Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\matey\Desktop\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- ************* Path validation summary **************
- Response Time (ms) Location
- Deferred srv*C:\symbols*http://msdl.microsoft.com/download/symbols
- Symbol search path is: srv*C:\symbols*http://msdl.microsoft.com/download/symbols
- Executable search path is:
- Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
- Product: Server, suite: TerminalServer DataCenter
- Built by: 9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
- Machine Name:
- Kernel base = 0xfffff801`79c7a000 PsLoadedModuleList = 0xfffff801`79f3f570
- Debug session time: Thu Mar 14 12:12:38.716 2019 (UTC + 0:00)
- System Uptime: 0 days 13:38:59.510
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ......
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00007ff6`dc7ef018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- .....
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {0, 2, 0, fffff80179d3ba44}
- Probably caused by : rdbss.sys ( rdbss!__RxAcquireFcb+1f3 )
- Followup: MachineOwner
- ---------
- 2: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff80179d3ba44, address which referenced memory
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
- SYSTEM_MANUFACTURER: VMware, Inc.
- VIRTUAL_MACHINE: VMware
- SYSTEM_PRODUCT_NAME: VMware Virtual Platform
- SYSTEM_VERSION: None
- BIOS_VENDOR: Phoenix Technologies LTD
- BIOS_VERSION: 6.00
- BIOS_DATE: 09/19/2018
- BASEBOARD_MANUFACTURER: Intel Corporation
- BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
- BASEBOARD_VERSION: None
- DUMP_TYPE: 1
- BUGCHECK_P1: 0
- BUGCHECK_P2: 2
- BUGCHECK_P3: 0
- BUGCHECK_P4: fffff80179d3ba44
- READ_ADDRESS: 0000000000000000
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt!MmChangeSectionBackingFile+15c
- fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax]
- CPU_COUNT: 4
- CPU_MHZ: 898
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 4f
- CPU_STEPPING: 1
- CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B000033'00000000 (cache) B000033'00000000 (init)
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: explorer.exe
- ANALYSIS_SESSION_HOST: REMWS0391
- ANALYSIS_SESSION_TIME: 03-14-2019 21:28:13.0876
- ANALYSIS_VERSION: 10.0.17763.132 x86fre
- TRAP_FRAME: ffffd000dad5bf00 -- (.trap 0xffffd000dad5bf00)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
- rdx=ffffe001a2b078f0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80179d3ba44 rsp=ffffd000dad5c090 rbp=ffffe001a2b078f0
- r8=0000000000000001 r9=0000000000000000 r10=fffff800621a7800
- r11=fffff800621820d3 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na pe nc
- nt!MmChangeSectionBackingFile+0x15c:
- fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax] ds:00000000`00000000=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80179dca529 to fffff80179dba2a0
- STACK_TEXT:
- ffffd000`dad5bdb8 fffff801`79dca529 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- ffffd000`dad5bdc0 fffff801`79dc7a62 : 00000000`72447244 00000000`00000005 ffffc000`587c5400 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffffd000`dad5bf00 fffff801`79d3ba44 : ffffe001`a0d0b080 ffffd000`d4dc2180 ffffe001`a38471c8 00000000`00000000 : nt!KiPageFault+0x422
- ffffd000`dad5c090 fffff800`621b4b73 : ffffe001`a3847010 ffffe001`a39d1cf0 00000000`00000000 00000000`fffffffe : nt!MmChangeSectionBackingFile+0x15c
- ffffd000`dad5c0d0 fffff800`621c52bf : ffffc000`59df3a60 ffffe001`a0d0b101 00000000`0000ec22 ffffd000`dad5c648 : rdbss!__RxAcquireFcb+0x1f3
- ffffd000`dad5c150 fffff800`62182cea : ffffe001`a3847010 ffffe001`a39d1cf0 ffffc000`59df3a60 ffffc000`59c50498 : rdbss!RxCommonQueryInformation+0x19b
- ffffd000`dad5c1e0 fffff800`621b328d : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`a37b7e50 : rdbss!RxFsdCommonDispatch+0x4fa
- ffffd000`dad5c360 fffff800`629be175 : ffffc000`5be78060 00000000`00000000 fffff800`629ba010 ffffe001`a27a10a0 : rdbss!RxFsdDispatch+0xed
- ffffd000`dad5c3d0 fffff800`61b114c5 : ffffe001`a3ac1dd0 ffffd000`dad5c590 ffffe001`a39d1cf0 ffffe001`a393a620 : rdpdr!DrPeekDispatch+0x175
- ffffd000`dad5c480 fffff800`61b116a2 : ffffc000`479e23b0 fffff800`61b08000 00000000`00000002 00000000`00000000 : mup!MupiCallUncProvider+0x1b5
- ffffd000`dad5c4f0 fffff800`61b11283 : 00000000`00000000 ffffe001`9e7e9a10 ffffe001`a39d1cf0 ffffd000`dad5c598 : mup!MupStateMachine+0xd2
- ffffd000`dad5c530 fffff800`61304101 : ffffe001`9e7e9540 ffffe001`a3ac1dd0 ffffd000`dad5c670 ffffffff`ffffffff : mup!MupFsdIrpPassThrough+0x93
- ffffd000`dad5c590 fffff801`7a009dc6 : ffffe001`a39d1cf0 ffffd000`dad5ca58 fffff800`61307ff0 00000000`00000004 : fltmgr!FltpDispatch+0xf1
- ffffd000`dad5c5f0 fffff801`7a007378 : 00000000`00000000 00000000`00000000 ffffd000`dad5ca58 00000000`00000000 : nt!FsRtlGetFileSize+0x152
- ffffd000`dad5c6a0 fffff801`7a0079b0 : ffffd000`dad5ca58 ffffd000`dad5c750 ffffd000`dad5c7c9 00000000`08000000 : nt!MiCreateDataFileMap+0x280
- ffffd000`dad5c700 fffff801`7a046adc : ffffe001`a3981ce0 ffffd000`dad5c900 ffffd000`dad5ca58 00000000`00000000 : nt!MiCreateNewSection+0x70
- ffffd000`dad5c810 fffff801`7a0459ac : ffffd000`dad5ca60 00000000`00000000 00000000`00000002 ffffd000`dad5ca58 : nt!MiCreateSection+0x7ec
- ffffd000`dad5ca00 fffff801`79dca1a3 : ffffe001`a0d0b080 00000000`028d9288 ffffd000`dad5caa8 00000000`00000001 : nt!NtCreateSection+0x19c
- ffffd000`dad5ca90 00007ffd`dc0b0bfa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`028d9268 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`dc0b0bfa
- THREAD_SHA1_HASH_MOD_FUNC: d231865e9785a8bae9e7b6bd805ba481aeeecd6d
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ccaa07aebe20d159b3c2db6225f753363eef6657
- THREAD_SHA1_HASH_MOD: 47586dcb5bf205dccadc8dff9214f5666e8a31fb
- FOLLOWUP_IP:
- rdbss!__RxAcquireFcb+1f3
- fffff800`621b4b73 4c8b159624ffff mov r10,qword ptr [rdbss!WPP_GLOBAL_Control (fffff800`621a7010)]
- FAULT_INSTR_CODE: 96158b4c
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: rdbss!__RxAcquireFcb+1f3
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: rdbss
- IMAGE_NAME: rdbss.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 5a4b1af3
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 1f3
- FAILURE_BUCKET_ID: AV_rdbss!__RxAcquireFcb
- BUCKET_ID: AV_rdbss!__RxAcquireFcb
- PRIMARY_PROBLEM_CLASS: AV_rdbss!__RxAcquireFcb
- TARGET_TIME: 2019-03-14T12:12:38.000Z
- OSBUILD: 9600
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 144
- PRODUCT_TYPE: 3
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 8.1
- OSEDITION: Windows 8.1 Server TerminalServer DataCenter
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2019-03-06 04:42:45
- BUILDDATESTAMP_STR: 190305-1818
- BUILDLAB_STR: winblue_ltsb_escrow
- BUILDOSVER_STR: 6.3.9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
- ANALYSIS_SESSION_ELAPSED_TIME: 772
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:av_rdbss!__rxacquirefcb
- FAILURE_ID_HASH: {07a1135f-76ee-d744-8cf0-c1511e5ef950}
- Followup: MachineOwner
- ---------
- 2: kd> .trap 0xffffd000dad5bf00
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
- rdx=ffffe001a2b078f0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80179d3ba44 rsp=ffffd000dad5c090 rbp=ffffe001a2b078f0
- r8=0000000000000001 r9=0000000000000000 r10=fffff800621a7800
- r11=fffff800621820d3 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na pe nc
- nt!MmChangeSectionBackingFile+0x15c:
- fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax] ds:00000000`00000000=????????????????
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement