DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 7ffff801ef27020d, Actual security check cookie from the stack
Arg2: 0000683e6d8cc611, Expected security check cookie
Arg3: ffff97c1927339ee, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3062
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-62N06FT
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5492
Key : Analysis.Memory.CommitPeak.Mb
Value: 76
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: f7
BUGCHECK_P1: 7ffff801ef27020d
BUGCHECK_P2: 683e6d8cc611
BUGCHECK_P3: ffff97c1927339ee
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000683e6d8cc611 found 7ffff801ef27020d
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Discord.exe
BAD_STACK_POINTER: fffff801202800f8
STACK_TEXT:
fffff801`202800f8 fffff801`2c9712d7 : 00000000`000000f7 7ffff801`ef27020d 0000683e`6d8cc611 ffff97c1`927339ee : nt!KeBugCheckEx
fffff801`20280100 00000000`000000f7 : 7ffff801`ef27020d 0000683e`6d8cc611 ffff97c1`927339ee 00000000`00000000 : nvlddmkm+0xf12d7
fffff801`20280108 7ffff801`ef27020d : 0000683e`6d8cc611 ffff97c1`927339ee 00000000`00000000 fffff801`202807c0 : 0xf7
fffff801`20280110 0000683e`6d8cc611 : ffff97c1`927339ee 00000000`00000000 fffff801`202807c0 fffff801`2d070421 : 0x7ffff801`ef27020d
fffff801`20280118 ffff97c1`927339ee : 00000000`00000000 fffff801`202807c0 fffff801`2d070421 fffff801`2c96d25a : 0x0000683e`6d8cc611
fffff801`20280120 00000000`00000000 : fffff801`202807c0 fffff801`2d070421 fffff801`2c96d25a fffff801`20280710 : 0xffff97c1`927339ee
SYMBOL_NAME: nvlddmkm+f12d7
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: f12d7
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_STACKPTR_ERROR_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e02e9ff9-dcdc-510a-87ed-0800585d33e8}
Followup: MachineOwner
---------
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: ffffac049cac20c0, Object type of the object whose reference count is being lowered
Arg2: ffffac04ad48e9e0, Object whose reference count is being lowered
Arg3: 0000000000000001, Reserved
Arg4: 9000000000000001, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3999
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-62N06FT
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5619
Key : Analysis.Memory.CommitPeak.Mb
Value: 81
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 18
BUGCHECK_P1: ffffac049cac20c0
BUGCHECK_P2: ffffac04ad48e9e0
BUGCHECK_P3: 1
BUGCHECK_P4: 9000000000000001
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: steam.exe
STACK_TEXT:
ffffbe0d`c37fba28 fffff807`23a6c834 : 00000000`00000018 ffffac04`9cac20c0 ffffac04`ad48e9e0 00000000`00000001 : nt!KeBugCheckEx
ffffbe0d`c37fba30 fffff807`2389ccce : 00000000`00000000 ffffac04`ad48e9e0 00000000`039cfda0 00000000`00f8d000 : nt!ObfDereferenceObjectWithTag+0x190e54
ffffbe0d`c37fba70 fffff807`23c56af7 : ffffac04`00000000 00000000`00000000 ffffbe0d`c37fbb80 ffffac04`ad48e9e0 : nt!HalPutDmaAdapter+0xe
ffffbe0d`c37fbaa0 fffff807`23a05fb8 : ffffac04`a676f080 00000000`0f44f534 00000000`00000000 00000000`00000001 : nt!NtReleaseSemaphore+0xc7
ffffbe0d`c37fbb00 00000000`77b01cfc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`039cf228 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b01cfc
SYMBOL_NAME: nt!ObfDereferenceObjectWithTag+190e54
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 190e54
FAILURE_BUCKET_ID: 0x18_CORRUPT_REF_COUNT_nt!ObfDereferenceObjectWithTag
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {fa6b3516-71cb-1e92-b987-b8bebd3458ac}
Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff8304f73dfa10, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff806674d1200, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3577
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-62N06FT
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 3577
Key : Analysis.Memory.CommitPeak.Mb
Value: 73
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffff8304f73dfa10
BUGCHECK_P2: 0
BUGCHECK_P3: fffff806674d1200
BUGCHECK_P4: 2
READ_ADDRESS: fffff80667afb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80667a0f340: Unable to get Flags value from nt!KdVersionBlock
fffff80667a0f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffff8304f73dfa10
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
TRAP_FRAME: ffff8304f70df720 -- (.trap 0xffff8304f70df720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffff89824d257ce0
rdx=0000000000020000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff806674d1200 rsp=ffff8304f70df8b0 rbp=00000092482feb90
r8=00000092482feb90 r9=00000288bc108430 r10=0000fffff8066700
r11=ffff8304f70df9c8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!AlpcpProcessSynchronousRequest+0x70:
fffff806`674d1200 440fb69c2460010000 movzx r11d,byte ptr [rsp+160h] ss:0018:ffff8304`f70dfa10=01
Resetting default scope
STACK_TEXT:
ffff8304`f70df478 fffff806`67279b57 : 00000000`00000050 ffff8304`f73dfa10 00000000`00000000 ffff8304`f70df720 : nt!KeBugCheckEx
ffff8304`f70df480 fffff806`670ea5e0 : 00000000`00000000 00000000`00000000 ffff8304`f70df7a0 00000000`00000000 : nt!MiSystemFault+0x1716c7
ffff8304`f70df580 fffff806`6720275e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x400
ffff8304`f70df720 fffff806`674d1200 : 00000000`00000002 00000092`482fef70 ffff8304`f70df9c0 ffff8304`f70df994 : nt!KiPageFault+0x35e
ffff8304`f70df8b0 fffff806`674cf5b6 : ffff8982`4d257ce0 00000000`00020000 00000092`482feb90 00000288`bc108430 : nt!AlpcpProcessSynchronousRequest+0x70
ffff8304`f70df9d0 fffff806`67205fb8 : ffff8982`4d44c080 ffff8304`f70dfb80 00000092`482fe8b8 ffff8304`f70dfaa8 : nt!NtAlpcSendWaitReceivePort+0x1d6
ffff8304`f70dfa90 00007ff9`d50ecf04 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000092`482fe898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`d50ecf04
SYMBOL_NAME: nt!AlpcpProcessSynchronousRequest+70
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 70
FAILURE_BUCKET_ID: AV_R_INVALID_nt!AlpcpProcessSynchronousRequest
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {87f5fe52-8052-fcce-d4e1-9437d00e10b8}
Followup: MachineOwner
---------
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8018eccc481, The address that the exception occurred at
Arg3: ffff9206d2c06818, Exception Record Address
Arg4: ffff9206d2c06050, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 6906
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-62N06FT
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 88704
Key : Analysis.Memory.CommitPeak.Mb
Value: 85
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8018eccc481
BUGCHECK_P3: ffff9206d2c06818
BUGCHECK_P4: ffff9206d2c06050
EXCEPTION_RECORD: ffff9206d2c06818 -- (.exr 0xffff9206d2c06818)
ExceptionAddress: fffff8018eccc481 (dxgmms2!VidSchiSubmitRenderVirtualCommand+0x00000000000003a1)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffff9206d2c06050 -- (.cxr 0xffff9206d2c06050)
rax=0000000000002002 rbx=0000000000547eb5 rcx=3000000000000000
rdx=ffffce8258cc7010 rsi=ffffce8256111000 rdi=ffffce8256182bf0
rip=fffff8018eccc481 rsp=ffff9206d2c06a50 rbp=ffffce8258cc7010
r8=0000000000002002 r9=0000000000000000 r10=fffff801806173f0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffce8256180000 r15=ffffce8262146bf0
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
dxgmms2!VidSchiSubmitRenderVirtualCommand+0x3a1:
fffff801`8eccc481 488b81a0000000 mov rax,qword ptr [rcx+0A0h] ds:002b:30000000`000000a0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff801810fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8018100f340: Unable to get Flags value from nt!KdVersionBlock
fffff8018100f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p adresindeki y nerge 0x%p adresindeki belle e ba vurdu. Bellek u olamaz %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffff9206`d2c06a50 fffff801`8ecdae62 : ffffce82`56bf2000 00000000`00000000 00000000`00000001 ffffce82`58cc7010 : dxgmms2!VidSchiSubmitRenderVirtualCommand+0x3a1
ffff9206`d2c06b80 fffff801`8ecdacfa : ffffce82`56111400 fffff801`8ecdac30 ffffce82`56111000 fffff801`7ceff100 : dxgmms2!VidSchiRun_PriorityTable+0x152
ffff9206`d2c06bd0 fffff801`806a2ae5 : ffffce82`5611c380 fffff801`00000001 ffffce82`56111000 000f8067`b4bbbdff : dxgmms2!VidSchiWorkerThread+0xca
ffff9206`d2c06c10 fffff801`807fbbf8 : fffff801`7ceff180 ffffce82`5611c380 fffff801`806a2a90 00560045`00440026 : nt!PspSystemThreadStartup+0x55
ffff9206`d2c06c60 00000000`00000000 : ffff9206`d2c07000 ffff9206`d2c01000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: dxgmms2!VidSchiSubmitRenderVirtualCommand+3a1
MODULE_NAME: dxgmms2
IMAGE_NAME: dxgmms2.sys
IMAGE_VERSION: 10.0.19041.546
STACK_COMMAND: .cxr 0xffff9206d2c06050 ; kb
BUCKET_ID_FUNC_OFFSET: 3a1
FAILURE_BUCKET_ID: AV_dxgmms2!VidSchiSubmitRenderVirtualCommand
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {a1a904aa-4d7d-00a7-7b5d-0a12d0d37c38}
Followup: MachineOwner
---------
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: ffff850057c13c28, Actual security check cookie from the stack
Arg2: 00001c8ec3ff8f29, Expected security check cookie
Arg3: ffffe3713c0070d6, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6030
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-62N06FT
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 7260
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: f7
BUGCHECK_P1: ffff850057c13c28
BUGCHECK_P2: 1c8ec3ff8f29
BUGCHECK_P3: ffffe3713c0070d6
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 00001c8ec3ff8f29 found ffff850057c13c28
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
ffff8500`57c129f8 fffff800`25eb05a5 : 00000000`000000f7 ffff8500`57c13c28 00001c8e`c3ff8f29 ffffe371`3c0070d6 : nt!KeBugCheckEx
ffff8500`57c12a00 fffff800`25dd0b2e : ffff8500`57c13010 fffff800`25c52faf fffff800`25ac9d38 00000000`00000000 : nt!_report_gsfailure+0x25
ffff8500`57c12a40 fffff800`25df01ea : ffff8500`57c12b10 00000000`00000000 ffff8500`57c13048 ffff8500`57c13020 : nt!_GSHandlerCheckCommon+0x5a
ffff8500`57c12a70 fffff800`25dfd462 : fffff800`25ac9d38 ffff8500`57c13010 fffff800`25df01a8 fffff800`25c11892 : nt!_GSHandlerCheck_SEH+0x42
ffff8500`57c12aa0 fffff800`25c52d97 : ffff8500`57c13010 00000000`00000000 ffff8500`57c13220 fffff800`25c11892 : nt!RtlpExecuteHandlerForException+0x12
ffff8500`57c12ad0 fffff800`25c519a6 : ffff8500`57c139e8 ffff8500`57c13720 ffff8500`57c139e8 ffff8d0e`b84ab900 : nt!RtlDispatchException+0x297
ffff8500`57c131f0 fffff800`25e066ac : 00000000`00000000 00000000`00401802 ffff8500`57c13a38 fffff800`25ce6591 : nt!KiDispatchException+0x186
ffff8500`57c138b0 fffff800`25e023e0 : 00000040`b84e5301 fffff800`000046e0 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x12c
ffff8500`57c13a90 fffff800`25c11892 : fffff800`25d1170b ffff8d0e`b8569c70 fffff800`25c9ccce 00000000`00000000 : nt!KiGeneralProtectionFault+0x320
ffff8500`57c13c28 00000000`00000000 : ffff8d0e`b84d2a20 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExpSetTimerObject+0x4f2
CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
6 errors : !nt (fffff80025d11717-fffff80025d1173f)
fffff80025d11710 63 c8 f0 48 0f c1 0e *2b c3 48 2b c8 48 85 c9 *2e c..H...+.H+.H...
fffff80025d11720 23 48 8b 5c 24 40 48 *3b c7 48 8b 74 24 48 48 *33 #H.\$@H;.H.t$HH3
fffff80025d11730 c4 30 5f c3 cc ba 0f *30 00 00 48 8b cb e8 2e *56 .0_....0..H....V
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: STRIDE
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
Followup: memory_corruption
---------