fffff803`811e803f : 00000000`000000c4 00000000`00002000 fffff802`8f964d45 00000000`00000000 : nt!KeBugCheckEx
- ffffc281`9f994600 fffff803`80cc9d9f : 00000000`00000000 fffff803`811df9ca fffff803`80d331f0 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
- ffffc281`9f994640 fffff803`811df8b0 : 00000000`00000000 fffff803`80dba3ac fffff802`8f964d45 fffff802`8f96b66a : nt!VfReportIssueWithOptions+0x103
- ffffc281`9f994690 fffff803`811dd46c : 00000000`00000000 00000000`00000063 00000000`c0000023 ffffc281`9f994750 : nt!VfCheckPoolType+0x90
- ffffc281`9f9946d0 fffff802`8f964d45 : ffffc281`9f994890 00000000`00000063 00000000`00000000 fffff803`80ab8564 : nt!VerifierExAllocatePool+0x1c
- ffffc281`9f994720 ffffc281`9f994890 : 00000000`00000063 00000000`00000000 fffff803`80ab8564 ffff2768`00000000 : CLVirtualDrive+0x4d45
- ffffc281`9f994728 00000000`00000063 : 00000000`00000000 fffff803`80ab8564 ffff2768`00000000 ffffc281`9f994750 : 0xffffc281`9f994890
- ffffc281`9f994730 00000000`00000000 : fffff803`80ab8564 ffff2768`00000000 ffffc281`9f994750 fffff802`00000010 : 0x63
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 749c7e102a0eaa2c637751cd4fe17059d8682075
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e9b2d21878968a93ef1e7c0ec758afdec34d99af
- THREAD_SHA1_HASH_MOD: b6392cd5e4a7b5ecb8dd207fc5f66a30ce9f7459
- FOLLOWUP_IP:
- CLVirtualDrive+4d45
- fffff802`8f964d45 488b4c2438 mov rcx,qword ptr [rsp+38h]
- FAULT_INSTR_CODE: 244c8b48
- SYMBOL_STACK_INDEX: 5
- SYMBOL_NAME: CLVirtualDrive+4d45
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: CLVirtualDrive
- IMAGE_NAME: CLVirtualDrive.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 5281a118
- BUCKET_ID_FUNC_OFFSET: 4d45
- FAILURE_BUCKET_ID: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
- BUCKET_ID: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
- PRIMARY_PROBLEM_CLASS: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
- TARGET_TIME: 2017-07-31T18:34:21.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 8121
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xc4_2000_vrf_clvirtualdrive!unknown_function
- FAILURE_ID_HASH: {8c19116e-0de2-1752-ad2a-f62e156eeea7}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073117-27234-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff800`ad487000 PsLoadedModuleList = 0xfffff800`ad7d35e0
- Debug session time: Mon Jul 31 11:50:28.943 2017 (UTC - 4:00)
- System Uptime: 0 days 0:45:03.605
- BugCheck 1000007E, {ffffffffc0000005, fffff800ad6326df, ffffa601899494f8, ffffa60189948d40}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Some common problems are exception code 0x80000003. This means a hard
- coded breakpoint or assertion was hit, but this system was booted
- /NODEBUG. This is not supposed to happen as developers should never have
- hardcoded breakpoints in retail code, but ...
