API tools faq
paste
hamzaalloush

kernel dump

hamzaalloush
Jan 27th, 2015
287
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.52 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5.  
  6. Loading Dump File [C:\Windows\MEMORY.DMP]
  7. Kernel Summary Dump File: Only kernel address space is available
  8.  
  9. Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
  10. Executable search path is:
  11. Windows 7 Kernel Version 7600 MP (8 procs) Free x64
  12. Product: WinNt, suite: TerminalServer SingleUserTS
  13. Built by: 7600.16792.amd64fre.win7_gdr.110408-1633
  14. Machine Name:
  15. Kernel base = 0xfffff800`0320d000 PsLoadedModuleList = 0xfffff800`0344ae50
  16. Debug session time: Tue Jan 27 01:59:39.310 2015 (UTC + 3:00)
  17. System Uptime: 0 days 0:00:26.200
  18. Loading Kernel Symbols
  19. ...............................................................
  20. ................................................................
  21. ...................................
  22. Loading User Symbols
  23. PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
  24. Loading unloaded module list
  25. ....
  26. *******************************************************************************
  27. * *
  28. * Bugcheck Analysis *
  29. * *
  30. *******************************************************************************
  31.  
  32. Use !analyze -v to get detailed debugging information.
  33.  
  34. BugCheck C4, {f6, 538, fffffa801269fb30, fffff8800929e4b4}
  35.  
  36. *** ERROR: Module load completed but symbols could not be loaded for SaiH0763.sys
  37. Probably caused by : SaiH0763.sys ( SaiH0763+244b4 )
  38.  
  39. Followup: MachineOwner
  40. ---------
  41.  
  42. 2: kd> !analyze -v
  43. *******************************************************************************
  44. * *
  45. * Bugcheck Analysis *
  46. * *
  47. *******************************************************************************
  48.  
  49. DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
  50. A device driver attempting to corrupt the system has been caught. This is
  51. because the driver was specified in the registry as being suspect (by the
  52. administrator) and the kernel has enabled substantial checking of this driver.
  53. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
  54. be among the most commonly seen crashes.
  55. Arguments:
  56. Arg1: 00000000000000f6, Referencing user handle as KernelMode.
  57. Arg2: 0000000000000538, Handle value being referenced.
  58. Arg3: fffffa801269fb30, Address of the current process.
  59. Arg4: fffff8800929e4b4, Address inside the driver that is performing the incorrect reference.
  60.  
  61. Debugging Details:
  62. ------------------
  63.  
  64.  
  65. BUGCHECK_STR: 0xc4_f6
  66.  
  67. DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
  68.  
  69. PROCESS_NAME: Steam.exe
  70.  
  71. CURRENT_IRQL: 0
  72.  
  73. LAST_CONTROL_TRANSFER: from fffff800037073dc to fffff8000327d700
  74.  
  75. STACK_TEXT:
  76. fffff880`0c9f1e78 fffff800`037073dc : 00000000`000000c4 00000000`000000f6 00000000`00000538 fffffa80`1269fb30 : nt!KeBugCheckEx
  77. fffff880`0c9f1e80 fffff800`0371cae4 : 00000000`00000538 fffffa80`1269fb30 00000000`00000004 00000000`00000007 : nt!VerifierBugCheckIfAppropriate+0x3c
  78. fffff880`0c9f1ec0 fffff800`034d7fa0 : ffffffff`ffffffff fffff880`0c9f2110 fffff880`0c9f2200 fffff880`0c9f2498 : nt!VfCheckUserHandle+0x1b4
  79. fffff880`0c9f1fa0 fffff800`03557245 : 00000014`00000000 fffff6fc`00000001 fffffa80`0cd79080 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x20a4e
  80. fffff880`0c9f2070 fffff800`0327c953 : fffffa80`0f2af060 fffff880`0c9f2428 fffff880`00000002 fffff880`0c9f24b0 : nt!NtQueryValueKey+0x115
  81. fffff880`0c9f2200 fffff800`03278ef0 : fffff800`0370bc86 fffff880`0929e4b4 fffff880`0c9f2498 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  82. fffff880`0c9f2408 fffff800`0370bc86 : fffff880`0929e4b4 fffff880`0c9f2498 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
  83. fffff880`0c9f2410 fffff880`0929e4b4 : fffff880`0c9f2560 fffff880`0c9f25c8 fffff880`0c9f2560 fffff800`03283284 : nt!VfZwQueryValueKey+0x76
  84. fffff880`0c9f2460 fffff880`0929e351 : 00000000`00000010 fffff880`0929dec0 ffff0000`05b692b2 00000000`00010246 : SaiH0763+0x244b4
  85. fffff880`0c9f24e0 fffff880`092822a5 : fffffa80`0e9fd990 00000000`00000008 fffffa80`0e9fd6c0 fffffa80`00000000 : SaiH0763+0x24351
  86. fffff880`0c9f2520 fffff880`09281492 : 00000000`00000000 00000000`00000000 00000000`00000020 fffffa80`125e4230 : SaiH0763+0x82a5
  87. fffff880`0c9f25c0 fffff880`0927be7d : fffffa80`0fde1010 fffffa80`0cd69080 00000040`0c9f2774 00000000`000007ff : SaiH0763+0x7492
  88. fffff880`0c9f25f0 fffff880`0927baf6 : fffffa80`0fde1010 fffffa80`0e9fd6c0 fffffa80`0e9fd6c0 fffffa80`11c621d0 : SaiH0763+0x1e7d
  89. fffff880`0c9f2630 fffff880`0927a52e : fffffa80`0fde1010 00000000`00000000 fffffa80`11c621d0 fffffa80`11c621d0 : SaiH0763+0x1af6
  90. fffff880`0c9f2670 fffff800`03723c16 : fffffa80`0fde1010 00000000`00000002 fffffa80`0e9fd570 00000000`00000000 : SaiH0763+0x52e
  91. fffff880`0c9f26a0 fffff800`0357f417 : 00000000`00000025 fffff800`0357ee70 fffffa80`124b8010 fffffa80`11c621d0 : nt!IovCallDriver+0x566
  92. fffff880`0c9f2700 fffff800`03575a84 : fffffa80`119f9b40 00000000`00000000 fffffa80`125a9010 fffff880`01847501 : nt!IopParseDevice+0x5a7
  93. fffff880`0c9f2890 fffff800`0357aa5d : fffffa80`125a9010 fffff880`0c9f29f0 fffffa80`00000040 fffffa80`0cd69080 : nt!ObpLookupObjectName+0x585
  94. fffff880`0c9f2990 fffff800`03581527 : 00000000`000007ff 00000000`00000001 fffffa80`0fde1c01 00000000`00000180 : nt!ObOpenObjectByName+0x1cd
  95. fffff880`0c9f2a40 fffff800`0358b278 : 00000000`06bbe318 fffff8a0`c0100080 fffff8a0`036dc4e0 00000000`06bbe330 : nt!IopCreateFile+0x2b7
  96. fffff880`0c9f2ae0 fffff800`0327c953 : 00000000`00000000 00000000`00000000 fffffa80`746c6644 fffff880`0c9f2bf8 : nt!NtCreateFile+0x78
  97. fffff880`0c9f2b70 00000000`771a040a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  98. 00000000`06bbe2a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771a040a
  99.  
  100.  
  101. STACK_COMMAND: kb
  102.  
  103. FOLLOWUP_IP:
  104. SaiH0763+244b4
  105. fffff880`0929e4b4 488b4c2440 mov rcx,qword ptr [rsp+40h]
  106.  
  107. SYMBOL_STACK_INDEX: 8
  108.  
  109. SYMBOL_NAME: SaiH0763+244b4
  110.  
  111. FOLLOWUP_NAME: MachineOwner
  112.  
  113. MODULE_NAME: SaiH0763
  114.  
  115. IMAGE_NAME: SaiH0763.sys
  116.  
  117. DEBUG_FLR_IMAGE_TIMESTAMP: 46372812
  118.  
  119. FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_SaiH0763+244b4
  120.  
  121. BUCKET_ID: X64_0xc4_f6_VRF_SaiH0763+244b4
  122.  
  123. Followup: MachineOwner
  124. ---------
  125.  
  126. 2: kd> k
  127. Child-SP RetAddr Call Site
  128. fffff880`0c9f1e78 fffff800`037073dc nt!KeBugCheckEx
  129. fffff880`0c9f1e80 fffff800`0371cae4 nt!VerifierBugCheckIfAppropriate+0x3c
  130. fffff880`0c9f1ec0 fffff800`034d7fa0 nt!VfCheckUserHandle+0x1b4
  131. fffff880`0c9f1fa0 fffff800`03557245 nt! ?? ::NNGAKEGL::`string'+0x20a4e
  132. fffff880`0c9f2070 fffff800`0327c953 nt!NtQueryValueKey+0x115
  133. fffff880`0c9f2200 fffff800`03278ef0 nt!KiSystemServiceCopyEnd+0x13
  134. fffff880`0c9f2408 fffff800`0370bc86 nt!KiServiceLinkage
  135. fffff880`0c9f2410 fffff880`0929e4b4 nt!VfZwQueryValueKey+0x76
  136. fffff880`0c9f2460 fffff880`0929e351 SaiH0763+0x244b4
  137. fffff880`0c9f24e0 fffff880`092822a5 SaiH0763+0x24351
  138. fffff880`0c9f2520 fffff880`09281492 SaiH0763+0x82a5
  139. fffff880`0c9f25c0 fffff880`0927be7d SaiH0763+0x7492
  140. fffff880`0c9f25f0 fffff880`0927baf6 SaiH0763+0x1e7d
  141. fffff880`0c9f2630 fffff880`0927a52e SaiH0763+0x1af6
  142. fffff880`0c9f2670 fffff800`03723c16 SaiH0763+0x52e
  143. fffff880`0c9f26a0 fffff800`0357f417 nt!IovCallDriver+0x566
  144. fffff880`0c9f2700 fffff800`03575a84 nt!IopParseDevice+0x5a7
  145. fffff880`0c9f2890 fffff800`0357aa5d nt!ObpLookupObjectName+0x585
  146. fffff880`0c9f2990 fffff800`03581527 nt!ObOpenObjectByName+0x1cd
  147. fffff880`0c9f2a40 fffff800`0358b278 nt!IopCreateFile+0x2b7
  148. fffff880`0c9f2ae0 fffff800`0327c953 nt!NtCreateFile+0x78
  149. fffff880`0c9f2b70 00000000`771a040a nt!KiSystemServiceCopyEnd+0x13
  150. 00000000`06bbe2a8 00000000`00000000 0x771a040a
  151. 2: kd> !handle 538
  152.  
  153. PROCESS fffffa801269fb30
  154. SessionId: 1 Cid: 1178 Peb: 7efdf000 ParentCid: 0978
  155. DirBase: 393c8d000 ObjectTable: fffff8a00260de40 HandleCount: 333.
  156. Image: Steam.exe
  157.  
  158. Handle table at fffff8a0036db000 with 333 entries in use
  159.  
  160. 0538: Object: fffff8a0036fd1d0 GrantedAccess: 00020019 Entry: fffff8a0036dc4e0
  161. Object: fffff8a0036fd1d0 Type: (fffffa800cd79080) Key
  162. ObjectHeader: fffff8a0036fd1a0 (new version)
  163. HandleCount: 1 PointerCount: 1
  164. Directory Object: 00000000 Name: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0025
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!