Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2112.38883\102920-28796-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff800`1e200000 PsLoadedModuleList = 0xfffff800`1ee2a310
Debug session time: Thu Oct 29 02:09:08.753 2020 (UTC + 3:00)
System Uptime: 0 days 0:12:50.422
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`1e5f45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffdd8f`f2e303e0=0000000000000050
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffcd0d72c69000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8001e607552, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3874
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 9552
Key : Analysis.Memory.CommitPeak.Mb
Value: 76
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffcd0d72c69000
BUGCHECK_P2: 0
BUGCHECK_P3: fffff8001e607552
BUGCHECK_P4: 2
READ_ADDRESS: fffff8001eefb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8001ee0f340: Unable to get Flags value from nt!KdVersionBlock
fffff8001ee0f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffcd0d72c69000
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Registry
TRAP_FRAME: ffffdd8ff2e30680 -- (.trap 0xffffdd8ff2e30680)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffcd0cf9703000 rbx=0000000000000000 rcx=ffffcd0cf9703000
rdx=0000000079566000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001e607552 rsp=ffffdd8ff2e30818 rbp=0000000000001798
r8=0000000000001000 r9=0000000000fce000 r10=0000000000001000
r11=ffffcd0d72c6a000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!memcpy+0x92:
fffff800`1e607552 0f100411 movups xmm0,xmmword ptr [rcx+rdx] ds:ffffcd0d`72c69000=????????????????????????????????
Resetting default scope
STACK_TEXT:
ffffdd8f`f2e303d8 fffff800`1e679b57 : 00000000`00000050 ffffcd0d`72c69000 00000000`00000000 ffffdd8f`f2e30680 : nt!KeBugCheckEx
ffffdd8f`f2e303e0 fffff800`1e4ea5e0 : 00000000`00000111 00000000`00000000 ffffdd8f`f2e30700 00000000`00000000 : nt!MiSystemFault+0x1716c7
ffffdd8f`f2e304e0 fffff800`1e60275e : 00000000`0066c000 fffff800`1e4caf10 ffffcd0c`f9410000 00000000`33354d43 : nt!MmAccessFault+0x400
ffffdd8f`f2e30680 fffff800`1e607552 : fffff800`1e7e5255 00000000`00cdb000 00000000`00000000 ffffdd8f`f2e30910 : nt!KiPageFault+0x35e
ffffdd8f`f2e30818 fffff800`1e7e5255 : 00000000`00cdb000 00000000`00000000 ffffdd8f`f2e30910 ffffdd8f`00000000 : nt!memcpy+0x92
ffffdd8f`f2e30820 fffff800`1e7d6533 : ffffcd0c`ef09a000 ffffdd8f`f2e30909 ffffdd8f`f2e308f8 ffffcd0c`ffe11fd8 : nt!HvpFindNextDirtyBlock+0x1e1
ffffdd8f`f2e30890 fffff800`1e8a395e : ffffcd0c`0000001b ffffdd8f`f2e30a01 00000000`00000001 00000000`00cdc000 : nt!HvStoreModifiedData+0x33b
ffffdd8f`f2e30970 fffff800`1ea679ea : ffffcd0c`ef076000 ffffcd0c`ef09a000 00000000`00000090 00000000`fffffffe : nt!CmpFlushHive+0x2ce
ffffdd8f`f2e30ab0 fffff800`1ebad48d : ffffa58f`f5234080 ffffa58f`ec8864a0 fffff800`1ee20fc0 fffff800`1ee248e8 : nt!CmShutdownSystem+0x212
ffffdd8f`f2e30b30 fffff800`1e5035f5 : ffffa58f`f5234080 fffff800`1e812360 ffffa58f`ec8864a0 ffffa58f`00000000 : nt!PopGracefulShutdown+0x1bd
ffffdd8f`f2e30b70 fffff800`1e4a2ae5 : ffffa58f`f5234080 00000000`00000080 ffffa58f`ec88d040 000f8067`b4bbbdff : nt!ExpWorkerThread+0x105
ffffdd8f`f2e30c10 fffff800`1e5fbbf8 : ffffdf80`8c650180 ffffa58f`f5234080 fffff800`1e4a2a90 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffdd8f`f2e30c60 00000000`00000000 : ffffdd8f`f2e31000 ffffdd8f`f2e2b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!MiSystemFault+1716c7
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 1716c7
FAILURE_BUCKET_ID: AV_R_INVALID_nt!MiSystemFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {624e8a06-dc22-13e9-d8b0-4e137ca36c13}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2112.40404\102920-15015-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`7fc00000 PsLoadedModuleList = 0xfffff805`8082a310
Debug session time: Thu Oct 29 01:17:43.082 2020 (UTC + 3:00)
System Uptime: 0 days 0:01:55.751
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
Loading unloaded module list
.........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`7fff45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffe581`7a5e40f0=000000000000007e
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8057fee15ea, The address that the exception occurred at
Arg3: fffffc82c62f95c8, Exception Record Address
Arg4: ffffe5817a5e4920, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 3046
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 9079
Key : Analysis.Memory.CommitPeak.Mb
Value: 76
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8057fee15ea
BUGCHECK_P3: fffffc82c62f95c8
BUGCHECK_P4: ffffe5817a5e4920
EXCEPTION_RECORD: fffffc82c62f95c8 -- (.exr 0xfffffc82c62f95c8)
ExceptionAddress: fffff8057fee15ea (nt!KiInsertTimerTable+0x000000000000021a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffff89040c553198
Attempt to read from address ffff89040c553198
CONTEXT: ffffe5817a5e4920 -- (.cxr 0xffffe5817a5e4920)
rax=00000000bf00b2ca rbx=0000000000000000 rcx=0000000000009896
rdx=ffff890495bdab70 rsi=ffff89040c5531a0 rdi=fffffc82c62f99e0
rip=fffff8057fee15ea rsp=fffffc82c62f9800 rbp=0000000108b44f0c
r8=0000000049b39c42 r9=fffff8057be36a50 r10=fffff8057be33ac0
r11=0000000000000000 r12=000000000000006c r13=000000000000006c
r14=fffff8057be36a40 r15=fffff8057be36a48
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
nt!KiInsertTimerTable+0x21a:
fffff805`7fee15ea 483b6ef8 cmp rbp,qword ptr [rsi-8] ds:002b:ffff8904`0c553198=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff805808fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8058080f340: Unable to get Flags value from nt!KdVersionBlock
fffff8058080f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffff89040c553198
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p adresindeki y nerge 0x%p adresindeki belle e ba vurdu. Bellek u olamaz %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffff89040c553198
EXCEPTION_STR: 0xc0000005
BAD_STACK_POINTER: ffffe5817a5e40e8
STACK_TEXT:
fffffc82`c62f9800 fffff805`7febbe53 : ffffffff`3c49ff00 00000000`00000000 00000000`00000000 00000000`ffffff00 : nt!KiInsertTimerTable+0x21a
fffffc82`c62f9880 fffff805`7febbc86 : fffffc82`c62f99e0 fffffc82`c62f9a60 00000000`0000006c 00000000`00000000 : nt!KiSetTimerEx+0x123
fffffc82`c62f98e0 fffff805`7fe2f309 : ffff8904`824bf040 00000000`00000000 fffffc82`c62f9a60 ffff8904`87bbe400 : nt!KeSetCoalescableTimer+0x56
fffffc82`c62f9920 fffff805`7fe2dc7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopFxEnableWorkOrderWatchdog+0x5d
fffffc82`c62f9960 fffff805`7fe2f4c6 : fffff805`80824880 00000000`00000001 00000000`00000000 fffff805`7ff03900 : nt!PopFxDispatchPluginWorkOnce+0xb2
fffffc82`c62f9ad0 fffff805`80212385 : ffffffff`ffff3cb0 ffff8904`824bf040 fffff805`80212360 ffff8904`822aecd0 : nt!PopFxProcessWorkPool+0x13a
fffffc82`c62f9b40 fffff805`7ff035f5 : ffff8904`824bf040 fffff805`7ff7db80 ffff8904`822aecd0 ffff8904`00000000 : nt!PopFxPluginWork+0x25
fffffc82`c62f9b70 fffff805`7fea2ae5 : ffff8904`824bf040 00000000`00000080 ffff8904`8226e080 00000000`00000000 : nt!ExpWorkerThread+0x105
fffffc82`c62f9c10 fffff805`7fffbbf8 : ffffe581`7a450180 ffff8904`824bf040 fffff805`7fea2a90 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffffc82`c62f9c60 00000000`00000000 : fffffc82`c62fa000 fffffc82`c62f4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!KiInsertTimerTable+21a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .cxr 0xffffe5817a5e4920 ; kb
BUCKET_ID_FUNC_OFFSET: 21a
FAILURE_BUCKET_ID: AV_STACKPTR_ERROR_nt!KiInsertTimerTable
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4ad6f3cb-92dc-9e39-c0c1-dd8c13612fcf}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2112.47779\102920-14375-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff804`04a00000 PsLoadedModuleList = 0xfffff804`0562a310
Debug session time: Thu Oct 29 01:30:03.990 2020 (UTC + 3:00)
System Uptime: 0 days 0:04:01.659
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff804`04df45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffa80`fc251ba0=0000000000000139
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: fffffa80fc251ec0, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffffa80fc251e18, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3484
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 6172
Key : Analysis.Memory.CommitPeak.Mb
Value: 80
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 4
BUGCHECK_P2: fffffa80fc251ec0
BUGCHECK_P3: fffffa80fc251e18
BUGCHECK_P4: 0
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
EXCEPTION_RECORD: fffffa80fc251e18 -- (.exr 0xfffffa80fc251e18)
ExceptionAddress: fffff80404e3051f (nt!RtlpGetStackLimitsEx+0x00000000001ddb0f)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000004
Subcode: 0x4 FAST_FAIL_INCORRECT_STACK
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: sppsvc.exe
WATSON_BKT_EVENT: BEX
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000004
EXCEPTION_STR: 0xc0000409
BAD_STACK_POINTER: fffffa80fc251b98
STACK_TEXT:
fffffa80`fc251b98 fffff804`04e06569 : 00000000`00000139 00000000`00000004 fffffa80`fc251ec0 fffffa80`fc251e18 : nt!KeBugCheckEx
fffffa80`fc251ba0 fffff804`04e06990 : 00000000`0005f000 00000000`0000006c 00000000`0000005c 00720063`0069004d : nt!KiBugCheckDispatch+0x69
fffffa80`fc251ce0 fffff804`04e04d23 : 00000000`0000000f 00000000`00000000 00000000`00000000 01d6ad79`97dc4505 : nt!KiFastFailDispatch+0xd0
fffffa80`fc251ec0 fffff804`04e3051f : fffffa80`fc2522d0 fffffa80`fc252a98 fffffa80`fc2520c0 00000000`0000000f : nt!KiRaiseSecurityCheckFailure+0x323
fffffa80`fc252050 fffff804`04c52be1 : fffffa80`fc2522d0 00000000`00000000 00007fff`f9ebcea0 00000000`00000002 : nt!RtlpGetStackLimitsEx+0x1ddb0f
fffffa80`fc252080 fffff804`04c519a6 : fffffa80`fc252a98 fffffa80`fc2527d0 fffffa80`fc252a98 ffff9088`00cc9a60 : nt!RtlDispatchException+0xe1
fffffa80`fc2522a0 fffff804`04e066ac : 00000000`00001000 fffffa80`fc252b40 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
fffffa80`fc252960 fffff804`04e02843 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x12c
fffffa80`fc252b40 fffff804`050f0b57 : 80fc253a`10fffffa 80fc253a`20fffffa 80fc253a`30fffffa 80fc253a`40fffffa : nt!KiPageFault+0x443
fffffa80`fc252cdd 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpCreateHandle+0x917
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {7b0febb5-6007-4f2b-3d38-57fef278d8d5}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2112.49561\102920-13906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff804`39800000 PsLoadedModuleList = 0xfffff804`3a42a310
Debug session time: Thu Oct 29 01:22:29.237 2020 (UTC + 3:00)
System Uptime: 0 days 0:01:28.906
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff804`39bf45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa901`af0700f0=000000000000007e
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80439ae15ea, The address that the exception occurred at
Arg3: fffffb0a1a4b35c8, Exception Record Address
Arg4: ffffa901af070920, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 4328
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 11362
Key : Analysis.Memory.CommitPeak.Mb
Value: 76
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80439ae15ea
BUGCHECK_P3: fffffb0a1a4b35c8
BUGCHECK_P4: ffffa901af070920
EXCEPTION_RECORD: fffffb0a1a4b35c8 -- (.exr 0xfffffb0a1a4b35c8)
ExceptionAddress: fffff80439ae15ea (nt!KiInsertTimerTable+0x000000000000021a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffff990927d0c8f8
Attempt to read from address ffff990927d0c8f8
CONTEXT: ffffa901af070920 -- (.cxr 0xffffa901af070920)
rax=00000000c3038e81 rbx=0000000000000000 rcx=0000000000009896
rdx=ffff9909a57dc0c0 rsi=ffff990927d0c900 rdi=fffffb0a1a4b39e0
rip=fffff80439ae15ea rsp=fffffb0a1a4b3800 rbp=00000000f8b40bbd
r8=0000000035b07d3c r9=fffff8043667aa50 r10=fffff80436677ac0
r11=0000000000000000 r12=000000000000006c r13=000000000000006c
r14=fffff8043667aa40 r15=fffff8043667aa48
iopl=0 nv up ei pl nz ac po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050216
nt!KiInsertTimerTable+0x21a:
fffff804`39ae15ea 483b6ef8 cmp rbp,qword ptr [rsi-8] ds:002b:ffff9909`27d0c8f8=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8043a4fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8043a40f340: Unable to get Flags value from nt!KdVersionBlock
fffff8043a40f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffff990927d0c8f8
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p adresindeki y nerge 0x%p adresindeki belle e ba vurdu. Bellek u olamaz %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffff990927d0c8f8
EXCEPTION_STR: 0xc0000005
BAD_STACK_POINTER: ffffa901af0700e8
STACK_TEXT:
fffffb0a`1a4b3800 fffff804`39abbe53 : ffffffff`3c49ff00 00000000`00000000 00000000`00000000 00000000`ffffff00 : nt!KiInsertTimerTable+0x21a
fffffb0a`1a4b3880 fffff804`39abbc86 : fffffb0a`1a4b39e0 fffffb0a`1a4b3a60 00000000`0000006c 00000000`00000000 : nt!KiSetTimerEx+0x123
fffffb0a`1a4b38e0 fffff804`39a2f309 : ffff9909`00000001 00000000`00000003 fffffb0a`1a4b3a60 fffffb0a`00000000 : nt!KeSetCoalescableTimer+0x56
fffffb0a`1a4b3920 fffff804`39a2dc7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopFxEnableWorkOrderWatchdog+0x5d
fffffb0a`1a4b3960 fffff804`39a2f4c6 : fffff804`3a424880 00000000`00000001 00000000`00000003 fffff804`39b03900 : nt!PopFxDispatchPluginWorkOnce+0xb2
fffffb0a`1a4b3ad0 fffff804`39e12385 : ffffffff`ffff3cb0 ffff9909`a0010100 fffff804`39e12360 ffff9909`9d46ecf0 : nt!PopFxProcessWorkPool+0x13a
fffffb0a`1a4b3b40 fffff804`39b035f5 : ffff9909`a0010100 fffff804`39b7db80 ffff9909`9d46ecf0 00000000`00000000 : nt!PopFxPluginWork+0x25
fffffb0a`1a4b3b70 fffff804`39aa2ae5 : ffff9909`a0010100 00000000`00000080 ffff9909`9d4a9040 000f8067`b4bbbdff : nt!ExpWorkerThread+0x105
fffffb0a`1a4b3c10 fffff804`39bfbbf8 : fffff804`36674180 ffff9909`a0010100 fffff804`39aa2a90 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffffb0a`1a4b3c60 00000000`00000000 : fffffb0a`1a4b4000 fffffb0a`1a4ae000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!KiInsertTimerTable+21a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .cxr 0xffffa901af070920 ; kb
BUCKET_ID_FUNC_OFFSET: 21a
FAILURE_BUCKET_ID: AV_STACKPTR_ERROR_nt!KiInsertTimerTable
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4ad6f3cb-92dc-9e39-c0c1-dd8c13612fcf}
Followup: MachineOwner
---------