Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
- Machine Name:
- Kernel base = 0xfffff800`4e403000 PsLoadedModuleList = 0xfffff800`4e702000
- Debug session time: Fri May 26 11:58:08.003 2017 (UTC - 4:00)
- System Uptime: 0 days 2:35:00.489
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff80bdc0ce25f, The address that the exception occurred at
- Arg3: ffffe600cefb1e58, Parameter 0 of the exception
- Arg4: ffffe600cefb1680, Parameter 1 of the exception
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- NTFS!NtfsAcquirePagingResourceExclusive+f
- fffff80b`dc0ce25f 488b4968 mov rcx,qword ptr [rcx+68h]
- EXCEPTION_PARAMETER1: ffffe600cefb1e58
- EXCEPTION_PARAMETER2: ffffe600cefb1680
- WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
- unable to get nt!MmSpecialPoolEnd
- unable to get nt!MmPagedPoolEnd
- unable to get nt!MmNonPagedPoolStart
- unable to get nt!MmSizeOfNonPagedPoolInBytes
- ffffe600cefb1680
- ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- BUGCHECK_STR: 0x1e_c0000005
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- EXCEPTION_RECORD: ffff948f6aed3180 -- (.exr 0xffff948f6aed3180)
- ExceptionAddress: fffff80bdc138df8 (NTFS!NtfsData+0x0000000000000018)
- ExceptionCode: 24f80701
- ExceptionFlags: 102b1001
- NumberParameters: 2130084
- Parameter[0]: ffffa88aa83359a0
- Parameter[1]: ffffa88aa83c5150
- Parameter[2]: ffff948f6a79dd60
- Parameter[3]: ffff948f6aed5bc0
- Parameter[4]: ffff948f6a7f4980
- Parameter[5]: ffff948f6a80e9d0
- Parameter[6]: ffff948f6a84d7d0
- Parameter[7]: ffff948f6a811930
- Parameter[8]: ffffa88aa8285b40
- Parameter[9]: ffffa88aa8546b40
- Parameter[10]: ffffa88aa83fd010
- Parameter[11]: ffffa88aa8446920
- Parameter[12]: 0000000000000000
- Parameter[13]: ffffa88aa83a3b40
- Parameter[14]: ffffa88aa841c640
- LAST_CONTROL_TRANSFER: from fffff8004e5d0f73 to fffff8004e5517c0
- CONTEXT: 39480007ff3b25ff -- (.cxr 0x39480007ff3b25ff)
- Unable to read context, Win32 error 0n30
- STACK_TEXT:
- ffffe600`cefb0e28 fffff800`4e5d0f73 : 00000000`0000001e ffffffff`c0000005 fffff80b`dc0ce25f ffffe600`cefb1e58 : nt!KeBugCheckEx
- ffffe600`cefb0e30 fffff800`4e561ce6 : ffffe600`cefb2340 fffff80b`dc207c4d ffffa88a`b15c4a01 ffffe600`cefb1000 : nt!KiFatalFilter+0x1f
- ffffe600`cefb0e70 fffff800`4e540dff : ffffe600`cefb1e58 ffffe600`cefb1680 fffff80b`dc1d404a ffffe600`cefb1680 : nt! ?? ::FNODOBFM::`string'+0x1056
- ffffe600`cefb0eb0 fffff800`4e557bbd : ffffe600`cefb3000 ffffe600`cefb1050 00000000`00000000 ffffe600`cefac000 : nt!_C_specific_handler+0x9f
- ffffe600`cefb0f20 fffff800`4e4ab671 : ffffe600`cefb3000 00000000`00000000 ffffe600`cefac000 00000000`00000000 : nt!RtlpExecuteHandlerForException+0xd
- ffffe600`cefb0f50 fffff800`4e4aa424 : ffffe600`cefb1680 ffffe600`cefb1b80 ffffe600`cefb1680 ffffe600`cefb1e58 : nt!RtlDispatchException+0x421
- ffffe600`cefb1650 fffff800`4e55ca02 : ffff948f`6aed3180 ffffe600`cefb1eb0 ffffa88a`b503d578 ffffa88a`b503d570 : nt!KiDispatchException+0x144
- ffffe600`cefb1d20 fffff800`4e55acbd : 00000000`00000000 fffff80b`dc191358 ffffa88a`00000000 ffffa88a`b503d6b0 : nt!KiExceptionDispatch+0xc2
- ffffe600`cefb1f00 fffff80b`dc0ce25f : fffff80b`dc1d404a ffff948f`7652cb98 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0xfd
- ffffe600`cefb2098 fffff80b`dc1d404a : ffff948f`7652cb98 00000000`00000000 00000000`00000000 ffffa88a`b503d61a : NTFS!NtfsAcquirePagingResourceExclusive+0xf
- ffffe600`cefb20a0 fffff80b`dc18388e : 00000000`00000000 00000000`00000000 00000000`00000000 ffff948f`6aed3180 : NTFS!NtfsFlushVolume+0x26e
- ffffe600`cefb2220 fffff80b`dc184339 : ffff948f`7652cb98 ffff948f`7682c010 ffffe600`cefb2401 fffff80b`dc184300 : NTFS!NtfsCommonFlushBuffers+0x6b6
- ffffe600`cefb2340 fffff800`4e49e2d5 : ffffe600`cefb23f0 ffffe600`cefb23f0 00000000`00000000 ffff948f`6a7e87e0 : NTFS!NtfsCommonFlushBuffersCallout+0x19
- ffffe600`cefb2370 fffff80b`dc1ccb2e : 00000000`00000000 ffff948f`7682c010 ffff948f`7652cb98 ffffe600`cefb2458 : nt!KeExpandKernelStackAndCalloutInternal+0x85
- ffffe600`cefb23c0 fffff80b`dc1cca7b : 00000000`00000000 ffff948f`7682c010 ffff948f`7682c001 ffff948f`6a7cd6a0 : NTFS!NtfsCommonFlushBuffersOnNewStack+0x52
- ffffe600`cefb2430 fffff80b`db955206 : ffff948f`76bec010 ffff948f`7682c010 ffff948f`7652cb98 ffffe600`cefb2458 : NTFS!NtfsFsdFlushBuffers+0xcb
- ffffe600`cefb24a0 fffff80b`db953146 : ffff948f`6a1e7a80 00000000`00000000 00000000`00000001 ffff948f`6a1aee40 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a6
- ffffe600`cefb2530 fffff800`4e81a180 : ffff948f`68800d80 ffffe600`cefb27a0 00000000`00000001 fffff800`4e7c7bf4 : FLTMGR!FltpDispatch+0xb6
- ffffe600`cefb2590 fffff800`4e8ab39f : ffff948f`00000001 00000000`00000004 ffff948f`724f1080 ffffe600`cefb27a0 : nt!IopSynchronousServiceTail+0x1a0
- ffffe600`cefb2650 fffff800`4e8ab1e6 : ffff948f`724f1080 fffff800`4e7c7bf4 ffff948f`6a7cd6a0 00000000`00000000 : nt!NtFlushBuffersFileEx+0x1b3
- ffffe600`cefb26e0 fffff800`4e55c493 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtFlushBuffersFile+0x16
- ffffe600`cefb2720 fffff800`4e554980 : fffff800`4e7c7d51 ffffe600`00000000 ffffe600`c91f2570 ffffe600`cefb29c0 : nt!KiSystemServiceCopyEnd+0x13
- ffffe600`cefb28b8 fffff800`4e7c7d51 : ffffe600`00000000 ffffe600`c91f2570 ffffe600`cefb29c0 fffff800`4e7c7bf4 : nt!KiServiceLinkage
- ffffe600`cefb28c0 fffff800`4e4b92d5 : 00000000`00000000 ffff948f`724f1080 ffffe600`c91f2570 00000000`000000a9 : nt!PopFlushVolumeWorker+0x15d
- ffffe600`cefb2b90 fffff800`4e556c86 : ffffe600`c8f40180 ffff948f`724f1080 fffff800`4e4b9294 00000000`00000000 : nt!PspSystemThreadStartup+0x41
- ffffe600`cefb2be0 00000000`00000000 : ffffe600`cefb3000 ffffe600`cefac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0x39480007ff3b25ff ; kb
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
- Machine Name:
- Kernel base = 0xfffff802`a1c05000 PsLoadedModuleList = 0xfffff802`a1f04000
- Debug session time: Fri May 26 15:29:18.210 2017 (UTC - 4:00)
- System Uptime: 0 days 3:30:35.352
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: fffffffffffff010, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff802a1df68b4, address which referenced memory
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- READ_ADDRESS: unable to get nt!MmSpecialPoolStart
- unable to get nt!MmSpecialPoolEnd
- unable to get nt!MmPagedPoolEnd
- unable to get nt!MmNonPagedPoolStart
- unable to get nt!MmSizeOfNonPagedPoolInBytes
- fffffffffffff010
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt!MiDecrementCombinedPte+20
- fffff802`a1df68b4 488b4810 mov rcx,qword ptr [rax+10h]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: LockApp.exe
- TRAP_FRAME: ffffbb00b75d90d0 -- (.trap 0xffffbb00b75d90d0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffffffffffff000 rbx=0000000000000000 rcx=0000000000000000
- rdx=ffffffffffffffff rsi=0000000000000000 rdi=0000000000000000
- rip=fffff802a1df68b4 rsp=ffffbb00b75d9260 rbp=ffffbb00b75d9390
- r8=00000000ffffffff r9=ffff8d0000000000 r10=0000000000000000
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt!MiDecrementCombinedPte+0x20:
- fffff802`a1df68b4 488b4810 mov rcx,qword ptr [rax+10h] ds:ffffffff`fffff010=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff802a1d5e929 to fffff802a1d537c0
- STACK_TEXT:
- ffffbb00`b75d8f88 fffff802`a1d5e929 : 00000000`0000000a ffffffff`fffff010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- ffffbb00`b75d8f90 fffff802`a1d5cf07 : ffffbb00`b1140180 00000000`00000000 ffffcc80`5a31e080 fffff802`a1c3df0f : nt!KiBugCheckDispatch+0x69
- ffffbb00`b75d90d0 fffff802`a1df68b4 : 00000000`00000000 00000000`000003ff ffff8900`00000000 00000000`00000000 : nt!KiPageFault+0x247
- ffffbb00`b75d9260 fffff802`a1c619cf : ffff8900`71871000 00000000`00000008 000000e3`0e227000 00000000`00000000 : nt!MiDecrementCombinedPte+0x20
- ffffbb00`b75d9290 fffff802`a1c49497 : ffffcc80`5a31e080 ffffbb00`b0d4e180 00000000`00000000 fffff802`a1c05000 : nt!MiDeleteVirtualAddresses+0xc1f
- ffffbb00`b75d9490 fffff802`a1c47c69 : 000000e3`0e2fffff 000000e3`0e2fffff 000000e3`0e200000 ffffcc80`5f6a20d0 : nt!MiDeleteVad+0x277
- ffffbb00`b75d95c0 fffff802`a201ee3d : 00000000`00000000 000000e3`0e200000 00000000`00000000 fffff802`00000000 : nt!MiFreeVadRange+0x4d
- ffffbb00`b75d9600 fffff802`a1d5e493 : ffffbb00`b75d9900 fffff802`a20326aa 00000000`00010002 ffffcc80`5a31e080 : nt!NtFreeVirtualMemory+0x2dd
- ffffbb00`b75d9720 fffff802`a1d56980 : fffff802`a2073484 ffffcc80`5a31e080 ffffbb00`b75d9900 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- ffffbb00`b75d98b8 fffff802`a2073484 : ffffcc80`5a31e080 ffffbb00`b75d9900 00000000`00000000 ffffcc80`5a31e080 : nt!KiServiceLinkage
- ffffbb00`b75d98c0 fffff802`a2089862 : 00000000`00000000 ffffcc80`5a31e080 00000000`00000000 ffffcc80`5e8a3400 : nt!PspExitThread+0x360
- ffffbb00`b75d9a00 fffff802`a2089760 : ffffcc80`5a31e080 00000000`00000000 ffffcc80`5a31e080 00000000`00000000 : nt!PspTerminateThreadByPointer+0x96
- ffffbb00`b75d9a40 fffff802`a1d5e493 : ffffcc80`5a31e080 ffffbb00`b75d9b00 00000000`00000010 ffffcc80`5f561c20 : nt!NtTerminateThread+0x44
- ffffbb00`b75d9a80 00007ffa`7cb16b34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 000000e3`0e2ff4f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffa`7cb16b34
- STACK_COMMAND: kb
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
- Machine Name:
- Kernel base = 0xfffff802`a5405000 PsLoadedModuleList = 0xfffff802`a5704000
- Debug session time: Fri May 26 18:41:29.355 2017 (UTC - 4:00)
- System Uptime: 0 days 0:33:04.499
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff802a582de81, Address of the instruction which caused the bugcheck
- Arg3: ffffde812200e560, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- nt!CmpDoParseKey+5c1
- fffff802`a582de81 41391e cmp dword ptr [r14],ebx
- CONTEXT: ffffde812200e560 -- (.cxr 0xffffde812200e560)
- rax=ffffb500ffadc000 rbx=00000000022a8067 rcx=0000000000000981
- rdx=000000000000032b rsi=ffff91093f436d20 rdi=0000000000000000
- rip=fffff802a582de81 rsp=ffffde812200ef70 rbp=ffffde812200f070
- r8=0000000000000000 r9=0000000000000000 r10=7fffb500ffae0cf8
- r11=7ffffffffffffffc r12=ffffde812200f2c0 r13=ffffb500ff8d4000
- r14=0000000003caf168 r15=ffffb500ffae0c08
- iopl=0 nv up ei pl nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
- nt!CmpDoParseKey+0x5c1:
- fffff802`a582de81 41391e cmp dword ptr [r14],ebx ds:002b:00000000`03caf168=????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: poqexec.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff802a5802592 to fffff802a582de81
- STACK_TEXT:
- ffffde81`2200ef70 fffff802`a5802592 : ffffde81`2200f484 ffffb501`1cb6a580 00000000`00000001 00000000`00000000 : nt!CmpDoParseKey+0x5c1
- ffffde81`2200f340 fffff802`a5829cb1 : fffff802`a5802290 ffffb500`fee33c01 ffffde81`2200f5e0 ffffb500`fee1b001 : nt!CmpParseKey+0x302
- ffffde81`2200f4e0 fffff802`a580b2dd : ffff9109`40b2eb01 ffffde81`2200f740 fffff802`00000040 ffff9109`390c7f20 : nt!ObpLookupObjectName+0xb71
- ffffde81`2200f6b0 fffff802`a580afbd : 00000000`00000001 0000007c`474fefa0 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1dd
- ffffde81`2200f7f0 fffff802`a5886eb9 : 00000000`0000000b 00000000`00000332 00000000`00000001 fffff802`a55c47c0 : nt!CmOpenKey+0x29d
- ffffde81`2200f9b0 fffff802`a555e493 : ffff9109`3ea717c0 ffffde81`2200fb00 0000007c`474fed48 ffffde81`2200fb00 : nt!NtOpenKeyTransactedEx+0xed
- ffffde81`2200fa10 00007ffd`9d6b8324 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 0000007c`474fed28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffd`9d6b8324
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffde812200e560 ; kb
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff802`56c0f000 PsLoadedModuleList = 0xfffff802`56f0e000
- Debug session time: Fri May 26 19:02:30.733 2017 (UTC - 4:00)
- System Uptime: 0 days 0:06:20.874
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff80256c83b77, Address of the instruction which caused the bugcheck
- Arg3: ffffc500a406ed40, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- nt!MiObtainReferencedSecureVad+87
- fffff802`56c83b77 498b7610 mov rsi,qword ptr [r14+10h]
- CONTEXT: ffffc500a406ed40 -- (.cxr 0xffffc500a406ed40)
- rax=00000000144d0c01 rbx=ffff8e06d33963a0 rcx=0000000000000011
- rdx=0000000000000000 rsi=fffff5414451a330 rdi=ffff8e06d3396080
- rip=fffff80256c83b77 rsp=ffffc500a406f750 rbp=ffff8e06ca94e780
- r8=0000000000000000 r9=0000000000000000 r10=fffff80257429c40
- r11=fffff80256c0f000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000001000 r15=ffffc500a406f7d0
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
- nt!MiObtainReferencedSecureVad+0x87:
- fffff802`56c83b77 498b7610 mov rsi,qword ptr [r14+10h] ds:002b:00000000`00001010=????????????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: GoogleUpdate.e
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff80257042aff to fffff80256c83b77
- STACK_TEXT:
- ffffc500`a406f750 fffff802`57042aff : 00000000`00001000 fffff541`40000f20 ffffc500`a406f8d0 fffff541`4451a330 : nt!MiObtainReferencedSecureVad+0x87
- ffffc500`a406f7a0 fffff51a`ec9c5f10 : fffff541`00000000 00000000`00001000 ffffc500`00000001 ffff8e06`00000000 : nt!MmUnsecureVirtualMemory+0x17
- ffffc500`a406f7d0 fffff51a`ec9c77dd : 00000000`00000000 fffff541`4451a330 fffff541`00000000 00000000`00000000 : win32kbase!SURFACE::bDeleteSurface+0x520
- ffffc500`a406f990 fffff51a`ec6292e3 : fffff541`42820600 00000000`00000000 00000000`00000001 fffff802`56c7ea8b : win32kbase!bDeleteSurface+0x2d
- ffffc500`a406f9c0 fffff51a`ec629169 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff51a`ec9f6d8f : win32kfull!CleanupCursorObject+0x5f
- ffffc500`a406f9f0 fffff51a`ec6293ac : 00000000`012c00a7 ffffc500`00000001 00000000`00000001 fffff541`44644c20 : win32kfull!DestroyCursor+0xf9
- ffffc500`a406fa50 fffff802`56d68893 : ffff8e06`d3396080 00000000`04bf2660 00000000`00000000 00000000`00a6e1d8 : win32kfull!NtUserDestroyCursor+0x5c
- ffffc500`a406fa80 00000000`54e1222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`00a6eb88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x54e1222c
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: ONE_BYTE
- STACK_COMMAND: .cxr 0xffffc500a406ed40 ; kb
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BYTE
- BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BYTE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff800`10e1d000 PsLoadedModuleList = 0xfffff800`1111c000
- Debug session time: Sat May 27 03:45:15.127 2017 (UTC - 4:00)
- System Uptime: 0 days 2:52:08.268
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffbb812cf51550, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffbb812cf514a8, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x139
- PROCESS_NAME: MsMpEng.exe
- CURRENT_IRQL: 1
- LAST_CONTROL_TRANSFER: from fffff80010f76d29 to fffff80010f6bc00
- STACK_TEXT:
- ffffbb81`2cf51228 fffff800`10f76d29 : 00000000`00000139 00000000`00000003 ffffbb81`2cf51550 ffffbb81`2cf514a8 : nt!KeBugCheckEx
- ffffbb81`2cf51230 fffff800`10f77090 : 00000000`00000000 ffffbb81`2cf513e9 ffff9302`95580001 ffff9302`95550780 : nt!KiBugCheckDispatch+0x69
- ffffbb81`2cf51370 fffff800`10f76073 : 00000004`00000008 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffbb81`2cf51550 fffff800`11067801 : ffff9302`8d23c140 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3
- ffffbb81`2cf516e0 fffff800`1106586d : ffffdf87`10060470 ffff9302`8d23c140 ffff9302`8d23c140 00000000`00000000 : nt!ExFreePool+0xce1
- ffffbb81`2cf51760 fffff800`11225300 : ffffdf87`10f8e980 00000000`00000001 00000000`00000000 fffff800`00000069 : nt!ExFreePoolWithTag+0x86d
- ffffbb81`2cf51840 fffff800`10e8fba6 : 00000000`00000000 00000000`00000000 ffffdf87`10f8e9a0 ffffdf87`10f8e9d0 : nt!ObpRemoveObjectRoutine+0x80
- ffffbb81`2cf518a0 fffff800`1124054b : 00000000`00000000 00000000`00000000 ffffdf87`10f8e9a0 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0xc6
- ffffbb81`2cf518e0 fffff800`1128a7cb : 00000017`748fba18 00000000`00000002 00000017`748fba90 fffff800`11231475 : nt!ObCloseHandleTableEntry+0x28b
- ffffbb81`2cf51a20 fffff800`10f76893 : ffff9302`955817c0 00000000`00000002 00000000`00000000 00000000`00000002 : nt!NtClose+0xcb
- ffffbb81`2cf51a80 00007ffa`9ef762b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000017`748fba08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffa`9ef762b4
- STACK_COMMAND: kb
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff802`dd603000 PsLoadedModuleList = 0xfffff802`dd902000
- Debug session time: Sat May 27 08:20:57.499 2017 (UTC - 4:00)
- System Uptime: 0 days 4:14:28.639
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Some common problems are exception code 0x80000003. This means a hard
- coded breakpoint or assertion was hit, but this system was booted
- /NODEBUG. This is not supposed to happen as developers should never have
- hardcoded breakpoints in retail code, but ...
- If this happens, make sure a debugger gets connected, and the
- system is booted /DEBUG. This will let us see why this breakpoint is
- happening.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff802dd7f45e8, The address that the exception occurred at
- Arg3: ffff8981c60592e8, Exception Record Address
- Arg4: ffff8981c6058b10, Context Record Address
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- nt!MiDemoteCombinedPte+40
- fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax
- EXCEPTION_RECORD: ffff8981c60592e8 -- (.exr 0xffff8981c60592e8)
- ExceptionAddress: fffff802dd7f45e8 (nt!MiDemoteCombinedPte+0x0000000000000040)
- ExceptionCode: c0000005 (Access violation)
- ExceptionFlags: 00000000
- NumberParameters: 2
- Parameter[0]: 0000000000000000
- Parameter[1]: ffffffffffffffff
- Attempt to read from address ffffffffffffffff
- CONTEXT: ffff8981c6058b10 -- (.cxr 0xffff8981c6058b10)
- rax=0000000000000001 rbx=0001510f00002084 rcx=ffff9e0fc72fac80
- rdx=ffffd30000665798 rsi=ffffaf8010d0c0f0 rdi=ffffd30000665798
- rip=fffff802dd7f45e8 rsp=ffff8981c6059520 rbp=ffffeb732d000060
- r8=8000000000000000 r9=0000007ffffffff8 r10=0000000fffffffff
- r11=0000ffffffffffff r12=7fffffffffffffd0 r13=ffff9e0fc72fac80
- r14=ffff9e0fc72fac80 r15=ffffd30000665798
- iopl=0 nv up ei ng nz na po nc
- cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010286
- nt!MiDemoteCombinedPte+0x40:
- fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax ds:002b:7fffffff`fffffff0=????????????????
- Resetting default scope
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: linpack_xeon64
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- EXCEPTION_PARAMETER1: 0000000000000000
- EXCEPTION_PARAMETER2: ffffffffffffffff
- READ_ADDRESS: unable to get nt!MmSpecialPoolStart
- unable to get nt!MmSpecialPoolEnd
- unable to get nt!MmPagedPoolEnd
- unable to get nt!MmNonPagedPoolStart
- unable to get nt!MmSizeOfNonPagedPoolInBytes
- ffffffffffffffff
- FOLLOWUP_IP:
- nt!MiDemoteCombinedPte+40
- fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax
- BUGCHECK_STR: AV
- EXCEPTION_STR: 0x0
- LAST_CONTROL_TRANSFER: from fffff802dd7a2540 to fffff802dd7f45e8
- STACK_TEXT:
- ffff8981`c6059520 fffff802`dd7a2540 : ffffea80`03619830 00000000`00000001 ffffaf80`10840eb0 0001510f`00002084 : nt!MiDemoteCombinedPte+0x40
- ffff8981`c6059600 fffff802`dd6a78be : 00000000`001cad34 00000000`00000000 00000000`00000000 ffff9e0f`c72fac80 : nt! ?? ::FNODOBFM::`string'+0x414b0
- ffff8981`c6059740 fffff802`dd6a6e9e : ffff8981`00000000 ffff8981`c6059a00 00000000`00000000 00000000`00000000 : nt!MiTrimOrAgeWorkingSet+0x5ae
- ffff8981`c6059810 fffff802`dd68efab : fffff802`dd921040 00000000`00000001 fffff802`dd921040 ffff9e0f`be41a2a0 : nt!MiProcessWorkingSets+0x1ee
- ffff8981`c60599e0 fffff802`dd732709 : 00000000`00000002 00000000`00000007 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa7
- ffff8981`c6059aa0 fffff802`dd6b9695 : ffff9e0f`be4c7040 00000000`00000080 fffff802`dd7324bc cccccccc`cccccccc : nt!KeBalanceSetManager+0x24d
- ffff8981`c6059b90 fffff802`dd7570c6 : ffff8981`c5e40180 ffff9e0f`be4c7040 fffff802`dd6b9654 cccccccc`ffffff14 : nt!PspSystemThreadStartup+0x41
- ffff8981`c6059be0 00000000`00000000 : ffff8981`c605a000 ffff8981`c6053000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffff8981c6058b10 ; kb
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff803`b2a0a000 PsLoadedModuleList = 0xfffff803`b2d09000
- Debug session time: Sat May 27 15:39:54.544 2017 (UTC - 4:00)
- System Uptime: 0 days 7:17:54.694
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff80dfe354b4d, The address that the exception occurred at
- Arg3: 0000000000000000, Parameter 0 of the exception
- Arg4: ffffffffffffffff, Parameter 1 of the exception
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- NTFS!NtfsFcbTableCompare+d
- fffff80d`fe354b4d 498b08 mov rcx,qword ptr [r8]
- EXCEPTION_PARAMETER1: 0000000000000000
- EXCEPTION_PARAMETER2: ffffffffffffffff
- READ_ADDRESS: unable to get nt!MmSpecialPoolStart
- unable to get nt!MmSpecialPoolEnd
- unable to get nt!MmPagedPoolEnd
- unable to get nt!MmNonPagedPoolStart
- unable to get nt!MmSizeOfNonPagedPoolInBytes
- ffffffffffffffff
- ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- BUGCHECK_STR: 0x1e_c0000005
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: TiWorker.exe
- CURRENT_IRQL: 1
- LAST_CONTROL_TRANSFER: from fffff803b2b8d76c to fffff803b2b58c00
- CONTEXT: 49c1234dd12349c1 -- (.cxr 0x49c1234dd12349c1)
- Unable to read context, Win32 error 0n30
- STACK_TEXT:
- ffffdb80`af57af58 fffff803`b2b8d76c : 00000000`0000001e ffffffff`c0000005 fffff80d`fe354b4d 00000000`00000000 : nt!KeBugCheckEx
- ffffdb80`af57af60 fffff803`b2b63e02 : ffffc886`00000000 fffff803`00000000 00000000`00000002 ffffa00c`7b490860 : nt! ?? ::FNODOBFM::`string'+0x256dc
- ffffdb80`af57b630 fffff803`b2b620bd : 00000000`00001000 00000000`00000001 ffffa00c`828c3080 00000000`0000001c : nt!KiExceptionDispatch+0xc2
- ffffdb80`af57b810 fffff80d`fe354b4d : fffff803`b2aa9acd ffffc886`18d85250 fffff803`b2a7a4da 00000000`00000000 : nt!KiGeneralProtectionFault+0xfd
- ffffdb80`af57b9a8 fffff803`b2aa9acd : ffffc886`18d85250 fffff803`b2a7a4da 00000000`00000000 fffff80d`fe330c38 : NTFS!NtfsFcbTableCompare+0xd
- ffffdb80`af57b9b0 fffff80d`fe305c1c : ffffa00c`7b480180 00000000`00000000 ffffdb80`af57bb5c 00000000`00000000 : nt!RtlLookupElementGenericTableFullAvl+0x3d
- ffffdb80`af57b9e0 fffff80d`fe32f2ac : ffffa00c`8995c018 ffffa00c`7b480180 00000000`00000000 00010000`0001ae57 : NTFS!NtfsCreateFcb+0x8c
- ffffdb80`af57bad0 fffff80d`fe349311 : ffff8904`411030e0 00000000`00000012 ffffc886`18d85240 ffffdb80`af57bdf0 : NTFS!NtfsOpenFile+0x21c
- ffffdb80`af57bd10 fffff80d`fe347fbd : ffffa00c`8995c018 ffffa00c`899da510 ffffdb80`ad2e8170 00000000`00000000 : NTFS!NtfsCommonCreate+0x1071
- ffffdb80`af57bf50 fffff803`b2b5ba97 : ffffdb80`ad2e8100 00000000`0009e648 00000000`0031a000 00000000`0019ff14 : NTFS!NtfsCommonCreateCallout+0x1d
- ffffdb80`af57bf80 fffff803`b2b5ba5d : 00000000`00006000 ffffdb80`af57c000 ffffa00c`828c3080 fffff803`b2aa5a04 : nt!KxSwitchKernelStackCallout+0x27
- ffffdb80`ad2e7f40 fffff803`b2aa5a04 : ffffc886`00000012 00000000`00006000 ffffa00c`828c3080 00000000`00000007 : nt!KiSwitchKernelStackContinue
- ffffdb80`ad2e7f60 fffff803`b2aa5776 : ffffdb80`ad2e2000 00000000`00006000 00000000`00000000 ffffdb80`ad2e7fe0 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x134
- ffffdb80`ad2e7fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6
- FOLLOWUP_IP:
- NTFS!NtfsFcbTableCompare+d
- fffff80d`fe354b4d 498b08 mov rcx,qword ptr [r8]
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: NTFS!NtfsFcbTableCompare+d
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NTFS
- IMAGE_NAME: NTFS.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 59028054
- STACK_COMMAND: .cxr 0x49c1234dd12349c1 ; kb
- FAILURE_BUCKET_ID: X64_0x1e_c0000005_NTFS!NtfsFcbTableCompare+d
- BUCKET_ID: X64_0x1e_c0000005_NTFS!NtfsFcbTableCompare+d
- Followup: MachineOwner
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff800`b7405000 PsLoadedModuleList = 0xfffff800`b7704000
- Debug session time: Sat May 27 18:51:06.312 2017 (UTC - 4:00)
- System Uptime: 0 days 3:10:35.454
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- BAD_POOL_HEADER (19)
- The pool is already corrupt at the time of the current request.
- This may or may not be due to the caller.
- The internal pool links must be walked to figure out a possible cause of
- the problem, and then special pool applied to the suspect tags or the driver
- verifier to a suspect driver.
- Arguments:
- Arg1: 0000000000000003, the pool freelist is corrupt.
- Arg2: ffffbc16c48e7a00, the pool entry being checked.
- Arg3: ffffbc16c48ed300, the read back flink freelist value (should be the same as 2).
- Arg4: ffffbc16c48e7a00, the read back blink freelist value (should be the same as 2).
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- BUGCHECK_STR: 0x19_3
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: BlueScreenView
- CURRENT_IRQL: 1
- LAST_CONTROL_TRANSFER: from fffff800b764f6e4 to fffff800b7553c00
- STACK_TEXT:
- ffffe780`0bceb6a8 fffff800`b764f6e4 : 00000000`00000019 00000000`00000003 ffffbc16`c48e7a00 ffffbc16`c48ed300 : nt!KeBugCheckEx
- ffffe780`0bceb6b0 fffff800`b7416849 : ffff920d`00000029 00000000`00001000 00000000`00000029 ffff920d`671b9a00 : nt!ExFreePool+0xbc4
- ffffe780`0bceb7a0 ffffbc59`c76a1b71 : 00000000`00000000 00000000`059bf590 00000000`69747355 fffff800`00000000 : nt!ExAllocatePoolWithQuotaTag+0x69
- ffffe780`0bceb830 ffffbc59`c6841f18 : 00000000`69747355 ffff920d`61743850 00000000`00000029 ffff920d`671b97c0 : win32kfull!Win32AllocPoolWithQuotaImpl+0x31
- ffffe780`0bceb900 ffffbc59`c76af7c9 : ffff920d`669ce590 00000000`00000018 ffffe780`0bceba30 ffffe780`00000000 : win32kbase!Win32AllocPoolWithQuota+0x28
- ffffe780`0bceb930 ffffbc59`c76af6fd : ffffe780`0bceba30 ffff920d`671b97c0 00000000`00000000 00000000`00000000 : win32kfull!AllocateW32Thread+0x51
- ffffe780`0bceb960 ffffbc59`c683a4c7 : ffffe780`0bceba30 fffff800`b76fe260 fffff800`b76fe260 00000000`00000000 : win32kfull!W32pThreadCallout+0x1d
- ffffe780`0bceb990 fffff800`b783cd87 : ffffe780`0bceba30 fffff800`b76fe260 00000000`00000000 00000000`00000000 : win32kbase!W32CalloutDispatch+0x147
- ffffe780`0bceb9d0 fffff800`b77ee74f : ffff920d`671b97c0 ffffe780`0bcebb00 00000000`00000001 fffff800`b74a87cc : nt!ExCallCallBack+0x37
- ffffe780`0bceba00 fffff800`b7556da9 : 00000000`00000000 ffff920d`671b97c0 00000000`00000000 00000000`00000000 : nt!PsConvertToGuiThread+0xcf
- ffffe780`0bceba50 fffff800`b755ebaa : ffff920d`00000045 00000000`0000104e 00000000`00000000 00000000`067eff68 : nt!KiConvertToGuiThread+0x9
- ffffe780`0bceba80 00007ff8`573b18e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x113
- 00000000`067efc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff8`573b18e4
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- nt!ExFreePool+bc4
- fffff800`b764f6e4 cc int 3
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!ExFreePool+bc4
- FOLLOWUP_NAME: Pool_corruption
- IMAGE_NAME: Pool_Corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MODULE_NAME: Pool_Corruption
- FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+bc4
- BUCKET_ID: X64_0x19_3_nt!ExFreePool+bc4
- Followup: Pool_corruption
- ---------
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 14393 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff802`6e290000 PsLoadedModuleList = 0xfffff802`6e58f000
- Debug session time: Sat May 27 19:04:26.646 2017 (UTC - 4:00)
- System Uptime: 0 days 0:12:48.789
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff8026e4784bb, Address of the instruction which caused the bugcheck
- Arg3: ffffc58174ee9ca0, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- OVERLAPPED_MODULE: Address regions for 'ibtusb' and 'dump_storpor' overlap
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
- FAULTING_IP:
- nt!MiCaptureProtectionFromProto+f
- fffff802`6e4784bb 488b01 mov rax,qword ptr [rcx]
- CONTEXT: ffffc58174ee9ca0 -- (.cxr 0xffffc58174ee9ca0)
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=0000000000000000 rsi=fffff33ffbb95288 rdi=ffff8c036ebf6b00
- rip=fffff8026e4784bb rsp=ffffc58174eea6b0 rbp=ffff8c0366c718c0
- r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
- r11=000000000000f500 r12=00007ff772a51000 r13=ffff8c036ebf6b00
- r14=0000000000000000 r15=ffff8c0366c718c0
- iopl=0 nv up ei ng nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
- nt!MiCaptureProtectionFromProto+0xf:
- fffff802`6e4784bb 488b01 mov rax,qword ptr [rcx] ds:002b:00000000`00000000=0000000000000000
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: WerFault.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff8026e31b98f to fffff8026e4784bb
- STACK_TEXT:
- ffffc581`74eea6b0 fffff802`6e31b98f : 00000000`00000000 fffff33f`fbb95288 ffff8c03`66c718c0 00000000`00000001 : nt!MiCaptureProtectionFromProto+0xf
- ffffc581`74eea6e0 fffff802`6e2e8bf8 : fffff33f`fbb95410 fffff33f`faf20300 00000000`0000f500 00000000`00004008 : nt!MiGetPageProtection+0x34f
- ffffc581`74eea730 fffff802`6e2e87c3 : 00000000`00000000 ffffc581`74eea900 00000000`00000000 ffff8c03`65f7b030 : nt!MiQueryAddressState+0x258
- ffffc581`74eea7c0 fffff802`6e6ae48b : 00000000`00000008 00000007`ff772a50 00007ff7`72a51000 ffff8c03`6ebf6600 : nt!MiQueryAddressSpan+0x153
- ffffc581`74eea860 fffff802`6e6adf39 : ffff1465`b1a23e4c ffff8c03`681c4660 00000000`1c000000 000000a8`be1bd7b0 : nt!MmQueryVirtualMemory+0x54b
- ffffc581`74eea9c0 fffff802`6e3e9893 : 00000000`fc0019ff ffffffff`ffffffff 00000000`00000000 00000000`fc0019ff : nt!NtQueryVirtualMemory+0x25
- ffffc581`74eeaa10 00007ff9`347c6534 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 000000a8`be1bd4f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff9`347c6534
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffc58174ee9ca0 ; kb
- FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
- Followup: memory_corruption
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement