API tools faq
paste
juwa2

Géčko - dump1

juwa2
Feb 5th, 2018
109
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.13 KB | None | 0 0
raw download clone embed print report
  1. *******************************************************************************
  2. * *
  3. * Bugcheck Analysis *
  4. * *
  5. *******************************************************************************
  6.  
  7. KMODE_EXCEPTION_NOT_HANDLED (1e)
  8. This is a very common bugcheck. Usually the exception address pinpoints
  9. the driver/function that caused the problem. Always note this address
  10. as well as the link date of the driver/image that contains this address.
  11. Arguments:
  12. Arg1: ffffffffc0000005, The exception code that was not handled
  13. Arg2: fffff801364ecf92, The address that the exception occurred at
  14. Arg3: 0000000000000000, Parameter 0 of the exception
  15. Arg4: ffffffffffffffff, Parameter 1 of the exception
  16.  
  17. Debugging Details:
  18. ------------------
  19.  
  20. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  21.  
  22. OVERLAPPED_MODULE: Address regions for 'srv2' and 'dump_storpor' overlap
  23.  
  24. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  25.  
  26. FAULTING_IP:
  27. nt!KxWaitForLockOwnerShipWithIrql+12
  28. fffff801`364ecf92 48890a mov qword ptr [rdx],rcx
  29.  
  30. EXCEPTION_PARAMETER1: 0000000000000000
  31.  
  32. EXCEPTION_PARAMETER2: ffffffffffffffff
  33.  
  34. READ_ADDRESS: unable to get nt!MmSpecialPoolStart
  35. unable to get nt!MmSpecialPoolEnd
  36. unable to get nt!MmPagedPoolEnd
  37. unable to get nt!MmNonPagedPoolStart
  38. unable to get nt!MmSizeOfNonPagedPoolInBytes
  39. ffffffffffffffff
  40.  
  41. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  42.  
  43. BUGCHECK_STR: 0x1e_c0000005
  44.  
  45. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  46.  
  47. PROCESS_NAME: MSASCuiL.exe
  48.  
  49. CURRENT_IRQL: 0
  50.  
  51. TRAP_FRAME: 00007ffd05fd6f50 -- (.trap 0x7ffd05fd6f50)
  52. Unable to read trap frame at 00007ffd`05fd6f50
  53.  
  54. LAST_CONTROL_TRANSFER: from fffff801365aaeed to fffff80136577880
  55.  
  56. CONTEXT: 00b60f41c2200f44 -- (.cxr 0xb60f41c2200f44)
  57. Unable to read context, Win32 error 0n30
  58.  
  59. STACK_TEXT:
  60. fffff880`926bbb28 fffff801`365aaeed : 00000000`0000001e ffffffff`c0000005 fffff801`364ecf92 00000000`00000000 : nt!KeBugCheckEx
  61. fffff880`926bbb30 fffff801`3658aa0e : 00000000`00000000 40220000`00000000 00007ffd`05fd6f50 00000000`00000000 : nt!KiDispatchException+0x11eded
  62. fffff880`926bc1e0 fffff801`36586510 : 00000000`00000000 40220000`00000000 00007ffd`05fd6f50 c0000022`00000000 : nt!KiExceptionDispatch+0xce
  63. fffff880`926bc3c0 fffff801`364ecf92 : 00000000`00000000 40240000`00000000 00000000`00000000 fffff801`368c52cc : nt!KiGeneralProtectionFault+0x3d0
  64. fffff880`926bc550 fffff801`364327b3 : ffffae02`48c20de0 00000000`00000001 00000000`00000000 ffffae02`48d87000 : nt!KxWaitForLockOwnerShipWithIrql+0x12
  65. fffff880`926bc580 fffff801`3689cb76 : 00000000`00000001 ffffae02`48d87002 ffffae02`48d87030 00000000`00000001 : nt!ExReleaseResourceLite+0xe3
  66. fffff880`926bc5e0 fffff807`a76de3bf : ffffae02`48ce0bd0 ffffae02`48ce0bd0 ffffdb0f`b477e910 00000000`ffffffff : nt!SeUnlockSubjectContext+0x16
  67. fffff880`926bc610 fffff807`a76dd087 : ffffae02`48ce0bd0 fffff807`a782e070 00000000`00000000 fffff807`a76db000 : NTFS!NtfsAccessCheck+0xf9f
  68. fffff880`926bc830 fffff807`a76dcd88 : 00000000`00000000 ffffae02`48ce0bd0 00000000`00000000 00000000`00000000 : NTFS!NtfsCheckExistingFile+0xc7
  69. fffff880`926bc8d0 fffff807`a76dc371 : fffff880`9326eab0 00000000`00000000 00000000`00000001 ffffdb0f`00000024 : NTFS!NtfsOpenExistingAttr+0xe8
  70. fffff880`926bc990 fffff807`a76d9d64 : fffff880`9326eab0 ffffae02`48ce0bd0 ffffdb0f`b477ed30 00000000`00000024 : NTFS!NtfsOpenAttributeInExistingFile+0x131
  71. fffff880`926bcb70 fffff807`a76eac5e : ffffae02`46428018 ffffdb0f`b477e910 ffffdb0f`b477ed30 00000000`00000000 : NTFS!NtfsOpenExistingPrefixFcb+0x1e4
  72. fffff880`926bcc50 fffff807`a76e71e7 : ffffae02`46428018 ffffae02`48ce0bd0 00000000`00000000 fffff880`926bce90 : NTFS!NtfsFindStartingNode+0x44e
  73. fffff880`926bcd10 fffff807`a76e55fd : ffffae02`46428018 ffffae02`48ce0bd0 fffff880`9326eab0 00000000`00000001 : NTFS!NtfsCommonCreate+0x457
  74. fffff880`926bcf50 fffff801`3657af27 : fffff880`9326ea30 00000000`00000034 00000000`00000002 00000000`00000000 : NTFS!NtfsCommonCreateCallout+0x1d
  75. fffff880`926bcf80 fffff801`3657aeed : 00000000`00000012 ffffae02`48209040 fffff880`926bd000 fffff801`364787bd : nt!KxSwitchKernelStackCallout+0x27
  76. fffff880`9326e830 fffff801`364787bd : ffffae02`00000012 00000000`00000012 ffffae02`4882a980 fffff801`3641be2f : nt!KiSwitchKernelStackContinue
  77. fffff880`9326e850 fffff801`3647856a : fffff807`a76e55e0 fffff880`9326ea30 00000000`00000004 00000000`00000005 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x11d
  78. fffff880`9326e8c0 fffff801`3647840f : fffff880`9326ed40 fffff880`9326ea30 00000000`00000001 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xba
  79. fffff880`9326e910 fffff801`364783cd : 00000000`00000000 ffffae02`48ce0bd0 ffffae02`46428018 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x2f
  80. fffff880`9326e960 fffff807`a76e5817 : ffffae02`46428018 fffff880`9326eab0 00000000`00000000 ffffae02`48ce0bd0 : nt!KeExpandKernelStackAndCalloutEx+0x1d
  81. fffff880`9326e9a0 fffff801`3641c2d9 : ffffae02`44276030 ffffae02`48ce0bd0 ffffae02`48371300 00000000`00000000 : NTFS!NtfsFsdCreate+0x1d7
  82. fffff880`9326ec10 fffff807`a6818773 : ffffae02`48ce0bd0 ffffae02`48371360 ffffae02`48ce0f70 fffff807`a6837060 : nt!IofCallDriver+0x59
  83. fffff880`9326ec50 fffff807`a684b57f : fffff880`9326ed00 fffff880`9326ed40 ffffae02`45c71800 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a3
  84. fffff880`9326ecc0 fffff801`3641c2d9 : ffffae02`47a16001 00000000`000000a5 00000000`00000060 ffffae02`486c4208 : FLTMGR!FltpCreate+0x2cf
  85. fffff880`9326ed70 fffff801`3687a152 : 00000000`000000a5 fffff880`9326f000 ffffae02`48371360 fffff880`00000989 : nt!IofCallDriver+0x59
  86. fffff880`9326edb0 fffff801`369615a7 : 00000000`00000005 ffffae02`47a16010 ae024829`0c90ffcf ffffae02`48290cc0 : nt!IopParseDevice+0x822
  87. fffff880`9326ef70 fffff801`36899da7 : fffff801`369614e0 fffff880`9326f0e0 ffffae02`48290c90 00000000`0000000c : nt!IopParseFile+0xc7
  88. fffff880`9326efe0 fffff801`36891480 : ffffae02`48d87000 fffff880`9326f238 ffffae02`00000240 ffffae02`44370dc0 : nt!ObpLookupObjectName+0x5b7
  89. fffff880`9326f1a0 fffff801`3688e72f : 00000000`00000001 00000000`00000000 fffff880`9326f788 fffff880`9326f850 : nt!ObOpenObjectByNameEx+0x1e0
  90. fffff880`9326f2e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopCreateFile+0x82f
  91.  
  92.  
  93. FOLLOWUP_IP:
  94. nt!KxWaitForLockOwnerShipWithIrql+12
  95. fffff801`364ecf92 48890a mov qword ptr [rdx],rcx
  96.  
  97. SYMBOL_STACK_INDEX: 4
  98.  
  99. SYMBOL_NAME: nt!KxWaitForLockOwnerShipWithIrql+12
  100.  
  101. FOLLOWUP_NAME: MachineOwner
  102.  
  103. MODULE_NAME: nt
  104.  
  105. IMAGE_NAME: ntkrnlmp.exe
  106.  
  107. DEBUG_FLR_IMAGE_TIMESTAMP: 5a5fb447
  108.  
  109. STACK_COMMAND: .cxr 0xb60f41c2200f44 ; kb
  110.  
  111. FAILURE_BUCKET_ID: X64_0x1e_c0000005_nt!KxWaitForLockOwnerShipWithIrql+12
  112.  
  113. BUCKET_ID: X64_0x1e_c0000005_nt!KxWaitForLockOwnerShipWithIrql+12
  114.  
  115. Followup: MachineOwner
  116. ---------
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!