Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- kd> !analyze -v
- Connected to Windows 10 18362 x64 target at (Sun Oct 31 13:02:30.612 2021 (UTC - 4:00)), ptr64 TRUE
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- .........................................................
- Loading User Symbols
- .................................
- Loading unloaded module list
- ......
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: fffff80700000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
- Arg4: fffff80700000000, address which referenced memory
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- Key : Analysis.CPU.mSec
- Value: 4531
- Key : Analysis.DebugAnalysisManager
- Value: Create
- Key : Analysis.Elapsed.mSec
- Value: 24413
- Key : Analysis.Init.CPU.mSec
- Value: 3421
- Key : Analysis.Init.Elapsed.mSec
- Value: 172576
- Key : Analysis.Memory.CommitPeak.Mb
- Value: 70
- Key : WER.OS.Branch
- Value: 19h1_release
- Key : WER.OS.Timestamp
- Value: 2019-03-18T12:02:00Z
- Key : WER.OS.Version
- Value: 10.0.18362.1
- BUGCHECK_CODE: d1
- BUGCHECK_P1: fffff80700000000
- BUGCHECK_P2: 2
- BUGCHECK_P3: 8
- BUGCHECK_P4: fffff80700000000
- READ_ADDRESS: fffff80700000000
- PROCESS_NAME: hyperdbg-cli.exe
- DPC_STACK_BASE: FFFFF8074286BFB0
- TRAP_FRAME: fffff8073c08a4f0 -- (.trap 0xfffff8073c08a4f0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=03b900000001ba00 rsp=e9c000000d342444 rbp=3d0d8d4c20244489
- r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up di pl nz ac pe cy
- 03b90000`0001ba00 ?? ???
- Resetting default scope
- BAD_STACK_POINTER: e9c000000d342444
- FAILED_INSTRUCTION_ADDRESS:
- +0
- fffff807`00000000 ?? ???
- STACK_TEXT:
- fffff807`4286b1b8 fffff807`3d0a6492 : fffff807`00000000 00000000`00000003 fffff807`4286b320 fffff807`3cf24f20 : nt!DbgBreakPointWithStatus
- fffff807`4286b1c0 fffff807`3d0a5b82 : 00000000`00000003 fffff807`4286b320 fffff807`3cfd0ce0 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12
- fffff807`4286b220 fffff807`3cfbc917 : ffffda8f`08402280 00000029`000f0000 fffff807`3b07bf80 fffff807`3ce36b33 : nt!KeBugCheck2+0x952
- fffff807`4286b920 fffff807`3cfce469 : 00000000`0000000a fffff807`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx+0x107
- fffff807`4286b960 fffff807`3cfca7a5 : 00000000`00000000 00000000`00000000 ffffda8f`09094970 ffffda8f`098135aa : nt!KiBugCheckDispatch+0x69
- fffff807`4286baa0 fffff807`00000000 : fffff807`3cec1185 fffff807`3b079180 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x465
- fffff807`4286bc38 fffff807`3cec1185 : fffff807`3b079180 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff807`00000000
- fffff807`4286bc40 fffff807`3cec07df : 00000000`00000004 00000000`00989680 fffff807`4286be80 00000000`000000dd : nt!KiExecuteAllDpcs+0x305
- fffff807`4286bd80 fffff807`3cfc3755 : 00000000`00000000 fffff807`3b079180 fffff807`3d920cf0 ffffda8f`0de2d930 : nt!KiRetireDpcList+0x1ef
- fffff807`4286bfb0 fffff807`3cfc3540 : 00000000`00000050 fffff807`3cfc2df1 00000000`01000010 00000000`00000282 : nt!KxRetireDpcList+0x5
- ffffc58f`170994b0 fffff807`3cfc2e05 : ffffda8f`0de2d930 fffff807`3cfbe831 ffffda8f`0c7fbc30 ffffc58f`17099570 : nt!KiDispatchInterruptContinue
- ffffc58f`170994e0 fffff807`3cfbe831 : ffffda8f`0c7fbc30 ffffc58f`17099570 fffff807`3d920cf0 00000000`00000000 : nt!KiDpcInterruptBypass+0x25
- ffffc58f`170994f0 fffff807`3c071315 : 00000000`00000000 00000000`00000000 fffff807`3c08a4f0 00000000`00040246 : nt!KiInterruptDispatchNoLockNoEtw+0xb1
- ffffc58f`17099688 00000000`00000000 : 00000000`00000000 fffff807`3c08a4f0 00000000`00040246 fffff807`3c08337b : hprdbghv!AsmVmxVmcall+0x25 [C:\Users\surge\Desktop\Tools\HyperDbg\hyperdbg\hprdbghv\code\assembly\AsmVmxOperation.asm @ 34]
- SYMBOL_NAME: nt!KiPageFault+465
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 465
- FAILURE_BUCKET_ID: AV_CODE_AV_STACKPTR_ERROR_BAD_IP_nt!KiPageFault
- OS_VERSION: 10.0.18362.1
- BUILDLAB_STR: 19h1_release
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- FAILURE_ID_HASH: {34f9cbc0-1550-7c88-9b48-00dd756e07ce}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement