Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 04 minutes and 27 seconds
- ================================ SYSTEM ================================
- MANUFACTURER: Micro-Star International Co., Ltd.
- PRODUCT_NAME: MS-7B84
- VERSION: 1.0
- ================================= BIOS =================================
- VENDOR: American Megatrends Inc.
- VERSION: 2.D0
- DATE: 12/03/2019
- VERSION: 2.A0
- DATE: 09/02/2019
- ============================= MOTHERBOARD ==============================
- MANUFACTURER: Micro-Star International Co., Ltd.
- PRODUCT: B450M PRO-M2 (MS-7B84)
- VERSION: 1.0
- ================================= RAM ==================================
- Size Speed Manufacturer Part No.
- -------------- -------------- ------------------- ----------------------
- 8192MB 2400MHz Kingston KHX2400C15/8G
- 8192MB 2400MHz Kingston KHX2400C15/8G
- ================================= CPU ==================================
- Processor Version: AMD Ryzen 5 2600 Six-Core Processor
- COUNT: c
- MHZ: 3400
- VENDOR: AuthenticAMD
- FAMILY: 17
- MODEL: 8
- STEPPING: 2
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 19041.1.amd64fre.vb_release.191206-1406
- BUILD_VERSION: 10.0.19041.264 (WinBuild.160101.0800)
- BUILD: 19041
- SERVICEPACK: 264
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.19041.264
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * If the user updates the BIOS between dump files, two or more versions
- and dates may be shown above.
- * More RAM information can be found below in a full BIOS section.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ====================== File: 060320-12562-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (12 procs) Free x64
- Kernel base = 0xfffff800`0a617000 PsLoadedModuleList = 0xfffff800`0b241250
- Debug session time: Wed Jun 3 06:14:43.180 2020 (UTC - 4:00)
- System Uptime: 0 days 13:33:52.723
- BugCheck 139, {3, ffff8e89e2a377d0, ffff8e89e2a37728, 0}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffff8e89e2a377d0, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffff8e89e2a37728, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- TRAP_FRAME: ffff8e89e2a377d0 -- (.trap 0xffff8e89e2a377d0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff8000947f148 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffad0dab1531a0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8000aa2b01b rsp=ffff8e89e2a37960 rbp=00000000000000a4
- r8=0000000000000001 r9=ffff8e89e2a37a58 r10=fffff8000947bac0
- r11=00000071b2923466 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po cy
- nt!KiRemoveEntryTimer+0x1dc7eb:
- fffff800`0aa2b01b cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffff8e89e2a37728 -- (.exr 0xffff8e89e2a37728)
- ExceptionAddress: fffff8000aa2b01b (nt!KiRemoveEntryTimer+0x00000000001dc7eb)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x139
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- LAST_CONTROL_TRANSFER: from fffff8000aa06929 to fffff8000a9f4a20
- STACK_TEXT:
- ffff8e89`e2a374a8 fffff800`0aa06929 : 00000000`00000139 00000000`00000003 ffff8e89`e2a377d0 ffff8e89`e2a37728 : nt!KeBugCheckEx
- ffff8e89`e2a374b0 fffff800`0aa06d50 : ffff37d4`f29f5dac fffff800`0a8fe5a7 00000003`86368533 00000071`b292343c : nt!KiBugCheckDispatch+0x69
- ffff8e89`e2a375f0 fffff800`0aa050e3 : 00000000`00000000 ffffad0d`a3245b40 00000000`00000001 00000000`00989680 : nt!KiFastFailDispatch+0xd0
- ffff8e89`e2a377d0 fffff800`0aa2b01b : ffffad0d`a795b010 00000071`b292365e ffffffff`00000001 ffffad0d`a795b1f8 : nt!KiRaiseSecurityCheckFailure+0x323
- ffff8e89`e2a37960 fffff800`0a850eca : 00000000`00000000 00000000`00000000 00000000`00140001 ffff8e89`e2a37a58 : nt!KiRemoveEntryTimer+0x1dc7eb
- ffff8e89`e2a379d0 fffff800`0a9f858e : ffffffff`00000000 ffffbd00`75d2b180 ffffbd00`75d36340 ffffad0d`af2a0080 : nt!KiRetireDpcList+0x73a
- ffff8e89`e2a37c60 00000000`00000000 : ffff8e89`e2a38000 ffff8e89`e2a32000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8000a82577d-fffff8000a82577e 2 bytes - nt!MiLockPageTablePage+5d
- [ 80 fa:00 f0 ]
- fffff8000a99bf1f-fffff8000a99bf21 3 bytes - nt!MiFreeUltraMapping+33 (+0x1767a2)
- [ 7d fb f6:62 c5 8a ]
- 5 errors : !nt (fffff8000a82577d-fffff8000a99bf21)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-06-03T10:14:43.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Oct 18 2018 - AMDRyzenMasterDriver.sys - AMD Ryzen Master driver
- Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
- May 14 2019 - UcmCxUcsiNvppc.sys - NVIDIA USB Type-C Port Policy Controller driver
- Jun 19 2019 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Jan 10 2020 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 19 2020 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Mar 03 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- May 15 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
- Image name: AMDRyzenMasterDriver.sys
- Search : https://www.google.com/search?q=AMDRyzenMasterDriver.sys
- ADA Info : AMD Ryzen Master driver
- Timestamp : Thu Oct 18 2018
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Search : https://www.google.com/search?q=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
- Timestamp : Thu Mar 14 2019
- Image path: \SystemRoot\System32\drivers\UcmCxUcsiNvppc.sys
- Image name: UcmCxUcsiNvppc.sys
- Search : https://www.google.com/search?q=UcmCxUcsiNvppc.sys
- ADA Info : NVIDIA USB Type-C Port Policy Controller driver
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Wed Jun 19 2019
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Search : https://www.google.com/search?q=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Fri Jan 10 2020
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Feb 19 2020
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Tue Mar 3 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Fri May 15 2020
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- UcmCx.sys USB Connector Manager KMDF Class Extension
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- VerifierExt.sys Driver Verifier Extension
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff808`58f10000 fffff808`58f22000 kbdhid.sys
- fffff808`58ed0000 fffff808`58ee1000 mouhid.sys
- fffff808`59630000 fffff808`5963f000 hiber_storpo
- fffff800`16680000 fffff800`166b3000 hiber_storah
- fffff800`166c0000 fffff800`166de000 hiber_dumpfv
- fffff808`58e50000 fffff808`58e85000 usbccgp.sys
- fffff808`58e90000 fffff808`58ea3000 hidusb.sys
- fffff808`58eb0000 fffff808`58ef0000 HIDCLASS.SYS
- fffff808`58f90000 fffff808`58fc8000 usbaudio.sys
- fffff808`58f50000 fffff808`58f62000 kbdhid.sys
- fffff808`58f10000 fffff808`58f21000 mouhid.sys
- fffff800`09820000 fffff800`0982e000 WSDScan.sys
- fffff800`09810000 fffff800`0981e000 WSDPrint.sys
- fffff808`57080000 fffff808`5708f000 dump_storpor
- fffff808`570d0000 fffff808`57103000 dump_storahc
- fffff808`57130000 fffff808`5714e000 dump_dumpfve
- fffff808`56a70000 fffff808`56a8c000 dam.sys
- fffff800`0bb80000 fffff800`0bb91000 WdBoot.sys
- fffff800`0cd00000 fffff800`0cd10000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2272 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.D0
- BIOS Starting Address Segment f000
- BIOS Release Date 12/03/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7B84
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd.
- Product B450M PRO-M2 (MS-7B84)
- Version 1.0
- Feature Flags 09h
- -805652768: - -805652720: - ÷7?
- ü
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 2
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Array Handle 000fh
- Partition Width 02
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0240h - 576K
- Installed Size 0240h - 576K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 4000h - 16384K
- Installed Size 4000h - 16384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 820f8000fffb8b17
- Processor Version AMD Ryzen 5 2600 Six-Core Processor
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3400MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 40 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0017h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0016h
- Mem Array Mapped Adr Handle 0010h
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0018h]
- [Memory Device (Type 17) - Length 40 - Handle 0019h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0018h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 001ah]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0019h
- Mem Array Mapped Adr Handle 0010h
- ========================== Dump #1: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x001209bb
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [X] (0x00000001) Special pool
- [X] (0x00000002) Force IRQL checking
- [X] (0x00000008) Pool tracking
- [X] (0x00000010) I/O verification
- [X] (0x00000020) Deadlock detection
- [X] (0x00000080) DMA checking
- [X] (0x00000100) Security checks
- [X] (0x00000800) Miscellaneous checks
- [X] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- RESERVED FLAGS (use of these flags is unsupported):
- [X] (0x00100000) Unused or reserved flag
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x3
- Pool Allocations Attempted 0x336d49c
- Pool Allocations Succeeded 0x336d49c
- Pool Allocations Succeeded SpecialPool 0x336d49c
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x1 for 0000066C bytes
- Peak paged pool allocations 0x1 for 0000066C bytes
- Current nonpaged pool allocations 0x2 for 00001068 bytes
- Peak nonpaged pool allocations 0x2 for 00001068 bytes
- ========================== Dump #1: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffbd0075d36340 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8000b22843c
- Owning Process fffff8000b33aa00 Image: System Process
- Attached Process ffffad0da04e8040 Image: System
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 3125281
- Context Switch Count 13491788 IdealProcessor: 2
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address nt!KiIdleLoop (0xfffff8000a9f84f0)
- Stack Init ffff8e89e2a37c90 Current ffff8e89e2a37c20
- Base ffff8e89e2a38000 Limit ffff8e89e2a32000 Call 0000000000000000
- Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
- Child-SP RetAddr : Args to Child : Call Site
- ffff8e89`e2a374a8 fffff800`0aa06929 : 00000000`00000139 00000000`00000003 ffff8e89`e2a377d0 ffff8e89`e2a37728 : nt!KeBugCheckEx
- ffff8e89`e2a374b0 fffff800`0aa06d50 : ffff37d4`f29f5dac fffff800`0a8fe5a7 00000003`86368533 00000071`b292343c : nt!KiBugCheckDispatch+0x69
- ffff8e89`e2a375f0 fffff800`0aa050e3 : 00000000`00000000 ffffad0d`a3245b40 00000000`00000001 00000000`00989680 : nt!KiFastFailDispatch+0xd0
- ffff8e89`e2a377d0 fffff800`0aa2b01b : ffffad0d`a795b010 00000071`b292365e ffffffff`00000001 ffffad0d`a795b1f8 : nt!KiRaiseSecurityCheckFailure+0x323 (TrapFrame @ ffff8e89`e2a377d0)
- ffff8e89`e2a37960 fffff800`0a850eca : 00000000`00000000 00000000`00000000 00000000`00140001 ffff8e89`e2a37a58 : nt!KiRemoveEntryTimer+0x1dc7eb
- ffff8e89`e2a379d0 fffff800`0a9f858e : ffffffff`00000000 ffffbd00`75d2b180 ffffbd00`75d36340 ffffad0d`af2a0080 : nt!KiRetireDpcList+0x73a
- ffff8e89`e2a37c60 00000000`00000000 : ffff8e89`e2a38000 ffff8e89`e2a32000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- ====================== File: 060320-12468-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (12 procs) Free x64
- Kernel base = 0xfffff800`03e16000 PsLoadedModuleList = 0xfffff800`04a40250
- Debug session time: Wed Jun 3 08:17:54.519 2020 (UTC - 4:00)
- System Uptime: 0 days 0:18:17.244
- BugCheck 139, {3, ffffe303fa6613d0, ffffe303fa661328, 0}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffe303fa6613d0, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffe303fa661328, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- TRAP_FRAME: ffffe303fa6613d0 -- (.trap 0xffffe303fa6613d0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffc18855f39910 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffc1885f093dd0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8000422321f rsp=ffffe303fa661560 rbp=000000028e0584c4
- r8=070000028e06b697 r9=fffff80003e16000 r10=fffff80002ce0ac0
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po cy
- nt!KiInsertTimerTable+0x1e406f:
- fffff800`0422321f cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffe303fa661328 -- (.exr 0xffffe303fa661328)
- ExceptionAddress: fffff8000422321f (nt!KiInsertTimerTable+0x00000000001e406f)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x139
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- LAST_CONTROL_TRANSFER: from fffff80004205929 to fffff800041f3a20
- STACK_TEXT:
- ffffe303`fa6610a8 fffff800`04205929 : 00000000`00000139 00000000`00000003 ffffe303`fa6613d0 ffffe303`fa661328 : nt!KeBugCheckEx
- ffffe303`fa6610b0 fffff800`04205d50 : ffffc188`5897d640 ffffc188`5897d480 ffffc188`55a31300 ffffc188`55a32100 : nt!KiBugCheckDispatch+0x69
- ffffe303`fa6611f0 fffff800`042040e3 : 00000000`00000001 ffffe303`fa661b30 00000000`00000001 fffff800`04055026 : nt!KiFastFailDispatch+0xd0
- ffffe303`fa6613d0 fffff800`0422321f : 00000000`00000000 00000000`00000000 fffff800`041381c0 fffff800`05fa9a5b : nt!KiRaiseSecurityCheckFailure+0x323
- ffffe303`fa661560 fffff800`040fecbe : ffffffff`fffca4a0 00000000`00000002 ffffc188`51cf5d00 00000000`00000000 : nt!KiInsertTimerTable+0x1e406f
- ffffe303`fa6615e0 fffff800`05fa8d6d : 00000000`0010bf01 ffffe303`fa661740 ffffe303`00000081 00000002`8e00e09f : nt!KeSetTimerEx+0xfe
- ffffe303`fa661640 fffff800`0405069e : ffffe681`8bb66240 00000000`00000000 ffffe303`fa661b20 ffffe681`8bb63180 : tcpip!TcpPeriodicTimeoutHandler+0xc8d
- ffffe303`fa661860 fffff800`0404f984 : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`00000000 : nt!KiExecuteAllDpcs+0x30e
- ffffe303`fa6619d0 fffff800`041f758e : ffffffff`00000000 ffffe681`8bb63180 ffffe681`8bb6e340 ffffc188`5f0e5080 : nt!KiRetireDpcList+0x1f4
- ffffe303`fa661c60 00000000`00000000 : ffffe303`fa662000 ffffe303`fa65c000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8000419af1e-fffff8000419af21 4 bytes - nt!MiFreeUltraMapping+32
- [ a0 7d fb f6:20 7e fc f8 ]
- 4 errors : !nt (fffff8000419af1e-fffff8000419af21)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-06-03T12:17:54.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Oct 18 2018 - AMDRyzenMasterDriver.sys - AMD Ryzen Master driver
- Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
- May 14 2019 - UcmCxUcsiNvppc.sys - NVIDIA USB Type-C Port Policy Controller driver
- Jun 19 2019 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Sep 11 2019 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- Oct 28 2019 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Jan 10 2020 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 19 2020 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 15 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
- Image name: AMDRyzenMasterDriver.sys
- Search : https://www.google.com/search?q=AMDRyzenMasterDriver.sys
- ADA Info : AMD Ryzen Master driver
- Timestamp : Thu Oct 18 2018
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Search : https://www.google.com/search?q=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
- Timestamp : Thu Mar 14 2019
- Image path: \SystemRoot\System32\drivers\UcmCxUcsiNvppc.sys
- Image name: UcmCxUcsiNvppc.sys
- Search : https://www.google.com/search?q=UcmCxUcsiNvppc.sys
- ADA Info : NVIDIA USB Type-C Port Policy Controller driver
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Wed Jun 19 2019
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Wed Sep 11 2019
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Oct 28 2019
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Search : https://www.google.com/search?q=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Fri Jan 10 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Feb 19 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Fri May 15 2020
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- UcmCx.sys USB Connector Manager KMDF Class Extension
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- VerifierExt.sys Driver Verifier Extension
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff80a`62f20000 fffff80a`62f55000 usbccgp.sys
- fffff80a`62f60000 fffff80a`62f73000 hidusb.sys
- fffff80a`62f80000 fffff80a`62fc0000 HIDCLASS.SYS
- fffff80a`63060000 fffff80a`63098000 usbaudio.sys
- fffff80a`63020000 fffff80a`63032000 kbdhid.sys
- fffff80a`62fe0000 fffff80a`62ff1000 mouhid.sys
- fffff80a`63020000 fffff80a`63032000 kbdhid.sys
- fffff80a`62fe0000 fffff80a`62ff1000 mouhid.sys
- fffff80a`64bf0000 fffff80a`64bfd000 atdcm64a.sys
- fffff80a`60760000 fffff80a`60776000 WdNisDrv.sys
- fffff80a`64bf0000 fffff80a`64bfd000 atdcm64a.sys
- fffff80a`60750000 fffff80a`6075e000 WSDScan.sys
- fffff80a`64bf0000 fffff80a`64bfe000 WSDPrint.sys
- fffff80a`60720000 fffff80a`6072f000 dump_storpor
- fffff80a`60770000 fffff80a`607a3000 dump_storahc
- fffff80a`607d0000 fffff80a`607ee000 dump_dumpfve
- fffff80a`61100000 fffff80a`6111c000 dam.sys
- fffff800`05380000 fffff800`05391000 WdBoot.sys
- fffff800`06500000 fffff800`06510000 hwpolicy.sys
- ====================== Dump #2: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2272 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.D0
- BIOS Starting Address Segment f000
- BIOS Release Date 12/03/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7B84
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd.
- Product B450M PRO-M2 (MS-7B84)
- Version 1.0
- Feature Flags 09h
- -808667424: - -808667376: - ÷7?
- ü
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 2
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Array Handle 000fh
- Partition Width 02
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0240h - 576K
- Installed Size 0240h - 576K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 4000h - 16384K
- Installed Size 4000h - 16384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 820f8000fffb8b17
- Processor Version AMD Ryzen 5 2600 Six-Core Processor
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3400MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 40 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0017h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0016h
- Mem Array Mapped Adr Handle 0010h
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0018h]
- [Memory Device (Type 17) - Length 40 - Handle 0019h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0018h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 001ah]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0019h
- Mem Array Mapped Adr Handle 0010h
- ========================== Dump #2: Extra #1 ===========================
- 5: kd> !verifier
- Verify Flags Level 0x001209bb
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [X] (0x00000001) Special pool
- [X] (0x00000002) Force IRQL checking
- [X] (0x00000008) Pool tracking
- [X] (0x00000010) I/O verification
- [X] (0x00000020) Deadlock detection
- [X] (0x00000080) DMA checking
- [X] (0x00000100) Security checks
- [X] (0x00000800) Miscellaneous checks
- [X] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- RESERVED FLAGS (use of these flags is unsupported):
- [X] (0x00100000) Unused or reserved flag
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x6ff236
- Pool Allocations Succeeded 0x6ff236
- Pool Allocations Succeeded SpecialPool 0x6ff236
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x1 for 0000066C bytes
- Peak paged pool allocations 0x1 for 0000066C bytes
- Current nonpaged pool allocations 0x2 for 00001068 bytes
- Peak nonpaged pool allocations 0x2 for 00001068 bytes
- ========================== Dump #2: Extra #2 ===========================
- 5: kd> !thread
- THREAD ffffe6818bb6e340 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 5
- Not impersonating
- GetUlongFromAddress: unable to read from fffff80004a2743c
- Owning Process fffff80004b39a00 Image: System Process
- Attached Process ffffc18851ce8040 Image: System
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 69167
- Context Switch Count 437579 IdealProcessor: 5
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address nt!KiIdleLoop (0xfffff800041f74f0)
- Stack Init ffffe303fa661c90 Current ffffe303fa661c20
- Base ffffe303fa662000 Limit ffffe303fa65c000 Call 0000000000000000
- Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
- Child-SP RetAddr : Args to Child : Call Site
- ffffe303`fa6610a8 fffff800`04205929 : 00000000`00000139 00000000`00000003 ffffe303`fa6613d0 ffffe303`fa661328 : nt!KeBugCheckEx
- ffffe303`fa6610b0 fffff800`04205d50 : ffffc188`5897d640 ffffc188`5897d480 ffffc188`55a31300 ffffc188`55a32100 : nt!KiBugCheckDispatch+0x69
- ffffe303`fa6611f0 fffff800`042040e3 : 00000000`00000001 ffffe303`fa661b30 00000000`00000001 fffff800`04055026 : nt!KiFastFailDispatch+0xd0
- ffffe303`fa6613d0 fffff800`0422321f : 00000000`00000000 00000000`00000000 fffff800`041381c0 fffff800`05fa9a5b : nt!KiRaiseSecurityCheckFailure+0x323 (TrapFrame @ ffffe303`fa6613d0)
- ffffe303`fa661560 fffff800`040fecbe : ffffffff`fffca4a0 00000000`00000002 ffffc188`51cf5d00 00000000`00000000 : nt!KiInsertTimerTable+0x1e406f
- ffffe303`fa6615e0 fffff800`05fa8d6d : 00000000`0010bf01 ffffe303`fa661740 ffffe303`00000081 00000002`8e00e09f : nt!KeSetTimerEx+0xfe
- ffffe303`fa661640 fffff800`0405069e : ffffe681`8bb66240 00000000`00000000 ffffe303`fa661b20 ffffe681`8bb63180 : tcpip!TcpPeriodicTimeoutHandler+0xc8d
- ffffe303`fa661860 fffff800`0404f984 : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`00000000 : nt!KiExecuteAllDpcs+0x30e
- ffffe303`fa6619d0 fffff800`041f758e : ffffffff`00000000 ffffe681`8bb63180 ffffe681`8bb6e340 ffffc188`5f0e5080 : nt!KiRetireDpcList+0x1f4
- ffffe303`fa661c60 00000000`00000000 : ffffe303`fa662000 ffffe303`fa65c000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- ========================================================================
- ======================= Dump #3: ANALYZE VERBOSE =======================
- ====================== File: 060220-12656-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (12 procs) Free x64
- Kernel base = 0xfffff807`2c200000 PsLoadedModuleList = 0xfffff807`2ce2a250
- Debug session time: Tue Jun 2 16:20:08.308 2020 (UTC - 4:00)
- System Uptime: 0 days 0:04:56.967
- BugCheck A, {ffffffffffffff8c, ff, ff, fffff8072c5ffa01}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: ffffffffffffff8c, memory referenced
- Arg2: 00000000000000ff, IRQL
- Arg3: 00000000000000ff, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff8072c5ffa01, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- WRITE_ADDRESS: fffff8072cefa388: Unable to get MiVisibleState
- ffffffffffffff8c
- CURRENT_IRQL: 0
- FAULTING_IP:
- nt!MiGetPfnProtection+1f3f0d
- fffff807`2c5ffa01 ff418b inc dword ptr [rcx-75h]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- TRAP_FRAME: fffff8073206a940 -- (.trap 0xfffff8073206a940)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff8072c5ffa00 rbx=0000000000000000 rcx=0000000000000001
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8072c5ffa01 rsp=fffff8073206aad0 rbp=fffff8073206ab50
- r8=0000000000000008 r9=0000000000000000 r10=0000fffff8072c5f
- r11=ffffcb7e0e000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up di pl nz ac po cy
- nt!MiGetPfnProtection+0x1f3f0d:
- fffff807`2c5ffa01 ff418b inc dword ptr [rcx-75h] ds:ffffffff`ffffff8c=????????
- Resetting default scope
- MISALIGNED_IP:
- nt!MiGetPfnProtection+1f3f0d
- fffff807`2c5ffa01 ff418b inc dword ptr [rcx-75h]
- LAST_CONTROL_TRANSFER: from fffff8072c5ef929 to fffff8072c5dda20
- STACK_TEXT:
- fffff807`3206a7f8 fffff807`2c5ef929 : 00000000`0000000a ffffffff`ffffff8c 00000000`000000ff 00000000`000000ff : nt!KeBugCheckEx
- fffff807`3206a800 fffff807`2c5ebc29 : 00000000`00000000 00000000`00000001 00000000`00000004 fffff807`00000058 : nt!KiBugCheckDispatch+0x69
- fffff807`3206a940 fffff807`2c5ffa01 : fffff807`3206abf0 00000000`00000001 00000000`00040046 fffff807`2c4cc048 : nt!KiPageFault+0x469
- fffff807`3206aad0 00001fa0`00000000 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000008 : nt!MiGetPfnProtection+0x1f3f0d
- fffff807`3206ab00 00000000`00000000 : 00000000`00000002 00000000`00000000 00000000`00000008 00000000`00000000 : 0x00001fa0`00000000
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8072c584f1e-fffff8072c584f21 4 bytes - nt!MiFreeUltraMapping+32
- [ a0 7d fb f6:c0 a6 4d 9b ]
- fffff8072c5dfab8-fffff8072c5dfab9 2 bytes - nt!KiInterruptDispatchNoLockNoEtw+b8 (+0x5ab9a)
- [ 48 ff:4c 8b ]
- fffff8072c5dfabf-fffff8072c5dfac2 4 bytes - nt!KiInterruptDispatchNoLockNoEtw+bf (+0x07)
- [ 0f 1f 44 00:e8 5c 49 64 ]
- fffff8072c5ffbf5 - nt!NtLockVirtualMemory+1f3fe5 (+0x20136)
- [ fa:91 ]
- fffff8072c5ffc48 - nt!NtLockVirtualMemory+1f4038 (+0x53)
- [ fa:91 ]
- 12 errors : !nt (fffff8072c584f1e-fffff8072c5ffc48)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-06-02T20:20:08.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #3: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Oct 18 2018 - AMDRyzenMasterDriver.sys - AMD Ryzen Master driver
- Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
- May 14 2019 - UcmCxUcsiNvppc.sys - NVIDIA USB Type-C Port Policy Controller driver
- Jun 19 2019 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Jan 10 2020 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 19 2020 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Mar 03 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- May 15 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- ================== Dump #3: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
- Image name: AMDRyzenMasterDriver.sys
- Search : https://www.google.com/search?q=AMDRyzenMasterDriver.sys
- ADA Info : AMD Ryzen Master driver
- Timestamp : Thu Oct 18 2018
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Search : https://www.google.com/search?q=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
- Timestamp : Thu Mar 14 2019
- Image path: \SystemRoot\System32\drivers\UcmCxUcsiNvppc.sys
- Image name: UcmCxUcsiNvppc.sys
- Search : https://www.google.com/search?q=UcmCxUcsiNvppc.sys
- ADA Info : NVIDIA USB Type-C Port Policy Controller driver
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Wed Jun 19 2019
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Search : https://www.google.com/search?q=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Fri Jan 10 2020
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Feb 19 2020
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Tue Mar 3 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Fri May 15 2020
- ====================== Dump #3: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- UcmCx.sys USB Connector Manager KMDF Class Extension
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #3: UNLOADED MODULES =======================
- fffff807`2b630000 fffff807`2b63f000 hiber_storpo
- fffff807`2b640000 fffff807`2b673000 hiber_storah
- fffff807`2b680000 fffff807`2b69e000 hiber_dumpfv
- fffff807`2b5d0000 fffff807`2b5de000 WSDScan.sys
- fffff807`2b5c0000 fffff807`2b5ce000 WSDPrint.sys
- fffff807`3a150000 fffff807`3a15f000 dump_storpor
- fffff807`3a1a0000 fffff807`3a1d3000 dump_storahc
- fffff807`3a000000 fffff807`3a01e000 dump_dumpfve
- fffff807`3a9d0000 fffff807`3a9ec000 dam.sys
- fffff807`309a0000 fffff807`309b1000 WdBoot.sys
- fffff807`31a50000 fffff807`31a60000 hwpolicy.sys
- ====================== Dump #3: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2272 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.D0
- BIOS Starting Address Segment f000
- BIOS Release Date 12/03/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7B84
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd.
- Product B450M PRO-M2 (MS-7B84)
- Version 1.0
- Feature Flags 09h
- -808667424: - -808667376: - ÷7?
- ü
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 2
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Array Handle 000fh
- Partition Width 02
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0240h - 576K
- Installed Size 0240h - 576K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 4000h - 16384K
- Installed Size 4000h - 16384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 820f8000fffb8b17
- Processor Version AMD Ryzen 5 2600 Six-Core Processor
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3400MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 40 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0017h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0016h
- Mem Array Mapped Adr Handle 0010h
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0018h]
- [Memory Device (Type 17) - Length 40 - Handle 0019h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0018h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 001ah]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0019h
- Mem Array Mapped Adr Handle 0010h
- ========================== Dump #3: Extra #1 ===========================
- 0: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #3: Extra #2 ===========================
- 0: kd> !thread
- THREAD fffff8072cf26600 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 0
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8072ce1143c
- Owning Process fffff8072cf23a00 Image: System Process
- Attached Process ffff800fcc48c040 Image: System
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 19004
- Context Switch Count 247452 IdealProcessor: 0
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address nt!KiIdleLoop (0xfffff8072c5e14f0)
- Stack Init fffff8073206ac90 Current fffff8073206ac20
- Base fffff8073206b000 Limit fffff80732065000 Call 0000000000000000
- Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffff807`3206a7f8 fffff807`2c5ef929 : 00000000`0000000a ffffffff`ffffff8c 00000000`000000ff 00000000`000000ff : nt!KeBugCheckEx
- fffff807`3206a800 fffff807`2c5ebc29 : 00000000`00000000 00000000`00000001 00000000`00000004 fffff807`00000058 : nt!KiBugCheckDispatch+0x69
- fffff807`3206a940 fffff807`2c5ffa01 : fffff807`3206abf0 00000000`00000001 00000000`00040046 fffff807`2c4cc048 : nt!KiPageFault+0x469 (TrapFrame @ fffff807`3206a940)
- fffff807`3206aad0 00001fa0`00000000 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000008 : nt!MiGetPfnProtection+0x1f3f0d
- fffff807`3206ab00 00000000`00000000 : 00000000`00000002 00000000`00000000 00000000`00000008 00000000`00000000 : 0x00001fa0`00000000
- ========================================================================
- ======================= Dump #4: ANALYZE VERBOSE =======================
- ====================== File: 060220-11218-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (12 procs) Free x64
- Kernel base = 0xfffff801`5d000000 PsLoadedModuleList = 0xfffff801`5dc2a250
- Debug session time: Tue Jun 2 16:23:28.907 2020 (UTC - 4:00)
- System Uptime: 0 days 0:02:54.570
- BugCheck 139, {0, 0, 0, 50}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000000, A stack-based buffer has been overrun.
- Arg2: 0000000000000000, Address of the trap frame for the exception that caused the bugcheck
- Arg3: 0000000000000000, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000050, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- TRAP_FRAME: 0000000000000000 -- (.trap 0x0)
- EXCEPTION_RECORD: 0000000000000000 -- (.exr 0x0)
- Cannot read Exception record @ 0000000000000000
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x139
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- LAST_CONTROL_TRANSFER: from fffff8015d3e652b to fffff8015d3dda20
- STACK_TEXT:
- ffff9a85`7627d7c8 fffff801`5d3e652b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
- ffff9a85`7627d7d0 fffff801`5d231689 : ffffdd8f`3cefc080 ffff9a85`7627d8a9 00000000`00000050 ffff9a85`00000002 : nt!guard_icall_bugcheck+0x1b
- ffff9a85`7627d800 fffff801`5d230ec5 : ffff9a85`7627d948 00000000`00000000 ffff9a85`7627db10 ffffdd8f`3cefc098 : nt!KiExpireTimer2+0x429
- ffff9a85`7627d910 fffff801`5d23a004 : 00000000`00000000 00000000`00000000 00000000`00000008 00000000`00001a1b : nt!KiTimer2Expiration+0x165
- ffff9a85`7627d9d0 fffff801`5d3e158e : ffffffff`00000000 ffffb180`eb447180 00000000`00000000 ffffb180`eb452340 : nt!KiRetireDpcList+0x874
- ffff9a85`7627dc60 00000000`00000000 : ffff9a85`7627e000 ffff9a85`76278000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
- fffff8015bf1ce8d-fffff8015bf1ce8e 2 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+2d
- [ 48 ff:4c 8b ]
- fffff8015bf1ce94-fffff8015bf1ce98 5 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+34 (+0x07)
- [ 0f 1f 44 00 00:e8 67 81 30 01 ]
- fffff8015bf1cebc-fffff8015bf1cebd 2 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+5c (+0x28)
- [ 48 ff:4c 8b ]
- fffff8015bf1cec3-fffff8015bf1cec7 5 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+63 (+0x07)
- [ 0f 1f 44 00 00:e8 d8 92 30 01 ]
- fffff8015bf1cf07-fffff8015bf1cf08 2 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+a7 (+0x44)
- [ 48 ff:4c 8b ]
- fffff8015bf1cf0e-fffff8015bf1cf12 5 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+ae (+0x07)
- [ 0f 1f 44 00 00:e8 ed 80 30 01 ]
- fffff8015bf1cf4c-fffff8015bf1cf4d 2 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+ec (+0x3e)
- [ 48 ff:4c 8b ]
- fffff8015bf1cf53-fffff8015bf1cf57 5 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+f3 (+0x07)
- [ 0f 1f 44 00 00:e8 a8 b9 3c 01 ]
- fffff8015bf1cf5b-fffff8015bf1cf5c 2 bytes - FLTMGR!FltpProcessIrpCtrlStackProfiler+fb (+0x08)
- [ 48 ff:4c 8b ]
- fffff8015bf1d150-fffff8015bf1d151 2 bytes - FLTMGR!InsertEventEntryInLookUpTable+70 (+0x1f5)
- [ 48 ff:4c 8b ]
- fffff8015bf1d157-fffff8015bf1d15b 5 bytes - FLTMGR!InsertEventEntryInLookUpTable+77 (+0x07)
- [ 0f 1f 44 00 00:e8 44 e4 40 01 ]
- fffff8015bf1d16d-fffff8015bf1d16e 2 bytes - FLTMGR!InsertEventEntryInLookUpTable+8d (+0x16)
- [ 48 ff:4c 8b ]
- fffff8015bf1d174-fffff8015bf1d178 5 bytes - FLTMGR!InsertEventEntryInLookUpTable+94 (+0x07)
- [ 0f 1f 44 00 00:e8 57 89 30 01 ]
- 44 errors : !FLTMGR (fffff8015bf1ce8d-fffff8015bf1d178)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-06-02T20:23:28.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #4: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Oct 18 2018 - AMDRyzenMasterDriver.sys - AMD Ryzen Master driver
- Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
- May 14 2019 - UcmCxUcsiNvppc.sys - NVIDIA USB Type-C Port Policy Controller driver
- Jun 19 2019 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Jan 10 2020 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Jan 14 2020 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 19 2020 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Mar 03 2020 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- May 15 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- ================== Dump #4: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
- Image name: AMDRyzenMasterDriver.sys
- Search : https://www.google.com/search?q=AMDRyzenMasterDriver.sys
- ADA Info : AMD Ryzen Master driver
- Timestamp : Thu Oct 18 2018
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Search : https://www.google.com/search?q=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
- Timestamp : Thu Mar 14 2019
- Image path: \SystemRoot\System32\drivers\UcmCxUcsiNvppc.sys
- Image name: UcmCxUcsiNvppc.sys
- Search : https://www.google.com/search?q=UcmCxUcsiNvppc.sys
- ADA Info : NVIDIA USB Type-C Port Policy Controller driver
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Wed Jun 19 2019
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Search : https://www.google.com/search?q=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Fri Jan 10 2020
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Tue Jan 14 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Feb 19 2020
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Tue Mar 3 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Fri May 15 2020
- ====================== Dump #4: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- UcmCx.sys USB Connector Manager KMDF Class Extension
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #4: UNLOADED MODULES =======================
- fffff801`6df50000 fffff801`6df62000 kbdhid.sys
- fffff801`6df10000 fffff801`6df21000 mouhid.sys
- fffff801`5e2b0000 fffff801`5e2be000 WSDScan.sys
- fffff801`5e2a0000 fffff801`5e2ae000 WSDPrint.sys
- fffff801`6bb80000 fffff801`6bb8f000 dump_storpor
- fffff801`6b000000 fffff801`6b033000 dump_storahc
- fffff801`6b060000 fffff801`6b07e000 dump_dumpfve
- fffff801`6b980000 fffff801`6b99c000 dam.sys
- fffff801`619a0000 fffff801`619b1000 WdBoot.sys
- fffff801`62a50000 fffff801`62a60000 hwpolicy.sys
- ====================== Dump #4: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2272 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.D0
- BIOS Starting Address Segment f000
- BIOS Release Date 12/03/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7B84
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd.
- Product B450M PRO-M2 (MS-7B84)
- Version 1.0
- Feature Flags 09h
- -808667424: - -808667376: - ÷7?
- ü
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 2
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Array Handle 000fh
- Partition Width 02
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0240h - 576K
- Installed Size 0240h - 576K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 4000h - 16384K
- Installed Size 4000h - 16384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 820f8000fffb8b17
- Processor Version AMD Ryzen 5 2600 Six-Core Processor
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3400MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 40 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0017h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0016h
- Mem Array Mapped Adr Handle 0010h
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0018h]
- [Memory Device (Type 17) - Length 40 - Handle 0019h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0018h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 001ah]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Device Handle 0019h
- Mem Array Mapped Adr Handle 0010h
- ========================== Dump #4: Extra #1 ===========================
- 7: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #4: Extra #2 ===========================
- 7: kd> !thread
- THREAD ffffb180eb452340 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 7
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8015dc1143c
- Owning Process fffff8015dd23a00 Image: System Process
- Attached Process ffffdd8f3428c040 Image: System
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 11172
- Context Switch Count 81717 IdealProcessor: 7
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address nt!KiIdleLoop (0xfffff8015d3e14f0)
- Stack Init ffff9a857627dc90 Current ffff9a857627dc20
- Base ffff9a857627e000 Limit ffff9a8576278000 Call 0000000000000000
- Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
- Child-SP RetAddr : Args to Child : Call Site
- ffff9a85`7627d7c8 fffff801`5d3e652b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
- ffff9a85`7627d7d0 fffff801`5d231689 : ffffdd8f`3cefc080 ffff9a85`7627d8a9 00000000`00000050 ffff9a85`00000002 : nt!guard_icall_bugcheck+0x1b
- ffff9a85`7627d800 fffff801`5d230ec5 : ffff9a85`7627d948 00000000`00000000 ffff9a85`7627db10 ffffdd8f`3cefc098 : nt!KiExpireTimer2+0x429
- ffff9a85`7627d910 fffff801`5d23a004 : 00000000`00000000 00000000`00000000 00000000`00000008 00000000`00001a1b : nt!KiTimer2Expiration+0x165
- ffff9a85`7627d9d0 fffff801`5d3e158e : ffffffff`00000000 ffffb180`eb447180 00000000`00000000 ffffb180`eb452340 : nt!KiRetireDpcList+0x874
- ffff9a85`7627dc60 00000000`00000000 : ffff9a85`7627e000 ffff9a85`76278000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- ========================================================================
- ======================= Dump #5: ANALYZE VERBOSE =======================
- ====================== File: 060120-40984-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (12 procs) Free x64
- Kernel base = 0xfffff801`75c00000 PsLoadedModuleList = 0xfffff801`7682a250
- Debug session time: Mon Jun 1 07:01:07.131 2020 (UTC - 4:00)
- System Uptime: 0 days 17:18:07.879
- BugCheck 1E, {ffffffffc0000005, fffff80175fe154a, 0, ffffffffffffffff}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff80175fe154a, The address that the exception occurred at
- Arg3: 0000000000000000, Parameter 0 of the exception
- Arg4: ffffffffffffffff, Parameter 1 of the exception
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- READ_ADDRESS: fffff801768fa388: Unable to get MiVisibleState
- ffffffffffffffff
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- nt!KiIdleLoop+5a
- fffff801`75fe154a 833d07a1910000 cmp dword ptr [nt!KiIrqlFlags (fffff801`768fb658)],0
- EXCEPTION_PARAMETER2: ffffffffffffffff
- BUGCHECK_STR: 0x1E_c0000005_R
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff80176100c3e to fffff80175fdda20
- STACK_TEXT:
- fffffa8a`ef044a98 fffff801`76100c3e : 00000000`0000001e ffffffff`c0000005 fffff801`75fe154a 00000000`00000000 : nt!KeBugCheckEx
- fffffa8a`ef044aa0 fffff801`75fe68e2 : fffff801`76100c1c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvlpVtlCallExceptionHandler+0x22
- fffffa8a`ef044ae0 fffff801`75e32fb7 : fffffa8a`ef045050 00000000`00000000 fffffa8a`ef045260 fffff801`75fe154a : nt!RtlpExecuteHandlerForException+0x12
- fffffa8a`ef044b10 fffff801`75e7b226 : fffffa8a`ef045a28 fffffa8a`ef045760 fffffa8a`ef045a28 ffffdc05`821a2080 : nt!RtlDispatchException+0x297
- fffffa8a`ef045230 fffff801`75fefa6c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
- fffffa8a`ef0458f0 fffff801`75feb7a0 : fffffa8a`ef045bf0 00000000`00000001 00000000`00040046 fffff801`75ecc048 : nt!KiExceptionDispatch+0x12c
- fffffa8a`ef045ad0 fffff801`75fe154a : ffffffff`00000000 ffff8381`d4f6a340 ffffdc05`821a2080 00000000`000009d4 : nt!KiGeneralProtectionFault+0x320
- fffffa8a`ef045c60 00000000`00000000 : fffffa8a`ef046000 fffffa8a`ef040000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80175f84f1e-fffff80175f84f21 4 bytes - nt!MiFreeUltraMapping+32
- [ a0 7d fb f6:40 a5 4a 95 ]
- fffff80175fe1230-fffff80175fe1234 5 bytes - nt!KiCallUserMode+220 (+0x5c312)
- [ ff e1 cc cc cc:e8 8b 2e 64 00 ]
- fffff80175fe695d-fffff80175fe6960 4 bytes - nt!RtlpExecuteHandlerForUnwind+d (+0x572d)
- [ ff d0 0f 1f:e8 7e d9 63 ]
- 13 errors : !nt (fffff80175f84f1e-fffff80175fe6960)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-06-01T11:01:07.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #5: 3RD PARTY DRIVERS ======================
- Mar 14 2016 - amdgpio3.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Jun 05 2017 - amdpsp.sys - Advanced Micro Devices, Inc http://support.amd.com/
- Apr 12 2018 - AMDPCIDev.sys - Advanced Micro Devices PCI Device driver
- Oct 18 2018 - AMDRyzenMasterDriver.sys - AMD Ryzen Master driver
- Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
- May 14 2019 - UcmCxUcsiNvppc.sys - NVIDIA USB Type-C Port Policy Controller driver
- May 24 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Sep 29 2019 - amdgpio2.sys - AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Jan 10 2020 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Feb 19 2020 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- May 15 2020 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- ================== Dump #5: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\amdgpio3.sys
- Image name: amdgpio3.sys
- Search : https://www.google.com/search?q=amdgpio3.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Mon Mar 14 2016
- Image path: \SystemRoot\system32\DRIVERS\amdpsp.sys
- Image name: amdpsp.sys
- Search : https://www.google.com/search?q=amdpsp.sys
- ADA Info : Advanced Micro Devices, Inc http://support.amd.com/
- Timestamp : Mon Jun 5 2017
- Image path: \SystemRoot\System32\drivers\AMDPCIDev.sys
- Image name: AMDPCIDev.sys
- Search : https://www.google.com/search?q=AMDPCIDev.sys
- ADA Info : Advanced Micro Devices PCI Device driver
- Timestamp : Thu Apr 12 2018
- Image path: \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
- Image name: AMDRyzenMasterDriver.sys
- Search : https://www.google.com/search?q=AMDRyzenMasterDriver.sys
- ADA Info : AMD Ryzen Master driver
- Timestamp : Thu Oct 18 2018
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Search : https://www.google.com/search?q=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
- Timestamp : Thu Mar 14 2019
- Image path: \SystemRoot\System32\drivers\UcmCxUcsiNvppc.sys
- Image name: UcmCxUcsiNvppc.sys
- Search : https://www.google.com/search?q=UcmCxUcsiNvppc.sys
- ADA Info : NVIDIA USB Type-C Port Policy Controller driver
- Timestamp : Tue May 14 2019
- Mapped memory image file: C:\ProgramData\dbg\sym\rt640x64.sys\5CE7AF86ad000\rt640x64.sys
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Fri May 24 2019
- File version: 9.1.410.2015
- Product version: 9.1.410.2015
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: Realtek
- ProductName: Realtek 8125/8136/8168/8169 PCI/PCIe Adapters
- InternalName: rt640x64.sys
- OriginalFilename: rt640x64.sys
- ProductVersion: 9.001.0410.2015
- FileVersion: 9.001.0410.2015
- FileDescription: Realtek 8125/8136/8168/8169 NDIS 6.40 64-bit Driver
- LegalCopyright: Copyright (C) 2019 Realtek Semiconductor Corporation. All Right Reserved.
- Image path: \SystemRoot\System32\drivers\amdgpio2.sys
- Image name: amdgpio2.sys
- Search : https://www.google.com/search?q=amdgpio2.sys
- ADA Info : AMD GPIO Controller Driver from Advanced Micro Devices http://support.amd.com/
- Timestamp : Sun Sep 29 2019
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Search : https://www.google.com/search?q=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Fri Jan 10 2020
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Feb 19 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Fri May 15 2020
- ====================== Dump #5: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- UcmCx.sys USB Connector Manager KMDF Class Extension
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBSTOR.SYS USB Mass Storage Class driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- wimmount.sys Wim file system Driver
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #5: UNLOADED MODULES =======================
- fffff801`86840000 fffff801`8684d000 amdgpio2.sys
- fffff801`7aec0000 fffff801`7af26000 WdFilter.sys
- fffff801`858e0000 fffff801`858f6000 WdNisDrv.sys
- fffff801`85950000 fffff801`8595e000 WSDScan.sys
- fffff801`85960000 fffff801`8596e000 WSDPrint.sys
- fffff801`85980000 fffff801`8598f000 hiber_storpo
- fffff801`85990000 fffff801`859c3000 hiber_storah
- fffff801`859d0000 fffff801`859ee000 hiber_dumpfv
- fffff801`85fa0000 fffff801`85faf000 WpdUpFltr.sy
- fffff801`85f40000 fffff801`85f95000 WUDFRd.sys
- fffff801`84c60000 fffff801`84c6f000 dump_storpor
- fffff801`84cb0000 fffff801`84ce3000 dump_storahc
- fffff801`84d10000 fffff801`84d2e000 dump_dumpfve
- fffff801`7ae30000 fffff801`7ae4d000 EhStorClass.
- fffff801`84870000 fffff801`8488c000 dam.sys
- fffff801`7a9a0000 fffff801`7a9b1000 WdBoot.sys
- fffff801`7ba60000 fffff801`7ba70000 hwpolicy.sys
- ====================== Dump #5: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 2308 bytes]
- [BIOS Information (Type 0) - Length 26 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.A0
- BIOS Starting Address Segment f000
- BIOS Release Date 09/02/2019
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 14
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Micro-Star International Co., Ltd.
- Product Name MS-7B84
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Micro-Star International Co., Ltd.
- Product B450M PRO-M2 (MS-7B84)
- Version 1.0
- Feature Flags 09h
- -808667424: - -808667376: - ÷7?
- ü
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Micro-Star International Co., Ltd.
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 000bh]
- Number of Strings 1
- [System Configuration Options (Type 12) - Length 5 - Handle 000ch]
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 000eh]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000fh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 134217728KB
- Memory Error Inf Handle 000eh
- Number of Memory Devices 2
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0010h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Array Handle 000fh
- Partition Width 01
- [Cache Information (Type 7) - Length 19 - Handle 0011h]
- Socket Designation L1 - Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0240h - 576K
- Installed Size 0240h - 576K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0012h]
- Socket Designation L2 - Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0013h]
- Socket Designation L3 - Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 4000h - 16384K
- Installed Size 4000h - 16384K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0014h]
- Socket Designation AM4
- Processor Type Central Processor
- Processor Family 6bh - Specification Reserved
- Processor Manufacturer Advanced Micro Devices, Inc.
- Processor ID 820f8000fffb8b17
- Processor Version AMD Ryzen 5 2600 Six-Core Processor
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 3900MHz
- Current Speed 3400MHz
- Status Enabled Populated
- Processor Upgrade Specification Reserved
- L1 Cache Handle 0011h
- L2 Cache Handle 0012h
- L3 Cache Handle 0013h
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0015h]
- [Memory Device (Type 17) - Length 84 - Handle 0016h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0015h
- Form Factor 02h - Unknown
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL A
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 2400MHz
- Manufacturer Unknown
- Part Number Unknown
- [32Bit Memory Error Information (Type 18) - Length 23 - Handle 0017h]
- [Memory Device (Type 17) - Length 84 - Handle 0018h]
- Physical Memory Array Handle 000fh
- Memory Error Info Handle 0017h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator DIMM 0
- Bank Locator P0 CHANNEL B
- Memory Type 1ah - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 2400MHz
- Manufacturer Kingston
- Part Number KHX2400C15/8G
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0019h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 0018h
- Mem Array Mapped Adr Handle 0010h
- Interleave Position [None]
- Interleave Data Depth [None]
- ========================== Dump #5: Extra #1 ===========================
- 3: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #5: Extra #2 ===========================
- 3: kd> !thread
- THREAD ffff8381d4f6a340 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8017681143c
- Owning Process fffff80176923a00 Image: System Process
- Attached Process ffffdc0576a6e040 Image: System
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 3986415
- Context Switch Count 13392117 IdealProcessor: 3
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address nt!KiIdleLoop (0xfffff80175fe14f0)
- Stack Init fffffa8aef045c90 Current fffffa8aef045c20
- Base fffffa8aef046000 Limit fffffa8aef040000 Call 0000000000000000
- Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
- Child-SP RetAddr : Args to Child : Call Site
- fffffa8a`ef044a98 fffff801`76100c3e : 00000000`0000001e ffffffff`c0000005 fffff801`75fe154a 00000000`00000000 : nt!KeBugCheckEx
- fffffa8a`ef044aa0 fffff801`75fe68e2 : fffff801`76100c1c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvlpVtlCallExceptionHandler+0x22
- fffffa8a`ef044ae0 fffff801`75e32fb7 : fffffa8a`ef045050 00000000`00000000 fffffa8a`ef045260 fffff801`75fe154a : nt!RtlpExecuteHandlerForException+0x12
- fffffa8a`ef044b10 fffff801`75e7b226 : fffffa8a`ef045a28 fffffa8a`ef045760 fffffa8a`ef045a28 ffffdc05`821a2080 : nt!RtlDispatchException+0x297
- fffffa8a`ef045230 fffff801`75fefa6c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
- fffffa8a`ef0458f0 fffff801`75feb7a0 : fffffa8a`ef045bf0 00000000`00000001 00000000`00040046 fffff801`75ecc048 : nt!KiExceptionDispatch+0x12c
- fffffa8a`ef045ad0 fffff801`75fe154a : ffffffff`00000000 ffff8381`d4f6a340 ffffdc05`821a2080 00000000`000009d4 : nt!KiGeneralProtectionFault+0x320 (TrapFrame @ fffffa8a`ef045ad0)
- fffffa8a`ef045c60 00000000`00000000 : fffffa8a`ef046000 fffffa8a`ef040000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
Add Comment
Please, Sign In to add comment