Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\famouz\051617-23812-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.351.amd64fre.rs1_release_inmarket.161014-1755
- Machine Name:
- Kernel base = 0xfffff800`63678000 PsLoadedModuleList = 0xfffff800`6397cfc0
- Debug session time: Tue May 16 11:21:36.535 2017 (UTC - 4:00)
- System Uptime: 0 days 0:18:43.341
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ................................................................
- .......
- Loading User Symbols
- Loading unloaded module list
- ...............
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {28, 2, 0, fffff800637fe843}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- ---------
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000028, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff800637fe843, address which referenced memory
- Debugging Details:
- ------------------
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.351 (rs1_release_inmarket.161014-1755)
- SYSTEM_MANUFACTURER: ASUSTeK COMPUTER INC.
- SYSTEM_PRODUCT_NAME: GL553VD
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: GL553VD.300
- BIOS_DATE: 12/16/2016
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: GL553VD
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: 28
- BUGCHECK_P2: 2
- BUGCHECK_P3: 0
- BUGCHECK_P4: fffff800637fe843
- READ_ADDRESS: 0000000000000028
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt! ?? ::FNODOBFM::`string'+2cfa3
- fffff800`637fe843 488b4628 mov rax,qword ptr [rsi+28h]
- CPU_COUNT: 4
- CPU_MHZ: 9c0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: L2.exe
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-18-2017 10:26:41.0574
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: ffff8f007ecdc100 -- (.trap 0xffff8f007ecdc100)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffe98000000028 rbx=0000000000000000 rcx=0000000000000000
- rdx=ffffe98000000028 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff800637fe843 rsp=ffff8f007ecdc290 rbp=0000000000000000
- r8=ffffb78e6de88460 r9=0000000000000001 r10=0000000fffffffff
- r11=ffffe98000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt! ?? ::FNODOBFM::`string'+0x2cfa3:
- fffff800`637fe843 488b4628 mov rax,qword ptr [rsi+28h] ds:00000000`00000028=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff800637cd529 to fffff800637c23b0
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80063785d0e - nt!MiPurgeZeroList+6e
- [ fa:e9 ]
- fffff800637fe02b - nt! ?? ::FNODOBFM::`string'+2c78b (+0x7831d)
- [ fa:e9 ]
- fffff800637fe0e0 - nt! ?? ::FNODOBFM::`string'+2c840 (+0xb5)
- [ fa:e9 ]
- fffff800637fe12e - nt! ?? ::FNODOBFM::`string'+2c88e (+0x4e)
- [ fa:e9 ]
- fffff800637fe534-fffff800637fe536 3 bytes - nt! ?? ::FNODOBFM::`string'+2cc94 (+0x406)
- [ 40 fb f6:c0 eb d7 ]
- fffff800637fe562 - nt! ?? ::FNODOBFM::`string'+2ccc2 (+0x2e)
- [ fa:e9 ]
- fffff800637fe58c-fffff800637fe58e 3 bytes - nt! ?? ::FNODOBFM::`string'+2ccec (+0x2a)
- [ 40 fb f6:c0 eb d7 ]
- fffff800637fe5ba - nt! ?? ::FNODOBFM::`string'+2cd1a (+0x2e)
- [ fa:e9 ]
- fffff800637fe91d - nt! ?? ::FNODOBFM::`string'+2d07d (+0x363)
- [ fa:e9 ]
- fffff800637fe931 - nt! ?? ::FNODOBFM::`string'+2d091 (+0x14)
- [ fa:e9 ]
- fffff800637fea0a - nt! ?? ::FNODOBFM::`string'+2d16a (+0xd9)
- [ fa:e9 ]
- fffff800637fea14 - nt! ?? ::FNODOBFM::`string'+2d174 (+0x0a)
- [ fa:e9 ]
- fffff800637fef77-fffff800637fef79 3 bytes - nt! ?? ::FNODOBFM::`string'+2d6d7 (+0x563)
- [ 40 fb f6:c0 eb d7 ]
- fffff800637fefd5 - nt! ?? ::FNODOBFM::`string'+2d735 (+0x5e)
- [ fa:e9 ]
- fffff800638c4387-fffff800638c4389 3 bytes - nt!ExFreePoolWithTag+387
- [ 40 fb f6:c0 eb d7 ]
- 23 errors : !nt (fffff80063785d0e-fffff800638c4389)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-16T15:21:36.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 351
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2016-10-14 23:38:38
- BUILDDATESTAMP_STR: 161014-1755
- BUILDLAB_STR: rs1_release_inmarket
- BUILDOSVER_STR: 10.0.14393.351
- ANALYSIS_SESSION_ELAPSED_TIME: 21ab
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ---------
- ===========================================================================================
- ===========================================================================================
- ===========================================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\famouz\051617-24453-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.351.amd64fre.rs1_release_inmarket.161014-1755
- Machine Name:
- Kernel base = 0xfffff803`8e20e000 PsLoadedModuleList = 0xfffff803`8e512fc0
- Debug session time: Tue May 16 10:25:57.640 2017 (UTC - 4:00)
- System Uptime: 0 days 0:50:28.432
- Loading Kernel Symbols
- .
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- ..............................................................
- ................................................................
- ................................................................
- .......
- Loading User Symbols
- Loading unloaded module list
- ...................
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {28, 2, 0, fffff8038e394843}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- ---------
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\famouz\051617-24453-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.351.amd64fre.rs1_release_inmarket.161014-1755
- Machine Name:
- Kernel base = 0xfffff803`8e20e000 PsLoadedModuleList = 0xfffff803`8e512fc0
- Debug session time: Tue May 16 10:25:57.640 2017 (UTC - 4:00)
- System Uptime: 0 days 0:50:28.432
- Loading Kernel Symbols
- .
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- ..............................................................
- ................................................................
- ................................................................
- .......
- Loading User Symbols
- Loading unloaded module list
- ...................
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {28, 2, 0, fffff8038e394843}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- ---------
- ===========================================================================================
- ===========================================================================================
- ===========================================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\famouz\051617-25828-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.351.amd64fre.rs1_release_inmarket.161014-1755
- Machine Name:
- Kernel base = 0xfffff802`69e07000 PsLoadedModuleList = 0xfffff802`6a10bfc0
- Debug session time: Tue May 16 05:25:37.972 2017 (UTC - 4:00)
- System Uptime: 0 days 0:51:49.765
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ................................................................
- .......
- Loading User Symbols
- Loading unloaded module list
- ..............
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {28, 2, 0, fffff80269f8d843}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- ---------
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000028, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff80269f8d843, address which referenced memory
- Debugging Details:
- ------------------
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.351 (rs1_release_inmarket.161014-1755)
- SYSTEM_MANUFACTURER: ASUSTeK COMPUTER INC.
- SYSTEM_PRODUCT_NAME: GL553VD
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: GL553VD.300
- BIOS_DATE: 12/16/2016
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: GL553VD
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: 28
- BUGCHECK_P2: 2
- BUGCHECK_P3: 0
- BUGCHECK_P4: fffff80269f8d843
- READ_ADDRESS: 0000000000000028
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt! ?? ::FNODOBFM::`string'+2cfa3
- fffff802`69f8d843 488b4628 mov rax,qword ptr [rsi+28h]
- CPU_COUNT: 4
- CPU_MHZ: 9c0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: L2.exe
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-18-2017 10:34:42.0581
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: ffff8c814df32100 -- (.trap 0xffff8c814df32100)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffb18000000028 rbx=0000000000000000 rcx=0000000000000000
- rdx=ffffb18000000028 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80269f8d843 rsp=ffff8c814df32290 rbp=0000000000000000
- r8=ffffd40884a950a0 r9=0000000000000001 r10=0000000fffffffff
- r11=ffffb18000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt! ?? ::FNODOBFM::`string'+0x2cfa3:
- fffff802`69f8d843 488b4628 mov rax,qword ptr [rsi+28h] ds:00000000`00000028=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80269f5c529 to fffff80269f513b0
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80269e7695a - nt!MmIsSpecialPoolAddress+e
- [ f6:80 ]
- fffff80269e769c9 - nt!MmIsSpecialPoolAddress+7d (+0x6f)
- [ f6:80 ]
- fffff80269f14d0e - nt!MiPurgeZeroList+6e (+0x9e345)
- [ fa:b1 ]
- fffff80269f8d02b - nt! ?? ::FNODOBFM::`string'+2c78b (+0x7831d)
- [ fa:b1 ]
- fffff80269f8d0e0 - nt! ?? ::FNODOBFM::`string'+2c840 (+0xb5)
- [ fa:b1 ]
- fffff80269f8d12e - nt! ?? ::FNODOBFM::`string'+2c88e (+0x4e)
- [ fa:b1 ]
- fffff80269f8d535-fffff80269f8d536 2 bytes - nt! ?? ::FNODOBFM::`string'+2cc95 (+0x407)
- [ fb f6:c0 80 ]
- fffff80269f8d562 - nt! ?? ::FNODOBFM::`string'+2ccc2 (+0x2d)
- [ fa:b1 ]
- fffff80269f8d58d-fffff80269f8d58e 2 bytes - nt! ?? ::FNODOBFM::`string'+2cced (+0x2b)
- [ fb f6:c0 80 ]
- fffff80269f8d5ba - nt! ?? ::FNODOBFM::`string'+2cd1a (+0x2d)
- [ fa:b1 ]
- fffff80269f8d91d - nt! ?? ::FNODOBFM::`string'+2d07d (+0x363)
- [ fa:b1 ]
- fffff80269f8d931 - nt! ?? ::FNODOBFM::`string'+2d091 (+0x14)
- [ fa:b1 ]
- fffff80269f8da0a - nt! ?? ::FNODOBFM::`string'+2d16a (+0xd9)
- [ fa:b1 ]
- fffff80269f8da14 - nt! ?? ::FNODOBFM::`string'+2d174 (+0x0a)
- [ fa:b1 ]
- fffff80269f8df78-fffff80269f8df79 2 bytes - nt! ?? ::FNODOBFM::`string'+2d6d8 (+0x564)
- [ fb f6:c0 80 ]
- fffff80269f8dfd5 - nt! ?? ::FNODOBFM::`string'+2d735 (+0x5d)
- [ fa:b1 ]
- 19 errors : !nt (fffff80269e7695a-fffff80269f8dfd5)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-16T09:25:37.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 351
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2016-10-14 23:38:38
- BUILDDATESTAMP_STR: 161014-1755
- BUILDLAB_STR: rs1_release_inmarket
- BUILDOSVER_STR: 10.0.14393.351
- ANALYSIS_SESSION_ELAPSED_TIME: 1983
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ---------
- ===========================================================================================
- ===========================================================================================
- ===========================================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\famouz\051617-32500-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.351.amd64fre.rs1_release_inmarket.161014-1755
- Machine Name:
- Kernel base = 0xfffff802`7588e000 PsLoadedModuleList = 0xfffff802`75b92fc0
- Debug session time: Tue May 16 09:34:13.457 2017 (UTC - 4:00)
- System Uptime: 0 days 2:06:34.255
- Loading Kernel Symbols
- .
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- ..............................................................
- ................................................................
- ................................................................
- .......
- Loading User Symbols
- Loading unloaded module list
- ..........
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {28, 2, 0, fffff80275a14843}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- ---------
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000028, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff80275a14843, address which referenced memory
- Debugging Details:
- ------------------
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.351 (rs1_release_inmarket.161014-1755)
- SYSTEM_MANUFACTURER: ASUSTeK COMPUTER INC.
- SYSTEM_PRODUCT_NAME: GL553VD
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: GL553VD.300
- BIOS_DATE: 12/16/2016
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: GL553VD
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: 28
- BUGCHECK_P2: 2
- BUGCHECK_P3: 0
- BUGCHECK_P4: fffff80275a14843
- READ_ADDRESS: 0000000000000028
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt! ?? ::FNODOBFM::`string'+2cfa3
- fffff802`75a14843 488b4628 mov rax,qword ptr [rsi+28h]
- CPU_COUNT: 4
- CPU_MHZ: 9c0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: L2.exe
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-18-2017 10:37:26.0909
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: ffffa70112db2100 -- (.trap 0xffffa70112db2100)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffff890000000028 rbx=0000000000000000 rcx=0000000000000000
- rdx=ffff890000000028 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80275a14843 rsp=ffffa70112db2290 rbp=0000000000000000
- r8=ffffd00454a95990 r9=0000000000000001 r10=0000000fffffffff
- r11=ffff890000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt! ?? ::FNODOBFM::`string'+0x2cfa3:
- fffff802`75a14843 488b4628 mov rax,qword ptr [rsi+28h] ds:00000000`00000028=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff802759e3529 to fffff802759d83b0
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8027599bd0d-fffff8027599bd0e 2 bytes - nt!MiPurgeZeroList+6d
- [ 80 fa:00 89 ]
- fffff80275a1402a-fffff80275a1402b 2 bytes - nt! ?? ::FNODOBFM::`string'+2c78a (+0x7831d)
- [ 80 fa:00 89 ]
- fffff80275a140df-fffff80275a140e0 2 bytes - nt! ?? ::FNODOBFM::`string'+2c83f (+0xb5)
- [ 80 fa:00 89 ]
- fffff80275a1412d-fffff80275a1412e 2 bytes - nt! ?? ::FNODOBFM::`string'+2c88d (+0x4e)
- [ 80 fa:00 89 ]
- fffff80275a14534-fffff80275a14536 3 bytes - nt! ?? ::FNODOBFM::`string'+2cc94 (+0x407)
- [ 40 fb f6:80 5d bb ]
- fffff80275a14561-fffff80275a14562 2 bytes - nt! ?? ::FNODOBFM::`string'+2ccc1 (+0x2d)
- [ 80 fa:00 89 ]
- fffff80275a1458c-fffff80275a1458e 3 bytes - nt! ?? ::FNODOBFM::`string'+2ccec (+0x2b)
- [ 40 fb f6:80 5d bb ]
- fffff80275a145b9-fffff80275a145ba 2 bytes - nt! ?? ::FNODOBFM::`string'+2cd19 (+0x2d)
- [ 80 fa:00 89 ]
- fffff80275a1491c-fffff80275a1491d 2 bytes - nt! ?? ::FNODOBFM::`string'+2d07c (+0x363)
- [ 80 fa:00 89 ]
- fffff80275a14930-fffff80275a14931 2 bytes - nt! ?? ::FNODOBFM::`string'+2d090 (+0x14)
- [ 80 fa:00 89 ]
- fffff80275a14a09-fffff80275a14a0a 2 bytes - nt! ?? ::FNODOBFM::`string'+2d169 (+0xd9)
- [ 80 fa:00 89 ]
- fffff80275a14a13-fffff80275a14a14 2 bytes - nt! ?? ::FNODOBFM::`string'+2d173 (+0x0a)
- [ 80 fa:00 89 ]
- fffff80275a14f77-fffff80275a14f79 3 bytes - nt! ?? ::FNODOBFM::`string'+2d6d7 (+0x564)
- [ 40 fb f6:80 5d bb ]
- fffff80275a14fd4-fffff80275a14fd5 2 bytes - nt! ?? ::FNODOBFM::`string'+2d734 (+0x5d)
- [ 80 fa:00 89 ]
- fffff80275ada387-fffff80275ada389 3 bytes - nt!ExFreePoolWithTag+387
- [ 40 fb f6:80 5d bb ]
- 34 errors : !nt (fffff8027599bd0d-fffff80275ada389)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-16T13:34:13.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 351
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2016-10-14 23:38:38
- BUILDDATESTAMP_STR: 161014-1755
- BUILDLAB_STR: rs1_release_inmarket
- BUILDOSVER_STR: 10.0.14393.351
- ANALYSIS_SESSION_ELAPSED_TIME: 2190
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement