Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Summary Dump File: Only kernel address space is available
- Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
- Executable search path is:
- Windows 7 Kernel Version 7600 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 7600.16792.amd64fre.win7_gdr.110408-1633
- Machine Name:
- Kernel base = 0xfffff800`0320d000 PsLoadedModuleList = 0xfffff800`0344ae50
- Debug session time: Tue Jan 27 01:59:39.310 2015 (UTC + 3:00)
- System Uptime: 0 days 0:00:26.200
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ...................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- ....
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck C4, {f6, 538, fffffa801269fb30, fffff8800929e4b4}
- *** ERROR: Module load completed but symbols could not be loaded for SaiH0763.sys
- Probably caused by : SaiH0763.sys ( SaiH0763+244b4 )
- Followup: MachineOwner
- ---------
- 2: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
- A device driver attempting to corrupt the system has been caught. This is
- because the driver was specified in the registry as being suspect (by the
- administrator) and the kernel has enabled substantial checking of this driver.
- If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
- be among the most commonly seen crashes.
- Arguments:
- Arg1: 00000000000000f6, Referencing user handle as KernelMode.
- Arg2: 0000000000000538, Handle value being referenced.
- Arg3: fffffa801269fb30, Address of the current process.
- Arg4: fffff8800929e4b4, Address inside the driver that is performing the incorrect reference.
- Debugging Details:
- ------------------
- BUGCHECK_STR: 0xc4_f6
- DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
- PROCESS_NAME: Steam.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff800037073dc to fffff8000327d700
- STACK_TEXT:
- fffff880`0c9f1e78 fffff800`037073dc : 00000000`000000c4 00000000`000000f6 00000000`00000538 fffffa80`1269fb30 : nt!KeBugCheckEx
- fffff880`0c9f1e80 fffff800`0371cae4 : 00000000`00000538 fffffa80`1269fb30 00000000`00000004 00000000`00000007 : nt!VerifierBugCheckIfAppropriate+0x3c
- fffff880`0c9f1ec0 fffff800`034d7fa0 : ffffffff`ffffffff fffff880`0c9f2110 fffff880`0c9f2200 fffff880`0c9f2498 : nt!VfCheckUserHandle+0x1b4
- fffff880`0c9f1fa0 fffff800`03557245 : 00000014`00000000 fffff6fc`00000001 fffffa80`0cd79080 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x20a4e
- fffff880`0c9f2070 fffff800`0327c953 : fffffa80`0f2af060 fffff880`0c9f2428 fffff880`00000002 fffff880`0c9f24b0 : nt!NtQueryValueKey+0x115
- fffff880`0c9f2200 fffff800`03278ef0 : fffff800`0370bc86 fffff880`0929e4b4 fffff880`0c9f2498 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- fffff880`0c9f2408 fffff800`0370bc86 : fffff880`0929e4b4 fffff880`0c9f2498 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
- fffff880`0c9f2410 fffff880`0929e4b4 : fffff880`0c9f2560 fffff880`0c9f25c8 fffff880`0c9f2560 fffff800`03283284 : nt!VfZwQueryValueKey+0x76
- fffff880`0c9f2460 fffff880`0929e351 : 00000000`00000010 fffff880`0929dec0 ffff0000`05b692b2 00000000`00010246 : SaiH0763+0x244b4
- fffff880`0c9f24e0 fffff880`092822a5 : fffffa80`0e9fd990 00000000`00000008 fffffa80`0e9fd6c0 fffffa80`00000000 : SaiH0763+0x24351
- fffff880`0c9f2520 fffff880`09281492 : 00000000`00000000 00000000`00000000 00000000`00000020 fffffa80`125e4230 : SaiH0763+0x82a5
- fffff880`0c9f25c0 fffff880`0927be7d : fffffa80`0fde1010 fffffa80`0cd69080 00000040`0c9f2774 00000000`000007ff : SaiH0763+0x7492
- fffff880`0c9f25f0 fffff880`0927baf6 : fffffa80`0fde1010 fffffa80`0e9fd6c0 fffffa80`0e9fd6c0 fffffa80`11c621d0 : SaiH0763+0x1e7d
- fffff880`0c9f2630 fffff880`0927a52e : fffffa80`0fde1010 00000000`00000000 fffffa80`11c621d0 fffffa80`11c621d0 : SaiH0763+0x1af6
- fffff880`0c9f2670 fffff800`03723c16 : fffffa80`0fde1010 00000000`00000002 fffffa80`0e9fd570 00000000`00000000 : SaiH0763+0x52e
- fffff880`0c9f26a0 fffff800`0357f417 : 00000000`00000025 fffff800`0357ee70 fffffa80`124b8010 fffffa80`11c621d0 : nt!IovCallDriver+0x566
- fffff880`0c9f2700 fffff800`03575a84 : fffffa80`119f9b40 00000000`00000000 fffffa80`125a9010 fffff880`01847501 : nt!IopParseDevice+0x5a7
- fffff880`0c9f2890 fffff800`0357aa5d : fffffa80`125a9010 fffff880`0c9f29f0 fffffa80`00000040 fffffa80`0cd69080 : nt!ObpLookupObjectName+0x585
- fffff880`0c9f2990 fffff800`03581527 : 00000000`000007ff 00000000`00000001 fffffa80`0fde1c01 00000000`00000180 : nt!ObOpenObjectByName+0x1cd
- fffff880`0c9f2a40 fffff800`0358b278 : 00000000`06bbe318 fffff8a0`c0100080 fffff8a0`036dc4e0 00000000`06bbe330 : nt!IopCreateFile+0x2b7
- fffff880`0c9f2ae0 fffff800`0327c953 : 00000000`00000000 00000000`00000000 fffffa80`746c6644 fffff880`0c9f2bf8 : nt!NtCreateFile+0x78
- fffff880`0c9f2b70 00000000`771a040a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`06bbe2a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771a040a
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- SaiH0763+244b4
- fffff880`0929e4b4 488b4c2440 mov rcx,qword ptr [rsp+40h]
- SYMBOL_STACK_INDEX: 8
- SYMBOL_NAME: SaiH0763+244b4
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: SaiH0763
- IMAGE_NAME: SaiH0763.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 46372812
- FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_SaiH0763+244b4
- BUCKET_ID: X64_0xc4_f6_VRF_SaiH0763+244b4
- Followup: MachineOwner
- ---------
- 2: kd> k
- Child-SP RetAddr Call Site
- fffff880`0c9f1e78 fffff800`037073dc nt!KeBugCheckEx
- fffff880`0c9f1e80 fffff800`0371cae4 nt!VerifierBugCheckIfAppropriate+0x3c
- fffff880`0c9f1ec0 fffff800`034d7fa0 nt!VfCheckUserHandle+0x1b4
- fffff880`0c9f1fa0 fffff800`03557245 nt! ?? ::NNGAKEGL::`string'+0x20a4e
- fffff880`0c9f2070 fffff800`0327c953 nt!NtQueryValueKey+0x115
- fffff880`0c9f2200 fffff800`03278ef0 nt!KiSystemServiceCopyEnd+0x13
- fffff880`0c9f2408 fffff800`0370bc86 nt!KiServiceLinkage
- fffff880`0c9f2410 fffff880`0929e4b4 nt!VfZwQueryValueKey+0x76
- fffff880`0c9f2460 fffff880`0929e351 SaiH0763+0x244b4
- fffff880`0c9f24e0 fffff880`092822a5 SaiH0763+0x24351
- fffff880`0c9f2520 fffff880`09281492 SaiH0763+0x82a5
- fffff880`0c9f25c0 fffff880`0927be7d SaiH0763+0x7492
- fffff880`0c9f25f0 fffff880`0927baf6 SaiH0763+0x1e7d
- fffff880`0c9f2630 fffff880`0927a52e SaiH0763+0x1af6
- fffff880`0c9f2670 fffff800`03723c16 SaiH0763+0x52e
- fffff880`0c9f26a0 fffff800`0357f417 nt!IovCallDriver+0x566
- fffff880`0c9f2700 fffff800`03575a84 nt!IopParseDevice+0x5a7
- fffff880`0c9f2890 fffff800`0357aa5d nt!ObpLookupObjectName+0x585
- fffff880`0c9f2990 fffff800`03581527 nt!ObOpenObjectByName+0x1cd
- fffff880`0c9f2a40 fffff800`0358b278 nt!IopCreateFile+0x2b7
- fffff880`0c9f2ae0 fffff800`0327c953 nt!NtCreateFile+0x78
- fffff880`0c9f2b70 00000000`771a040a nt!KiSystemServiceCopyEnd+0x13
- 00000000`06bbe2a8 00000000`00000000 0x771a040a
- 2: kd> !handle 538
- PROCESS fffffa801269fb30
- SessionId: 1 Cid: 1178 Peb: 7efdf000 ParentCid: 0978
- DirBase: 393c8d000 ObjectTable: fffff8a00260de40 HandleCount: 333.
- Image: Steam.exe
- Handle table at fffff8a0036db000 with 333 entries in use
- 0538: Object: fffff8a0036fd1d0 GrantedAccess: 00020019 Entry: fffff8a0036dc4e0
- Object: fffff8a0036fd1d0 Type: (fffffa800cd79080) Key
- ObjectHeader: fffff8a0036fd1a0 (new version)
- HandleCount: 1 PointerCount: 1
- Directory Object: 00000000 Name: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0025
Add Comment
Please, Sign In to add comment