API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 7th, 2017
535
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.46 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4. Auto Dump Analyzer by gardenman
  5. Time to debug file(s): 00 hours and 12 minutes and 34 seconds
  6.  
  7. ============================= SYSTEM INFO ==============================
  8. SYSTEM_VERSION: 01
  9. SYSTEM_SKU: Inspiron 5458
  10. SYSTEM_PRODUCT_NAME: Inspiron 5458
  11. SYSTEM_MANUFACTURER: Dell Inc.
  12.  
  13. =========================== BRIEF BIOS INFO ============================
  14. BIOS_DATE: 11/22/2016
  15. BIOS_VERSION: A14
  16. BIOS_VENDOR: Dell Inc.
  17.  
  18. =========================== MOTHERBOARD INFO ===========================
  19. BASEBOARD_VERSION: A00
  20. BASEBOARD_PRODUCT: 0P6G1P
  21. BASEBOARD_MANUFACTURER: Dell Inc.
  22.  
  23. =============================== CPU INFO ===============================
  24. CPU_MICROCODE: 6,3d,4,0 (F,M,S,R) SIG: 22'00000000 (cache) 22'00000000 (init)
  25. CPU_STEPPING: 4
  26. CPU_MODEL: 3d
  27. CPU_FAMILY: 6
  28. CPU_VENDOR: GenuineIntel
  29. CPU_MHZ: 95a
  30. CPU_COUNT: 4
  31.  
  32. =============================== OS INFO ================================
  33. BUILDOSVER_STR: 10.0.15063.483
  34. BUILDLAB_STR: WinBuild
  35. BUILDDATESTAMP_STR: 160101.0800
  36. OSBUILD_TIMESTAMP: 2017-07-07 02:06:35
  37. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  38. OSNAME: Windows 10
  39. OSPLATFORM_TYPE: x64
  40. OSSERVICEPACK: 483
  41. OSBUILD: 15063
  42. BUILD_VERSION_STRING: 10.0.15063.483 (WinBuild.160101.0800)
  43. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  44. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  45.  
  46. ========================================================================
  47. ==================== Dump File: 080717-35343-01.dmp ====================
  48. ========================================================================
  49. Mini Kernel Dump File: Only registers and stack trace are available
  50. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  51. Kernel base = 0xfffff800`b9c13000 PsLoadedModuleList = 0xfffff800`b9f5f5e0
  52. Debug session time: Mon Aug 7 06:52:52.668 2017 (UTC - 4:00)
  53. System Uptime: 0 days 12:13:13.348
  54.  
  55. BugCheck F7, {413da32b7268, 413da32b726c, ffffbec25cd48d93, 0}
  56. Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
  57. Followup: MachineOwner
  58.  
  59. DRIVER_OVERRAN_STACK_BUFFER (f7)
  60. A driver has overrun a stack-based buffer. This overrun could potentially
  61. allow a malicious user to gain control of this machine.
  62. DESCRIPTION
  63. A driver overran a stack-based buffer (or local variable) in a way that would
  64. have overwritten the function's return address and jumped back to an arbitrary
  65. address when the function returned. This is the classic "buffer overrun"
  66. hacking attack and the system has been brought down to prevent a malicious user
  67. from gaining complete control of it.
  68. Do a kb to get a stack backtrace -- the last routine on the stack before the
  69. buffer overrun handlers and bugcheck call is the one that overran its local
  70. variable(s).
  71.  
  72. Arguments:
  73. Arg1: 0000413da32b7268, Actual security check cookie from the stack
  74. Arg2: 0000413da32b726c, Expected security check cookie
  75. Arg3: ffffbec25cd48d93, Complement of the expected security check cookie
  76. Arg4: 0000000000000000, zero
  77.  
  78. Debugging Details:
  79. DUMP_CLASS: 1
  80. DUMP_QUALIFIER: 400
  81. DUMP_TYPE: 2
  82. SECURITY_COOKIE: Expected 0000413da32b726c found 0000413da32b7268
  83. BUGCHECK_STR: 0xF7_ONE_BIT
  84. CUSTOMER_CRASH_COUNT: 1
  85. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  86.  
  87. PROCESS_NAME: OfficeClickToRun.exe
  88.  
  89. CURRENT_IRQL: 0
  90. LAST_CONTROL_TRANSFER: from fffff800b9ded905 to fffff800b9d7f4c0
  91. STACK_TEXT:
  92. ffffd680`f10c6808 fffff800`b9ded905 : 00000000`000000f7 0000413d`a32b7268 0000413d`a32b726c ffffbec2`5cd48d93 : nt!KeBugCheckEx
  93. ffffd680`f10c6810 fffff800`b9c43e0c : ffff818a`64b13080 00000ff7`1ecd635c 00000000`00000004 ffffd680`f10c69f8 : nt!_report_gsfailure+0x25
  94. ffffd680`f10c6850 fffff800`b9d8a413 : ffff818a`6a934080 0000004d`527ff648 ffffd680`f10c6aa8 00000000`00002710 : nt!NtWaitForWorkViaWorkerFactory+0x52c
  95. ffffd680`f10c6a90 00007ffc`72ce8c34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  96. 0000004d`527ff718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`72ce8c34
  97. STACK_COMMAND: kb
  98. THREAD_SHA1_HASH_MOD_FUNC: 2108b7abc0e792c7844ee6a3281c515ec010d93a
  99. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e93e4efaaf8144361e260ff91eff4eada852c462
  100. THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
  101. FOLLOWUP_IP:
  102. nt!_report_gsfailure+25
  103. fffff800`b9ded905 cc int 3
  104. FAULT_INSTR_CODE: cccccccc
  105. SYMBOL_STACK_INDEX: 1
  106. SYMBOL_NAME: nt!_report_gsfailure+25
  107. FOLLOWUP_NAME: MachineOwner
  108. MODULE_NAME: nt
  109.  
  110. IMAGE_NAME: ntkrnlmp.exe
  111.  
  112. DEBUG_FLR_IMAGE_TIMESTAMP: 595f24eb
  113. IMAGE_VERSION: 10.0.15063.483
  114. BUCKET_ID_FUNC_OFFSET: 25
  115. FAILURE_BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  116. BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  117. PRIMARY_PROBLEM_CLASS: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  118. TARGET_TIME: 2017-08-07T10:52:52.000Z
  119. SERVICEPACK_NUMBER: 0
  120. OS_REVISION: 0
  121. SUITE_MASK: 784
  122. PRODUCT_TYPE: 1
  123. USER_LCID: 0
  124. ANALYSIS_SESSION_ELAPSED_TIME: a31
  125. ANALYSIS_SOURCE: KM
  126. FAILURE_ID_HASH_STRING: km:0xf7_one_bit_missing_gsframe_nt!_report_gsfailure
  127. FAILURE_ID_HASH: {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42}
  128. Followup: MachineOwner
  129.  
  130. ========================================================================
  131. =============================== DRIVERS ================================
  132. ========================================================================
  133. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  134. Image name: RTKVHD64.sys
  135. Info Link : http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
  136. ADA Info : Realtek Audio Driver system driver http://www.realtek.com.tw
  137. Timestamp : Tue May 2 2017
  138.  
  139. Image path: \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43DBC86F-FBE3-4794-87D1-A416983A3E8A}\MpKsl381753d3.sys
  140. Image name: MpKsl381753d3.sys
  141. Info Link : http://www.carrona.org/drivers/driver.php?id=MpKsl381753d3.sys
  142. ADA Info : Microsoft Anti-malware Protection driver
  143. Timestamp : Tue May 19 2015
  144.  
  145. Image path: \SystemRoot\System32\Drivers\dump_iaStorA.sys
  146. Image name: dump_iaStorA.sys
  147. Info Link : http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
  148. ADA Info : IASTOR.SYS is a Intel SATA driver for hard drives
  149. Timestamp : Tue Nov 17 2015
  150.  
  151. Image path: \SystemRoot\system32\Drivers\RtsUer.sys
  152. Image name: RtsUer.sys
  153. Info Link : http://www.carrona.org/drivers/driver.php?id=RtsUer.sys
  154. Timestamp : Tue May 17 2016
  155.  
  156. Image path: \SystemRoot\system32\drivers\npf.sys
  157. Image name: npf.sys
  158. Info Link : http://www.carrona.org/drivers/driver.php?id=npf.sys
  159. ADA Info : NetGroup Packet Filter driver, a component of WinPCap by Riverbed
  160. Timestamp : Thu Feb 28 2013
  161.  
  162. Image path: \SystemRoot\System32\drivers\iaStorA.sys
  163. Image name: iaStorA.sys
  164. Info Link : http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
  165. ADA Info : Intel SATA Storage Device RAID Controller
  166. Timestamp : Tue Nov 17 2015
  167.  
  168. Image path: \SystemRoot\system32\DRIVERS\ibtusb.sys
  169. Image name: ibtusb.sys
  170. Info Link : http://www.carrona.org/drivers/driver.php?id=ibtusb.sys
  171. Timestamp : Mon Apr 17 2017
  172.  
  173. Image path: \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
  174. Image name: CLVirtualDrive.sys
  175. Info Link : http://www.carrona.org/drivers/driver.php?id=CLVirtualDrive.sys
  176. Timestamp : Mon Nov 11 2013
  177.  
  178. Image path: \SystemRoot\System32\drivers\usb3Hub.sys
  179. Image name: usb3Hub.sys
  180. Info Link : http://www.carrona.org/drivers/driver.php?id=usb3Hub.sys
  181. Timestamp : Tue Oct 7 2014
  182.  
  183. Image path: \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
  184. Image name: MBAMSwissArmy.sys
  185. Info Link : http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
  186. ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
  187. Timestamp : Fri Jun 2 2017
  188.  
  189. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  190. Image name: ScpVBus.sys
  191. Info Link : http://www.carrona.org/drivers/driver.php?id=ScpVBus.sys
  192. Timestamp : Sun May 5 2013
  193.  
  194. Image path: \SystemRoot\system32\drivers\DDDriver64Dcsa.sys
  195. Image name: DDDriver64Dcsa.sys
  196. Info Link : http://www.carrona.org/drivers/driver.php?id=DDDriver64Dcsa.sys
  197. Timestamp : Wed Jan 11 2017
  198.  
  199. Image path: \SystemRoot\system32\drivers\DellProf.sys
  200. Image name: DellProf.sys
  201. Info Link : http://www.carrona.org/drivers/driver.php?id=DellProf.sys
  202. Timestamp : Mon Apr 3 2017
  203.  
  204. Image path: \SystemRoot\System32\drivers\Netwbw02.sys
  205. Image name: Netwbw02.sys
  206. Info Link : http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys
  207. Timestamp : Wed Apr 5 2017
  208.  
  209. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  210. Image name: rt640x64.sys
  211. Info Link : http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
  212. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver http://www.realtek.com.tw
  213. Timestamp : Tue May 5 2015
  214.  
  215. Image path: \SystemRoot\System32\drivers\DellRbtn.sys
  216. Image name: DellRbtn.sys
  217. Info Link : http://www.carrona.org/drivers/driver.php?id=DellRbtn.sys
  218. Timestamp : Wed Oct 26 2016
  219.  
  220. Image path: \SystemRoot\system32\drivers\nvvad64v.sys
  221. Image name: nvvad64v.sys
  222. Info Link : http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
  223. ADA Info : Nvidia Virtual Audio Driver http://www.nvidia.com/
  224. Timestamp : Sun May 28 2017
  225.  
  226. Image path: \SystemRoot\System32\drivers\nvvhci.sys
  227. Image name: nvvhci.sys
  228. Info Link : http://www.carrona.org/drivers/driver.php?id=nvvhci.sys
  229. ADA Info : Virtual USB Host Controller driver http://www.nvidia.com/
  230. Timestamp : Tue Dec 27 2016
  231.  
  232. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  233. Image name: TeeDriverW8x64.sys
  234. Info Link : http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
  235. ADA Info : Intel® Management Engine Interface
  236. Timestamp : Tue Jul 7 2015
  237.  
  238. Image path: \SystemRoot\system32\DRIVERS\igdkmd64.sys
  239. Image name: igdkmd64.sys
  240. Info Link : http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
  241. ADA Info : Intel HD graphics driver
  242. Timestamp : Thu Sep 29 2016
  243.  
  244. Image path: \SystemRoot\System32\DriverStore\FileRepository\nvdm.inf_amd64_516fa225cd24ab77\nvlddmkm.sys
  245. Image name: nvlddmkm.sys
  246. Info Link : http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
  247. ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
  248. Timestamp : Mon May 1 2017
  249.  
  250. Image path: \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
  251. Image name: iaLPSSi_I2C.sys
  252. Info Link : http://www.carrona.org/drivers/driver.php?id=iaLPSSi_I2C.sys
  253. Timestamp : Tue Feb 24 2015
  254.  
  255. Unloaded modules:
  256. fffff800`c2250000 fffff800`c2260000 MSKSSRV.sys
  257. fffff800`c2330000 fffff800`c2356000 bthpan.sys
  258. fffff800`c2300000 fffff800`c2321000 BthEnum.sys
  259. fffff800`c2390000 fffff800`c23b0000 hidbth.sys
  260. fffff800`c2380000 fffff800`c238e000 btampm.sys
  261. fffff800`c2360000 fffff800`c2371000 BthAvrcpTg.s
  262. fffff800`c2240000 fffff800`c2273000 rfcomm.sys
  263. fffff800`c2220000 fffff800`c223e000 Microsoft.Bl
  264. fffff800`c2280000 fffff800`c22f7000 IntcDAud.sys
  265. fffff800`c31d0000 fffff800`c31db000 cldflt.sys
  266. fffff802`746c0000 fffff802`746cf000 dump_storpor
  267. fffff802`75200000 fffff802`75774000 dump_iaStorA
  268. fffff802`757a0000 fffff802`757bd000 dump_dumpfve
  269. fffff802`75df0000 fffff802`75e10000 dam.sys
  270. fffff802`731f0000 fffff802`731fd000 tbs.sys
  271. fffff802`731d0000 fffff802`731e9000 mfeelamk.sys
  272. fffff802`731c0000 fffff802`731cf000 WdBoot.sys
  273. fffff802`749c0000 fffff802`749cf000 hwpolicy.sys
  274.  
  275. ========================================================================
  276. ============================== BIOS INFO ===============================
  277. ========================================================================
  278. sysinfo: could not find necessary interfaces.
  279. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  280.  
  281. ========================================================================
  282. ==================== Dump File: 080617-50250-01.dmp ====================
  283. ========================================================================
  284. Mini Kernel Dump File: Only registers and stack trace are available
  285. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  286. Kernel base = 0xfffff800`dd87c000 PsLoadedModuleList = 0xfffff800`ddbc85e0
  287. Debug session time: Sun Aug 6 17:25:06.708 2017 (UTC - 4:00)
  288. System Uptime: 4 days 12:49:56.372
  289.  
  290. BugCheck 197, {1, ffffbdca808403d0, ffffbdca80405d40, 1}
  291. Probably caused by : win32kfull.sys ( win32kfull!InkDevice::`vector deleting destructor'+1ffe4 )
  292. Followup: MachineOwner
  293.  
  294. WIN32K_SECURITY_FAILURE (197)
  295. A security failure was detected in win32k.
  296.  
  297. Arguments:
  298. Arg1: 0000000000000001, An objects handle entry didn't point back to the object.
  299. Arg2: ffffbdca808403d0, Pointer to the object
  300. Arg3: ffffbdca80405d40, Pointer to the object handle entry
  301. Arg4: 0000000000000001, Expected object type
  302.  
  303. Debugging Details:
  304. DUMP_CLASS: 1
  305. DUMP_QUALIFIER: 400
  306. DUMP_TYPE: 2
  307. CUSTOMER_CRASH_COUNT: 1
  308. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  309. BUGCHECK_STR: 0x197
  310.  
  311. PROCESS_NAME: flux.exe
  312.  
  313. CURRENT_IRQL: 0
  314. LAST_CONTROL_TRANSFER: from ffffbda5cf155324 to fffff800dd9e84c0
  315. STACK_TEXT:
  316. ffff9981`055cbef8 ffffbda5`cf155324 : 00000000`00000197 00000000`00000001 ffffbdca`808403d0 ffffbdca`80405d40 : nt!KeBugCheckEx
  317. ffff9981`055cbf00 ffffbda5`cf04ff4c : ffffbdca`808403d0 ffffbdca`82514ab0 00000000`00000000 00000000`00000000 : win32kfull!InkDevice::`vector deleting destructor'+0x1ffe4
  318. ffff9981`055cc060 ffffbda5`cf045072 : ffffbdca`808403d0 ffffbdca`808403d0 ffffbdca`8083dd30 00000000`00000004 : win32kfull!xxxSendMessage+0x2c
  319. ffff9981`055cc0c0 ffffbda5`cf0441f4 : ffffbdca`808403d0 00000000`00000000 00000000`00000000 ffffbdca`00000000 : win32kfull!xxxDW_SendDestroyMessages+0x6e
  320. ffff9981`055cc120 ffffbda5`cf045665 : ffffbdca`00000000 ffffbdca`80612e40 ffffbdca`00000000 ffffbdca`808403d0 : win32kfull!xxxDestroyWindow+0x264
  321. ffff9981`055cc210 ffffbda5`cf04416b : ffffbdca`8083f070 ffff9981`055cc2e9 00000000`00000000 ffffbdca`82514ab0 : win32kfull!xxxDW_DestroyOwnedWindows+0xe5
  322. ffff9981`055cc260 ffffbda5`cf045665 : ffffbdca`00000000 ffff9981`055cc380 ffffbdca`00000000 ffffbdca`8083f070 : win32kfull!xxxDestroyWindow+0x1db
  323. ffff9981`055cc350 ffffbda5`cf04416b : ffffbdca`8083ee90 ffff9981`055cc429 00000000`00000000 ffffbdca`82514ab0 : win32kfull!xxxDW_DestroyOwnedWindows+0xe5
  324. ffff9981`055cc3a0 ffffbda5`cfa3f93e : 00000000`00000000 00000000`00000001 ffffbdca`00000000 ffffbdca`8083ee90 : win32kfull!xxxDestroyWindow+0x1db
  325. ffff9981`055cc490 ffffbda5`cf9ff371 : ffffbdca`82514ab0 ffffbdca`81d603d0 ffffbdca`81d603d0 ffffbda5`00000001 : win32kbase!xxxDestroyWindowIfSupported+0x1e
  326. ffff9981`055cc4c0 ffffbda5`cf9fdf2b : 00000000`00000000 00000000`000002e6 00000000`00000000 ffffbdca`82514ab0 : win32kbase!HMDestroyUnlockedObject+0x71
  327. ffff9981`055cc4f0 ffffbda5`cf9db770 : 00000000`00000000 00000000`00000000 ffffbdca`82514ab0 00000000`00000000 : win32kbase!DestroyThreadsObjects+0x11b
  328. ffff9981`055cc520 ffffbda5`cf9e27bb : 00000000`00000001 ffffd108`b60fa080 ffffbdca`82514ab0 00000000`40010004 : win32kbase!xxxDestroyThreadInfo+0x420
  329. ffff9981`055cc670 ffffbda5`cf0de9ab : 00000000`00000000 ffffd108`b60fa080 00000000`00000001 ffffd108`b2a6d080 : win32kbase!UserThreadCallout+0x25b
  330. ffff9981`055cc6c0 ffffbda5`cf9e2d98 : ffff9981`055cc818 00000000`00000001 fffff800`ddbc1ea0 fffff800`dddd5df7 : win32kfull!W32pThreadCallout+0x5b
  331. ffff9981`055cc6f0 fffff800`ddcba0d1 : ffff9981`055cc818 ffff9981`055cc818 00000000`00000001 fffff800`ddbc1ea0 : win32kbase!W32CalloutDispatch+0x388
  332. ffff9981`055cc750 fffff800`ddcb6780 : ffffd108`bb95acb0 ffff9981`055cc910 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x3d
  333. ffff9981`055cc780 fffff800`dddb6313 : 00000000`40010004 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x44c
  334. ffff9981`055cc880 fffff800`dd8b15d3 : ffffd108`bd9d9080 fffff800`dd8d759f ffffd108`b60fa080 ffff9980`fd1a6180 : nt!KiSchedulerApcTerminate+0x33
  335. ffff9981`055cc8c0 fffff800`dd9ebb60 : 00000000`00000001 00000000`00000000 00000000`00000003 00000000`00000000 : nt!KiDeliverApc+0x313
  336. ffff9981`055cc950 fffff800`dd9f34ba : ffffbdca`82514ab0 00000000`0023ae20 00000000`00000000 ffffd108`c7285070 : nt!KiInitiateUserApc+0x70
  337. ffff9981`055cca90 00000000`6dad21cc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
  338. 00000000`0009ef08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6dad21cc
  339. STACK_COMMAND: kb
  340. THREAD_SHA1_HASH_MOD_FUNC: 0c06ea954b5c18919e4a963fa22b0a7452a5d6f6
  341. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8c5c28452fa65245f20928a474f880edacdda243
  342. THREAD_SHA1_HASH_MOD: 3ebb1da82d0d88326eecf4cc2327ff7dea417ccb
  343. FOLLOWUP_IP:
  344. win32kfull!InkDevice::`vector deleting destructor'+1ffe4
  345. ffffbda5`cf155324 90 nop
  346. FAULT_INSTR_CODE: 4166cc90
  347. SYMBOL_STACK_INDEX: 1
  348. SYMBOL_NAME: win32kfull!InkDevice::`vector deleting destructor'+1ffe4
  349. FOLLOWUP_NAME: MachineOwner
  350. MODULE_NAME: win32kfull
  351.  
  352. IMAGE_NAME: win32kfull.sys
  353.  
  354. DEBUG_FLR_IMAGE_TIMESTAMP: 41105314
  355. IMAGE_VERSION: 10.0.15063.478
  356. BUCKET_ID_FUNC_OFFSET: 1ffe4
  357. FAILURE_BUCKET_ID: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
  358. BUCKET_ID: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
  359. PRIMARY_PROBLEM_CLASS: 0x197_win32kfull!InkDevice::_vector_deleting_destructor_
  360. TARGET_TIME: 2017-08-06T21:25:06.000Z
  361. SERVICEPACK_NUMBER: 0
  362. OS_REVISION: 0
  363. SUITE_MASK: 784
  364. PRODUCT_TYPE: 1
  365. USER_LCID: 0
  366. ANALYSIS_SESSION_ELAPSED_TIME: 95d
  367. ANALYSIS_SOURCE: KM
  368. FAILURE_ID_HASH_STRING: km:0x197_win32kfull!inkdevice::_vector_deleting_destructor_
  369. FAILURE_ID_HASH: {7ed81d44-b665-fb6d-54e2-424ad59d5f64}
  370. Followup: MachineOwner
  371.  
  372. ========================================================================
  373. ==================== Dump File: 073117-33375-01.dmp ====================
  374. ========================================================================
  375. Mini Kernel Dump File: Only registers and stack trace are available
  376. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  377. Kernel base = 0xfffff803`50e0d000 PsLoadedModuleList = 0xfffff803`511595e0
  378. Debug session time: Mon Jul 31 15:51:38.992 2017 (UTC - 4:00)
  379. System Uptime: 0 days 1:13:29.655
  380.  
  381. BugCheck D1, {57, ff, 0, fffff8035b751014}
  382. Probably caused by : hardware ( intelppm!PerfReadWrappingCounter+4 )
  383. Followup: MachineOwner
  384.  
  385. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  386. An attempt was made to access a pageable (or completely invalid) address at an
  387. interrupt request level (IRQL) that is too high. This is usually
  388. caused by drivers using improper addresses.
  389. If kernel debugger is available get stack backtrace.
  390.  
  391. Arguments:
  392. Arg1: 0000000000000057, memory referenced
  393. Arg2: 00000000000000ff, IRQL
  394. Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
  395. Arg4: fffff8035b751014, address which referenced memory
  396.  
  397. Debugging Details:
  398. DUMP_CLASS: 1
  399. DUMP_QUALIFIER: 400
  400. DUMP_TYPE: 2
  401. READ_ADDRESS: fffff803511ee358: Unable to get MiVisibleState
  402. 0000000000000057
  403. CURRENT_IRQL: 0
  404. FAULTING_IP:
  405. intelppm!PerfReadWrappingCounter+4
  406. fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
  407. ADDITIONAL_DEBUG_TEXT: The trap occurred when interrupts are disabled on the target.
  408. BUGCHECK_STR: DISABLED_INTERRUPT_FAULT
  409. CUSTOMER_CRASH_COUNT: 1
  410. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  411.  
  412. PROCESS_NAME: System
  413.  
  414. TRAP_FRAME: fffff80353254640 -- (.trap 0xfffff80353254640)
  415. NOTE: The trap frame does not contain all registers.
  416. Some register values may be zeroed or incorrect.
  417. rax=fffff8035b751014 rbx=0000000000000000 rcx=ffff800082bd5e88
  418. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  419. rip=fffff8035b751014 rsp=fffff803532547d8 rbp=0000000000000000
  420. r8=fffff80353254810 r9=fffff80353254818 r10=0000000000000000
  421. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  422. r14=0000000000000000 r15=0000000000000000
  423. iopl=0 nv up di pl zr na po nc
  424. intelppm!PerfReadWrappingCounter+0x4:
  425. fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl ds:00000000`00000057=??
  426. Resetting default scope
  427. MISALIGNED_IP:
  428. intelppm!PerfReadWrappingCounter+4
  429. fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
  430. LAST_CONTROL_TRANSFER: from fffff80350f848a9 to fffff80350f794c0
  431. STACK_TEXT:
  432. fffff803`532544f8 fffff803`50f848a9 : 00000000`0000000a 00000000`00000057 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
  433. fffff803`53254500 fffff803`50f82e7d : 00000000`00000002 00000000`00000001 00000001`40180088 fffffff6`00000002 : nt!KiBugCheckDispatch+0x69
  434. fffff803`53254640 fffff803`5b751014 : fffff803`50e83d46 00000245`52916102 fffff803`50e84c42 00000000`00000008 : nt!KiPageFault+0x23d
  435. fffff803`532547d8 fffff803`50e83d46 : 00000245`52916102 fffff803`50e84c42 00000000`00000008 00000000`00000008 : intelppm!PerfReadWrappingCounter+0x4
  436. fffff803`532547e0 fffff803`50e8356c : 00000000`00000000 00000020`00000002 00000000`00000000 00000000`00000092 : nt!PpmUpdatePerformanceFeedback+0x136
  437. fffff803`53254890 fffff803`50e82f53 : 00000000`00000003 00000000`00000002 ffff8000`8150c000 00000000`00000000 : nt!PpmIdleExecuteTransition+0x48c
  438. fffff803`53254b00 fffff803`50f7c53c : 00000000`00000000 fffff803`4f86c180 fffff803`51206a40 ffff8000`7340e700 : nt!PoIdle+0x343
  439. fffff803`53254c60 00000000`00000000 : fffff803`53255000 fffff803`5324f000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
  440. STACK_COMMAND: kb
  441. THREAD_SHA1_HASH_MOD_FUNC: 8cfc593ba61765474c574df60d7e86d380d30b03
  442. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0688c4233ec5f41425e03e357a74783c5594a574
  443. THREAD_SHA1_HASH_MOD: 1e22ecde62cec1bd43b13b355e774b25d572d400
  444. FOLLOWUP_IP:
  445. intelppm!PerfReadWrappingCounter+4
  446. fffff803`5b751014 105657 adc byte ptr [rsi+57h],dl
  447. FAULT_INSTR_CODE: 41575610
  448. SYMBOL_STACK_INDEX: 3
  449. SYMBOL_NAME: intelppm!PerfReadWrappingCounter+4
  450. FOLLOWUP_NAME: MachineOwner
  451. MODULE_NAME: hardware
  452.  
  453. IMAGE_NAME: hardware
  454.  
  455. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  456. IMAGE_VERSION: 10.0.15058.0
  457. FAILURE_BUCKET_ID: IP_MISALIGNED_intelppm.sys
  458. BUCKET_ID: IP_MISALIGNED_intelppm.sys
  459. PRIMARY_PROBLEM_CLASS: IP_MISALIGNED_intelppm.sys
  460. TARGET_TIME: 2017-07-31T19:51:38.000Z
  461. SERVICEPACK_NUMBER: 0
  462. OS_REVISION: 0
  463. SUITE_MASK: 784
  464. PRODUCT_TYPE: 1
  465. USER_LCID: 0
  466. ANALYSIS_SESSION_ELAPSED_TIME: 54f8
  467. ANALYSIS_SOURCE: KM
  468. FAILURE_ID_HASH_STRING: km:ip_misaligned_intelppm.sys
  469. FAILURE_ID_HASH: {f96a22c3-9c8a-7e50-c61d-a0f13b050574}
  470. Followup: MachineOwner
  471.  
  472. ========================================================================
  473. ==================== Dump File: 073117-27421-01.dmp ====================
  474. ========================================================================
  475. Mini Kernel Dump File: Only registers and stack trace are available
  476. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  477. Kernel base = 0xfffff803`80a7c000 PsLoadedModuleList = 0xfffff803`80dc85e0
  478. Debug session time: Mon Jul 31 14:34:21.608 2017 (UTC - 4:00)
  479. System Uptime: 0 days 0:00:08.315
  480.  
  481. BugCheck C4, {2000, fffff8028f964d45, 0, 0}
  482. *** WARNING: Unable to verify timestamp for CLVirtualDrive.sys
  483. *** ERROR: Module load completed but symbols could not be loaded for CLVirtualDrive.sys
  484. Probably caused by : CLVirtualDrive.sys ( CLVirtualDrive+4d45 )
  485. Followup: MachineOwner
  486.  
  487. DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
  488. A device driver attempting to corrupt the system has been caught. This is
  489. because the driver was specified in the registry as being suspect (by the
  490. administrator) and the kernel has enabled substantial checking of this driver.
  491. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
  492. be among the most commonly seen crashes.
  493.  
  494. Arguments:
  495. Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
  496. Arg2: fffff8028f964d45, The address in the driver's code where the error was detected.
  497. Arg3: 0000000000000000, Pool Type.
  498. Arg4: 0000000000000000, Pool Tag (if provided).
  499.  
  500. Debugging Details:
  501. DUMP_CLASS: 1
  502. DUMP_QUALIFIER: 400
  503. DUMP_TYPE: 2
  504. BUGCHECK_STR: 0xc4_2000
  505. CUSTOMER_CRASH_COUNT: 1
  506. DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
  507.  
  508. PROCESS_NAME: System
  509.  
  510. CURRENT_IRQL: 0
  511. LAST_CONTROL_TRANSFER: from fffff803811e803f to fffff80380be84c0
  512. STACK_TEXT:
  513. ffffc281`9f9945f8 fffff803`811e803f : 00000000`000000c4 00000000`00002000 fffff802`8f964d45 00000000`00000000 : nt!KeBugCheckEx
  514. ffffc281`9f994600 fffff803`80cc9d9f : 00000000`00000000 fffff803`811df9ca fffff803`80d331f0 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
  515. ffffc281`9f994640 fffff803`811df8b0 : 00000000`00000000 fffff803`80dba3ac fffff802`8f964d45 fffff802`8f96b66a : nt!VfReportIssueWithOptions+0x103
  516. ffffc281`9f994690 fffff803`811dd46c : 00000000`00000000 00000000`00000063 00000000`c0000023 ffffc281`9f994750 : nt!VfCheckPoolType+0x90
  517. ffffc281`9f9946d0 fffff802`8f964d45 : ffffc281`9f994890 00000000`00000063 00000000`00000000 fffff803`80ab8564 : nt!VerifierExAllocatePool+0x1c
  518. ffffc281`9f994720 ffffc281`9f994890 : 00000000`00000063 00000000`00000000 fffff803`80ab8564 ffff2768`00000000 : CLVirtualDrive+0x4d45
  519. ffffc281`9f994728 00000000`00000063 : 00000000`00000000 fffff803`80ab8564 ffff2768`00000000 ffffc281`9f994750 : 0xffffc281`9f994890
  520. ffffc281`9f994730 00000000`00000000 : fffff803`80ab8564 ffff2768`00000000 ffffc281`9f994750 fffff802`00000010 : 0x63
  521. STACK_COMMAND: kb
  522. THREAD_SHA1_HASH_MOD_FUNC: 749c7e102a0eaa2c637751cd4fe17059d8682075
  523. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e9b2d21878968a93ef1e7c0ec758afdec34d99af
  524. THREAD_SHA1_HASH_MOD: b6392cd5e4a7b5ecb8dd207fc5f66a30ce9f7459
  525. FOLLOWUP_IP:
  526. CLVirtualDrive+4d45
  527. fffff802`8f964d45 488b4c2438 mov rcx,qword ptr [rsp+38h]
  528. FAULT_INSTR_CODE: 244c8b48
  529. SYMBOL_STACK_INDEX: 5
  530. SYMBOL_NAME: CLVirtualDrive+4d45
  531. FOLLOWUP_NAME: MachineOwner
  532. MODULE_NAME: CLVirtualDrive
  533.  
  534. IMAGE_NAME: CLVirtualDrive.sys
  535.  
  536. DEBUG_FLR_IMAGE_TIMESTAMP: 5281a118
  537. BUCKET_ID_FUNC_OFFSET: 4d45
  538. FAILURE_BUCKET_ID: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
  539. BUCKET_ID: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
  540. PRIMARY_PROBLEM_CLASS: 0xc4_2000_VRF_CLVirtualDrive!unknown_function
  541. TARGET_TIME: 2017-07-31T18:34:21.000Z
  542. SERVICEPACK_NUMBER: 0
  543. OS_REVISION: 0
  544. SUITE_MASK: 784
  545. PRODUCT_TYPE: 1
  546. USER_LCID: 0
  547. ANALYSIS_SESSION_ELAPSED_TIME: 8121
  548. ANALYSIS_SOURCE: KM
  549. FAILURE_ID_HASH_STRING: km:0xc4_2000_vrf_clvirtualdrive!unknown_function
  550. FAILURE_ID_HASH: {8c19116e-0de2-1752-ad2a-f62e156eeea7}
  551. Followup: MachineOwner
  552.  
  553. ========================================================================
  554. ==================== Dump File: 073117-27234-01.dmp ====================
  555. ========================================================================
  556. Mini Kernel Dump File: Only registers and stack trace are available
  557. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  558. Kernel base = 0xfffff800`ad487000 PsLoadedModuleList = 0xfffff800`ad7d35e0
  559. Debug session time: Mon Jul 31 11:50:28.943 2017 (UTC - 4:00)
  560. System Uptime: 0 days 0:45:03.605
  561.  
  562. BugCheck 1000007E, {ffffffffc0000005, fffff800ad6326df, ffffa601899494f8, ffffa60189948d40}
  563. *** WARNING: Unable to verify timestamp for win32k.sys
  564. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  565. Probably caused by : memory_corruption
  566. Followup: memory_corruption
  567.  
  568. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
  569. This is a very common bugcheck. Usually the exception address pinpoints
  570. the driver/function that caused the problem. Always note this address
  571. as well as the link date of the driver/image that contains this address.
  572. Some common problems are exception code 0x80000003. This means a hard
  573. coded breakpoint or assertion was hit, but this system was booted
  574. /NODEBUG. This is not supposed to happen as developers should never have
  575. hardcoded breakpoints in retail code, but ...
  576. If this happens, make sure a debugger gets connected, and the
  577. system is booted /DEBUG. This will let us see why this breakpoint is
  578. happening.
  579.  
  580. Arguments:
  581. Arg1: ffffffffc0000005, The exception code that was not handled
  582. Arg2: fffff800ad6326df, The address that the exception occurred at
  583. Arg3: ffffa601899494f8, Exception Record Address
  584. Arg4: ffffa60189948d40, Context Record Address
  585.  
  586. Debugging Details:
  587. DUMP_CLASS: 1
  588. DUMP_QUALIFIER: 400
  589. DUMP_TYPE: 2
  590. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  591. FAULTING_IP:
  592. nt!ExReinitializeResourceLite+1014cf
  593. fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h]
  594. EXCEPTION_RECORD: ffffa601899494f8 -- (.exr 0xffffa601899494f8)
  595. ExceptionAddress: fffff800ad6326df (nt!ExReinitializeResourceLite+0x00000000001014cf)
  596. ExceptionCode: c0000005 (Access violation)
  597. ExceptionFlags: 00000000
  598. NumberParameters: 2
  599. Parameter[0]: 0000000000000000
  600. Parameter[1]: ffffffffffffffff
  601. Attempt to read from address ffffffffffffffff
  602. CONTEXT: ffffa60189948d40 -- (.cxr 0xffffa60189948d40)
  603. rax=000000000c503146 rbx=ffffdd02b91246d0 rcx=ffffdd02b91246d0
  604. rdx=ffffdd02b8977dc8 rsi=ffffdd02b8977dc0 rdi=0000000000000000
  605. rip=fffff800ad6326df rsp=ffffa60189949730 rbp=0000000000000002
  606. r8=0000000000000000 r9=ffffb706574314e8 r10=ffffb706571fea28
  607. r11=0000000000000000 r12=ffffdd02b8977de8 r13=20206f4902060000
  608. r14=00000000b91246e0 r15=0000000000000001
  609. iopl=0 nv up ei pl nz na pe nc
  610. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
  611. nt!ExReinitializeResourceLite+0x1014cf:
  612. fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h] ds:002b:20206f49`02060704=????????
  613. Resetting default scope
  614. CUSTOMER_CRASH_COUNT: 1
  615. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  616.  
  617. PROCESS_NAME: System
  618.  
  619. CURRENT_IRQL: 0
  620. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  621. EXCEPTION_CODE_STR: c0000005
  622. EXCEPTION_PARAMETER1: 0000000000000000
  623. EXCEPTION_PARAMETER2: ffffffffffffffff
  624. FOLLOWUP_IP:
  625. nt!ExReinitializeResourceLite+1014cf
  626. fffff800`ad6326df f041ff8d04070000 lock dec dword ptr [r13+704h]
  627. READ_ADDRESS: fffff800ad868358: Unable to get MiVisibleState
  628. ffffffffffffffff
  629. BUGCHECK_STR: AV
  630. LAST_CONTROL_TRANSFER: from fffff8067cf729a0 to fffff800ad6326df
  631. STACK_TEXT:
  632. ffffa601`89949730 fffff806`7cf729a0 : 00000000`00000745 ffffdd02`b91245e0 ffffb706`571fea00 ffffdd02`bd7f83c0 : nt!ExReinitializeResourceLite+0x1014cf
  633. ffffa601`89949790 fffff806`7ceb873d : fffff806`00000000 ffffb706`00000002 ffffa601`89949830 ffffdd02`b91983a8 : NTFS!NtfsDeleteFcb+0x4a0
  634. ffffa601`89949810 fffff806`7cf71b3b : ffffdd02`b91983a8 ffffdd02`b8921180 ffffb706`57431010 ffffb706`574314e8 : NTFS!NtfsTeardownFromLcb+0x20d
  635. ffffa601`899498b0 fffff806`7ceb91d3 : ffffdd02`b91983a8 ffffa601`899499b2 00000000`00000000 ffffb706`57431010 : NTFS!NtfsTeardownStructures+0xdb
  636. ffffa601`89949930 fffff806`7cf7464c : ffffa601`89949ac8 ffffb706`57431010 ffffdd02`b91983a8 ffffb706`57431010 : NTFS!NtfsDecrementCloseCounts+0xd3
  637. ffffa601`89949970 fffff806`7cfbd3ad : ffffdd02`b91983a8 ffffb706`57431150 ffffb706`57431010 ffffdd02`b8921180 : NTFS!NtfsCommonClose+0x3fc
  638. ffffa601`89949a40 fffff800`ad4c4ca8 : 00000000`00000400 ffffdd02`bd7f8040 fffff800`ad7d0b00 ffffdd02`cae5b888 : NTFS!NtfsFspCloseInternal+0x1c9
  639. ffffa601`89949b80 fffff800`ad563ac7 : fffff800`abf1f180 00000000`00000080 ffffdd02`b467f040 ffffdd02`bd7f8040 : nt!ExpWorkerThread+0xd8
  640. ffffa601`89949c10 fffff800`ad5f8946 : fffff800`abf1f180 ffffdd02`bd7f8040 fffff800`ad563a80 00000000`00000000 : nt!PspSystemThreadStartup+0x47
  641. ffffa601`89949c60 00000000`00000000 : ffffa601`8994a000 ffffa601`89944000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  642. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  643. fffff800ad4d7162-fffff800ad4d7164 3 bytes - nt!MiReleaseSystemCacheView+1ea
  644. [ 40 fb f6:c0 ce 9d ]
  645. fffff800ad4fa84f - nt!MmMapLockedPagesSpecifyCache+ff (+0x236ed)
  646. [ f6:9d ]
  647. fffff800ad4fa8f4 - nt!MmMapLockedPagesSpecifyCache+1a4 (+0xa5)
  648. [ f6:9d ]
  649. fffff800ad4fa904-fffff800ad4fa906 3 bytes - nt!MmMapLockedPagesSpecifyCache+1b4 (+0x10)
  650. [ 40 fb f6:c0 ce 9d ]
  651. fffff800ad51c817 - nt!MiPfnShareCountIsZero+187 (+0x21f13)
  652. [ f6:9d ]
  653. fffff800ad51f83a-fffff800ad51f83b 2 bytes - nt!MiInsertAndUnlockStandbyPages+61a (+0x3023)
  654. [ 80 fa:00 c7 ]
  655. fffff800ad632c3c-fffff800ad632c3d 2 bytes - nt!KiOutSwapProcesses+fee0c (+0x113402)
  656. [ 80 fa:00 c7 ]
  657. fffff800ad632d5d-fffff800ad632d61 5 bytes - nt!KiInSwapProcesses+feac9 (+0x121)
  658. [ d0 be 7d fb f6:b0 73 e7 ce 9d ]
  659. fffff800ad632dd3 - nt!KiInSwapProcesses+feb3f (+0x76)
  660. [ f6:9d ]
  661. fffff800ad632e10-fffff800ad632e11 2 bytes - nt!KiInSwapProcesses+feb7c (+0x3d)
  662. [ 80 fa:00 c7 ]
  663. 21 errors : !nt (fffff800ad4d7162-fffff800ad632e11)
  664. MODULE_NAME: memory_corruption
  665.  
  666. IMAGE_NAME: memory_corruption
  667.  
  668. FOLLOWUP_NAME: memory_corruption
  669. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  670. MEMORY_CORRUPTOR: LARGE
  671. STACK_COMMAND: .cxr 0xffffa60189948d40 ; kb
  672. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  673. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  674. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  675. TARGET_TIME: 2017-07-31T15:50:28.000Z
  676. SERVICEPACK_NUMBER: 0
  677. OS_REVISION: 0
  678. SUITE_MASK: 784
  679. PRODUCT_TYPE: 1
  680. USER_LCID: 0
  681. ANALYSIS_SESSION_ELAPSED_TIME: 394a
  682. ANALYSIS_SOURCE: KM
  683. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  684. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  685. Followup: memory_corruption
  686.  
  687. ========================================================================
  688. ==================== Dump File: 073117-28859-01.dmp ====================
  689. ========================================================================
  690. Mini Kernel Dump File: Only registers and stack trace are available
  691. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  692. Kernel base = 0xfffff802`a267f000 PsLoadedModuleList = 0xfffff802`a29cb5e0
  693. Debug session time: Mon Jul 31 11:04:45.563 2017 (UTC - 4:00)
  694. System Uptime: 0 days 0:08:57.223
  695.  
  696. BugCheck 139, {1d, ffffb7018056d780, ffffb7018056d6d8, 0}
  697. Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
  698. Followup: MachineOwner
  699.  
  700. KERNEL_SECURITY_CHECK_FAILURE (139)
  701. A kernel component has corrupted a critical data structure. The corruption
  702. could potentially allow a malicious user to gain control of this machine.
  703.  
  704. Arguments:
  705. Arg1: 000000000000001d, Type of memory safety violation
  706. Arg2: ffffb7018056d780, Address of the trap frame for the exception that caused the bugcheck
  707. Arg3: ffffb7018056d6d8, Address of the exception record for the exception that caused the bugcheck
  708. Arg4: 0000000000000000, Reserved
  709.  
  710. Debugging Details:
  711. DUMP_CLASS: 1
  712. DUMP_QUALIFIER: 400
  713. DUMP_TYPE: 2
  714. TRAP_FRAME: ffffb7018056d780 -- (.trap 0xffffb7018056d780)
  715. NOTE: The trap frame does not contain all registers.
  716. Some register values may be zeroed or incorrect.
  717. rax=00000000ffff8b08 rbx=0000000000000000 rcx=000000000000001d
  718. rdx=ffff8b0bf1646dc0 rsi=0000000000000000 rdi=0000000000000000
  719. rip=fffff802a282fe59 rsp=ffffb7018056d910 rbp=0000000000000000
  720. r8=ffff8b0c02cf2478 r9=ffff8b0bf0b8a860 r10=ffff8b0bee7cd40c
  721. r11=fffff802a29d26e0 r12=0000000000000000 r13=0000000000000000
  722. r14=0000000000000000 r15=0000000000000000
  723. iopl=0 nv up ei pl nz na po cy
  724. nt!RtlRbRemoveNode+0xf0e09:
  725. fffff802`a282fe59 cd29 int 29h
  726. Resetting default scope
  727. EXCEPTION_RECORD: ffffb7018056d6d8 -- (.exr 0xffffb7018056d6d8)
  728. ExceptionAddress: fffff802a282fe59 (nt!RtlRbRemoveNode+0x00000000000f0e09)
  729. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  730. ExceptionFlags: 00000001
  731. NumberParameters: 1
  732. Parameter[0]: 000000000000001d
  733. Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
  734. CUSTOMER_CRASH_COUNT: 1
  735. BUGCHECK_STR: 0x139
  736.  
  737. PROCESS_NAME: System
  738.  
  739. CURRENT_IRQL: 2
  740. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  741. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  742. EXCEPTION_CODE_STR: c0000409
  743. EXCEPTION_PARAMETER1: 000000000000001d
  744. DEFAULT_BUCKET_ID: FAST_FAIL_INVALID_BALANCED_TREE_STRING
  745. LAST_CONTROL_TRANSFER: from fffff802a27f68a9 to fffff802a27eb4c0
  746. STACK_TEXT:
  747. ffffb701`8056d458 fffff802`a27f68a9 : 00000000`00000139 00000000`0000001d ffffb701`8056d780 ffffb701`8056d6d8 : nt!KeBugCheckEx
  748. ffffb701`8056d460 fffff802`a27f6c10 : ffffb701`805c2f80 00000000`00000000 ffffb701`8056d5c0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
  749. ffffb701`8056d5a0 fffff802`a27f5bf7 : 00000000`00000002 fffff802`ad151043 00000000`00000000 00000000`0000000f : nt!KiFastFailDispatch+0xd0
  750. ffffb701`8056d780 fffff802`a282fe59 : ffff8b0b`ec8c4922 00000000`00000000 ffff8b0b`ec8c48b8 fffff802`a273eb6f : nt!KiRaiseSecurityCheckFailure+0xf7
  751. ffffb701`8056d910 fffff802`a273eb6f : ffffffff`ffffffff fffff802`a26eefd3 ffff8b0b`ec8c48b8 00000000`00000001 : nt!RtlRbRemoveNode+0xf0e09
  752. ffffb701`8056d930 fffff802`a26f039b : ffffb701`8056d9f9 fffff802`a29d26e0 fffff802`a29d26e8 00000000`00000000 : nt!KiRemoveTimer2+0x7f
  753. ffffb701`8056d980 fffff802`a26f177e : ffffb701`80540180 00000000`0023ae22 fffff802`a0fc1ea0 00000000`00005025 : nt!KiTimer2Expiration+0x23b
  754. ffffb701`8056da60 fffff802`a27ee56a : 00000000`00000000 ffffb701`80540180 00000000`00000000 ffffb701`8054cc80 : nt!KiRetireDpcList+0x3de
  755. ffffb701`8056dc60 00000000`00000000 : ffffb701`8056e000 ffffb701`80568000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
  756. STACK_COMMAND: kb
  757. THREAD_SHA1_HASH_MOD_FUNC: 41aea2ade4b5c29f6d6c98f4e7d5af19e7f29488
  758. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c91fb0b52ef231adbe1c44d45af03ed25626234a
  759. THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
  760. FOLLOWUP_IP:
  761. nt!KiFastFailDispatch+d0
  762. fffff802`a27f6c10 c644242000 mov byte ptr [rsp+20h],0
  763. FAULT_INSTR_CODE: 202444c6
  764. SYMBOL_STACK_INDEX: 2
  765. SYMBOL_NAME: nt!KiFastFailDispatch+d0
  766. FOLLOWUP_NAME: MachineOwner
  767. MODULE_NAME: nt
  768.  
  769. IMAGE_NAME: ntkrnlmp.exe
  770.  
  771. DEBUG_FLR_IMAGE_TIMESTAMP: 595f24eb
  772. IMAGE_VERSION: 10.0.15063.483
  773. BUCKET_ID_FUNC_OFFSET: d0
  774. FAILURE_BUCKET_ID: 0x139_1d_nt!KiFastFailDispatch
  775. BUCKET_ID: 0x139_1d_nt!KiFastFailDispatch
  776. PRIMARY_PROBLEM_CLASS: 0x139_1d_nt!KiFastFailDispatch
  777. TARGET_TIME: 2017-07-31T15:04:45.000Z
  778. SERVICEPACK_NUMBER: 0
  779. OS_REVISION: 0
  780. SUITE_MASK: 784
  781. PRODUCT_TYPE: 1
  782. USER_LCID: 0
  783. ANALYSIS_SESSION_ELAPSED_TIME: 14dc
  784. ANALYSIS_SOURCE: KM
  785. FAILURE_ID_HASH_STRING: km:0x139_1d_nt!kifastfaildispatch
  786. FAILURE_ID_HASH: {f0e9be39-aca3-f989-1ebb-6cd8a3a0f24d}
  787. Followup: MachineOwner
  788.  
  789. ========================================================================
  790. ==================== Dump File: 073117-29937-01.dmp ====================
  791. ========================================================================
  792. Mini Kernel Dump File: Only registers and stack trace are available
  793. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  794. Kernel base = 0xfffff801`dee07000 PsLoadedModuleList = 0xfffff801`df1535e0
  795. Debug session time: Mon Jul 31 10:51:50.435 2017 (UTC - 4:00)
  796. System Uptime: 0 days 0:00:08.143
  797.  
  798. BugCheck C4, {2000, fffff80237f3a25c, 0, 444c534b}
  799. *** WARNING: Unable to verify timestamp for MpKslb9c75bdb.sys
  800. *** ERROR: Module load completed but symbols could not be loaded for MpKslb9c75bdb.sys
  801. Probably caused by : memory_corruption
  802. Followup: memory_corruption
  803.  
  804. DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
  805. A device driver attempting to corrupt the system has been caught. This is
  806. because the driver was specified in the registry as being suspect (by the
  807. administrator) and the kernel has enabled substantial checking of this driver.
  808. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
  809. be among the most commonly seen crashes.
  810.  
  811. Arguments:
  812. Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
  813. Arg2: fffff80237f3a25c, The address in the driver's code where the error was detected.
  814. Arg3: 0000000000000000, Pool Type.
  815. Arg4: 00000000444c534b, Pool Tag (if provided).
  816.  
  817. Debugging Details:
  818. DUMP_CLASS: 1
  819. DUMP_QUALIFIER: 400
  820. DUMP_TYPE: 2
  821. BUGCHECK_STR: 0xc4_2000
  822. CUSTOMER_CRASH_COUNT: 1
  823. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  824.  
  825. PROCESS_NAME: System
  826.  
  827. CURRENT_IRQL: 0
  828. LAST_CONTROL_TRANSFER: from fffff801df57303f to fffff801def734c0
  829. STACK_TEXT:
  830. ffffd681`a6799758 fffff801`df57303f : 00000000`000000c4 00000000`00002000 fffff802`37f3a25c 00000000`00000000 : nt!KeBugCheckEx
  831. ffffd681`a6799760 fffff801`df054d9f : ffffd681`a67998e8 fffff801`df56a9ca fffff801`df0be1f0 00000000`00000003 : nt!VerifierBugCheckIfAppropriate+0x6b
  832. ffffd681`a67997a0 fffff801`df56a8b0 : 00000000`444c534b fffff801`df1453ac fffff802`37f3a25c 00000000`00000002 : nt!VfReportIssueWithOptions+0x103
  833. ffffd681`a67997f0 fffff801`df568701 : 00000000`444c534b ffffd681`a67998c9 00000000`00000000 ffffad83`bec83000 : nt!VfCheckPoolType+0x90
  834. ffffd681`a6799830 fffff802`37f3a25c : ffffad83`bec83000 ffffad83`beca8e60 ffffad83`ba1e9290 fffff801`deeda609 : nt!VerifierExAllocatePoolEx+0x21
  835. ffffd681`a6799880 ffffad83`bec83000 : ffffad83`beca8e60 ffffad83`ba1e9290 fffff801`deeda609 00000000`00000000 : MpKslb9c75bdb+0xa25c
  836. ffffd681`a6799888 ffffad83`beca8e60 : ffffad83`ba1e9290 fffff801`deeda609 00000000`00000000 ffffd681`a6799a30 : 0xffffad83`bec83000
  837. ffffd681`a6799890 ffffad83`ba1e9290 : fffff801`deeda609 00000000`00000000 ffffd681`a6799a30 00000000`00000000 : 0xffffad83`beca8e60
  838. ffffd681`a6799898 fffff801`deeda609 : 00000000`00000000 ffffd681`a6799a30 00000000`00000000 00000000`00000801 : 0xffffad83`ba1e9290
  839. ffffd681`a67998a0 fffff801`df274026 : 00000000`00000000 ffffad83`beca8e60 ffffad83`beca8e60 00000000`000001c8 : nt!PnpDiagnosticTraceObject+0x51
  840. ffffd681`a6799930 fffff801`df5e5bdb : ffffad83`bd1abe30 ffffad83`bd1abe30 ffffd681`a6799b80 ffffad83`bd1abda0 : nt!IopLoadDriver+0x522
  841. ffffd681`a6799b10 fffff801`df5fca8e : fffff801`00000000 ffffac05`a785cfd0 00000000`00000000 fffff801`dd452500 : nt!IopInitializeSystemDrivers+0x137
  842. ffffd681`a6799bb0 fffff801`df3b314c : fffff801`dd452500 fffff801`dd452500 fffff801`df3b3110 fffff801`dd452500 : nt!IoInitSystem+0x16
  843. ffffd681`a6799be0 fffff801`deee3ac7 : ffffad83`b9277040 00690072`00650070 00630069`0064006f 00040408`00080d02 : nt!Phase1Initialization+0x3c
  844. ffffd681`a6799c10 fffff801`def78946 : fffff801`dd781180 ffffad83`b9277040 fffff801`deee3a80 0001f01c`00000000 : nt!PspSystemThreadStartup+0x47
  845. ffffd681`a6799c60 00000000`00000000 : ffffd681`a679a000 ffffd681`a6794000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  846. STACK_COMMAND: kb
  847. CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
  848. 5 errors : !nt (fffff801dee47287-fffff801deefcb77)
  849. fffff801dee47280 48 b8 00 00 00 00 80 *f0 ff ff 4c 8b d3 4c 2b d0 H.........L..L+.
  850. fffff801deefcb60 ff ff 3f 48 b8 00 00 00 *c0 *ea *d5 ff ff 48 03 c8 ..?H.........H..
  851. fffff801deefcb70 49 b8 00 00 00 00 80 *d5 ff ff 48 89 4c 24 28 48 I.........H.L$(H
  852. MODULE_NAME: memory_corruption
  853.  
  854. IMAGE_NAME: memory_corruption
  855.  
  856. FOLLOWUP_NAME: memory_corruption
  857. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  858. MEMORY_CORRUPTOR: STRIDE
  859. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
  860. BUCKET_ID: MEMORY_CORRUPTION_STRIDE
  861. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_STRIDE
  862. TARGET_TIME: 2017-07-31T14:51:50.000Z
  863. SERVICEPACK_NUMBER: 0
  864. OS_REVISION: 0
  865. SUITE_MASK: 784
  866. PRODUCT_TYPE: 1
  867. USER_LCID: 0
  868. ANALYSIS_SESSION_ELAPSED_TIME: 281b
  869. ANALYSIS_SOURCE: KM
  870. FAILURE_ID_HASH_STRING: km:memory_corruption_stride
  871. FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
  872. Followup: memory_corruption
  873.  
  874. ========================================================================
  875. ==================== Dump File: 073117-33765-01.dmp ====================
  876. ========================================================================
  877. Mini Kernel Dump File: Only registers and stack trace are available
  878. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  879. Kernel base = 0xfffff801`b3e86000 PsLoadedModuleList = 0xfffff801`b41d25e0
  880. Debug session time: Mon Jul 31 10:11:44.084 2017 (UTC - 4:00)
  881. System Uptime: 0 days 1:45:39.426
  882.  
  883. BugCheck 19, {e, ffffb0881917f440, a08d74b1757ffb48, a08d74b1757ffb4c}
  884. Probably caused by : Npfs.SYS ( Npfs!NpWriteDataQueue+112 )
  885. Followup: MachineOwner
  886.  
  887. BAD_POOL_HEADER (19)
  888. The pool is already corrupt at the time of the current request.
  889. This may or may not be due to the caller.
  890. The internal pool links must be walked to figure out a possible cause of
  891. the problem, and then special pool applied to the suspect tags or the driver
  892. verifier to a suspect driver.
  893.  
  894. Arguments:
  895. Arg1: 000000000000000e,
  896. Arg2: ffffb0881917f440
  897. Arg3: a08d74b1757ffb48
  898. Arg4: a08d74b1757ffb4c
  899.  
  900. Debugging Details:
  901. DUMP_CLASS: 1
  902. DUMP_QUALIFIER: 400
  903. DUMP_TYPE: 2
  904. BUGCHECK_STR: 0x19_e
  905. CUSTOMER_CRASH_COUNT: 1
  906. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  907.  
  908. PROCESS_NAME: chrome.exe
  909.  
  910. CURRENT_IRQL: 0
  911. LAST_CONTROL_TRANSFER: from fffff801b4106c49 to fffff801b3ff24c0
  912. STACK_TEXT:
  913. ffff8181`472825f8 fffff801`b4106c49 : 00000000`00000019 00000000`0000000e ffffb088`1917f440 a08d74b1`757ffb48 : nt!KeBugCheckEx
  914. ffff8181`47282600 fffff80b`b769ab62 : fffff801`b278b800 ffff8181`47282810 ffff8181`3e975180 ffffb088`222b4080 : nt!ExAllocatePoolWithTag+0x18a9
  915. ffff8181`472826f0 fffff80b`b769a8b7 : ffffdd01`04432e00 fffff801`00000000 000001fc`14ed0648 00000000`000001b0 : Npfs!NpWriteDataQueue+0x112
  916. ffff8181`47282760 fffff80b`b769a6ef : ffffdd01`01180870 000001fc`14ed0648 ffffb088`1ab7b7a0 ffffb088`1a518700 : Npfs!NpCommonWrite+0x157
  917. ffff8181`472827f0 fffff80b`b5523502 : ffffb088`10b273c0 ffff8181`47282a40 ffffb088`222148e0 fffff801`b430ec5e : Npfs!NpFsdWrite+0x5f
  918. ffff8181`47282860 fffff801`b431c6ef : ffffb088`1a73bd60 ffffb088`1ab7b900 ffffb088`1a73bd60 fffff801`00000001 : FLTMGR!FltpDispatch+0xe2
  919. ffff8181`472828c0 fffff801`b4345a48 : ffffdd01`00000000 00000000`00000004 ffffb088`0c3ff110 ffff8181`47282b80 : nt!IopSynchronousServiceTail+0x1af
  920. ffff8181`47282980 fffff801`b3ffd413 : ffffb088`1a518700 00000000`00000000 00000000`00000000 000001fc`10fc01f8 : nt!NtWriteFile+0x6d8
  921. ffff8181`47282a90 00007ff9`c6c854a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  922. 000000ca`82ffe758 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`c6c854a4
  923. STACK_COMMAND: kb
  924. THREAD_SHA1_HASH_MOD_FUNC: 04bb5edfdcf206c5b4922d4aa4b04b09e6ce42ee
  925. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ae9dcf249ebdbd671b48f20e9605fd585cad56be
  926. THREAD_SHA1_HASH_MOD: dce440383acd8bd9a1d0a689e8852277bbdc81a1
  927. FOLLOWUP_IP:
  928. Npfs!NpWriteDataQueue+112
  929. fffff80b`b769ab62 4c8bf8 mov r15,rax
  930. FAULT_INSTR_CODE: 48f88b4c
  931. SYMBOL_STACK_INDEX: 2
  932. SYMBOL_NAME: Npfs!NpWriteDataQueue+112
  933. FOLLOWUP_NAME: MachineOwner
  934. MODULE_NAME: Npfs
  935.  
  936. IMAGE_NAME: Npfs.SYS
  937.  
  938. DEBUG_FLR_IMAGE_TIMESTAMP: 71dcd8d9
  939. IMAGE_VERSION: 10.0.15058.0
  940. BUCKET_ID_FUNC_OFFSET: 112
  941. FAILURE_BUCKET_ID: 0x19_e_Npfs!NpWriteDataQueue
  942. BUCKET_ID: 0x19_e_Npfs!NpWriteDataQueue
  943. PRIMARY_PROBLEM_CLASS: 0x19_e_Npfs!NpWriteDataQueue
  944. TARGET_TIME: 2017-07-31T14:11:44.000Z
  945. SERVICEPACK_NUMBER: 0
  946. OS_REVISION: 0
  947. SUITE_MASK: 784
  948. PRODUCT_TYPE: 1
  949. USER_LCID: 0
  950. ANALYSIS_SESSION_ELAPSED_TIME: 998
  951. ANALYSIS_SOURCE: KM
  952. FAILURE_ID_HASH_STRING: km:0x19_e_npfs!npwritedataqueue
  953. FAILURE_ID_HASH: {59a55cae-bf51-e25b-4343-197c08d57dcc}
  954. Followup: MachineOwner
  955.  
  956. ========================================================================
  957. ==================== Dump File: 073117-36828-01.dmp ====================
  958. ========================================================================
  959. Mini Kernel Dump File: Only registers and stack trace are available
  960. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  961. Kernel base = 0xfffff801`e880d000 PsLoadedModuleList = 0xfffff801`e8b595e0
  962. Debug session time: Mon Jul 31 08:23:19.732 2017 (UTC - 4:00)
  963. System Uptime: 3 days 19:31:43.062
  964.  
  965. BugCheck 133, {0, 501, 500, fffff801e8bee348}
  966. *** WARNING: Unable to verify timestamp for Netwbw02.sys
  967. *** ERROR: Module load completed but symbols could not be loaded for Netwbw02.sys
  968. *************************************************************************
  969. *** Either you specified an unqualified symbol, or your debugger ***
  970. *** doesn't have full symbol information. Unqualified symbol ***
  971. *** resolution is turned off by default. Please either specify a ***
  972. *** fully qualified symbol module!symbolname, or enable resolution ***
  973. *** of unqualified symbols by typing ".symopt- 100". Note that ***
  974. *** enabling unqualified symbol resolution with network symbol ***
  975. *** server shares in the symbol path may cause the debugger to ***
  976. *** appear to hang for long periods of time when an incorrect ***
  977. *** symbol name is typed or the network symbol server is down. ***
  978. *** For some commands to work properly, your symbol path ***
  979. *** must point to .pdb files that have full type information. ***
  980. *** Certain .pdb files (such as the public OS symbols) do not ***
  981. *** contain the required information. Contact the group that ***
  982. *** provided you with these symbols if you need this command to ***
  983. *** work. ***
  984. *** Type referenced: TickPeriods ***
  985. *************************************************************************
  986. Probably caused by : memory_corruption
  987. Followup: memory_corruption
  988.  
  989. DPC_WATCHDOG_VIOLATION (133)
  990. The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
  991. or above.
  992.  
  993. Arguments:
  994. Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
  995. component can usually be identified with a stack trace.
  996. Arg2: 0000000000000501, The DPC time count (in ticks).
  997. Arg3: 0000000000000500, The DPC time allotment (in ticks).
  998. Arg4: fffff801e8bee348
  999.  
  1000. Debugging Details:
  1001. *************************************************************************
  1002. *** Either you specified an unqualified symbol, or your debugger ***
  1003. *** doesn't have full symbol information. Unqualified symbol ***
  1004. *** resolution is turned off by default. Please either specify a ***
  1005. *** fully qualified symbol module!symbolname, or enable resolution ***
  1006. *** of unqualified symbols by typing ".symopt- 100". Note that ***
  1007. *** enabling unqualified symbol resolution with network symbol ***
  1008. *** server shares in the symbol path may cause the debugger to ***
  1009. *** appear to hang for long periods of time when an incorrect ***
  1010. *** symbol name is typed or the network symbol server is down. ***
  1011. *** For some commands to work properly, your symbol path ***
  1012. *** must point to .pdb files that have full type information. ***
  1013. *** Certain .pdb files (such as the public OS symbols) do not ***
  1014. *** contain the required information. Contact the group that ***
  1015. *** provided you with these symbols if you need this command to ***
  1016. *** work. ***
  1017. *** Type referenced: TickPeriods ***
  1018. *************************************************************************
  1019. DUMP_CLASS: 1
  1020. DUMP_QUALIFIER: 400
  1021. DUMP_TYPE: 2
  1022. DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
  1023. CUSTOMER_CRASH_COUNT: 1
  1024. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1025. BUGCHECK_STR: 0x133
  1026.  
  1027. PROCESS_NAME: steamwebhelper.exe
  1028.  
  1029. CURRENT_IRQL: d
  1030. LAST_CONTROL_TRANSFER: from fffff801e89a93d2 to fffff801e89794c0
  1031. STACK_TEXT:
  1032. fffff801`eac62bc8 fffff801`e89a93d2 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
  1033. fffff801`eac62bd0 fffff801`e8882899 : 00004f07`40d8f379 fffff801`e7209180 00000000`0141c7c4 00000000`00000002 : nt!KeAccumulateTicks+0x124ea2
  1034. fffff801`eac62c30 fffff801`e9099676 : 00004f07`40d89dd8 fffff801`e8bef4c0 fffff801`eac5a010 fffff801`e90e9460 : nt!KeClockInterruptNotify+0x599
  1035. fffff801`eac62f40 fffff801`e881c675 : fffff801`e90e93b0 ffffe410`30210cb7 00000000`000002ec ffffc981`5ce04140 : hal!HalpTimerClockInterrupt+0x56
  1036. fffff801`eac62f70 fffff801`e897ab5a : fffff801`eac5a090 fffff801`e90e93b0 00000000`00000005 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa5
  1037. fffff801`eac62fb0 fffff801`e897afa7 : 20646574`74696d62 4163616d`6d207962 00000000`00000000 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
  1038. fffff801`eac5a010 fffff801`e8918e71 : fffff801`e8918e2f ffffffff`ffffffd1 0000065b`56a38094 ffffdc01`c3b7e3c0 : nt!KiInterruptDispatchNoLockNoEtw+0x37
  1039. fffff801`eac5a1a8 fffff801`e8918e2f : ffffffff`ffffffd1 0000065b`56a38094 ffffdc01`c3b7e3c0 0000065b`56a08094 : nt!PspUnlockQuotaExpansion+0x5
  1040. fffff801`eac5a1b0 fffff801`e8897d7c : 00000038`00000002 0000065b`56a38094 ffffdc01`b27f1d80 fffff804`7e00398b : nt!PspExpandQuota+0x83
  1041. fffff801`eac5a210 fffff804`7e05096f : 0000065b`56a18094 ffffdc01`b4770f00 fffff801`eac5a370 ffffdc01`bdef21a0 : nt!PspChargeQuota+0x13c
  1042. fffff801`eac5a270 fffff804`7ed73987 : 00000000`00000000 00000000`00000000 00000000`00002aad fffff804`7ed9b9d4 : afd!AfdBCommonChainedReceiveEventHandler+0x66f
  1043. fffff801`eac5a3c0 fffff804`7ed84049 : fffff801`eac5aa88 00000000`00000000 00000000`00000000 fffff804`7f01141f : tcpip!TcpIndicateData+0x117
  1044. fffff801`eac5a4f0 fffff804`7ed83c20 : fffff801`00000000 fffff804`7e002926 ffff6974`012d654b 00000000`00000002 : tcpip!TcpDeliverDataToClient+0xc9
  1045. fffff801`eac5a660 fffff804`7ed81d70 : 00000000`00000000 00000000`00000000 00000000`0000004e ffffdc01`bc1824a0 : tcpip!TcpDeliverReceive+0xb0
  1046. fffff801`eac5a770 fffff804`7ed81501 : ffffdc01`b4183370 fffff801`eac5ad98 ffffdc01`b4183370 fffff804`7dda5b36 : tcpip!TcpTcbFastDatagram+0x490
  1047. fffff801`eac5a9d0 fffff804`7ed80cd0 : 00000000`00000001 fffff804`7edd6ce0 00000000`00000002 ffffdc01`aa9e66f0 : tcpip!TcpTcbReceive+0x171
  1048. fffff801`eac5ac30 fffff804`7ed806a4 : ffffc981`627960de ffffdc01`aa9db000 00000000`00000000 ffffdc01`aa5fffa0 : tcpip!TcpMatchReceive+0x1d0
  1049. fffff801`eac5ad90 fffff804`7edb2ce9 : ffffdc01`aa9e66f0 ffffdc01`aa9db000 fffff801`eac5bb01 ffffdc01`0000c4c7 : tcpip!TcpPreValidatedReceive+0x344
  1050. fffff801`eac5ae80 fffff804`7edb2952 : 00000000`00000000 fffff801`e71c3def 00000000`00000000 00000000`00000006 : tcpip!IppDeliverListToProtocol+0x59
  1051. fffff801`eac5af30 fffff804`7ed7d88c : 00000000`00000006 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
  1052. fffff801`eac5afa0 fffff804`7ed8e66e : fffff804`7ef4a220 ffffdc01`a9001940 00000000`00000000 ffffdc01`b7dd9500 : tcpip!IppReceiveHeaderBatch+0x20c
  1053. fffff801`eac5b0a0 fffff804`7ed8f39f : ffffdc01`b49b4de0 ffffdc01`bc1824a0 fffff801`eac5b201 ffffdc01`be86ea00 : tcpip!IppFlcReceivePacketsCore+0x31e
  1054. fffff801`eac5b1c0 fffff804`7ed7e4f8 : ffffdc01`be860017 fffff801`00000001 fffff804`7edd6c40 00000000`00000001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x25f
  1055. fffff801`eac5b2a0 fffff801`e882320b : 00000000`00000002 ffffdc01`c2f5b1c0 fffff804`7ed7e3a0 fffff801`eac5b450 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x158
  1056. fffff801`eac5b3d0 fffff804`7edd7176 : ffffdc01`aa9cedf0 00000000`00000000 ffffdc01`aa7f1b10 ffffdc01`bc182400 : nt!KeExpandKernelStackAndCalloutInternal+0x8b
  1057. fffff801`eac5b420 fffff804`7dda2da7 : 00000000`00000001 fffff801`eac5b520 fffff801`00000001 ffffdc01`bf70dc00 : tcpip!FlReceiveNetBufferListChain+0xb6
  1058. fffff801`eac5b4a0 fffff804`7dda2a9f : 00000000`00000001 ffffdc01`bc83dd00 ffffdc01`00000000 00000000`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x117
  1059. fffff801`eac5b560 fffff804`7dda3317 : ffffdc01`aa2901a0 fffff801`00000000 ffffdc01`aa2901a0 00000000`00000001 : ndis!ndisMTopReceiveNetBufferLists+0x22f
  1060. fffff801`eac5b660 fffff804`7dda267d : 00000000`0141c2c3 ffffdc01`bdc3e141 fffff801`eac5b7b0 00000000`00000001 : ndis!ndisCallReceiveHandler+0x47
  1061. fffff801`eac5b6b0 fffff804`7fe21296 : 00000000`00000000 00000000`00000001 ffffdc01`ba1cb0c0 fffff804`7fc7dd77 : ndis!NdisMIndicateReceiveNetBufferLists+0x70d
  1062. fffff801`eac5b8a0 00000000`00000000 : 00000000`00000001 ffffdc01`ba1cb0c0 fffff804`7fc7dd77 ffffc981`00000001 : Netwbw02+0x1b1296
  1063. STACK_COMMAND: kb
  1064. CHKIMG_EXTENSION: !chkimg -lo 50 -db !win32k
  1065. 255 errors : !win32k (ffffb7ac091ccaa0-ffffb7ac091ccb9f)
  1066. ffffb7ac091ccaa0 *00 *07 *ad *ff *00 *11 *ad *ff *00 *1b *ad *ff *00 *25 *ad *ff .............%..
  1067. ffffb7ac091ccab0 *01 *2f *ad *ff *00 *39 *ad *ff *00 *43 *ad *ff *00 *4d *ad *ff ./...9...C...M..
  1068. ffffb7ac091ccac0 *00 *57 *ad *ff *00 *61 *ad *ff *03 *6b *ad *ff *07 *75 *ad *ff .W...a...k...u..
  1069. ffffb7ac091ccad0 *00 *7f *ad *ff *00 *89 *ad *ff *00 *93 *ad *ff *00 *9d *ad *ff ................
  1070. ffffb7ac091ccae0 *00 *a7 *ad *ff *00 *b1 *ad *ff *00 *bb *ad *ff *00 *c5 *ad *ff ................
  1071. ffffb7ac091ccaf0 *00 *cf *ad *ff *00 *d9 *ad *ff *00 *e3 *ad *ff *00 *ed *ad *ff ................
  1072. ffffb7ac091ccb00 *00 *f7 *ad *ff *00 *01 *ae *ff *00 *0b *ae *ff *01 *15 *ae *ff ................
  1073. ffffb7ac091ccb10 *00 *1f *ae *ff *00 *29 *ae *ff *00 *33 *ae *ff *04 *3d *ae *ff .....)...3...=..
  1074. ffffb7ac091ccb20 *00 *47 *ae *ff *00 *51 *ae *ff *00 *5b *ae *ff *01 *65 *ae *ff .G...Q...[...e..
  1075. ffffb7ac091ccb30 *00 *6f *ae *ff *00 *79 *ae *ff *00 *83 *ae *ff *03 *8d *ae *ff .o...y..........
  1076. ffffb7ac091ccb40 *00 *97 *ae *ff *00 *a1 *ae *ff *00 *ab *ae *ff *00 b5 *ae *ff ................
  1077. ffffb7ac091ccb50 *0c *bf *ae *ff *00 *c9 *ae *ff *00 *d3 *ae *ff *00 *dd *ae *ff ................
  1078. ffffb7ac091ccb60 *00 *e7 *ae *ff *00 *f1 *ae *ff *00 *fb *ae *ff *00 *05 *af *ff ................
  1079. ffffb7ac091ccb70 *08 *0f *af *ff *00 *19 *af *ff *00 *23 *af *ff *00 *2d *af *ff .........#...-..
  1080. ffffb7ac091ccb80 *00 *37 *af *ff *00 *41 *af *ff *00 *4b *af *ff *05 *55 *af *ff .7...A...K...U..
  1081. ffffb7ac091ccb90 *00 *5f *af *ff *00 *69 *af *ff *00 *73 *af *ff *00 *7d *af *ff ._...i...s...}..
  1082. MODULE_NAME: memory_corruption
  1083.  
  1084. IMAGE_NAME: memory_corruption
  1085.  
  1086. FOLLOWUP_NAME: memory_corruption
  1087. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1088. MEMORY_CORRUPTOR: LARGE_256
  1089. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE_256
  1090. BUCKET_ID: MEMORY_CORRUPTION_LARGE_256
  1091. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE_256
  1092. TARGET_TIME: 2017-07-31T12:23:19.000Z
  1093. SERVICEPACK_NUMBER: 0
  1094. OS_REVISION: 0
  1095. SUITE_MASK: 784
  1096. PRODUCT_TYPE: 1
  1097. USER_LCID: 0
  1098. ANALYSIS_SESSION_ELAPSED_TIME: 2a23
  1099. ANALYSIS_SOURCE: KM
  1100. FAILURE_ID_HASH_STRING: km:memory_corruption_large_256
  1101. FAILURE_ID_HASH: {c4e440c8-f34a-f4bb-4c2a-b6acf02f9cce}
  1102. Followup: memory_corruption
  1103.  
  1104. ========================================================================
  1105. ==================== Dump File: 072717-30125-01.dmp ====================
  1106. ========================================================================
  1107. Mini Kernel Dump File: Only registers and stack trace are available
  1108. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  1109. Kernel base = 0xfffff800`aa69b000 PsLoadedModuleList = 0xfffff800`aa9e75e0
  1110. Debug session time: Thu Jul 27 09:18:48.798 2017 (UTC - 4:00)
  1111. System Uptime: 0 days 0:56:11.458
  1112.  
  1113. BugCheck 3B, {c0000005, 7ff8aa58e490, ffffa20043d05d10, 0}
  1114. *** WARNING: Unable to verify timestamp for win32kfull.sys
  1115. *** ERROR: Module load completed but symbols could not be loaded for win32kfull.sys
  1116. *** WARNING: Unable to verify timestamp for win32k.sys
  1117. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  1118. Probably caused by : memory_corruption
  1119. Followup: memory_corruption
  1120.  
  1121. SYSTEM_SERVICE_EXCEPTION (3b)
  1122. An exception happened while executing a system service routine.
  1123.  
  1124. Arguments:
  1125. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  1126. Arg2: 00007ff8aa58e490, Address of the instruction which caused the bugcheck
  1127. Arg3: ffffa20043d05d10, Address of the context record for the exception that caused the bugcheck
  1128. Arg4: 0000000000000000, zero.
  1129.  
  1130. Debugging Details:
  1131. DUMP_CLASS: 1
  1132. DUMP_QUALIFIER: 400
  1133. DUMP_TYPE: 2
  1134. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  1135. FAULTING_IP:
  1136. +0
  1137. 00007ff8`aa58e490 ?? ???
  1138. CONTEXT: ffffa20043d05d10 -- (.cxr 0xffffa20043d05d10)
  1139. rax=00007ff8aa58e490 rbx=ffff868983e01590 rcx=0000000000000000
  1140. rdx=0000000000000118 rsi=0000000000000054 rdi=0000000000000204
  1141. rip=00007ff8aa58e490 rsp=ffffa20043d06708 rbp=0000000000000012
  1142. r8=0000000000000000 r9=ffff868983e01590 r10=0000000000000020
  1143. r11=0000000000008101 r12=0000000000000000 r13=00000000003371bd
  1144. r14=ffff868981d7b628 r15=0000000000000010
  1145. iopl=0 nv up ei pl zr na po nc
  1146. cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246
  1147. 00007ff8`aa58e490 ?? ???
  1148. Resetting default scope
  1149. CUSTOMER_CRASH_COUNT: 1
  1150. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1151. BUGCHECK_STR: 0x3B
  1152.  
  1153. PROCESS_NAME: csrss.exe
  1154.  
  1155. CURRENT_IRQL: 0
  1156. LAST_CONTROL_TRANSFER: from ffff86c4ecc49add to 00007ff8aa58e490
  1157. STACK_TEXT:
  1158. ffffa200`43d06708 ffff86c4`ecc49add : ffff8689`83e01590 00000000`00000054 00000000`00000204 00000000`00000000 : 0x00007ff8`aa58e490
  1159. ffffa200`43d06710 ffff8689`83e01590 : 00000000`00000054 00000000`00000204 00000000`00000000 ffffa200`43d06890 : win32kfull+0x49add
  1160. ffffa200`43d06718 00000000`00000054 : 00000000`00000204 00000000`00000000 ffffa200`43d06890 ffffda04`28dcd620 : 0xffff8689`83e01590
  1161. ffffa200`43d06720 00000000`00000204 : 00000000`00000000 ffffa200`43d06890 ffffda04`28dcd620 00000000`00000000 : 0x54
  1162. ffffa200`43d06728 00000000`00000000 : ffffa200`43d06890 ffffda04`28dcd620 00000000`00000000 ffff8689`83e01590 : 0x204
  1163. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1164. fffff800aa728d28 - nt!MiResolvePageTablePage+3b8
  1165. [ f6:fa ]
  1166. fffff800aa728d48-fffff800aa728d4c 5 bytes - nt!MiResolvePageTablePage+3d8 (+0x20)
  1167. [ df be 7d fb f6:5f bf 7e fd fa ]
  1168. 6 errors : !nt (fffff800aa728d28-fffff800aa728d4c)
  1169. MODULE_NAME: memory_corruption
  1170.  
  1171. IMAGE_NAME: memory_corruption
  1172.  
  1173. FOLLOWUP_NAME: memory_corruption
  1174. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1175. MEMORY_CORRUPTOR: LARGE
  1176. STACK_COMMAND: .cxr 0xffffa20043d05d10 ; kb
  1177. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1178. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1179. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1180. TARGET_TIME: 2017-07-27T13:18:48.000Z
  1181. SERVICEPACK_NUMBER: 0
  1182. OS_REVISION: 0
  1183. SUITE_MASK: 784
  1184. PRODUCT_TYPE: 1
  1185. USER_LCID: 0
  1186. ANALYSIS_SESSION_ELAPSED_TIME: 5cae
  1187. ANALYSIS_SOURCE: KM
  1188. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1189. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1190. Followup: memory_corruption
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!