Advertisement
Guest User

Untitled

a guest
Mar 14th, 2019
448
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.83 KB | None | 0 0
  1.  
  2. Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5.  
  6. Loading Dump File [C:\Users\matey\Desktop\MEMORY.DMP]
  7. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  8.  
  9.  
  10. ************* Path validation summary **************
  11. Response Time (ms) Location
  12. Deferred srv*C:\symbols*http://msdl.microsoft.com/download/symbols
  13. Symbol search path is: srv*C:\symbols*http://msdl.microsoft.com/download/symbols
  14. Executable search path is:
  15. Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
  16. Product: Server, suite: TerminalServer DataCenter
  17. Built by: 9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
  18. Machine Name:
  19. Kernel base = 0xfffff801`79c7a000 PsLoadedModuleList = 0xfffff801`79f3f570
  20. Debug session time: Thu Mar 14 12:12:38.716 2019 (UTC + 0:00)
  21. System Uptime: 0 days 13:38:59.510
  22. Loading Kernel Symbols
  23. ...............................................................
  24. ................................................................
  25. ......
  26. Loading User Symbols
  27. PEB is paged out (Peb.Ldr = 00007ff6`dc7ef018). Type ".hh dbgerr001" for details
  28. Loading unloaded module list
  29. .....
  30. *******************************************************************************
  31. * *
  32. * Bugcheck Analysis *
  33. * *
  34. *******************************************************************************
  35.  
  36. Use !analyze -v to get detailed debugging information.
  37.  
  38. BugCheck A, {0, 2, 0, fffff80179d3ba44}
  39.  
  40. Probably caused by : rdbss.sys ( rdbss!__RxAcquireFcb+1f3 )
  41.  
  42. Followup: MachineOwner
  43. ---------
  44.  
  45. 2: kd> !analyze -v
  46. *******************************************************************************
  47. * *
  48. * Bugcheck Analysis *
  49. * *
  50. *******************************************************************************
  51.  
  52. IRQL_NOT_LESS_OR_EQUAL (a)
  53. An attempt was made to access a pageable (or completely invalid) address at an
  54. interrupt request level (IRQL) that is too high. This is usually
  55. caused by drivers using improper addresses.
  56. If a kernel debugger is available get the stack backtrace.
  57. Arguments:
  58. Arg1: 0000000000000000, memory referenced
  59. Arg2: 0000000000000002, IRQL
  60. Arg3: 0000000000000000, bitfield :
  61. bit 0 : value 0 = read operation, 1 = write operation
  62. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  63. Arg4: fffff80179d3ba44, address which referenced memory
  64.  
  65. Debugging Details:
  66. ------------------
  67.  
  68.  
  69. KEY_VALUES_STRING: 1
  70.  
  71.  
  72. STACKHASH_ANALYSIS: 1
  73.  
  74. TIMELINE_ANALYSIS: 1
  75.  
  76.  
  77. DUMP_CLASS: 1
  78.  
  79. DUMP_QUALIFIER: 401
  80.  
  81. BUILD_VERSION_STRING: 9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
  82.  
  83. SYSTEM_MANUFACTURER: VMware, Inc.
  84.  
  85. VIRTUAL_MACHINE: VMware
  86.  
  87. SYSTEM_PRODUCT_NAME: VMware Virtual Platform
  88.  
  89. SYSTEM_VERSION: None
  90.  
  91. BIOS_VENDOR: Phoenix Technologies LTD
  92.  
  93. BIOS_VERSION: 6.00
  94.  
  95. BIOS_DATE: 09/19/2018
  96.  
  97. BASEBOARD_MANUFACTURER: Intel Corporation
  98.  
  99. BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
  100.  
  101. BASEBOARD_VERSION: None
  102.  
  103. DUMP_TYPE: 1
  104.  
  105. BUGCHECK_P1: 0
  106.  
  107. BUGCHECK_P2: 2
  108.  
  109. BUGCHECK_P3: 0
  110.  
  111. BUGCHECK_P4: fffff80179d3ba44
  112.  
  113. READ_ADDRESS: 0000000000000000
  114.  
  115. CURRENT_IRQL: 2
  116.  
  117. FAULTING_IP:
  118. nt!MmChangeSectionBackingFile+15c
  119. fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax]
  120.  
  121. CPU_COUNT: 4
  122.  
  123. CPU_MHZ: 898
  124.  
  125. CPU_VENDOR: GenuineIntel
  126.  
  127. CPU_FAMILY: 6
  128.  
  129. CPU_MODEL: 4f
  130.  
  131. CPU_STEPPING: 1
  132.  
  133. CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B000033'00000000 (cache) B000033'00000000 (init)
  134.  
  135. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  136.  
  137. BUGCHECK_STR: AV
  138.  
  139. PROCESS_NAME: explorer.exe
  140.  
  141. ANALYSIS_SESSION_HOST: REMWS0391
  142.  
  143. ANALYSIS_SESSION_TIME: 03-14-2019 21:28:13.0876
  144.  
  145. ANALYSIS_VERSION: 10.0.17763.132 x86fre
  146.  
  147. TRAP_FRAME: ffffd000dad5bf00 -- (.trap 0xffffd000dad5bf00)
  148. NOTE: The trap frame does not contain all registers.
  149. Some register values may be zeroed or incorrect.
  150. rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
  151. rdx=ffffe001a2b078f0 rsi=0000000000000000 rdi=0000000000000000
  152. rip=fffff80179d3ba44 rsp=ffffd000dad5c090 rbp=ffffe001a2b078f0
  153. r8=0000000000000001 r9=0000000000000000 r10=fffff800621a7800
  154. r11=fffff800621820d3 r12=0000000000000000 r13=0000000000000000
  155. r14=0000000000000000 r15=0000000000000000
  156. iopl=0 nv up ei pl nz na pe nc
  157. nt!MmChangeSectionBackingFile+0x15c:
  158. fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax] ds:00000000`00000000=????????????????
  159. Resetting default scope
  160.  
  161. LAST_CONTROL_TRANSFER: from fffff80179dca529 to fffff80179dba2a0
  162.  
  163. STACK_TEXT:
  164. ffffd000`dad5bdb8 fffff801`79dca529 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  165. ffffd000`dad5bdc0 fffff801`79dc7a62 : 00000000`72447244 00000000`00000005 ffffc000`587c5400 00000000`00000000 : nt!KiBugCheckDispatch+0x69
  166. ffffd000`dad5bf00 fffff801`79d3ba44 : ffffe001`a0d0b080 ffffd000`d4dc2180 ffffe001`a38471c8 00000000`00000000 : nt!KiPageFault+0x422
  167. ffffd000`dad5c090 fffff800`621b4b73 : ffffe001`a3847010 ffffe001`a39d1cf0 00000000`00000000 00000000`fffffffe : nt!MmChangeSectionBackingFile+0x15c
  168. ffffd000`dad5c0d0 fffff800`621c52bf : ffffc000`59df3a60 ffffe001`a0d0b101 00000000`0000ec22 ffffd000`dad5c648 : rdbss!__RxAcquireFcb+0x1f3
  169. ffffd000`dad5c150 fffff800`62182cea : ffffe001`a3847010 ffffe001`a39d1cf0 ffffc000`59df3a60 ffffc000`59c50498 : rdbss!RxCommonQueryInformation+0x19b
  170. ffffd000`dad5c1e0 fffff800`621b328d : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`a37b7e50 : rdbss!RxFsdCommonDispatch+0x4fa
  171. ffffd000`dad5c360 fffff800`629be175 : ffffc000`5be78060 00000000`00000000 fffff800`629ba010 ffffe001`a27a10a0 : rdbss!RxFsdDispatch+0xed
  172. ffffd000`dad5c3d0 fffff800`61b114c5 : ffffe001`a3ac1dd0 ffffd000`dad5c590 ffffe001`a39d1cf0 ffffe001`a393a620 : rdpdr!DrPeekDispatch+0x175
  173. ffffd000`dad5c480 fffff800`61b116a2 : ffffc000`479e23b0 fffff800`61b08000 00000000`00000002 00000000`00000000 : mup!MupiCallUncProvider+0x1b5
  174. ffffd000`dad5c4f0 fffff800`61b11283 : 00000000`00000000 ffffe001`9e7e9a10 ffffe001`a39d1cf0 ffffd000`dad5c598 : mup!MupStateMachine+0xd2
  175. ffffd000`dad5c530 fffff800`61304101 : ffffe001`9e7e9540 ffffe001`a3ac1dd0 ffffd000`dad5c670 ffffffff`ffffffff : mup!MupFsdIrpPassThrough+0x93
  176. ffffd000`dad5c590 fffff801`7a009dc6 : ffffe001`a39d1cf0 ffffd000`dad5ca58 fffff800`61307ff0 00000000`00000004 : fltmgr!FltpDispatch+0xf1
  177. ffffd000`dad5c5f0 fffff801`7a007378 : 00000000`00000000 00000000`00000000 ffffd000`dad5ca58 00000000`00000000 : nt!FsRtlGetFileSize+0x152
  178. ffffd000`dad5c6a0 fffff801`7a0079b0 : ffffd000`dad5ca58 ffffd000`dad5c750 ffffd000`dad5c7c9 00000000`08000000 : nt!MiCreateDataFileMap+0x280
  179. ffffd000`dad5c700 fffff801`7a046adc : ffffe001`a3981ce0 ffffd000`dad5c900 ffffd000`dad5ca58 00000000`00000000 : nt!MiCreateNewSection+0x70
  180. ffffd000`dad5c810 fffff801`7a0459ac : ffffd000`dad5ca60 00000000`00000000 00000000`00000002 ffffd000`dad5ca58 : nt!MiCreateSection+0x7ec
  181. ffffd000`dad5ca00 fffff801`79dca1a3 : ffffe001`a0d0b080 00000000`028d9288 ffffd000`dad5caa8 00000000`00000001 : nt!NtCreateSection+0x19c
  182. ffffd000`dad5ca90 00007ffd`dc0b0bfa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  183. 00000000`028d9268 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`dc0b0bfa
  184.  
  185.  
  186. THREAD_SHA1_HASH_MOD_FUNC: d231865e9785a8bae9e7b6bd805ba481aeeecd6d
  187.  
  188. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ccaa07aebe20d159b3c2db6225f753363eef6657
  189.  
  190. THREAD_SHA1_HASH_MOD: 47586dcb5bf205dccadc8dff9214f5666e8a31fb
  191.  
  192. FOLLOWUP_IP:
  193. rdbss!__RxAcquireFcb+1f3
  194. fffff800`621b4b73 4c8b159624ffff mov r10,qword ptr [rdbss!WPP_GLOBAL_Control (fffff800`621a7010)]
  195.  
  196. FAULT_INSTR_CODE: 96158b4c
  197.  
  198. SYMBOL_STACK_INDEX: 4
  199.  
  200. SYMBOL_NAME: rdbss!__RxAcquireFcb+1f3
  201.  
  202. FOLLOWUP_NAME: MachineOwner
  203.  
  204. MODULE_NAME: rdbss
  205.  
  206. IMAGE_NAME: rdbss.sys
  207.  
  208. DEBUG_FLR_IMAGE_TIMESTAMP: 5a4b1af3
  209.  
  210. STACK_COMMAND: .thread ; .cxr ; kb
  211.  
  212. BUCKET_ID_FUNC_OFFSET: 1f3
  213.  
  214. FAILURE_BUCKET_ID: AV_rdbss!__RxAcquireFcb
  215.  
  216. BUCKET_ID: AV_rdbss!__RxAcquireFcb
  217.  
  218. PRIMARY_PROBLEM_CLASS: AV_rdbss!__RxAcquireFcb
  219.  
  220. TARGET_TIME: 2019-03-14T12:12:38.000Z
  221.  
  222. OSBUILD: 9600
  223.  
  224. OSSERVICEPACK: 0
  225.  
  226. SERVICEPACK_NUMBER: 0
  227.  
  228. OS_REVISION: 0
  229.  
  230. SUITE_MASK: 144
  231.  
  232. PRODUCT_TYPE: 3
  233.  
  234. OSPLATFORM_TYPE: x64
  235.  
  236. OSNAME: Windows 8.1
  237.  
  238. OSEDITION: Windows 8.1 Server TerminalServer DataCenter
  239.  
  240. OS_LOCALE:
  241.  
  242. USER_LCID: 0
  243.  
  244. OSBUILD_TIMESTAMP: 2019-03-06 04:42:45
  245.  
  246. BUILDDATESTAMP_STR: 190305-1818
  247.  
  248. BUILDLAB_STR: winblue_ltsb_escrow
  249.  
  250. BUILDOSVER_STR: 6.3.9600.19304.amd64fre.winblue_ltsb_escrow.190305-1818
  251.  
  252. ANALYSIS_SESSION_ELAPSED_TIME: 772
  253.  
  254. ANALYSIS_SOURCE: KM
  255.  
  256. FAILURE_ID_HASH_STRING: km:av_rdbss!__rxacquirefcb
  257.  
  258. FAILURE_ID_HASH: {07a1135f-76ee-d744-8cf0-c1511e5ef950}
  259.  
  260. Followup: MachineOwner
  261. ---------
  262.  
  263. 2: kd> .trap 0xffffd000dad5bf00
  264. NOTE: The trap frame does not contain all registers.
  265. Some register values may be zeroed or incorrect.
  266. rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
  267. rdx=ffffe001a2b078f0 rsi=0000000000000000 rdi=0000000000000000
  268. rip=fffff80179d3ba44 rsp=ffffd000dad5c090 rbp=ffffe001a2b078f0
  269. r8=0000000000000001 r9=0000000000000000 r10=fffff800621a7800
  270. r11=fffff800621820d3 r12=0000000000000000 r13=0000000000000000
  271. r14=0000000000000000 r15=0000000000000000
  272. iopl=0 nv up ei pl nz na pe nc
  273. nt!MmChangeSectionBackingFile+0x15c:
  274. fffff801`79d3ba44 488b18 mov rbx,qword ptr [rax] ds:00000000`00000000=????????????????
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement