EmirhanKod
Hectopat
- Katılım
- 5 Temmuz 2020
- Mesajlar
- 717
- Makaleler
- 1
- Çözümler
- 5
Merhabalar
Minidump dosyalarını okumayı öğrenmek istiyorum biraz araştırma yaptım 1-2 bir şey öğrendim. Paylaştığım minidump dosyalarını doğru yorumladım mı?
Genellikle RAM'den kaynaklı bir sorun var ayrıca ekran kartı sürücüsü bozulmuş gibi. Çözümü de RAM'lere memtest86 yapıp ve ekran kartı sürücüsünü yeniden kurmak mı? Sadece öğrenmek istiyorum ayrıca DLL dosyalarını ve başka programın sorun çıktığını nasıl anlıyoruz? Bakmam gereken başka bir şey var mı? Bana anlatırsanız. Teşekkür ederim.
drive.google.com
@claus @MayCrasH @ForAnAngeL @Murat5038
@akiyorm
@Emre C
Minidump dosyalarını okumayı öğrenmek istiyorum biraz araştırma yaptım 1-2 bir şey öğrendim. Paylaştığım minidump dosyalarını doğru yorumladım mı?
Genellikle RAM'den kaynaklı bir sorun var ayrıca ekran kartı sürücüsü bozulmuş gibi. Çözümü de RAM'lere memtest86 yapıp ve ekran kartı sürücüsünü yeniden kurmak mı? Sadece öğrenmek istiyorum ayrıca DLL dosyalarını ve başka programın sorun çıktığını nasıl anlıyoruz? Bakmam gereken başka bir şey var mı? Bana anlatırsanız. Teşekkür ederim.
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffc2084d8c7660, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 125
Key : Analysis.Memory.CommitPeak.Mb
Value: 69
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 18
BUGCHECK_P1: 0
BUGCHECK_P2: ffffc2084d8c7660
BUGCHECK_P3: 2
BUGCHECK_P4: ffffffffffffffff
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: AMDRSServ.exe
STACK_TEXT:
ffffaa88`68276018 fffff802`334215d6 : 00000000`00000018 00000000`00000000 ffffc208`4d8c7660 00000000`00000002 : nt!KeBugCheckEx
ffffaa88`68276020 fffff80c`38a51107 : 00000000`00000016 ffffc208`4d8c7660 fffff80c`38d2e4a8 ffffaa88`68276150 : nt!ObfDereferenceObject+0x180676
ffffaa88`68276060 00000000`00000016 : ffffc208`4d8c7660 fffff80c`38d2e4a8 ffffaa88`68276150 00000000`00000003 : atikmdag+0xe1107
ffffaa88`68276068 ffffc208`4d8c7660 : fffff80c`38d2e4a8 ffffaa88`68276150 00000000`00000003 fffff80c`38a33cf6 : 0x16
ffffaa88`68276070 fffff80c`38d2e4a8 : ffffaa88`68276150 00000000`00000003 fffff80c`38a33cf6 ffffc208`4a9f7d00 : 0xffffc208`4d8c7660
ffffaa88`68276078 ffffaa88`68276150 : 00000000`00000003 fffff80c`38a33cf6 ffffc208`4a9f7d00 00000000`00000000 : atikmdag+0x3be4a8
ffffaa88`68276080 00000000`00000003 : fffff80c`38a33cf6 ffffc208`4a9f7d00 00000000`00000000 00000000`00000444 : 0xffffaa88`68276150
ffffaa88`68276088 fffff80c`38a33cf6 : ffffc208`4a9f7d00 00000000`00000000 00000000`00000444 00000000`00000016 : 0x3
ffffaa88`68276090 ffffc208`4a9f7d00 : 00000000`00000000 00000000`00000444 00000000`00000016 00000000`00000000 : atikmdag+0xc3cf6
ffffaa88`68276098 00000000`00000000 : 00000000`00000444 00000000`00000016 00000000`00000000 00000000`00000003 : 0xffffc208`4a9f7d00
SYMBOL_NAME: atikmdag+e1107
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: e1107
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_atikmdag!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f554ccc1-dd6b-0120-3ed2-8cb113a047b2}
Followup: MachineOwner
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffc2084d8c7660, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 125
Key : Analysis.Memory.CommitPeak.Mb
Value: 69
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 18
BUGCHECK_P1: 0
BUGCHECK_P2: ffffc2084d8c7660
BUGCHECK_P3: 2
BUGCHECK_P4: ffffffffffffffff
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: AMDRSServ.exe
STACK_TEXT:
ffffaa88`68276018 fffff802`334215d6 : 00000000`00000018 00000000`00000000 ffffc208`4d8c7660 00000000`00000002 : nt!KeBugCheckEx
ffffaa88`68276020 fffff80c`38a51107 : 00000000`00000016 ffffc208`4d8c7660 fffff80c`38d2e4a8 ffffaa88`68276150 : nt!ObfDereferenceObject+0x180676
ffffaa88`68276060 00000000`00000016 : ffffc208`4d8c7660 fffff80c`38d2e4a8 ffffaa88`68276150 00000000`00000003 : atikmdag+0xe1107
ffffaa88`68276068 ffffc208`4d8c7660 : fffff80c`38d2e4a8 ffffaa88`68276150 00000000`00000003 fffff80c`38a33cf6 : 0x16
ffffaa88`68276070 fffff80c`38d2e4a8 : ffffaa88`68276150 00000000`00000003 fffff80c`38a33cf6 ffffc208`4a9f7d00 : 0xffffc208`4d8c7660
ffffaa88`68276078 ffffaa88`68276150 : 00000000`00000003 fffff80c`38a33cf6 ffffc208`4a9f7d00 00000000`00000000 : atikmdag+0x3be4a8
ffffaa88`68276080 00000000`00000003 : fffff80c`38a33cf6 ffffc208`4a9f7d00 00000000`00000000 00000000`00000444 : 0xffffaa88`68276150
ffffaa88`68276088 fffff80c`38a33cf6 : ffffc208`4a9f7d00 00000000`00000000 00000000`00000444 00000000`00000016 : 0x3
ffffaa88`68276090 ffffc208`4a9f7d00 : 00000000`00000000 00000000`00000444 00000000`00000016 00000000`00000000 : atikmdag+0xc3cf6
ffffaa88`68276098 00000000`00000000 : 00000000`00000444 00000000`00000016 00000000`00000000 00000000`00000003 : 0xffffc208`4a9f7d00
SYMBOL_NAME: atikmdag+e1107
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: e1107
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_atikmdag!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f554ccc1-dd6b-0120-3ed2-8cb113a047b2}
Followup: MachineOwner
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffd10168a6dfb0
Arg3: 000000006c02ecd5
Arg4: fffff8000bf81cee
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 44
Key : Analysis.Memory.CommitPeak.Mb
Value: 69
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 7f
BUGCHECK_P1: 8
BUGCHECK_P2: ffffd10168a6dfb0
BUGCHECK_P3: 6c02ecd5
BUGCHECK_P4: fffff8000bf81cee
TRAP_FRAME: ffffd10168a6dfb0 -- (.trap 0xffffd10168a6dfb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000d24ce8e7 rbx=0000000000000000 rcx=0000000000000007
rdx=0000000000000246 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000bf81cee rsp=000000006c02ecd5 rbp=00000000ffd66895
r8=fffff8000be1fcd4 r9=fffff50b93d4865e r10=fffffffffff5d8c6
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
vgk+0x411cee:
fffff800`0bf81cee 55 push rbp
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
BAD_STACK_POINTER: 000000006c02ecd5
UNALIGNED_STACK_POINTER: 000000006c02ecd5
STACK_TEXT:
ffffd101`68a6de68 fffff805`793d41e9 : 00000000`0000007f 00000000`00000008 ffffd101`68a6dfb0 00000000`6c02ecd5 : nt!KeBugCheckEx
ffffd101`68a6de70 fffff805`793cf043 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd101`68a6dfb0 fffff800`0bf81cee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2c3
00000000`6c02ecd5 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vgk+0x411cee
SYMBOL_NAME: vgk+411cee
MODULE_NAME: vgk
IMAGE_NAME: vgk.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 411cee
FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_vgk!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6870063e-7ea2-a1ee-b11b-b34fff2231b7}
Followup: MachineOwner
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffd10168a6dfb0
Arg3: 000000006c02ecd5
Arg4: fffff8000bf81cee
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 44
Key : Analysis.Memory.CommitPeak.Mb
Value: 69
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 7f
BUGCHECK_P1: 8
BUGCHECK_P2: ffffd10168a6dfb0
BUGCHECK_P3: 6c02ecd5
BUGCHECK_P4: fffff8000bf81cee
TRAP_FRAME: ffffd10168a6dfb0 -- (.trap 0xffffd10168a6dfb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000d24ce8e7 rbx=0000000000000000 rcx=0000000000000007
rdx=0000000000000246 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000bf81cee rsp=000000006c02ecd5 rbp=00000000ffd66895
r8=fffff8000be1fcd4 r9=fffff50b93d4865e r10=fffffffffff5d8c6
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
vgk+0x411cee:
fffff800`0bf81cee 55 push rbp
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
BAD_STACK_POINTER: 000000006c02ecd5
UNALIGNED_STACK_POINTER: 000000006c02ecd5
STACK_TEXT:
ffffd101`68a6de68 fffff805`793d41e9 : 00000000`0000007f 00000000`00000008 ffffd101`68a6dfb0 00000000`6c02ecd5 : nt!KeBugCheckEx
ffffd101`68a6de70 fffff805`793cf043 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd101`68a6dfb0 fffff800`0bf81cee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2c3
00000000`6c02ecd5 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vgk+0x411cee
SYMBOL_NAME: vgk+411cee
MODULE_NAME: vgk
IMAGE_NAME: vgk.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 411cee
FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_vgk!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6870063e-7ea2-a1ee-b11b-b34fff2231b7}
Followup: MachineOwner
CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000030, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: ffffa0805fe79180, The PRCB address of the hung processor.
Arg4: 0000000000000002, The index of the hung processor.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 2
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 31
Key : Analysis.Memory.CommitPeak.Mb
Value: 68
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 101
BUGCHECK_P1: 30
BUGCHECK_P2: 0
BUGCHECK_P3: ffffa0805fe79180
BUGCHECK_P4: 2
FAULTING_PROCESSOR: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RadeonSoftware.exe
STACK_TEXT:
fffff800`696b8b08 fffff800`65dfca5a : 00000000`00000101 00000000`00000030 00000000`00000000 ffffa080`5fe79180 : nt!KeBugCheckEx
fffff800`696b8b10 fffff800`65c483bc : fffff780`00000320 fffff800`61066180 00000000`00001f9c 00000000`00001f9c : nt!KeAccumulateTicks+0x1b125a
fffff800`696b8b70 fffff800`65b5d562 : 00000000`00000000 fffff985`fb2a6fb0 fffff985`fb2a7030 00000000`0000000c : nt!KeClockInterruptNotify+0x98c
fffff800`696b8f30 fffff800`65d37385 : 00000000`6bec93e9 fffff800`65bcc100 fffff800`65bcc1b0 00000000`00000000 : hal!HalpTimerClockInterrupt+0xf2
fffff800`696b8f60 fffff800`65dc3e2a : fffff985`fb2a7030 fffff800`65bcc100 00000000`00000050 fffff800`65bcc100 : nt!KiCallInterruptServiceRoutine+0xa5
fffff800`696b8fb0 fffff800`65dc4397 : 00000000`00000000 fffff985`fb2a7030 fffff800`65bcc100 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffff985`fb2a6fb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
SYMBOL_NAME: nt!KeAccumulateTicks+1b125a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.900
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1b125a
FAILURE_BUCKET_ID: CLOCK_WATCHDOG_TIMEOUT_INVALID_CONTEXT_nt!KeAccumulateTicks
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {95498f51-33a9-903b-59e5-d236937d8ecf}
Followup: MachineOwner
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000030, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: ffffa0805fe79180, The PRCB address of the hung processor.
Arg4: 0000000000000002, The index of the hung processor.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 2
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-VQI4JUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 31
Key : Analysis.Memory.CommitPeak.Mb
Value: 68
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 101
BUGCHECK_P1: 30
BUGCHECK_P2: 0
BUGCHECK_P3: ffffa0805fe79180
BUGCHECK_P4: 2
FAULTING_PROCESSOR: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RadeonSoftware.exe
STACK_TEXT:
fffff800`696b8b08 fffff800`65dfca5a : 00000000`00000101 00000000`00000030 00000000`00000000 ffffa080`5fe79180 : nt!KeBugCheckEx
fffff800`696b8b10 fffff800`65c483bc : fffff780`00000320 fffff800`61066180 00000000`00001f9c 00000000`00001f9c : nt!KeAccumulateTicks+0x1b125a
fffff800`696b8b70 fffff800`65b5d562 : 00000000`00000000 fffff985`fb2a6fb0 fffff985`fb2a7030 00000000`0000000c : nt!KeClockInterruptNotify+0x98c
fffff800`696b8f30 fffff800`65d37385 : 00000000`6bec93e9 fffff800`65bcc100 fffff800`65bcc1b0 00000000`00000000 : hal!HalpTimerClockInterrupt+0xf2
fffff800`696b8f60 fffff800`65dc3e2a : fffff985`fb2a7030 fffff800`65bcc100 00000000`00000050 fffff800`65bcc100 : nt!KiCallInterruptServiceRoutine+0xa5
fffff800`696b8fb0 fffff800`65dc4397 : 00000000`00000000 fffff985`fb2a7030 fffff800`65bcc100 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffff985`fb2a6fb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
SYMBOL_NAME: nt!KeAccumulateTicks+1b125a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.900
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1b125a
FAILURE_BUCKET_ID: CLOCK_WATCHDOG_TIMEOUT_INVALID_CONTEXT_nt!KeAccumulateTicks
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {95498f51-33a9-903b-59e5-d236937d8ecf}
Followup: MachineOwner
minidump.rar
drive.google.com
@akiyorm
@Emre C
Son düzenleme:
Analiz edip sadece şüpheli olanı bulabilirisn ancak tespiti o şekilde yapılmaz. Öğrenmek istiyorsanız ilk olarak Windows'un neredeyse tüm dosyalarını kalsörlerini yönetim biçimini bilmen lazım. Kerneli, boot ve BIOS bağlantılarını, tersine mühendisliği bilmen lazım.