- If this happens, make sure a debugger gets connected, and the
- system is booted /DEBUG. This will let us see why this breakpoint is
- happening.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff800ad6326df, The address that the exception occurred at
- Arg3: ffffa601899494f8, Exception Record Address
- Arg4: ffffa60189948d40, Context Record Address
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- nt!ExReinitializeResourceLite+1014cf
- fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h]
- EXCEPTION_RECORD: ffffa601899494f8 -- (.exr 0xffffa601899494f8)
- ExceptionAddress: fffff800ad6326df (nt!ExReinitializeResourceLite+0x00000000001014cf)
- ExceptionCode: c0000005 (Access violation)
- ExceptionFlags: 00000000
- NumberParameters: 2
- Parameter[0]: 0000000000000000
- Parameter[1]: ffffffffffffffff
- Attempt to read from address ffffffffffffffff
- CONTEXT: ffffa60189948d40 -- (.cxr 0xffffa60189948d40)
- rax=000000000c503146 rbx=ffffdd02b91246d0 rcx=ffffdd02b91246d0
- rdx=ffffdd02b8977dc8 rsi=ffffdd02b8977dc0 rdi=0000000000000000
- rip=fffff800ad6326df rsp=ffffa60189949730 rbp=0000000000000002
- r8=0000000000000000 r9=ffffb706574314e8 r10=ffffb706571fea28
- r11=0000000000000000 r12=ffffdd02b8977de8 r13=20206f4902060000
- r14=00000000b91246e0 r15=0000000000000001
- iopl=0 nv up ei pl nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
- nt!ExReinitializeResourceLite+0x1014cf:
- fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h] ds:002b:20206f49`02060704=????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- EXCEPTION_CODE_STR: c0000005
- EXCEPTION_PARAMETER1: 0000000000000000
- EXCEPTION_PARAMETER2: ffffffffffffffff
- FOLLOWUP_IP:
- nt!ExReinitializeResourceLite+1014cf
- fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h]
- READ_ADDRESS: fffff800ad868358: Unable to get MiVisibleState
- ffffffffffffffff
- BUGCHECK_STR: AV
- LAST_CONTROL_TRANSFER: from fffff8067cf729a0 to fffff800ad6326df
- STACK_TEXT:
- ffffa601`89949730 fffff806`7cf729a0 : 00000000`00000745 ffffdd02`b91245e0 ffffb706`571fea00 ffffdd02`bd7f83c0 : nt!ExReinitializeResourceLite+0x1014cf
- ffffa601`89949790 fffff806`7ceb873d : fffff806`00000000 ffffb706`00000002 ffffa601`89949830 ffffdd02`b91983a8 : NTFS!NtfsDeleteFcb+0x4a0
- ffffa601`89949810 fffff806`7cf71b3b : ffffdd02`b91983a8 ffffdd02`b8921180 ffffb706`57431010 ffffb706`574314e8 : NTFS!NtfsTeardownFromLcb+0x20d
- ffffa601`899498b0 fffff806`7ceb91d3 : ffffdd02`b91983a8 ffffa601`899499b2 00000000`00000000 ffffb706`57431010 : NTFS!NtfsTeardownStructures+0xdb
- ffffa601`89949930 fffff806`7cf7464c : ffffa601`89949ac8 ffffb706`57431010 ffffdd02`b91983a8 ffffb706`57431010 : NTFS!NtfsDecrementCloseCounts+0xd3
- ffffa601`89949970 fffff806`7cfbd3ad : ffffdd02`b91983a8 ffffb706`57431150 ffffb706`57431010 ffffdd02`b8921180 : NTFS!NtfsCommonClose+0x3fc
- ffffa601`89949a40 fffff800`ad4c4ca8 : 00000000`00000400 ffffdd02`bd7f8040 fffff800`ad7d0b00 ffffdd02`cae5b888 : NTFS!NtfsFspCloseInternal+0x1c9
- ffffa601`89949b80 fffff800`ad563ac7 : fffff800`abf1f180 00000000`00000080 ffffdd02`b467f040 ffffdd02`bd7f8040 : nt!ExpWorkerThread+0xd8
- ffffa601`89949c10 fffff800`ad5f8946 : fffff800`abf1f180 ffffdd02`bd7f8040 fffff800`ad563a80 00000000`00000000 : nt!PspSystemThreadStartup+0x47
- ffffa601`89949c60 00000000`00000000 : ffffa601`8994a000 ffffa601`89944000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff800ad4d7162-fffff800ad4d7164 3 bytes - nt!MiReleaseSystemCacheView+1ea
- [ 40 fb f6:c0 ce 9d ]
- fffff800ad4fa84f - nt!MmMapLockedPagesSpecifyCache+ff (+0x236ed)
- [ f6:9d ]
- fffff800ad4fa8f4 - nt!MmMapLockedPagesSpecifyCache+1a4 (+0xa5)
- [ f6:9d ]
- fffff800ad4fa904-fffff800ad4fa906 3 bytes - nt!MmMapLockedPagesSpecifyCache+1b4 (+0x10)
- [ 40 fb f6:c0 ce 9d ]
- fffff800ad51c817 - nt!MiPfnShareCountIsZero+187 (+0x21f13)
- [ f6:9d ]
- fffff800ad51f83a-fffff800ad51f83b 2 bytes - nt!MiInsertAndUnlockStandbyPages+61a (+0x3023)
- [ 80 fa:00 c7 ]
- fffff800ad632c3c-fffff800ad632c3d 2 bytes - nt!KiOutSwapProcesses+fee0c (+0x113402)
- [ 80 fa:00 c7 ]
- fffff800ad632d5d-fffff800ad632d61 5 bytes - nt!KiInSwapProcesses+feac9 (+0x121)
- [ d0 be 7d fb f6:b0 73 e7 ce 9d ]
- fffff800ad632dd3 - nt!KiInSwapProcesses+feb3f (+0x76)
- [ f6:9d ]
- fffff800ad632e10-fffff800ad632e11 2 bytes - nt!KiInSwapProcesses+feb7c (+0x3d)
- [ 80 fa:00 c7 ]
- 21 errors : !nt (fffff800ad4d7162-fffff800ad632e11)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffa60189948d40 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-07-31T15:50:28.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 394a
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 073117-28859-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff802`a267f000 PsLoadedModuleList = 0xfffff802`a29cb5e0
- Debug session time: Mon Jul 31 11:04:45.563 2017 (UTC - 4:00)
- System Uptime: 0 days 0:08:57.223
- BugCheck 139, {1d, ffffb7018056d780, ffffb7018056d6d8, 0}
- Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
- Followup: MachineOwner
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 000000000000001d, Type of memory safety violation
- Arg2: ffffb7018056d780, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffb7018056d6d8, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- TRAP_FRAME: ffffb7018056d780 -- (.trap 0xffffb7018056d780)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=00000000ffff8b08 rbx=0000000000000000 rcx=000000000000001d
- rdx=ffff8b0bf1646dc0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff802a282fe59 rsp=ffffb7018056d910 rbp=0000000000000000
- r8=ffff8b0c02cf2478 r9=ffff8b0bf0b8a860 r10=ffff8b0bee7cd40c
- r11=fffff802a29d26e0 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na po cy
- nt!RtlRbRemoveNode+0xf0e09:
- fffff802`a282fe59 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffb7018056d6d8 -- (.exr 0xffffb7018056d6d8)
- ExceptionAddress: fffff802a282fe59 (nt!RtlRbRemoveNode+0x00000000000f0e09)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 000000000000001d
- Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
- CUSTOMER_CRASH_COUNT: 1
- BUGCHECK_STR: 0x139
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 000000000000001d
- DEFAULT_BUCKET_ID: FAST_FAIL_INVALID_BALANCED_TREE_STRING
- LAST_CONTROL_TRANSFER: from fffff802a27f68a9 to fffff802a27eb4c0
- STACK_TEXT:
- ffffb701`8056d458 fffff802`a27f68a9 : 00000000`00000139 00000000`0000001d ffffb701`8056d780 ffffb701`8056d6d8 : nt!KeBugCheckEx
- ffffb701`8056d460 fffff802`a27f6c10 : ffffb701`805c2f80 00000000`00000000 ffffb701`8056d5c0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffffb701`8056d5a0 fffff802`a27f5bf7 : 00000000`00000002 fffff802`ad151043 00000000`00000000 00000000`0000000f : nt!KiFastFailDispatch+0xd0
- ffffb701`8056d780 fffff802`a282fe59 : ffff8b0b`ec8c4922 00000000`00000000 ffff8b0b`ec8c48b8 fffff802`a273eb6f : nt!KiRaiseSecurityCheckFailure+0xf7
- ffffb701`8056d910 fffff802`a273eb6f : ffffffff`ffffffff fffff802`a26eefd3 ffff8b0b`ec8c48b8 00000000`00000001 : nt!RtlRbRemoveNode+0xf0e09
- ffffb701`8056d930 fffff802`a26f039b : ffffb701`8056d9f9 fffff802`a29d26e0 fffff802`a29d26e8 00000000`00000000 : nt!KiRemoveTimer2+0x7f
- ffffb701`8056d980 fffff802`a26f177e : ffffb701`80540180 00000000`0023ae22 fffff802`a0fc1ea0 00000000`00005025 : nt!KiTimer2Expiration+0x23b
- ffffb701`8056da60 fffff802`a27ee56a : 00000000`00000000 ffffb701`80540180 00000000`00000000 ffffb701`8054cc80 : nt!KiRetireDpcList+0x3de
- ffffb701`8056dc60 00000000`00000000 : ffffb701`8056e000 ffffb701`80568000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 41aea2ade4b5c29f6d6c98f4e7d5af19e7f29488
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c91fb0b52ef231adbe1c44d45af03ed25626234a
- THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
- FOLLOWUP_IP:
- nt!KiFastFailDispatch+d0
- fffff802`a27f6c10 c644242000 mov byte ptr [rsp+20h],0
- FAULT_INSTR_CODE: 202444c6
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 595f24eb
- IMAGE_VERSION: 10.0.15063.483
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_1d_nt!KiFastFailDispatch
- BUCKET_ID: 0x139_1d_nt!KiFastFailDispatch
- PRIMARY_PROBLEM_CLASS: 0x139_1d_nt!KiFastFailDispatch
- TARGET_TIME: 2017-07-31T15:04:45.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 14dc
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x139_1d_nt!kifastfaildispatch
- FAILURE_ID_HASH: {f0e9be39-aca3-f989-1ebb-6cd8a3a0f24d}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073117-29937-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff801`dee07000 PsLoadedModuleList = 0xfffff801`df1535e0
- Debug session time: Mon Jul 31 10:51:50.435 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:08.143
- BugCheck C4, {2000, fffff80237f3a25c, 0, 444c534b}
- *** WARNING: Unable to verify timestamp for MpKslb9c75bdb.sys
- *** ERROR: Module load completed but symbols could not be loaded for MpKslb9c75bdb.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
- A device driver attempting to corrupt the system has been caught. This is
- because the driver was specified in the registry as being suspect (by the
- administrator) and the kernel has enabled substantial checking of this driver.
- If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
- be among the most commonly seen crashes.
- Arguments:
- Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
- Arg2: fffff80237f3a25c, The address in the driver's code where the error was detected.
- Arg3: 0000000000000000, Pool Type.
- Arg4: 00000000444c534b, Pool Tag (if provided).
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- BUGCHECK_STR: 0xc4_2000
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff801df57303f to fffff801def734c0
- STACK_TEXT:
- ffffd681`a6799758 fffff801`df57303f : 00000000`000000c4 00000000`00002000 fffff802`37f3a25c 00000000`00000000 : nt!KeBugCheckEx
- ffffd681`a6799760 fffff801`df054d9f : ffffd681`a67998e8 fffff801`df56a9ca fffff801`df0be1f0 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
- ffffd681`a67997a0 fffff801`df56a8b0 : 00000000`444c534b fffff801`df1453ac fffff802`37f3a25c 00000000`00000002 : nt!VfReportIssueWithOptions+0x103
- ffffd681`a67997f0 fffff801`df568701 : 00000000`444c534b ffffd681`a67998c9 00000000`00000000 ffffad83`bec83000 : nt!VfCheckPoolType+0x90
- ffffd681`a6799830 fffff802`37f3a25c : ffffad83`bec83000 ffffad83`beca8e60 ffffad83`ba1e9290 fffff801`deeda609 : nt!VerifierExAllocatePoolEx+0x21
- ffffd681`a6799880 ffffad83`bec83000 : ffffad83`beca8e60 ffffad83`ba1e9290 fffff801`deeda609 00000000`00000000 : MpKslb9c75bdb+0xa25c
- ffffd681`a6799888 ffffad83`beca8e60 : ffffad83`ba1e9290 fffff801`deeda609 00000000`00000000 ffffd681`a6799a30 : 0xffffad83`bec83000
- ffffd681`a6799890 ffffad83`ba1e9290 : fffff801`deeda609 00000000`00000000 ffffd681`a6799a30 00000000`00000000 : 0xffffad83`beca8e60
- ffffd681`a6799898 fffff801`deeda609 : 00000000`00000000 ffffd681`a6799a30 00000000`00000000 00000000`00000801 : 0xffffad83`ba1e9290
- ffffd681`a67998a0 fffff801`df274026 : 00000000`00000000 ffffad83`beca8e60 ffffad83`beca8e60 00000000`000001c8 : nt!PnpDiagnosticTraceObject+0x51
- ffffd681`a6799930 fffff801`df5e5bdb : ffffad83`bd1abe30 ffffad83`bd1abe30 ffffd681`a6799b80 ffffad83`bd1abda0 : nt!IopLoadDriver+0x522
- ffffd681`a6799b10 fffff801`df5fca8e : fffff801`00000000 ffffac05`a785cfd0 00000000`00000000 fffff801`dd452500 : nt!IopInitializeSystemDrivers+0x137
- ffffd681`a6799bb0 fffff801`df3b314c : fffff801`dd452500 fffff801`dd452500 fffff801`df3b3110 fffff801`dd452500 : nt!IoInitSystem+0x16
- ffffd681`a6799be0 fffff801`deee3ac7 : ffffad83`b9277040 00690072`00650070 00630069`0064006f 00040408`00080d02 : nt!Phase1Initialization+0x3c
- ffffd681`a6799c10 fffff801`def78946 : fffff801`dd781180 ffffad83`b9277040 fffff801`deee3a80 0001f01c`00000000 : nt!PspSystemThreadStartup+0x47
- ffffd681`a6799c60 00000000`00000000 : ffffd681`a679a000 ffffd681`a6794000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
- 5 errors : !nt (fffff801dee47287-fffff801deefcb77)
- fffff801dee47280 48 b8 00 00 00 00 80 *f0 ff ff 4c 8b d3 4c 2b d0 H.........L..L+.
- fffff801deefcb60 ff ff 3f 48 b8 00 00 00 *c0 *ea *d5 ff ff 48 03 c8 ..?H.........H..
- fffff801deefcb70 49 b8 00 00 00 00 80 *d5 ff ff 48 89 4c 24 28 48 I.........H.L$(H
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: STRIDE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
- BUCKET_ID: MEMORY_CORRUPTION_STRIDE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_STRIDE
- TARGET_TIME: 2017-07-31T14:51:50.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 281b
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_stride
- FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 073117-33765-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff801`b3e86000 PsLoadedModuleList = 0xfffff801`b41d25e0
- Debug session time: Mon Jul 31 10:11:44.084 2017 (UTC - 4:00)
- System Uptime: 0 days 1:45:39.426
- BugCheck 19, {e, ffffb0881917f440, a08d74b1757ffb48, a08d74b1757ffb4c}
- Probably caused by : Npfs.SYS ( Npfs!NpWriteDataQueue+112 )
- Followup: MachineOwner
- BAD_POOL_HEADER (19)
- The pool is already corrupt at the time of the current request.
- This may or may not be due to the caller.
- The internal pool links must be walked to figure out a possible cause of
- the problem, and then special pool applied to the suspect tags or the driver
- verifier to a suspect driver.
- Arguments:
- Arg1: 000000000000000e,
- Arg2: ffffb0881917f440
- Arg3: a08d74b1757ffb48
- Arg4: a08d74b1757ffb4c
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- BUGCHECK_STR: 0x19_e
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: chrome.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff801b4106c49 to fffff801b3ff24c0
- STACK_TEXT:
- ffff8181`472825f8 fffff801`b4106c49 : 00000000`00000019 00000000`0000000e ffffb088`1917f440 a08d74b1`757ffb48 : nt!KeBugCheckEx
- ffff8181`47282600 fffff80b`b769ab62 : fffff801`b278b800 ffff8181`47282810 ffff8181`3e975180 ffffb088`222b4080 : nt!ExAllocatePoolWithTag+0x18a9
- ffff8181`472826f0 fffff80b`b769a8b7 : ffffdd01`04432e00 fffff801`00000000 000001fc`14ed0648 00000000`000001b0 : Npfs!NpWriteDataQueue+0x112
- ffff8181`47282760 fffff80b`b769a6ef : ffffdd01`01180870 000001fc`14ed0648 ffffb088`1ab7b7a0 ffffb088`1a518700 : Npfs!NpCommonWrite+0x157
- ffff8181`472827f0 fffff80b`b5523502 : ffffb088`10b273c0 ffff8181`47282a40 ffffb088`222148e0 fffff801`b430ec5e : Npfs!NpFsdWrite+0x5f
- ffff8181`47282860 fffff801`b431c6ef : ffffb088`1a73bd60 ffffb088`1ab7b900 ffffb088`1a73bd60 fffff801`00000001 : FLTMGR!FltpDispatch+0xe2
- ffff8181`472828c0 fffff801`b4345a48 : ffffdd01`00000000 00000000`00000004 ffffb088`0c3ff110 ffff8181`47282b80 : nt!IopSynchronousServiceTail+0x1af
- ffff8181`47282980 fffff801`b3ffd413 : ffffb088`1a518700 00000000`00000000 00000000`00000000 000001fc`10fc01f8 : nt!NtWriteFile+0x6d8
- ffff8181`47282a90 00007ff9`c6c854a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 000000ca`82ffe758 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`c6c854a4
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 04bb5edfdcf206c5b4922d4aa4b04b09e6ce42ee
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ae9dcf249ebdbd671b48f20e9605fd585cad56be
- THREAD_SHA1_HASH_MOD: dce440383acd8bd9a1d0a689e8852277bbdc81a1
- FOLLOWUP_IP:
- Npfs!NpWriteDataQueue+112
- fffff80b`b769ab62 4c8bf8 mov r15,rax
- FAULT_INSTR_CODE: 48f88b4c
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: Npfs!NpWriteDataQueue+112
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: Npfs
- IMAGE_NAME: Npfs.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 71dcd8d9
- IMAGE_VERSION: 10.0.15058.0
- BUCKET_ID_FUNC_OFFSET: 112
- FAILURE_BUCKET_ID: 0x19_e_Npfs!NpWriteDataQueue
- BUCKET_ID: 0x19_e_Npfs!NpWriteDataQueue
- PRIMARY_PROBLEM_CLASS: 0x19_e_Npfs!NpWriteDataQueue
- TARGET_TIME: 2017-07-31T14:11:44.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 998
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x19_e_npfs!npwritedataqueue
- FAILURE_ID_HASH: {59a55cae-bf51-e25b-4343-197c08d57dcc}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073117-36828-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff801`e880d000 PsLoadedModuleList = 0xfffff801`e8b595e0
- Debug session time: Mon Jul 31 08:23:19.732 2017 (UTC - 4:00)
- System Uptime: 3 days 19:31:43.062
- BugCheck 133, {0, 501, 500, fffff801e8bee348}
- *** WARNING: Unable to verify timestamp for Netwbw02.sys
- *** ERROR: Module load completed but symbols could not be loaded for Netwbw02.sys
- *************************************************************************
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** Type referenced: TickPeriods ***
- *************************************************************************
- Probably caused by : memory_corruption
- Followup: memory_corruption
- DPC_WATCHDOG_VIOLATION (133)
- The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
- or above.
- Arguments:
- Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
- component can usually be identified with a stack trace.
- Arg2: 0000000000000501, The DPC time count (in ticks).
- Arg3: 0000000000000500, The DPC time allotment (in ticks).
- Arg4: fffff801e8bee348
- Debugging Details:
- *************************************************************************
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** Type referenced: TickPeriods ***
- *************************************************************************
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x133
- PROCESS_NAME: steamwebhelper.exe
- CURRENT_IRQL: d
- LAST_CONTROL_TRANSFER: from fffff801e89a93d2 to fffff801e89794c0
- STACK_TEXT:
- fffff801`eac62bc8 fffff801`e89a93d2 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
- fffff801`eac62bd0 fffff801`e8882899 : 00004f07`40d8f379 fffff801`e7209180 00000000`0141c7c4 00000000`00000002 : nt!KeAccumulateTicks+0x124ea2
- fffff801`eac62c30 fffff801`e9099676 : 00004f07`40d89dd8 fffff801`e8bef4c0 fffff801`eac5a010 fffff801`e90e9460 : nt!KeClockInterruptNotify+0x599
- fffff801`eac62f40 fffff801`e881c675 : fffff801`e90e93b0 ffffe410`30210cb7 00000000`000002ec ffffc981`5ce04140 : hal!HalpTimerClockInterrupt+0x56
- fffff801`eac62f70 fffff801`e897ab5a : fffff801`eac5a090 fffff801`e90e93b0 00000000`00000005 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa5
- fffff801`eac62fb0 fffff801`e897afa7 : 20646574`74696d62 4163616d`6d207962 00000000`00000000 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
- fffff801`eac5a010 fffff801`e8918e71 : fffff801`e8918e2f ffffffff`ffffffd1 0000065b`56a38094 ffffdc01`c3b7e3c0 : nt!KiInterruptDispatchNoLockNoEtw+0x37
- fffff801`eac5a1a8 fffff801`e8918e2f : ffffffff`ffffffd1 0000065b`56a38094 ffffdc01`c3b7e3c0 0000065b`56a08094 : nt!PspUnlockQuotaExpansion+0x5
- fffff801`eac5a1b0 fffff801`e8897d7c : 00000038`00000002 0000065b`56a38094 ffffdc01`b27f1d80 fffff804`7e00398b : nt!PspExpandQuota+0x83
- fffff801`eac5a210 fffff804`7e05096f : 0000065b`56a18094 ffffdc01`b4770f00 fffff801`eac5a370 ffffdc01`bdef21a0 : nt!PspChargeQuota+0x13c
- fffff801`eac5a270 fffff804`7ed73987 : 00000000`00000000 00000000`00000000 00000000`00002aad fffff804`7ed9b9d4 : afd!AfdBCommonChainedReceiveEventHandler+0x66f
- fffff801`eac5a3c0 fffff804`7ed84049 : fffff801`eac5aa88 00000000`00000000 00000000`00000000 fffff804`7f01141f : tcpip!TcpIndicateData+0x117
- fffff801`eac5a4f0 fffff804`7ed83c20 : fffff801`00000000 fffff804`7e002926 ffff6974`012d654b 00000000`00000002 : tcpip!TcpDeliverDataToClient+0xc9
- fffff801`eac5a660 fffff804`7ed81d70 : 00000000`00000000 00000000`00000000 00000000`0000004e ffffdc01`bc1824a0 : tcpip!TcpDeliverReceive+0xb0
- fffff801`eac5a770 fffff804`7ed81501 : ffffdc01`b4183370 fffff801`eac5ad98 ffffdc01`b4183370 fffff804`7dda5b36 : tcpip!TcpTcbFastDatagram+0x490
- fffff801`eac5a9d0 fffff804`7ed80cd0 : 00000000`00000001 fffff804`7edd6ce0 00000000`00000002 ffffdc01`aa9e66f0 : tcpip!TcpTcbReceive+0x171
- fffff801`eac5ac30 fffff804`7ed806a4 : ffffc981`627960de ffffdc01`aa9db000 00000000`00000000 ffffdc01`aa5fffa0 : tcpip!TcpMatchReceive+0x1d0
- fffff801`eac5ad90 fffff804`7edb2ce9 : ffffdc01`aa9e66f0 ffffdc01`aa9db000 fffff801`eac5bb01 ffffdc01`0000c4c7 : tcpip!TcpPreValidatedReceive+0x344
- fffff801`eac5ae80 fffff804`7edb2952 : 00000000`00000000 fffff801`e71c3def 00000000`00000000 00000000`00000006 : tcpip!IppDeliverListToProtocol+0x59
- fffff801`eac5af30 fffff804`7ed7d88c : 00000000`00000006 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
- fffff801`eac5afa0 fffff804`7ed8e66e : fffff804`7ef4a220 ffffdc01`a9001940 00000000`00000000 ffffdc01`b7dd9500 : tcpip!IppReceiveHeaderBatch+0x20c
- fffff801`eac5b0a0 fffff804`7ed8f39f : ffffdc01`b49b4de0 ffffdc01`bc1824a0 fffff801`eac5b201 ffffdc01`be86ea00 : tcpip!IppFlcReceivePacketsCore+0x31e
- fffff801`eac5b1c0 fffff804`7ed7e4f8 : ffffdc01`be860017 fffff801`00000001 fffff804`7edd6c40 00000000`00000001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x25f
- fffff801`eac5b2a0 fffff801`e882320b : 00000000`00000002 ffffdc01`c2f5b1c0 fffff804`7ed7e3a0 fffff801`eac5b450 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x158
- fffff801`eac5b3d0 fffff804`7edd7176 : ffffdc01`aa9cedf0 00000000`00000000 ffffdc01`aa7f1b10 ffffdc01`bc182400 : nt!KeExpandKernelStackAndCalloutInternal+0x8b
- fffff801`eac5b420 fffff804`7dda2da7 : 00000000`00000001 fffff801`eac5b520 fffff801`00000001 ffffdc01`bf70dc00 : tcpip!FlReceiveNetBufferListChain+0xb6
- fffff801`eac5b4a0 fffff804`7dda2a9f : 00000000`00000001 ffffdc01`bc83dd00 ffffdc01`00000000 00000000`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x117
- fffff801`eac5b560 fffff804`7dda3317 : ffffdc01`aa2901a0 fffff801`00000000 ffffdc01`aa2901a0 00000000`00000001 : ndis!ndisMTopReceiveNetBufferLists+0x22f
- fffff801`eac5b660 fffff804`7dda267d : 00000000`0141c2c3 ffffdc01`bdc3e141 fffff801`eac5b7b0 00000000`00000001 : ndis!ndisCallReceiveHandler+0x47
- fffff801`eac5b6b0 fffff804`7fe21296 : 00000000`00000000 00000000`00000001 ffffdc01`ba1cb0c0 fffff804`7fc7dd77 : ndis!NdisMIndicateReceiveNetBufferLists+0x70d
- fffff801`eac5b8a0 00000000`00000000 : 00000000`00000001 ffffdc01`ba1cb0c0 fffff804`7fc7dd77 ffffc981`00000001 : Netwbw02+0x1b1296
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -db !win32k
- 255 errors : !win32k (ffffb7ac091ccaa0-ffffb7ac091ccb9f)
- ffffb7ac091ccaa0 *00 *07 *ad *ff *00 *11 *ad *ff *00 *1b *ad *ff *00 *25 *ad *ff .............%..
- ffffb7ac091ccab0 *01 *2f *ad *ff *00 *39 *ad *ff *00 *43 *ad *ff *00 *4d *ad *ff ./...9...C...M..
- ffffb7ac091ccac0 *00 *57 *ad *ff *00 *61 *ad *ff *03 *6b *ad *ff *07 *75 *ad *ff .W...a...k...u..
- ffffb7ac091ccad0 *00 *7f *ad *ff *00 *89 *ad *ff *00 *93 *ad *ff *00 *9d *ad *ff ................
- ffffb7ac091ccae0 *00 *a7 *ad *ff *00 *b1 *ad *ff *00 *bb *ad *ff *00 *c5 *ad *ff ................
- ffffb7ac091ccaf0 *00 *cf *ad *ff *00 *d9 *ad *ff *00 *e3 *ad *ff *00 *ed *ad *ff ................
- ffffb7ac091ccb00 *00 *f7 *ad *ff *00 *01 *ae *ff *00 *0b *ae *ff *01 *15 *ae *ff ................
- ffffb7ac091ccb10 *00 *1f *ae *ff *00 *29 *ae *ff *00 *33 *ae *ff *04 *3d *ae *ff .....)...3...=..
- ffffb7ac091ccb20 *00 *47 *ae *ff *00 *51 *ae *ff *00 *5b *ae *ff *01 *65 *ae *ff .G...Q...[...e..
- ffffb7ac091ccb30 *00 *6f *ae *ff *00 *79 *ae *ff *00 *83 *ae *ff *03 *8d *ae *ff .o...y..........
- ffffb7ac091ccb40 *00 *97 *ae *ff *00 *a1 *ae *ff *00 *ab *ae *ff *00 b5 *ae *ff ................
- ffffb7ac091ccb50 *0c *bf *ae *ff *00 *c9 *ae *ff *00 *d3 *ae *ff *00 *dd *ae *ff ................
- ffffb7ac091ccb60 *00 *e7 *ae *ff *00 *f1 *ae *ff *00 *fb *ae *ff *00 *05 *af *ff ................
- ffffb7ac091ccb70 *08 *0f *af *ff *00 *19 *af *ff *00 *23 *af *ff *00 *2d *af *ff .........#...-..
- ffffb7ac091ccb80 *00 *37 *af *ff *00 *41 *af *ff *00 *4b *af *ff *05 *55 *af *ff .7...A...K...U..
- ffffb7ac091ccb90 *00 *5f *af *ff *00 *69 *af *ff *00 *73 *af *ff *00 *7d *af *ff ._...i...s...}..
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE_256
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE_256
- BUCKET_ID: MEMORY_CORRUPTION_LARGE_256
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE_256
- TARGET_TIME: 2017-07-31T12:23:19.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 2a23
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large_256
- FAILURE_ID_HASH: {c4e440c8-f34a-f4bb-4c2a-b6acf02f9cce}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 072717-30125-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Kernel base = 0xfffff800`aa69b000 PsLoadedModuleList = 0xfffff800`aa9e75e0
- Debug session time: Thu Jul 27 09:18:48.798 2017 (UTC - 4:00)
- System Uptime: 0 days 0:56:11.458
- BugCheck 3B, {c0000005, 7ff8aa58e490, ffffa20043d05d10, 0}
- *** WARNING: Unable to verify timestamp for win32kfull.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32kfull.sys
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: 00007ff8aa58e490, Address of the instruction which caused the bugcheck
- Arg3: ffffa20043d05d10, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- +0
- 00007ff8`aa58e490 ?? ???
- CONTEXT: ffffa20043d05d10 -- (.cxr 0xffffa20043d05d10)
- rax=00007ff8aa58e490 rbx=ffff868983e01590 rcx=0000000000000000
- rdx=0000000000000118 rsi=0000000000000054 rdi=0000000000000204
- rip=00007ff8aa58e490 rsp=ffffa20043d06708 rbp=0000000000000012
- r8=0000000000000000 r9=ffff868983e01590 r10=0000000000000020
- r11=0000000000008101 r12=0000000000000000 r13=00000000003371bd
- r14=ffff868981d7b628 r15=0000000000000010
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246
- 00007ff8`aa58e490 ?? ???
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: csrss.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from ffff86c4ecc49add to 00007ff8aa58e490
- STACK_TEXT:
- ffffa200`43d06708 ffff86c4`ecc49add : ffff8689`83e01590 00000000`00000054 00000000`00000204 00000000`00000000 : 0x00007ff8`aa58e490
- ffffa200`43d06710 ffff8689`83e01590 : 00000000`00000054 00000000`00000204 00000000`00000000 ffffa200`43d06890 : win32kfull+0x49add
- ffffa200`43d06718 00000000`00000054 : 00000000`00000204 00000000`00000000 ffffa200`43d06890 ffffda04`28dcd620 : 0xffff8689`83e01590
- ffffa200`43d06720 00000000`00000204 : 00000000`00000000 ffffa200`43d06890 ffffda04`28dcd620 00000000`00000000 : 0x54
- ffffa200`43d06728 00000000`00000000 : ffffa200`43d06890 ffffda04`28dcd620 00000000`00000000 ffff8689`83e01590 : 0x204
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff800aa728d28 - nt!MiResolvePageTablePage+3b8
- [ f6:fa ]
- fffff800aa728d48-fffff800aa728d4c 5 bytes - nt!MiResolvePageTablePage+3d8 (+0x20)
- [ df be 7d fb f6:5f bf 7e fd fa ]
- 6 errors : !nt (fffff800aa728d28-fffff800aa728d4c)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffa20043d05d10 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-07-27T13:18:48.000Z
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- ANALYSIS_SESSION_ELAPSED_TIME: 5cae
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement