umut karaman
Megapat
- Katılım
- 15 Eylül 2015
- Mesajlar
- 10
- Çözümler
- 1
Daha fazla
- Cinsiyet
- Erkek
Merhaba oluşan dump dosyası aşağıdaki gibidir.
Yorumlarsanız sevinirim
Yorumlarsanız sevinirim
Kod:
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 43
Microsoft (R) Windows Debugger Version 10.0.27793.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Downloads\Minidump\Minidump\041025-4640-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff804`1c600000 PsLoadedModuleList = 0xfffff804`1d22a350
Debug session time: Thu Apr 10 02:02:12.872 2025 (UTC + 3:00)
System Uptime: 0 days 3:05:36.505
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`002b3018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff804`1c9fdf30 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8000`7b68dd30=000000000000007f
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
BugCheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffff80007b68de70
Arg3: 00000000d67ae5e0
Arg4: ffffc75808d631a9
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 609
Key : Analysis.Elapsed.mSec
Value: 3055
Key : Analysis.IO.Other.Mb
Value: 12
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 26
Key : Analysis.Init.CPU.mSec
Value: 609
Key : Analysis.Init.Elapsed.mSec
Value: 73957
Key : Analysis.Memory.CommitPeak.Mb
Value: 90
Key : Analysis.Version.DbgEng
Value: 10.0.27793.1000
Key : Analysis.Version.Description
Value: 10.2410.02.02 amd64fre
Key : Analysis.Version.Ext
Value: 1.2410.2.2
Key : Bugcheck.Code.LegacyAPI
Value: 0x7f
Key : Bugcheck.Code.TargetModel
Value: 0x7f
Key : Failure.Bucket
Value: 0x7f_8_win32kfull!GreExtTextOutWLocked
Key : Failure.Hash
Value: {71af8956-5f9d-bf33-b3ca-4f90ca3eb2f9}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 7f
BUGCHECK_P1: 8
BUGCHECK_P2: ffff80007b68de70
BUGCHECK_P3: d67ae5e0
BUGCHECK_P4: ffffc75808d631a9
FILE_IN_CAB: 041025-4640-01.dmp
FAULTING_THREAD: ffffcf8dbe2ef080
TRAP_FRAME: ffff80007b68de70 -- (.trap 0xffff80007b68de70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffc602d71aebb0
rdx=ffffc72900615054 rsi=0000000000000000 rdi=0000000000000000
rip=ffffc75808d631a9 rsp=00000000d67ae5e0 rbp=ffffc602d67ae6f0
r8=00000000000000c5 r9=ffffc602d67aeee0 r10=0000000000000000
r11=ffffc602d67ae2b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32kfull!GreExtTextOutWLocked+0x479:
ffffc758`08d631a9 4889442430 mov qword ptr [rsp+30h],rax ss:0018:00000000`d67ae610=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: TriaPcPOS.exe
STACK_TEXT:
ffff8000`7b68dd28 fffff804`1ca127a9 : 00000000`0000007f 00000000`00000008 ffff8000`7b68de70 00000000`d67ae5e0 : nt!KeBugCheckEx
ffff8000`7b68dd30 fffff804`1ca0cc52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff8000`7b68de70 ffffc758`08d631a9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2d2
00000000`d67ae5e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32kfull!GreExtTextOutWLocked+0x479
SYMBOL_NAME: win32kfull!GreExtTextOutWLocked+479
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
IMAGE_VERSION: 10.0.19041.5737
STACK_COMMAND: .process /r /p 0xffffcf8dbf9c0300; .thread 0xffffcf8dbe2ef080 ; kb
BUCKET_ID_FUNC_OFFSET: 479
FAILURE_BUCKET_ID: 0x7f_8_win32kfull!GreExtTextOutWLocked
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {71af8956-5f9d-bf33-b3ca-4f90ca3eb2f9}
Followup: MachineOwner
---------
2: kd> lmvm win32kfull
Browse full module list
start end module name
ffffc758`08ce0000 ffffc758`09094000 win32kfull (pdb symbols) C:\ProgramData\Dbg\sym\win32kfull.pdb\91EE40FD62C9DAEF7EF8D9C763860DE51\win32kfull.pdb
Loaded symbol image file: win32kfull.sys
Mapped memory image file: C:\ProgramData\Dbg\sym\win32kfull.sys\9E98247F3b4000\win32kfull.sys
Image path: \SystemRoot\System32\win32kfull.sys
Image name: win32kfull.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 9E98247F (This is a reproducible build file hash, not a timestamp)
CheckSum: 003A9F42
ImageSize: 003B4000
File version: 10.0.19041.5737
Product version: 10.0.19041.5737
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32kfull.sys
OriginalFilename: win32kfull.sys
ProductVersion: 10.0.19041.5737
FileVersion: 10.0.19041.5737 (WinBuild.160101.0800)
FileDescription: Full/Desktop Win32k Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
2: kd> lmDv
start end module name
ffffc758`08a00000 ffffc758`08cd7000 win32kbase T (no symbols)
Loaded symbol image file: win32kbase.sys
Image path: \SystemRoot\System32\win32kbase.sys
Image name: win32kbase.sys
Browse all global symbols functions data Symbol Reload
Timestamp: ***** Invalid (B5BF63EA)
CheckSum: 002CF6CB
ImageSize: 002D7000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
ffffc758`08ce0000 ffffc758`09094000 win32kfull (pdb symbols) C:\ProgramData\Dbg\sym\win32kfull.pdb\91EE40FD62C9DAEF7EF8D9C763860DE51\win32kfull.pdb
Loaded symbol image file: win32kfull.sys
Mapped memory image file: C:\ProgramData\Dbg\sym\win32kfull.sys\9E98247F3b4000\win32kfull.sys
Image path: \SystemRoot\System32\win32kfull.sys
Image name: win32kfull.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 9E98247F (This is a reproducible build file hash, not a timestamp)
CheckSum: 003A9F42
ImageSize: 003B4000
File version: 10.0.19041.5737
Product version: 10.0.19041.5737
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32kfull.sys
OriginalFilename: win32kfull.sys
ProductVersion: 10.0.19041.5737
FileVersion: 10.0.19041.5737 (WinBuild.160101.0800)
FileDescription: Full/Desktop Win32k Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ffffc758`090a0000 ffffc758`090e9000 cdd (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\cdd.dll\24CC8D6A49000\cdd.dll
Image path: \SystemRoot\System32\cdd.dll
Image name: cdd.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 24CC8D6A (This is a reproducible build file hash, not a timestamp)
CheckSum: 00042CFB
ImageSize: 00049000
File version: 10.0.19041.5678
Product version: 10.0.19041.5678
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cdd.dll
OriginalFilename: cdd.dll
ProductVersion: 10.0.19041.5678
FileVersion: 10.0.19041.5678 (WinBuild.160101.0800)
FileDescription: Canonical Display Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ffffc758`09880000 ffffc758`0991b000 win32k (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\win32k.sys\5FE1BAE19b000\win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 5FE1BAE1 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000A0191
ImageSize: 0009B000
File version: 10.0.19041.5728
Product version: 10.0.19041.5728
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 10.0.19041.5728
FileVersion: 10.0.19041.5728 (WinBuild.160101.0800)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1ae50000 fffff804`1b0df000 mcupdate_GenuineIntel (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\mcupdate_GenuineIntel.dll\9FB1DE4628f000\mcupdate_GenuineIntel.dll
Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
Image name: mcupdate_GenuineIntel.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 9FB1DE46 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0028C60B
ImageSize: 0028F000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.A Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mcupdate.dll
OriginalFilename: mcupdate_GenuineIntel.dll
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: Intel Microcode Update Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b0e0000 fffff804`1b0e6000 hal (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\hal.dll\1A7BE8E96000\hal.dll
Image path: hal.dll
Image name: hal.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 1A7BE8E9 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0000F67D
ImageSize: 00006000
File version: 10.0.19041.5000
Product version: 10.0.19041.5000
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hal.dll
OriginalFilename: hal.dll
ProductVersion: 10.0.19041.5000
FileVersion: 10.0.19041.5000 (WinBuild.160101.0800)
FileDescription: Hardware Abstraction Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b0f0000 fffff804`1b0fb000 kd (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\kd.dll\FE185FA8b000\kd.dll
Image path: \SystemRoot\system32\kd.dll
Image name: kd.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: FE185FA8 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00004EF6
ImageSize: 0000B000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.A Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: kd.dll
OriginalFilename: kd.dll
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: Local Kernel Debugger
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b100000 fffff804`1b128000 tm (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\tm.sys\7B64427D28000\tm.sys
Image path: \SystemRoot\System32\drivers\tm.sys
Image name: tm.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 7B64427D (This is a reproducible build file hash, not a timestamp)
CheckSum: 0002FB51
ImageSize: 00028000
File version: 10.0.19041.5723
Product version: 10.0.19041.5723
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tm.sys
OriginalFilename: tm.sys
ProductVersion: 10.0.19041.5723
FileVersion: 10.0.19041.5723 (WinBuild.160101.0800)
FileDescription: Kernel Transaction Manager Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b130000 fffff804`1b19e000 CLFS (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\CLFS.SYS\29D6C2FE6e000\CLFS.SYS
Image path: \SystemRoot\System32\drivers\CLFS.SYS
Image name: CLFS.SYS
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 29D6C2FE (This is a reproducible build file hash, not a timestamp)
CheckSum: 0007027A
ImageSize: 0006E000
File version: 10.0.19041.5737
Product version: 10.0.19041.5737
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: clfs.sys
OriginalFilename: Clfs.Sys
ProductVersion: 10.0.19041.5737
FileVersion: 10.0.19041.5737 (WinBuild.160101.0800)
FileDescription: Common Log File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b1a0000 fffff804`1b1ba000 PSHED (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\PSHED.dll\4C55DC991a000\PSHED.dll
Image path: \SystemRoot\system32\PSHED.dll
Image name: PSHED.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 4C55DC99 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000201A9
ImageSize: 0001A000
File version: 10.0.19041.208
Product version: 10.0.19041.208
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pshed.dll
OriginalFilename: pshed.dll
ProductVersion: 10.0.19041.208
FileVersion: 10.0.19041.208 (WinBuild.160101.0800)
FileDescription: Platform Specific Hardware Error Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b1c0000 fffff804`1b1cb000 BOOTVID (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\BOOTVID.dll\D13EE5B6b000\BOOTVID.dll
Image path: \SystemRoot\system32\BOOTVID.dll
Image name: BOOTVID.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: D13EE5B6 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00013A3C
ImageSize: 0000B000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: bootvid.dll
OriginalFilename: bootvid.dll
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: VGA Boot Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b1d0000 fffff804`1b23d000 FLTMGR (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\FLTMGR.SYS\FDF7A1166d000\FLTMGR.SYS
Image path: \SystemRoot\System32\drivers\FLTMGR.SYS
Image name: FLTMGR.SYS
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: FDF7A116 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0006BAE7
ImageSize: 0006D000
File version: 10.0.19041.5723
Product version: 10.0.19041.5723
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fltMgr.sys
OriginalFilename: fltMgr.sys
ProductVersion: 10.0.19041.5723
FileVersion: 10.0.19041.5723 (WinBuild.160101.0800)
FileDescription: Microsoft Filesystem Filter Manager
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1b240000 fffff804`1b24c000 ntosext (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\ntosext.sys\71DD3C9Fc000\ntosext.sys
Image path: \SystemRoot\System32\drivers\ntosext.sys
Image name: ntosext.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 71DD3C9F (This is a reproducible build file hash, not a timestamp)
CheckSum: 00009677
ImageSize: 0000C000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntosext.sys
OriginalFilename: ntosext.sys
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: NTOS extension host driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`1c600000 fffff804`1d646000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\1026DAEBB5D73E191F375C43DF91B3191\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\7E6928801046000\ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 7E692880 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5D289
ImageSize: 01046000
File version: 10.0.19041.5737
Product version: 10.0.19041.5737
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.5737
FileVersion: 10.0.19041.5737 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20800000 fffff804`20917000 clipsp (deferred)
Image path: \SystemRoot\System32\drivers\clipsp.sys
Image name: clipsp.sys
Browse all global symbols functions data Symbol Reload
Timestamp: Sun Apr 6 23:35:58 2025 (67F2E5AE)
CheckSum: 001143D8
ImageSize: 00117000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
fffff804`20920000 fffff804`2094b000 ksecdd (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\ksecdd.sys\894362472b000\ksecdd.sys
Image path: \SystemRoot\System32\drivers\ksecdd.sys
Image name: ksecdd.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 89436247 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000274C7
ImageSize: 0002B000
File version: 10.0.19041.5723
Product version: 10.0.19041.5723
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksecdd.sys
OriginalFilename: ksecdd.sys
ProductVersion: 10.0.19041.5723
FileVersion: 10.0.19041.5723 (WinBuild.160101.0800)
FileDescription: Kernel Security Support Provider Interface
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20950000 fffff804`209b2000 msrpc (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\msrpc.sys\D0523BB162000\msrpc.sys
Image path: \SystemRoot\System32\drivers\msrpc.sys
Image name: msrpc.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: D0523BB1 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000619EF
ImageSize: 00062000
File version: 10.0.19041.5678
Product version: 10.0.19041.5678
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: krpcdd.sys
OriginalFilename: krpcdd.sys
ProductVersion: 10.0.19041.5678
FileVersion: 10.0.19041.5678 (WinBuild.160101.0800)
FileDescription: Kernel Remote Procedure Call Provider
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`209c0000 fffff804`209d1000 cmimcext (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\cmimcext.sys\B0D7A04211000\cmimcext.sys
Image path: \SystemRoot\System32\drivers\cmimcext.sys
Image name: cmimcext.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: B0D7A042 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0000BD57
ImageSize: 00011000
File version: 10.0.19041.5723
Product version: 10.0.19041.5723
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cmimcext.sys
OriginalFilename: cmimcext.sys
ProductVersion: 10.0.19041.5723
FileVersion: 10.0.19041.5723 (WinBuild.160101.0800)
FileDescription: Kernel Configuration Manager Initial Configuration Extension Host Export Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`209e0000 fffff804`209f1000 werkernel (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\werkernel.sys\79433C0711000\werkernel.sys
Image path: \SystemRoot\System32\drivers\werkernel.sys
Image name: werkernel.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 79433C07 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00017196
ImageSize: 00011000
File version: 10.0.19041.5678
Product version: 10.0.19041.5678
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: werkernel
OriginalFilename: werkernel.sys
ProductVersion: 10.0.19041.5678
FileVersion: 10.0.19041.5678 (WinBuild.160101.0800)
FileDescription: Windows Error Reporting Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20a00000 fffff804`20aec000 CI (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\CI.dll\BEE04F72ec000\CI.dll
Image path: \SystemRoot\system32\CI.dll
Image name: CI.dll
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: BEE04F72 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000F3B19
ImageSize: 000EC000
File version: 10.0.19041.5723
Product version: 10.0.19041.5723
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ci.dll
OriginalFilename: ci.dll
ProductVersion: 10.0.19041.5723
FileVersion: 10.0.19041.5723 (WinBuild.160101.0800)
FileDescription: Code Integrity Module
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20af0000 fffff804`20bab000 cng (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\cng.sys\8AF25707bb000\cng.sys
Image path: \SystemRoot\System32\drivers\cng.sys
Image name: cng.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 8AF25707 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000B8A74
ImageSize: 000BB000
File version: 10.0.19041.5737
Product version: 10.0.19041.5737
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cng.sys
OriginalFilename: cng.sys
ProductVersion: 10.0.19041.5737
FileVersion: 10.0.19041.5737 (WinBuild.160101.0800)
FileDescription: Kernel Cryptography, Next Generation
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20bb0000 fffff804`20c81000 Wdf01000 (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\Wdf01000.sys\0CAD54FFd1000\Wdf01000.sys
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 0CAD54FF (This is a reproducible build file hash, not a timestamp)
CheckSum: 000D4544
ImageSize: 000D1000
File version: 1.31.19041.5678
Product version: 1.31.19041.5678
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdf01000.sys
OriginalFilename: wdf01000.sys
ProductVersion: 1.31.19041.5678
FileVersion: 1.31.19041.5678 (WinBuild.160101.0800)
FileDescription: Kernel Mode Driver Framework Runtime
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20c90000 fffff804`20ca3000 WDFLDR (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\WDFLDR.SYS\71C4355B13000\WDFLDR.SYS
Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
Image name: WDFLDR.SYS
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 71C4355B (This is a reproducible build file hash, not a timestamp)
CheckSum: 0000F3D6
ImageSize: 00013000
File version: 1.31.19041.5607
Product version: 1.31.19041.5607
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdfldr.sys
OriginalFilename: wdfldr.sys
ProductVersion: 1.31.19041.5607
FileVersion: 1.31.19041.5607 (WinBuild.160101.0800)
FileDescription: Kernel Mode Driver Framework Loader
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20cb0000 fffff804`20cbf000 SleepStudyHelper (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\SleepStudyHelper.sys\664F6ECBf000\SleepStudyHelper.sys
Image path: \SystemRoot\system32\drivers\SleepStudyHelper.sys
Image name: SleepStudyHelper.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 664F6ECB (This is a reproducible build file hash, not a timestamp)
CheckSum: 0000FC58
ImageSize: 0000F000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SleepStudyHelper.sys
OriginalFilename: SleepStudyHelper.sys
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: Sleep Study Helper
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20cc0000 fffff804`20cd1000 WppRecorder (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\WppRecorder.sys\15060D0011000\WppRecorder.sys
Image path: \SystemRoot\system32\drivers\WppRecorder.sys
Image name: WppRecorder.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: 15060D00 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0001415E
ImageSize: 00011000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WppRecorder.sys
OriginalFilename: WppRecorder.sys
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: WPP Trace Recorder
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20ce0000 fffff804`20d06000 acpiex (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\acpiex.sys\C8D60B4426000\acpiex.sys
Image path: \SystemRoot\System32\Drivers\acpiex.sys
Image name: acpiex.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: C8D60B44 (This is a reproducible build file hash, not a timestamp)
CheckSum: 000302D2
ImageSize: 00026000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: acpiex.sys
OriginalFilename: acpiex.sys
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: ACPIEx Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20d10000 fffff804`20d1e000 msseccore (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\msseccore.sys\C121C54Be000\msseccore.sys
Image path: \SystemRoot\system32\drivers\msseccore.sys
Image name: msseccore.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: C121C54B (This is a reproducible build file hash, not a timestamp)
CheckSum: 000149BE
ImageSize: 0000E000
File version: 10.8792.19041.5678
Product version: 10.8792.19041.5678
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: msseccore
OriginalFilename: msseccore.sys
ProductVersion: 10.8792.19041.5678
FileVersion: 10.8792.19041.5678 (WinBuild.160101.0800)
FileDescription: Microsoft Security Core Boot Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20d20000 fffff804`20d3a000 SgrmAgent (deferred)
Mapped memory image file: C:\ProgramData\Dbg\sym\SgrmAgent.sys\A64747741a000\SgrmAgent.sys
Image path: \SystemRoot\system32\drivers\SgrmAgent.sys
Image name: SgrmAgent.sys
Browse all global symbols functions data Symbol Reload
Image was built with /Brepro flag.
Timestamp: A6474774 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0001E4FC
ImageSize: 0001A000
File version: 10.0.19041.208
Product version: 10.0.19041.208
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SgrmAgent
OriginalFilename: SgrmAgent.sys
ProductVersion: 10.0.19041.208
FileVersion: 10.0.19041.208 (WinBuild.160101.0800)
FileDescription: System Guard Runtime Monitor Agent Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff804`20d40000 fffff804`20e0d000 ACPI (deferred)
Image path: \SystemRoot\System32\drivers\ACPI.sys
Image name: ACPI.sys
Browse all global symbols functions data Symbol Reload
Timestamp: ***** Invalid (A2E37420)
CheckSum: 000C8746
ImageSize: 000CD000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
^ User interrupted operation error in 'lmDv'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\ObjectiveC.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Usb4Kd.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2502.25002.0_x64__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis'
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 43
Microsoft (R) Windows Debugger Version 10.0.27793.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Downloads\Minidump\Minidump\040925-5000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff802`3c400000 PsLoadedModuleList = 0xfffff802`3d02a350
Debug session time: Wed Apr 9 22:56:16.438 2025 (UTC + 3:00)
System Uptime: 0 days 10:36:16.553
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`3c7fdf30 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff887`bc87eaf0=000000000000000a
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80241e67a6c, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for NETIO.SYS
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 828
Key : Analysis.Elapsed.mSec
Value: 6621
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 171
Key : Analysis.Init.Elapsed.mSec
Value: 3057
Key : Analysis.Memory.CommitPeak.Mb
Value: 81
Key : Analysis.Version.DbgEng
Value: 10.0.27793.1000
Key : Analysis.Version.Description
Value: 10.2410.02.02 amd64fre
Key : Analysis.Version.Ext
Value: 1.2410.2.2
Key : Bugcheck.Code.LegacyAPI
Value: 0xd1
Key : Bugcheck.Code.TargetModel
Value: 0xd1
Key : Failure.Bucket
Value: AV_NETIO!unknown_function
Key : Failure.Exception.IP.Address
Value: 0xfffff80241e67a6c
Key : Failure.Exception.IP.Module
Value: NETIO
Key : Failure.Exception.IP.Offset
Value: 0x17a6c
Key : Failure.Hash
Value: {977f9440-ca16-6cb7-4da9-311b2639b250}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: d1
BUGCHECK_P1: 8
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80241e67a6c
FILE_IN_CAB: 040925-5000-01.dmp
FAULTING_THREAD: ffff9b81286b8440
READ_ADDRESS: fffff8023d0fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000008
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: fffff887bc87ec30 -- (.trap 0xfffff887bc87ec30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000003b504040 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80241e67a6c rsp=fffff887bc87edc0 rbp=fffff887bc87ee99
r8=0000000000000000 r9=0000000000000006 r10=ffffe288f40ff22c
r11=000000003b504040 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
NETIO+0x17a6c:
fffff802`41e67a6c 48395808 cmp qword ptr [rax+8],rbx ds:00000000`00000008=????????????????
Resetting default scope
STACK_TEXT:
fffff887`bc87eae8 fffff802`3c8127a9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff887`bc87eaf0 fffff802`3c80e178 : 00000000`00000000 00000000`00000000 ffff6938`f29917a6 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff887`bc87ec30 fffff802`41e67a6c : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`645d88d5 : nt!KiPageFault+0x478
fffff887`bc87edc0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff802`645d88d5 fffff780`00000008 : NETIO+0x17a6c
SYMBOL_NAME: NETIO+17a6c
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
STACK_COMMAND: .process /r /p 0xfffff8023d124a00; .thread 0xffff9b81286b8440 ; kb
BUCKET_ID_FUNC_OFFSET: 17a6c
FAILURE_BUCKET_ID: AV_NETIO!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {977f9440-ca16-6cb7-4da9-311b2639b250}
Followup: MachineOwner
---------
6: kd> lmvm NETIO
Browse full module list
start end module name
fffff802`41e50000 fffff802`41eec000 NETIO T (no symbols)
Loaded symbol image file: NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Browse all global symbols functions data Symbol Reload
Timestamp: Sun Aug 29 21:01:01 1971 (031E98DD)
CheckSum: 0009DB8F
ImageSize: 0009C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
Son düzenleyen: Moderatör:
