BIOS_VERSION: FF
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000411, The subtype of the bugcheck.
Arg2: fffff683ff7eeb00
Arg3: 00000000015efb90
Arg4: fffff6fc0000af7b
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002eff300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 411
BUGCHECK_P2: fffff683ff7eeb00
BUGCHECK_P3: 15efb90
BUGCHECK_P4: fffff6fc0000af7b
BUGCHECK_STR: 0x1a_411
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:28.0691
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff8800b53b240 -- (.trap 0xfffff8800b53b240)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000007ffffff0000 rbx=0000000000000000 rcx=0000000000005a4d
rdx=000007fefdd60000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cb4893 rsp=fffff8800b53b3d8 rbp=fffff8800b53b5c0
r8=0000000000000000 r9=fffff8800b53b418 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!RtlImageNtHeaderEx+0x3f:
fffff800`02cb4893 66390a cmp word ptr [rdx],cx ds:000007fe`fdd60000=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d53cea to fffff80002cf5ea0
STACK_TEXT:
fffff880`0b53af08 fffff800`02d53cea : 00000000`0000001a 00000000`00000411 fffff683`ff7eeb00 00000000`015efb90 : nt!KeBugCheckEx
fffff880`0b53af10 fffff800`02dc0c58 : ffffffff`ffffffff 00000000`00000000 00000000`00000000 0000000f`ffffffff : nt!MiLockTransitionLeafPage+0x13a
fffff880`0b53af60 fffff800`02dc26a7 : 00000000`00000000 fffff880`0b53b008 fffff8a0`0364e000 fffffa80`0c0103f8 : nt!MiResolveTransitionFault+0x48
fffff880`0b53b000 fffff800`02dd1720 : ffffffff`ffffffff 000007fe`fdd60000 fffff8a0`0364e000 ffffffff`ffffffff : nt!MiDispatchFault+0x807
fffff880`0b53b0f0 fffff800`02d01fdc : 00000000`00000000 000007fe`fdd60000 fffff8a0`0364e000 00000000`00000000 : nt!MmAccessFault+0x4090
fffff880`0b53b240 fffff800`02cb4893 : fffff800`02cb491e 00000000`00001402 fffff800`02f48084 00000000`00000001 : nt!KiPageFault+0x35c
fffff880`0b53b3d8 fffff800`02cb491e : 00000000`00001402 fffff800`02f48084 00000000`00000001 00000000`00067000 : nt!RtlImageNtHeaderEx+0x3f
fffff880`0b53b3e0 fffff800`02d24f16 : fffff880`0b53b650 00000000`00000000 fffffa80`0dfc0100 00000000`00000000 : nt!RtlImageNtHeader+0x1e
fffff880`0b53b410 fffff800`0306a9e2 : fffff880`0b53b5c0 fffffa80`0c010060 fffff8a0`0364c000 00000000`00000030 : nt! ?? ::FNODOBFM::`string'+0x1c616
fffff880`0b53b530 fffff800`02f77b42 : fffffa80`0c010060 fffffa80`0c010060 00000000`00000000 fffffa80`0c044b50 : nt!EtwTraceProcess+0x112
fffff880`0b53b910 fffff800`03090808 : 000007ff`fffd7000 fffff880`0b53bc20 00000000`00000000 fffffa80`0bab6a60 : nt!PspExitProcess+0x52
fffff880`0b53b970 fffff800`02f7a9e9 : fffffa80`c0000005 fffff880`0b53bb01 000007ff`fffd7000 fffffa80`0c035060 : nt!PspExitThread+0x848
fffff880`0b53ba30 fffff800`02ca6ea4 : 00000000`00000001 fffff880`0b53bba8 00000000`0093f9a0 fffff880`0b53bbe0 : nt!PsExitSpecialApc+0x1d
fffff880`0b53ba60 fffff800`02cfa9e0 : 00000000`77a2a748 fffff880`0b53bae0 fffff800`02f3118c 00000000`00000001 : nt!KiDeliverApc+0x2e4
fffff880`0b53bae0 fffff800`02d03ff7 : fffffa80`0c044b50 00000000`77a2a748 00000000`000000c0 00000000`00000000 : nt!KiInitiateUserApc+0x70
fffff880`0b53bc20 00000000`77a8b0aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`0093f808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77a8b0aa
THREAD_SHA1_HASH_MOD_FUNC: 93f4d14165565a744a74f7d6051fa5eefa0c0d21
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 39fdf322e7e9e293b55b447649474b4170768949
THREAD_SHA1_HASH_MOD: 9eef8c7ca0ce66f8b8b34848179f303828cff762
FOLLOWUP_IP:
nt!MiLockTransitionLeafPage+13a
fffff800`02d53cea cc int 3
FAULT_INSTR_CODE: c78b48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiLockTransitionLeafPage+13a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddf3671
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1a_411_nt!MiLockTransitionLeafPage+13a
BUCKET_ID: X64_0x1a_411_nt!MiLockTransitionLeafPage+13a
PRIMARY_PROBLEM_CLASS: X64_0x1a_411_nt!MiLockTransitionLeafPage+13a
TARGET_TIME: 2020-01-05T05:24:33.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 6e5
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1a_411_nt!milocktransitionleafpage+13a
FAILURE_ID_HASH: {45311b12-f028-218d-6a06-855ec65f1e64}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the bugcheck
Arg2: fffff880170d9c94, Address of the instruction which caused the bugcheck
Arg3: fffff88006c121a0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002eba300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: c000001d
BUGCHECK_P2: fffff880170d9c94
BUGCHECK_P3: fffff88006c121a0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - <Unable to get error code text>
FAULTING_IP:
dxgkrnl!DxgkCheckMonitorPowerState+384
fffff880`170d9c94 60 ???
CONTEXT: fffff88006c121a0 -- (.cxr 0xfffff88006c121a0)
rax=fffffa800af3b000 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000000 rsi=00000000087a0000 rdi=0000000000000020
rip=fffff880170d9c94 rsp=fffff88006c12b70 rbp=fffff88006c12ca0
r8=fffff8a001b06000 r9=0000000000000011 r10=fffff960001aeed0
r11=fffffa800bcc4000 r12=00000000000007fe r13=fffffa800bcc4000
r14=fffff8a0015136b0 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
dxgkrnl!DxgkCheckMonitorPowerState+0x384:
fffff880`170d9c94 60 ???
Resetting default scope
BUGCHECK_STR: 0x3B_c000001d
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:05.0236
ANALYSIS_VERSION: 10.0.18362.1 x86fre
MISALIGNED_IP:
dxgkrnl!DxgkCheckMonitorPowerState+384
fffff880`170d9c94 60 ???
LAST_CONTROL_TRANSFER: from fffff960001aeef2 to fffff880170d9c94
STACK_TEXT:
fffff880`06c12b70 fffff960`001aeef2 : fffffa80`0c241060 00000000`00000000 00000000`000007fe 00000000`40000080 : dxgkrnl!DxgkCheckMonitorPowerState+0x384
fffff880`06c12bf0 fffff800`02cbef53 : fffffa80`0c241060 00000000`03a4f890 000007fe`fa3cc610 fffffa80`00000000 : win32k!NtGdiDdDDICheckMonitorPowerState+0x22
fffff880`06c12c20 000007fe`fe9c144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`03a4f148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`fe9c144a
THREAD_SHA1_HASH_MOD_FUNC: e7e1152215ed4bb75f579431637a171e88820ae8
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e2c1d4de40de66c1b635ac88e272e10fb1c4f16b
THREAD_SHA1_HASH_MOD: 42b9e1bf925c1b3f5db1cae6700164dabd2674b1
FOLLOWUP_IP:
dxgkrnl!DxgkCheckMonitorPowerState+384
fffff880`170d9c94 60 ???
FAULT_INSTR_CODE: fffd8060
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgkrnl!DxgkCheckMonitorPowerState+384
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 6.1.7601.24513
STACK_COMMAND: .cxr 0xfffff88006c121a0 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED_dxgkrnl.sys
BUCKET_ID: X64_IP_MISALIGNED_dxgkrnl.sys
PRIMARY_PROBLEM_CLASS: X64_IP_MISALIGNED_dxgkrnl.sys
TARGET_TIME: 2020-01-02T09:17:41.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 587d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_ip_misaligned_dxgkrnl.sys
FAILURE_ID_HASH: {91d5bbbd-b9ec-aa08-fa49-04ed6e8a7543}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002f5c4c7, Address of the instruction which caused the bugcheck
Arg3: fffff88008a26ac0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002ef6300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80002f5c4c7
BUGCHECK_P3: fffff88008a26ac0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!ObpWaitForMultipleObjects+187
fffff800`02f5c4c7 488b4a20 mov rcx,qword ptr [rdx+20h]
CONTEXT: fffff88008a26ac0 -- (.cxr 0xfffff88008a26ac0)
rax=0000000000000000 rbx=fffff8a00e136980 rcx=fffff80002c59000
rdx=0000000000000000 rsi=0000000000000001 rdi=fffffa800f350040
rip=fffff80002f5c4c7 rsp=fffff88008a27490 rbp=fffff88008a27ca0
r8=0000000000000030 r9=fffff8a00db8b000 r10=fffffa800f332b50
r11=fffffffffffffd80 r12=fffff88008a279a0 r13=fffff8a00330c8b0
r14=0000000000000000 r15=0000000000000002
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!ObpWaitForMultipleObjects+0x187:
fffff800`02f5c4c7 488b4a20 mov rcx,qword ptr [rdx+20h] ds:002b:00000000`00000020=????????????????
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: NerusBot.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:24.0054
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002f5c4c7
STACK_TEXT:
fffff880`08a27490 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpWaitForMultipleObjects+0x187
THREAD_SHA1_HASH_MOD_FUNC: 856eefc35aec288e5821daceac7a3d91240c380a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9ca4715b6ee60d2cef62db89b4323e8bbd223fe8
THREAD_SHA1_HASH_MOD: 76cd06466d098060a9eb26e5fd2a25cb1f3fe0a3
FOLLOWUP_IP:
nt!ObpWaitForMultipleObjects+187
fffff800`02f5c4c7 488b4a20 mov rcx,qword ptr [rdx+20h]
FAULT_INSTR_CODE: 204a8b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpWaitForMultipleObjects+187
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5e0ead5e
IMAGE_VERSION: 6.1.7601.24545
STACK_COMMAND: .cxr 0xfffff88008a26ac0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_c0000005_nt!ObpWaitForMultipleObjects+187
BUCKET_ID: X64_0x3B_c0000005_nt!ObpWaitForMultipleObjects+187
PRIMARY_PROBLEM_CLASS: X64_0x3B_c0000005_nt!ObpWaitForMultipleObjects+187
TARGET_TIME: 2020-01-22T04:30:17.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 762
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_c0000005_nt!obpwaitformultipleobjects+187
FAILURE_ID_HASH: {8ea2addd-a9f2-a754-9790-3f60e360b57e}
Followup: MachineOwner
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000002b, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c8d0f6, address which referenced memory
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002ee5300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 2b
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80002c8d0f6
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ee5100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002ee52f0
GetUlongPtrFromAddress: unable to read from fffff80002ee54a8
GetPointerFromAddress: unable to read from fffff80002ee50d8
000000000000002b
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiUnlinkWaitBlocks+1a
fffff800`02c8d0f6 0fb6432b movzx eax,byte ptr [rbx+2Bh]
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: CefSharp.Brows
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:19.0945
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff8800ac939a0 -- (.trap 0xfffff8800ac939a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800ebe0390
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c8d0f6 rsp=fffff8800ac93b30 rbp=0000000000000002
r8=0000000000000002 r9=0000000000000001 r10=0000000000000001
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!KiUnlinkWaitBlocks+0x1a:
fffff800`02c8d0f6 0fb6432b movzx eax,byte ptr [rbx+2Bh] ds:00000000`0000002b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cea2e9 to fffff80002cdbea0
STACK_TEXT:
fffff880`0ac93858 fffff800`02cea2e9 : 00000000`0000000a 00000000`0000002b 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0ac93860 fffff800`02ce80ce : 00000000`00000000 00000000`0000002b fffff680`00000600 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0ac939a0 fffff800`02c8d0f6 : 00000000`00000000 00000000`04bf4260 00000000`00000001 fffff800`02c60ee2 : nt!KiPageFault+0x44e
fffff880`0ac93b30 fffff800`02c8b0af : fffffa80`0d744b50 00000000`00000002 00000000`00650801 00000000`00000000 : nt!KiUnlinkWaitBlocks+0x1a
fffff880`0ac93b60 fffff800`02c60ff7 : fffff800`02e2c180 fffff880`0ac93c01 00000000`00650800 fffffa80`0d744b50 : nt!KiProcessThreadWaitList+0x47
fffff880`0ac93b90 fffff800`02f13f59 : fffffa80`0a0b5b01 fffff880`0ac93ca0 00000000`00650800 00000000`00000000 : nt!KeAlertThread+0xcf
fffff880`0ac93bd0 fffff800`02ce9f53 : 00000000`00000000 fffffa80`0d744b50 00000000`00000001 00000000`77b84668 : nt!NtAlertThread+0x51
fffff880`0ac93c20 00000000`73e32e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`08aaeae8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73e32e09
THREAD_SHA1_HASH_MOD_FUNC: 51b333a92ae09d94269a919f3fb2be4bda3e6eb1
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9353e1f45776e9ff520910137e02239a46c52e2d
THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8
FOLLOWUP_IP:
nt!KiUnlinkWaitBlocks+1a
fffff800`02c8d0f6 0fb6432b movzx eax,byte ptr [rbx+2Bh]
FAULT_INSTR_CODE: 2b43b60f
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiUnlinkWaitBlocks+1a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5e0ead5e
IMAGE_VERSION: 6.1.7601.24545
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0xA_nt!KiUnlinkWaitBlocks+1a
BUCKET_ID: X64_0xA_nt!KiUnlinkWaitBlocks+1a
PRIMARY_PROBLEM_CLASS: X64_0xA_nt!KiUnlinkWaitBlocks+1a
TARGET_TIME: 2020-01-20T06:37:11.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 733
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xa_nt!kiunlinkwaitblocks+1a
FAILURE_ID_HASH: {81d9152b-a4cc-c7d2-a80a-b27d6c5b7e6e}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 0000000080000003, Exception code that caused the bugcheck
Arg2: fffff88013629db1, Address of the instruction which caused the bugcheck
Arg3: fffff88006f52200, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002efc300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 80000003
BUGCHECK_P2: fffff88013629db1
BUGCHECK_P3: fffff88006f52200
BUGCHECK_P4: 0
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Bir veya daha fazla ba ms z de i ken ge ersiz
FAULTING_IP:
dxgkrnl!DxgkCheckMonitorPowerState+4a1
fffff880`13629db1 415e pop r14
CONTEXT: fffff88006f52200 -- (.cxr 0xfffff88006f52200)
rax=0000000000000000 rbx=000000000002aef2 rcx=fffffa800c28d060
rdx=fffffa800c28d060 rsi=00000000087a0000 rdi=0000000000000020
rip=fffff88013629db1 rsp=fffff88006f52bd0 rbp=fffff88006f52ca0
r8=0000000000000000 r9=0000000000000000 r10=fffff9600022eef0
r11=fffffa800bcc2000 r12=00000000000007fe r13=fffffa800bcc2000
r14=fffff8a00230f880 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282
dxgkrnl!DxgkCheckMonitorPowerState+0x4a1:
fffff880`13629db1 415e pop r14
Resetting default scope
BUGCHECK_STR: 0x3B_80000003
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:15.0882
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff9600022ef12 to fffff88013629db1
STACK_TEXT:
fffff880`06f52bd0 fffff960`0022ef12 : fffffa80`0c28d060 00000000`00000000 00000000`000007fe 00000000`40000080 : dxgkrnl!DxgkCheckMonitorPowerState+0x4a1
fffff880`06f52bf0 fffff800`02d00f53 : fffffa80`0c28d060 00000000`02aef570 000007fe`f995c610 00000000`00000000 : win32k!NtGdiDdDDICheckMonitorPowerState+0x22
fffff880`06f52c20 000007fe`fd97144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02aeee28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`fd97144a
THREAD_SHA1_HASH_MOD_FUNC: e7e1152215ed4bb75f579431637a171e88820ae8
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 94f2cd115ec6dee1fc26f9664fe37fe6c4b3857e
THREAD_SHA1_HASH_MOD: 42b9e1bf925c1b3f5db1cae6700164dabd2674b1
FOLLOWUP_IP:
dxgkrnl!DxgkCheckMonitorPowerState+4a1
fffff880`13629db1 415e pop r14
FAULT_INSTR_CODE: 5d415e41
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgkrnl!DxgkCheckMonitorPowerState+4a1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgkrnl
IMAGE_NAME: dxgkrnl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5d5222cb
IMAGE_VERSION: 6.1.7601.24513
STACK_COMMAND: .cxr 0xfffff88006f52200 ; kb
FAILURE_BUCKET_ID: X64_0x3B_80000003_dxgkrnl!DxgkCheckMonitorPowerState+4a1
BUCKET_ID: X64_0x3B_80000003_dxgkrnl!DxgkCheckMonitorPowerState+4a1
PRIMARY_PROBLEM_CLASS: X64_0x3B_80000003_dxgkrnl!DxgkCheckMonitorPowerState+4a1
TARGET_TIME: 2020-01-18T05:22:12.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 3cc2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_80000003_dxgkrnl!dxgkcheckmonitorpowerstate+4a1
FAILURE_ID_HASH: {0b276d22-e00a-97a6-ac49-4409a3c01bc9}
Followup: MachineOwner
---------
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000236a28, page frame number
Arg3: 0000000000000002, current page state
Arg4: 0000000000236c2a, 0
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002eb6300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 99
BUGCHECK_P2: 236a28
BUGCHECK_P3: 2
BUGCHECK_P4: 236c2a
BUGCHECK_STR: 0x4E_99
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: NerusBot.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:11.0396
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff80002cf215c to fffff80002cacea0
STACK_TEXT:
fffff880`0b20bf88 fffff800`02cf215c : 00000000`0000004e 00000000`00000099 00000000`00236a28 00000000`00000002 : nt!KeBugCheckEx
fffff880`0b20bf90 fffff800`02d6acdd : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`04fe9990 : nt!MiBadShareCount+0x4c
fffff880`0b20bfd0 fffff800`02d713e2 : fffffa80`0a24ab00 00000000`00000882 00000000`00000eec 08200002`36a28025 : nt!MiDeletePfnList+0x48d
fffff880`0b20c060 fffff800`02c56ebc : fffffa80`0a24ab00 fffffa80`00000d96 fffff880`00000766 fffff800`00000000 : nt!MiDeleteAddressesInWorkingSet+0x182
fffff880`0b20c920 fffff800`03047904 : fffff8a0`0c5da060 fffff880`0b20cc20 fffff880`0b20cc20 00000000`00000000 : nt!MmCleanProcessAddressSpace+0xac
fffff880`0b20c970 fffff800`02f319e9 : fffffa80`000000ff 00000000`00000001 00000000`7efdb000 fffffa80`0d8c5750 : nt!PspExitThread+0x944
fffff880`0b20ca30 fffff800`02c5dea4 : ffffffff`ffb3b4c0 fffff800`02c5035a fffffa80`0ba01c40 fffff880`036ba180 : nt!PsExitSpecialApc+0x1d
fffff880`0b20ca60 fffff800`02cb19e0 : 00000000`02a93f8c fffff880`0b20cae0 fffff800`02ee818c 00000000`00000001 : nt!KiDeliverApc+0x2e4
fffff880`0b20cae0 fffff800`02cbaff7 : fffffa80`0dc77b50 00000000`7efdb000 00000000`00000020 00000000`736bae60 : nt!KiInitiateUserApc+0x70
fffff880`0b20cc20 00000000`73692e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`0009e548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73692e09
THREAD_SHA1_HASH_MOD_FUNC: 46d214b8acb4b262f239a15a35c0430b82dd6e8a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b8cbed173d30ecc678a0123c32e3d1868f82fb0d
THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`02cf215c cc int 3
FAULT_INSTR_CODE: cccccccc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5e0ead5e
IMAGE_VERSION: 6.1.7601.24545
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
PRIMARY_PROBLEM_CLASS: X64_0x4E_99_nt!MiBadShareCount+4c
TARGET_TIME: 2020-01-18T13:05:35.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 6d5
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x4e_99_nt!mibadsharecount+4c
FAILURE_ID_HASH: {4c83cdad-f603-74ff-b7e1-9eb7f3029c2a}
Followup: MachineOwner
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000027, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c9ebea, address which referenced memory
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002f02300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 27
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80002c9ebea
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f02100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002f022f0
GetUlongPtrFromAddress: unable to read from fffff80002f024a8
GetPointerFromAddress: unable to read from fffff80002f020d8
0000000000000027
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiExitDispatcher+6a
fffff800`02c9ebea 0fb6432b movzx eax,byte ptr [rbx+2Bh]
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: WmiPrvSE.exe
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:07.0097
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff8800c695250 -- (.trap 0xfffff8800c695250)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000c rbx=0000000000000000 rcx=fffffa800a293088
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c9ebea rsp=fffff8800c6953e0 rbp=fffffa800b4efc58
r8=0000000000000001 r9=0000000000000002 r10=0000000000100000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KiExitDispatcher+0x6a:
fffff800`02c9ebea 0fb6432b movzx eax,byte ptr [rbx+2Bh] ds:00000000`0000002b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d072e9 to fffff80002cf8ea0
STACK_TEXT:
fffff880`0c695108 fffff800`02d072e9 : 00000000`0000000a 00000000`00000027 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0c695110 fffff800`02d050ce : 00000000`00000000 00000000`00000027 ffff0004`a779de00 ffffffff`fffffffc : nt!KiBugCheckDispatch+0x69
fffff880`0c695250 fffff800`02c9ebea : fffff880`0c6954f0 fffff880`0c695598 fffff8a0`00000001 00000000`00000000 : nt!KiPageFault+0x44e
fffff880`0c6953e0 fffff800`02ca987a : fffff800`02e49180 fffff800`02e49100 fffffa80`00000001 fffffa80`00000002 : nt!KiExitDispatcher+0x6a
fffff880`0c695450 fffff800`02f3f2f4 : fffff880`0c6959c0 fffff880`0c6959f0 fffffa80`0f869130 fffffa80`00000001 : nt!KeInsertQueueApc+0xa2
fffff880`0c6954b0 fffff800`02f86406 : fffffa80`0b4efb50 00000000`036a6b01 00000000`00000000 00000000`0126cdc4 : nt!PspGetContextThreadInternal+0x1e0
fffff880`0c695bd0 fffff800`02d06f53 : fffffa80`0f869130 fffff880`0c695ca0 fffffa80`0b4efb50 00000000`036a6bd8 : nt!NtGetContextThread+0x7e
fffff880`0c695c20 00000000`774ea47a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0126c768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774ea47a
THREAD_SHA1_HASH_MOD_FUNC: 9d41359ddcdb6f558b92f9ad9b7930be16a195a4
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: cde5e9999769d6ad89c07b409166c02b88f85a95
THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8
FOLLOWUP_IP:
nt!KiExitDispatcher+6a
fffff800`02c9ebea 0fb6432b movzx eax,byte ptr [rbx+2Bh]
FAULT_INSTR_CODE: 2b43b60f
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiExitDispatcher+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5e0ead5e
IMAGE_VERSION: 6.1.7601.24545
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0xA_nt!KiExitDispatcher+6a
BUCKET_ID: X64_0xA_nt!KiExitDispatcher+6a
PRIMARY_PROBLEM_CLASS: X64_0xA_nt!KiExitDispatcher+6a
TARGET_TIME: 2020-01-17T18:07:10.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 6f4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xa_nt!kiexitdispatcher+6a
FAILURE_ID_HASH: {a9b4ad1a-1924-1aa3-7a79-94212128d7f4}
Followup: MachineOwner
---------
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8801381dd60, The address that the exception occurred at
Arg3: fffff880027d2bd8, Exception Record Address
Arg4: fffff880027d2440, Context Record Address
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002ee5300
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8801381dd60
BUGCHECK_P3: fffff880027d2bd8
BUGCHECK_P4: fffff880027d2440
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
atikmdag+215d60
fffff880`1381dd60 41ff5020 call qword ptr [r8+20h]
EXCEPTION_RECORD: fffff880027d2bd8 -- (.exr 0xfffff880027d2bd8)
ExceptionAddress: fffff8801381dd60 (atikmdag+0x0000000000215d60)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880027d2440 -- (.cxr 0xfffff880027d2440)
rax=fffffa800ba22bf4 rbx=fffffa800ba22bf4 rcx=fffffa800ba22d2c
rdx=0000000000000001 rsi=fffffa800ba22d2c rdi=fffff88013b807a8
rip=fffff8801381dd60 rsp=fffff880027d2e10 rbp=fffffa800bcf71a4
r8=ffff008013b80a88 r9=0000000000000000 r10=fffff8801381d0e0
r11=fffff880027d2e68 r12=fffffa800e6a0000 r13=0000000000000000
r14=fffffa800bcf7000 r15=0000000000000012
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
atikmdag+0x215d60:
fffff880`1381dd60 41ff5020 call qword ptr [r8+20h] ds:002b:ffff0080`13b80aa8=????????????????
Resetting default scope
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
FOLLOWUP_IP:
atikmdag+215d60
fffff880`1381dd60 41ff5020 call qword ptr [r8+20h]
BUGCHECK_STR: 0x7E
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ee5100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002ee52f0
GetUlongPtrFromAddress: unable to read from fffff80002ee54a8
GetPointerFromAddress: unable to read from fffff80002ee50d8
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:09:03.0215
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffffa800bc33000 to fffff8801381dd60
STACK_TEXT:
fffff880`027d2e10 fffffa80`0bc33000 : fffff880`1378f3cf 00000000`00000336 fffffa80`0bc33000 fffff880`027d2f90 : atikmdag+0x215d60
fffff880`027d2e18 fffff880`1378f3cf : 00000000`00000336 fffffa80`0bc33000 fffff880`027d2f90 00000000`00000000 : 0xfffffa80`0bc33000
fffff880`027d2e20 00000000`00000336 : fffffa80`0bc33000 fffff880`027d2f90 00000000`00000000 fffffa80`0bc35080 : atikmdag+0x1873cf
fffff880`027d2e28 fffffa80`0bc33000 : fffff880`027d2f90 00000000`00000000 fffffa80`0bc35080 fffff880`13791182 : 0x336
fffff880`027d2e30 fffff880`027d2f90 : 00000000`00000000 fffffa80`0bc35080 fffff880`13791182 fffff880`027d2f90 : 0xfffffa80`0bc33000
fffff880`027d2e38 00000000`00000000 : fffffa80`0bc35080 fffff880`13791182 fffff880`027d2f90 fffff880`13640c5c : 0xfffff880`027d2f90
THREAD_SHA1_HASH_MOD_FUNC: b1db828968337548bcbb2352a65bd9b79bb4a56a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d167f7b86cc8f4817cf482d04f91e6e043a25d3a
THREAD_SHA1_HASH_MOD: b1db828968337548bcbb2352a65bd9b79bb4a56a
FAULT_INSTR_CODE: 2050ff41
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: atikmdag+215d60
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5db0ae48
STACK_COMMAND: .cxr 0xfffff880027d2440 ; kb
FAILURE_BUCKET_ID: X64_0x7E_atikmdag+215d60
BUCKET_ID: X64_0x7E_atikmdag+215d60
PRIMARY_PROBLEM_CLASS: X64_0x7E_atikmdag+215d60
TARGET_TIME: 2020-01-17T07:16:54.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: ae4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x7e_atikmdag+215d60
FAILURE_ID_HASH: {5239f6e7-109d-93d0-96ca-fc59f08d512e}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000154920, Address of the instruction which caused the bugcheck
Arg3: fffff880099ea0e0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for klgse.sys
GetUlongPtrFromAddress: unable to read from fffff80002ef4300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff96000154920
BUGCHECK_P3: fffff880099ea0e0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
win32k!NtUserPostMessage+d4
fffff960`00154920 81ff19010000 cmp edi,119h
CONTEXT: fffff880099ea0e0 -- (.cxr 0xfffff880099ea0e0)
rax=00000000000001c1 rbx=0000000000000000 rcx=fffff900c083fab0
rdx=0000000000000000 rsi=000000000002042a rdi=0000000000000401
rip=fffff96000154920 rsp=fffff880099eaab0 rbp=0000000000000000
r8=fffff900c314c700 r9=0000000000000000 r10=fffff96000085822
r11=fffff900c314c700 r12=0000000000000000 r13=000000000bfafd20
r14=000000000002042a r15=0000000075022450
iopl=0 nv up ei pl nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010212
win32k!NtUserPostMessage+0xd4:
fffff960`00154920 81ff19010000 cmp edi,119h
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: NerusBot.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:58.0920
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8800424cb29 to fffff96000154920
STACK_TEXT:
fffff880`099eaab0 fffff880`0424cb29 : 00000000`00000000 00000000`00000401 00000000`00000000 00000000`00000000 : win32k!NtUserPostMessage+0xd4
fffff880`099eab10 00000000`00000000 : 00000000`00000401 00000000`00000000 00000000`00000000 00000000`0bfaed80 : klgse+0x22b29
THREAD_SHA1_HASH_MOD_FUNC: 3843a6fa47e9fd589942d64010324708d6c4e05c
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: fe7758cd1efd9f398a8fb3dd7d5a2092bfe07c25
THREAD_SHA1_HASH_MOD: 6b9b96beadab7159927064ed9b3c6aa42302a2d7
FOLLOWUP_IP:
klgse+22b29
fffff880`0424cb29 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: klgse+22b29
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: klgse
IMAGE_NAME: klgse.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 98678e1
STACK_COMMAND: .cxr 0xfffff880099ea0e0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_c0000005_klgse+22b29
BUCKET_ID: X64_0x3B_c0000005_klgse+22b29
PRIMARY_PROBLEM_CLASS: X64_0x3B_c0000005_klgse+22b29
TARGET_TIME: 2020-01-16T06:03:19.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-03 05:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 5916
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_c0000005_klgse+22b29
FAILURE_ID_HASH: {bc5e1768-dbde-0608-ceb9-820d348325cf}
Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffffffffffba8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002c3588c, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
GetUlongPtrFromAddress: unable to read from fffff80002e9d300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: fffffffffffffba8
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80002c3588c
BUGCHECK_P4: 0
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002e9d100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002e9d2f0
GetUlongPtrFromAddress: unable to read from fffff80002e9d4a8
GetPointerFromAddress: unable to read from fffff80002e9d0d8
fffffffffffffba8
FAULTING_IP:
nt!ObReferenceObjectSafe+c
fffff800`02c3588c 498b02 mov rax,qword ptr [r10]
MM_INTERNAL_CODE: 0
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: NerusBot.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:54.0636
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff8800af3c520 -- (.trap 0xfffff8800af3c520)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800e2a35f0 rbx=0000000000000000 rcx=fffffffffffffbd8
rdx=fffff80002e9dcc0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c3588c rsp=fffff8800af3c6b0 rbp=fffff8800af3cca0
r8=0000000000003d2c r9=fffffa800ae8c090 r10=fffffffffffffba8
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!ObReferenceObjectSafe+0xc:
fffff800`02c3588c 498b02 mov rax,qword ptr [r10] ds:ffffffff`fffffba8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d6d9b2 to fffff80002c93ea0
STACK_TEXT:
fffff880`0af3c3c8 fffff800`02d6d9b2 : 00000000`00000050 ffffffff`fffffba8 00000000`00000000 fffff880`0af3c520 : nt!KeBugCheckEx
fffff880`0af3c3d0 fffff800`02c9ffdc : 00000000`00000000 ffffffff`fffffba8 00000000`002ffc00 ffffffff`fffffbd8 : nt!MmAccessFault+0x2322
fffff880`0af3c520 fffff800`02c3588c : fffffa80`0ae8c060 00000000`05240d50 00000000`000111d0 fffff880`0af3cca0 : nt!KiPageFault+0x35c
fffff880`0af3c6b0 fffff800`02f01446 : 00000000`00000000 00000000`05241210 00000000`00000000 00000000`052409b0 : nt!ObReferenceObjectSafe+0xc
fffff880`0af3c6e0 fffff800`030d4e04 : 00000000`05230090 00000904`00020400 fffff880`0af3c870 00000000`00000000 : nt!ExpGetProcessInformation+0x496
fffff880`0af3c830 fffff800`02f48c85 : 00000000`05230090 00000000`0523007b 00000000`00000005 00000000`05230078 : nt!ExpQuerySystemInformation+0x1274
fffff880`0af3cbe0 fffff800`02ca1f53 : 00000000`00000008 00000000`773f4234 00000000`7ee86001 00000000`05230070 : nt!NtQuerySystemInformation+0x4d
fffff880`0af3cc20 00000000`77389b0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`11bee308 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77389b0a
THREAD_SHA1_HASH_MOD_FUNC: f4a1e5a61ff05c7eaa7aab0d4164d047251d71f9
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e2694a3cff68ec73ac63648494d79699dcc11895
THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8
FOLLOWUP_IP:
nt!ObReferenceObjectSafe+c
fffff800`02c3588c 498b02 mov rax,qword ptr [r10]
FAULT_INSTR_CODE: 48028b49
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ObReferenceObjectSafe+c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddf3671
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x50_nt!ObReferenceObjectSafe+c
BUCKET_ID: X64_0x50_nt!ObReferenceObjectSafe+c
PRIMARY_PROBLEM_CLASS: X64_0x50_nt!ObReferenceObjectSafe+c
TARGET_TIME: 2020-01-14T12:00:28.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 742
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x50_nt!obreferenceobjectsafe+c
FAILURE_ID_HASH: {420a5d31-90ae-72f1-7c8c-cf365d94fc72}
Followup: MachineOwner
---------
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c900d6, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
GetUlongPtrFromAddress: unable to read from fffff80002ef9300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80002c900d6
BUGCHECK_P3: 1
BUGCHECK_P4: 0
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef9100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002ef92f0
GetUlongPtrFromAddress: unable to read from fffff80002ef94a8
GetPointerFromAddress: unable to read from fffff80002ef90d8
0000000000000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!IopfCompleteRequest+d96
fffff800`02c900d6 0000 add byte ptr [rax],al
BUGCHECK_STR: 0x1E_c0000005_R
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: AMDRSServ.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:49.0963
ANALYSIS_VERSION: 10.0.18362.1 x86fre
EXCEPTION_RECORD: fffff8800a1608e8 -- (.exr 0xfffff8800a1608e8)
ExceptionAddress: fffff80002c900d6 (nt!IopfCompleteRequest+0x0000000000000d96)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000000
Attempt to write to address 0000000000000000
TRAP_FRAME: fffff8800a160990 -- (.trap 0xfffff8800a160990)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800a160bd8
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c900d6 rsp=fffff8800a160b20 rbp=fffff8800a160ca0
r8=fffffa800cc3fb88 r9=0000000000000000 r10=ffffffffffffffdf
r11=fffff8800a160a60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!IopfCompleteRequest+0xd96:
fffff800`02c900d6 0000 add byte ptr [rax],al ds:00000000`00000000=??
Resetting default scope
MISALIGNED_IP:
nt!IopfCompleteRequest+d96
fffff800`02c900d6 0000 add byte ptr [rax],al
LAST_CONTROL_TRANSFER: from fffff80002dd6f38 to fffff80002cefea0
STACK_TEXT:
fffff880`0a160118 fffff800`02dd6f38 : 00000000`0000001e ffffffff`c0000005 fffff800`02c900d6 00000000`00000001 : nt!KeBugCheckEx
fffff880`0a160120 fffff800`02cfe3c2 : fffff880`0a1608e8 fffffa80`0d0c3bf0 fffff880`0a160990 00000000`00000000 : nt!KiDispatchException+0x1c8
fffff880`0a1607b0 fffff800`02cfc0a8 : 00000000`00000001 00000000`00000000 fffff880`0a160b00 fffffa80`0d0c3bf0 : nt!KiExceptionDispatch+0xc2
fffff880`0a160990 fffff800`02c900d6 : 00000000`00000001 fffff880`0a160ba8 fffff880`0a1600c8 00000000`00004000 : nt!KiPageFault+0x428
fffff880`0a160b20 00000000`00000000 : 00000000`00000000 fffff800`02cfdf53 fffffa80`0d0cf9e0 00000000`76d3a748 : nt!IopfCompleteRequest+0xd96
THREAD_SHA1_HASH_MOD_FUNC: 536afc5f4fc97375053fcf411aa5f79e208d84ca
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5034148a8813c83491204933cf74766973c31735
THREAD_SHA1_HASH_MOD: f08ac56120cad14894587db086f77ce277bfae84
FOLLOWUP_IP:
nt!KiDispatchException+1c8
fffff800`02dd6f38 cc int 3
FAULT_INSTR_CODE: 8b4865cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiDispatchException+1c8
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .thread ; .cxr ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
PRIMARY_PROBLEM_CLASS: X64_IP_MISALIGNED
TARGET_TIME: 2020-01-13T04:53:05.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 88b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_ip_misaligned
FAILURE_ID_HASH: {45769616-fd06-8c70-4b8b-74a01eddc0cd}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c8a43c, Address of the instruction which caused the bugcheck
Arg3: fffff88009cbc0a0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002ef3300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80002c8a43c
BUGCHECK_P3: fffff88009cbc0a0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!IoGetRelatedDeviceObject+c
fffff800`02c8a43c 488b4008 mov rax,qword ptr [rax+8]
CONTEXT: fffff88009cbc0a0 -- (.cxr 0xfffff88009cbc0a0)
rax=0000000000000100 rbx=fffffa800dacda10 rcx=fffffa800dacda10
rdx=fffffa800dacda10 rsi=00000000072cee68 rdi=0000000000000000
rip=fffff80002c8a43c rsp=fffff88009cbca78 rbp=fffff88009cbcca0
r8=fffff8a00c473000 r9=0000000000000001 r10=fffff80002f52670
r11=0000000000000000 r12=0000000000000001 r13=00000000072cfd20
r14=00000000072ceec0 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!IoGetRelatedDeviceObject+0xc:
fffff800`02c8a43c 488b4008 mov rax,qword ptr [rax+8] ds:002b:00000000`00000108=????????????????
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: CefSharp.Brows
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:44.0302
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff80002f5270f to fffff80002c8a43c
STACK_TEXT:
fffff880`09cbca78 fffff800`02f5270f : fffffa80`0cd23000 fffff800`00000001 00000000`00000000 00000000`00000001 : nt!IoGetRelatedDeviceObject+0xc
fffff880`09cbca80 fffff800`02cf7f53 : fffffa80`0cd23060 00000000`00000000 00000000`00000000 00000000`04d874b0 : nt!NtReadFile+0x9f
fffff880`09cbcbb0 00000000`73352e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`072cee48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73352e09
THREAD_SHA1_HASH_MOD_FUNC: fb96d9de3370a5580ab3e21447e54985ad3283fd
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 647eee921c550882ae287671f3c184f88e2ae2c9
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!NtReadFile+9f
fffff800`02f5270f 4c8bd0 mov r10,rax
FAULT_INSTR_CODE: 48d08b4c
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!NtReadFile+9f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddf3671
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .cxr 0xfffff88009cbc0a0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_c0000005_nt!NtReadFile+9f
BUCKET_ID: X64_0x3B_c0000005_nt!NtReadFile+9f
PRIMARY_PROBLEM_CLASS: X64_0x3B_c0000005_nt!NtReadFile+9f
TARGET_TIME: 2020-01-11T12:16:14.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 6e5
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_c0000005_nt!ntreadfile+9f
FAILURE_ID_HASH: {0466f0ec-b156-808b-7a2e-0ed25c79815f}
Followup: MachineOwner
---------
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for atikmdag.sys
GetUlongPtrFromAddress: unable to read from fffff80002f00300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: 0
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: 0
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f00100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002f002f0
GetUlongPtrFromAddress: unable to read from fffff80002f004a8
GetPointerFromAddress: unable to read from fffff80002f000d8
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+0
00000000`00000000 ?? ???
PROCESS_NAME: System
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:39.0772
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff880027d9da0 -- (.trap 0xfffff880027d9da0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000003 rbx=0000000000000000 rcx=fffffa800bc69e10
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff880027d9f38 rbp=fffffa800a191000
r8=0000000000000003 r9=fffff88013c03310 r10=fffffa800dc6a340
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
00000000`00000000 ?? ???
Resetting default scope
IP_IN_FREE_BLOCK: 0
LAST_CONTROL_TRANSFER: from fffff80002d052e9 to fffff80002cf6ea0
FAILED_INSTRUCTION_ADDRESS:
+0
00000000`00000000 ?? ???
STACK_TEXT:
fffff880`027d9f38 fffff880`13852496 : 00000000`00000000 00000000`00000003 00000000`00000000 00000000`00000000 : 0x0
fffff880`027d9f40 00000000`00000000 : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000015 : atikmdag+0x18e496
STACK_COMMAND: .trap 0xfffff880027d9da0 ; kb
THREAD_SHA1_HASH_MOD_FUNC: b707fffe94678f64fa20640ed32c4c0e284df15c
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1cc2ae91b1e931294b0703a28d60523a5a679dd2
THREAD_SHA1_HASH_MOD: b707fffe94678f64fa20640ed32c4c0e284df15c
FOLLOWUP_IP:
atikmdag+18e496
fffff880`13852496 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: atikmdag+18e496
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5db0ae48
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_atikmdag+18e496
BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_atikmdag+18e496
PRIMARY_PROBLEM_CLASS: X64_0xD1_CODE_AV_NULL_IP_atikmdag+18e496
TARGET_TIME: 2020-01-10T07:08:41.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: e08
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xd1_code_av_null_ip_atikmdag+18e496
FAILURE_ID_HASH: {5bec5c8b-8291-133e-c5e1-6f7e1f5c37d8}
Followup: MachineOwner
---------
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff88066825940, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff88066825940, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for atikmdag.sys
GetUlongPtrFromAddress: unable to read from fffff80002f04300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: fffff88066825940
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: fffff88066825940
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f04100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002f042f0
GetUlongPtrFromAddress: unable to read from fffff80002f044a8
GetPointerFromAddress: unable to read from fffff80002f040d8
fffff88066825940
CURRENT_IRQL: 2
FAULTING_IP:
+0
fffff880`66825940 ?? ???
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:35.0065
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff880027d9310 -- (.trap 0xfffff880027d9310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800ba41a40 rbx=0000000000000000 rcx=fffffa800ba41a40
rdx=fffff88013c14400 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88066825940 rsp=fffff880027d94a8 rbp=fffff880027d9830
r8=fffff88013c2aa88 r9=fffff88013c14400 r10=0000000000000000
r11=fffffa800bd0b68c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff880`66825940 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d092e9 to fffff80002cfaea0
FAILED_INSTRUCTION_ADDRESS:
+0
fffff880`66825940 ?? ???
STACK_TEXT:
fffff880`027d91c8 fffff800`02d092e9 : 00000000`0000000a fffff880`66825940 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`027d91d0 fffff800`02d070ce : 00000000`00000008 fffff880`66825940 00000000`00000000 00000000`0000000c : nt!KiBugCheckDispatch+0x69
fffff880`027d9310 fffff880`66825940 : fffff880`138c5152 00000000`00000000 fffffa80`0bc46000 fffff880`13c2a7a8 : nt!KiPageFault+0x44e
fffff880`027d94a8 fffff880`138c5152 : 00000000`00000000 fffffa80`0bc46000 fffff880`13c2a7a8 fffffa80`0ba41bf4 : 0xfffff880`66825940
fffff880`027d94b0 00000000`00000000 : fffffa80`0bc46000 fffff880`13c2a7a8 fffffa80`0ba41bf4 fffff880`13c2a7a8 : atikmdag+0x213152
THREAD_SHA1_HASH_MOD_FUNC: 27490373ec73fc45b554e0788b0424eecf249889
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 39c9a818d803e1d64cd71000e3907b93adcc618e
THREAD_SHA1_HASH_MOD: 1c00ea3ebc09108ed707b096697d00af46def685
FOLLOWUP_IP:
atikmdag+213152
fffff880`138c5152 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: atikmdag+213152
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5db0ae48
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_atikmdag+213152
BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_atikmdag+213152
PRIMARY_PROBLEM_CLASS: X64_0xD1_CODE_AV_BAD_IP_atikmdag+213152
TARGET_TIME: 2020-01-09T01:09:03.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: b9c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xd1_code_av_bad_ip_atikmdag+213152
FAILURE_ID_HASH: {fbaa6a90-7f5b-02b2-8a41-993b90e50661}
Followup: MachineOwner
---------
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8801383fe08, The address that the exception occurred at
Arg3: fffff880027d9cb8, Exception Record Address
Arg4: fffff880027d9520, Context Record Address
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002eb9300
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8801383fe08
BUGCHECK_P3: fffff880027d9cb8
BUGCHECK_P4: fffff880027d9520
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
atikmdag+218e08
fffff880`1383fe08 cf iretd
EXCEPTION_RECORD: fffff880027d9cb8 -- (.exr 0xfffff880027d9cb8)
ExceptionAddress: fffff8801383fe08 (atikmdag+0x0000000000218e08)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880027d9520 -- (.cxr 0xfffff880027d9520)
rax=00000000ff203356 rbx=fffffa800bcf8000 rcx=000000001c72cbcc
rdx=0000000000000001 rsi=fffff880027d9f60 rdi=fffffa800bc36080
rip=fffff8801383fe08 rsp=fffff880027d9ef8 rbp=fffff8800e7a4800
r8=ffffffffffffffff r9=fffff88013627000 r10=fffff88013b1d790
r11=fffffa8009e598b0 r12=fffffa800dd13000 r13=0000000000000000
r14=fffffa800bc34000 r15=0000000000000012
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
atikmdag+0x218e08:
fffff880`1383fe08 cf iretd
Resetting default scope
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
FOLLOWUP_IP:
atikmdag+218e08
fffff880`1383fe08 cf iretd
BUGCHECK_STR: 0x7E
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb9100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002eb92f0
GetUlongPtrFromAddress: unable to read from fffff80002eb94a8
GetPointerFromAddress: unable to read from fffff80002eb90d8
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:24.0077
ANALYSIS_VERSION: 10.0.18362.1 x86fre
MISALIGNED_IP:
atikmdag+218e08
fffff880`1383fe08 cf iretd
LAST_CONTROL_TRANSFER: from fffff880138b49bb to fffff8801383fe08
STACK_TEXT:
fffff880`027d9ef8 fffff880`138b49bb : fffff880`027d9f90 fffff880`137b6ab1 fffffa80`0bc36080 fffffa80`0bc34000 : atikmdag+0x218e08
fffff880`027d9f00 fffff880`027d9f90 : fffff880`137b6ab1 fffffa80`0bc36080 fffffa80`0bc34000 fffffa80`0dd13001 : atikmdag+0x28d9bb
fffff880`027d9f08 fffff880`137b6ab1 : fffffa80`0bc36080 fffffa80`0bc34000 fffffa80`0dd13001 fffffa80`0bc34000 : 0xfffff880`027d9f90
fffff880`027d9f10 fffffa80`0bc36080 : fffffa80`0bc34000 fffffa80`0dd13001 fffffa80`0bc34000 fffff880`0e7a4800 : atikmdag+0x18fab1
fffff880`027d9f18 fffffa80`0bc34000 : fffffa80`0dd13001 fffffa80`0bc34000 fffff880`0e7a4800 fffff880`137b0d24 : 0xfffffa80`0bc36080
fffff880`027d9f20 fffffa80`0dd13001 : fffffa80`0bc34000 fffff880`0e7a4800 fffff880`137b0d24 fffffa80`0bc34000 : 0xfffffa80`0bc34000
fffff880`027d9f28 fffffa80`0bc34000 : fffff880`0e7a4800 fffff880`137b0d24 fffffa80`0bc34000 fffff880`0e7a4800 : 0xfffffa80`0dd13001
fffff880`027d9f30 fffff880`0e7a4800 : fffff880`137b0d24 fffffa80`0bc34000 fffff880`0e7a4800 fffffa80`0bc34000 : 0xfffffa80`0bc34000
fffff880`027d9f38 fffff880`137b0d24 : fffffa80`0bc34000 fffff880`0e7a4800 fffffa80`0bc34000 00000000`00000005 : 0xfffff880`0e7a4800
fffff880`027d9f40 fffffa80`0bc34000 : fffff880`0e7a4800 fffffa80`0bc34000 00000000`00000005 00000000`00000001 : atikmdag+0x189d24
fffff880`027d9f48 fffff880`0e7a4800 : fffffa80`0bc34000 00000000`00000005 00000000`00000001 00000000`00000002 : 0xfffffa80`0bc34000
fffff880`027d9f50 fffffa80`0bc34000 : 00000000`00000005 00000000`00000001 00000000`00000002 001c4a64`00000000 : 0xfffff880`0e7a4800
fffff880`027d9f58 00000000`00000005 : 00000000`00000001 00000000`00000002 001c4a64`00000000 00000000`00000000 : 0xfffffa80`0bc34000
fffff880`027d9f60 00000000`00000001 : 00000000`00000002 001c4a64`00000000 00000000`00000000 00000000`00000000 : 0x5
fffff880`027d9f68 00000000`00000002 : 001c4a64`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`027d9f70 001c4a64`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0b540000 : 0x2
fffff880`027d9f78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`0b540000 0000000e`00000020 : 0x001c4a64`00000000
THREAD_SHA1_HASH_MOD_FUNC: 3f5d532121fee842254801e4e8acf3a5e33283e0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a4a608699cceea5918b4d17f61fdc1b433256b60
THREAD_SHA1_HASH_MOD: 3f5d532121fee842254801e4e8acf3a5e33283e0
FAULT_INSTR_CODE: 218dcf
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: atikmdag+218e08
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffff880027d9520 ; kb
FAILURE_BUCKET_ID: X64_IP_MISALIGNED_atikmdag.sys
BUCKET_ID: X64_IP_MISALIGNED_atikmdag.sys
PRIMARY_PROBLEM_CLASS: X64_IP_MISALIGNED_atikmdag.sys
TARGET_TIME: 2020-01-05T05:22:22.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 8ca
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_ip_misaligned_atikmdag.sys
FAILURE_ID_HASH: {c3e51793-3bea-7bef-6e56-a60399e6dbe6}
Followup: MachineOwner
---------
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002fa7e80, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
GetUlongPtrFromAddress: unable to read from fffff80002eb1300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80002fa7e80
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb1100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80002eb12f0
GetUlongPtrFromAddress: unable to read from fffff80002eb14a8
GetPointerFromAddress: unable to read from fffff80002eb10d8
0000000000000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt! ?? ::NNGAKEGL::`string'+39630
fffff800`02fa7e80 498b02 mov rax,qword ptr [r10]
BUGCHECK_STR: 0x1E_c0000005_R
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: NerusBot.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:18.0482
ANALYSIS_VERSION: 10.0.18362.1 x86fre
EXCEPTION_RECORD: fffff88009ff5b18 -- (.exr 0xfffff88009ff5b18)
ExceptionAddress: fffff80002fa7e80 (nt! ?? ::NNGAKEGL::`string'+0x0000000000039630)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88009ff5bc0 -- (.trap 0xfffff88009ff5bc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800d2156c0 rbx=0000000000000000 rcx=00000000c0000102
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002fa7e80 rsp=fffff88009ff5d58 rbp=fffff88009ff5ee8
r8=fffffa800d1ac2e8 r9=0000000000000000 r10=402c3be76c8b4396
r11=00000000c0000102 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt! ?? ::NNGAKEGL::`string'+0x39630:
fffff800`02fa7e80 498b02 mov rax,qword ptr [r10] ds:402c3be7`6c8b4396=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d8ef38 to fffff80002ca7ea0
STACK_TEXT:
fffff880`09ff5348 fffff800`02d8ef38 : 00000000`0000001e ffffffff`c0000005 fffff800`02fa7e80 00000000`00000000 : nt!KeBugCheckEx
fffff880`09ff5350 fffff800`02cb63c2 : fffff880`09ff5b18 fffffa80`0d2156c0 fffff880`09ff5bc0 fffff880`09ff6020 : nt!KiDispatchException+0x1c8
fffff880`09ff59e0 fffff800`02cb3c78 : fffff900`c0856240 00000000`fffffffe 00000000`00000001 00000000`00000001 : nt!KiExceptionDispatch+0xc2
fffff880`09ff5bc0 fffff800`02fa7e80 : fffffa80`0d2156c0 00000000`0dc8fd01 fffff880`09ff5dc0 fffffffe`631f98fc : nt!KiGeneralProtectionFault+0x2f8
fffff880`09ff5d58 fffff800`02cb5f53 : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x39630
fffff880`09ff5df8 fffff800`02cab6c0 : 00000000`00000000 ffffffff`ffffffef fffff880`03640100 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`09ff6000 00000000`00000000 : ffffffff`ffffffef fffff880`03640100 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
THREAD_SHA1_HASH_MOD_FUNC: 5ad63b9775bd78b188e55732350e8c07eb6ea623
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 575599a6d3ab8788e56c673001a775d74cb68c19
THREAD_SHA1_HASH_MOD: 30a3e915496deaace47137d5b90c3ecc03746bf6
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+39630
fffff800`02fa7e80 498b02 mov rax,qword ptr [r10]
FAULT_INSTR_CODE: 48028b49
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+39630
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddf3671
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x1E_c0000005_R_nt!_??_::NNGAKEGL::_string_+39630
BUCKET_ID: X64_0x1E_c0000005_R_nt!_??_::NNGAKEGL::_string_+39630
PRIMARY_PROBLEM_CLASS: X64_0x1E_c0000005_R_nt!_??_::NNGAKEGL::_string_+39630
TARGET_TIME: 2020-01-04T15:58:49.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 8aa
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1e_c0000005_r_nt!_??_::nngakegl::_string_+39630
FAILURE_ID_HASH: {e9110969-aa65-53bc-13ee-0d6db04ea5ee}
Followup: MachineOwner
---------
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: fffff88075d15e11, Actual security check cookie from the stack
Arg2: 0000375190737da1, Expected security check cookie
Arg3: ffffc8ae6f8c825e, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff80002e9f300
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: GA-890GPA-UD3H
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: FF
BIOS_DATE: 11/24/2010
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: GA-890GPA-UD3H
DUMP_TYPE: 2
BUGCHECK_P1: fffff88075d15e11
BUGCHECK_P2: 375190737da1
BUGCHECK_P3: ffffc8ae6f8c825e
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000375190737da1 found fffff88075d15e11
CPU_COUNT: 6
CPU_MHZ: cf2
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 10
CPU_MODEL: a
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xF7
PROCESS_NAME: UninstallMonit
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-22-2020 14:08:08.0055
ANALYSIS_VERSION: 10.0.18362.1 x86fre
EXCEPTION_RECORD: fffff88006a278d8 -- (.exr 0xfffff88006a278d8)
ExceptionAddress: fffff80002c3f182 (nt!FsRtlCheckOplockEx+0x0000000000000112)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000070
Attempt to read from address 0000000000000070
TRAP_FRAME: fffff88006a27980 -- (.trap 0xfffff88006a27980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000102 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c3f182 rsp=fffff88006a27b10 rbp=0000000000000000
r8=fffffa800a0eabf0 r9=0000000000000000 r10=fffff80002c02000
r11=0000000000277201 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!FsRtlCheckOplockEx+0x112:
fffff800`02c3f182 498b5d70 mov rbx,qword ptr [r13+70h] ds:00000000`00000070=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ce0305 to fffff80002c95ea0
STACK_TEXT:
fffff880`06a26988 fffff800`02ce0305 : 00000000`000000f7 fffff880`75d15e11 00003751`90737da1 ffffc8ae`6f8c825e : nt!KeBugCheckEx
fffff880`06a26990 fffff800`02c92b42 : 00000000`00000000 80000002`fa3dc963 fffff880`06a27140 fffff800`02c5dde0 : nt!_report_gsfailure+0x25
fffff880`06a269d0 fffff800`02c9d1fd : fffff800`02dc8a6c 00000000`00000000 fffff800`02c02000 00000000`00000000 : nt!_GSHandlerCheck_SEH+0x42
fffff880`06a26a00 fffff800`02c5d125 : fffff800`02dc8a6c fffff880`06a26a78 fffff880`06a278d8 fffff800`02c02000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`06a26a30 fffff800`02d7ceee : fffff880`06a278d8 fffff880`06a27140 fffff880`00000000 fffffa80`0a11cb50 : nt!RtlDispatchException+0x415
fffff880`06a27110 fffff800`02ca43c2 : fffff880`06a278d8 00000084`99487af5 fffff880`06a27980 fffffa80`0a12f170 : nt!KiDispatchException+0x17e
fffff880`06a277a0 fffff800`02ca20a8 : 00000000`00000000 00000000`00000070 00000000`00000000 00000084`99487af5 : nt!KiExceptionDispatch+0xc2
fffff880`06a27980 fffff800`02c3f182 : fffffa80`0a12a070 fffff800`030000d9 00000000`00000268 00000000`00000046 : nt!KiPageFault+0x428
fffff880`06a27b10 00000000`7ef77000 : 00000000`00000000 fffff800`02ca3f53 fffffa80`0a11cb50 00000000`00000444 : nt!FsRtlCheckOplockEx+0x112
fffff880`06a27c10 00000000`00000000 : fffff800`02ca3f53 fffffa80`0a11cb50 00000000`00000444 fffff880`06a27bf8 : 0x7ef77000
THREAD_SHA1_HASH_MOD_FUNC: ae5dc55e1a11b523d08cb7c7a4a7ffef9843b573
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c48a071a76954358cea036023f1504f92151dd00
THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff800`02ce0305 cc int 3
FAULT_INSTR_CODE: cccccccc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!_report_gsfailure+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddf3671
IMAGE_VERSION: 6.1.7601.24540
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
PRIMARY_PROBLEM_CLASS: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
TARGET_TIME: 2020-01-03T01:07:58.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-28 05:52:33
BUILDDATESTAMP_STR: 191127-1706
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24540.amd64fre.win7sp1_ldr_escrow.191127-1706
ANALYSIS_SESSION_ELAPSED_TIME: 70d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xf7_missing_gsframe_nt!_report_gsfailure+25
FAILURE_ID_HASH: {8d38af09-5e8b-09f0-cf09-f6aab1438306}
Followup: MachineOwner
---------
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.