KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80413430a86, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000000000b8, Parameter 1 of the exception
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80413430a86
BUGCHECK_P3: 0
BUGCHECK_P4: b8
READ_ADDRESS: fffff804139733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
00000000000000b8
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!MmQueryMemoryListInformation+96
fffff804`13430a86 488b88b8000000 mov rcx,qword ptr [rax+0B8h]
EXCEPTION_PARAMETER2: 00000000000000b8
BUGCHECK_STR: 0x1E_c0000005_R
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: GameBarFT.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-03-2020 03:25:23.0345
ANALYSIS_VERSION: 10.0.18362.1 x86fre
EXCEPTION_RECORD: ffff86432190c000 -- (.exr 0xffff86432190c000)
ExceptionAddress: 0000000000000000
ExceptionCode: 8859a867
ExceptionFlags: 0a000002
NumberParameters: -2008385433
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Parameter[2]: 0000000000000000
Parameter[3]: 0000000000000000
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
LAST_CONTROL_TRANSFER: from fffff8041362fda7 to fffff804135c14e0
STACK_TEXT:
ffff9b8e`9f8a6928 fffff804`1362fda7 : 00000000`0000001e ffffffff`c0000005 fffff804`13430a86 00000000`00000000 : nt!KeBugCheckEx
ffff9b8e`9f8a6930 fffff804`135d341d : ffff8643`2190c000 ffff9b8e`9f8a71c0 ffff8000`00000000 00000000`000000b8 : nt!KiDispatchException+0x1689d7
ffff9b8e`9f8a6fe0 fffff804`135cf605 : 00000000`00120012 ffff9b8e`9f8a7304 ffff9b8e`9f8a7710 00000000`00000001 : nt!KiExceptionDispatch+0x11d
ffff9b8e`9f8a71c0 fffff804`13430a86 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x445
ffff9b8e`9f8a7350 fffff804`13a02674 : 00000000`00000000 ffff041a`e75cb358 00000000`00000003 00000000`00000017 : nt!MmQueryMemoryListInformation+0x96
ffff9b8e`9f8a74b0 fffff804`13a02f4f : 00000000`00000000 00000000`00000000 ffff9d0a`cc9d23a0 fffff804`13439ddd : nt!PfSnCheckActionsNeeded+0x15c
ffff9b8e`9f8a7600 fffff804`13a04719 : ffff9d0a`cf7c7080 ffff9b8e`9f8a7710 ffff9b8e`00000000 00000000`00000000 : nt!PfSnBeginScenario+0xaf
ffff9b8e`9f8a76a0 fffff804`13a04575 : 00000000`00000000 ffff9d0a`cf7c7080 ffffb101`419c0180 ffff9d0a`cf7c7080 : nt!PfSnBeginAppLaunch+0x169
ffff9b8e`9f8a78a0 fffff804`13a0635a : ffffb101`419c0180 00000000`00000000 ffff9d0a`cc9d2080 00000000`042fc668 : nt!PfProcessCreateNotification+0x5d
ffff9b8e`9f8a78d0 fffff804`135c8e9a : ffffb101`419c0180 ffff9d0a`cc9d2080 ffffb101`419d1440 00000000`00000000 : nt!PspUserThreadStartup+0x14a
ffff9b8e`9f8a79c0 fffff804`135c8e00 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThread+0x2a
ffff9b8e`9f8a7b00 00007fff`d684ceb0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThreadReturn
00000028`1edefe78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`d684ceb0
THREAD_SHA1_HASH_MOD_FUNC: 57353f6a028644c78930b777b7d9baec67f35b66
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4a333e909f86d95a74566d76583face553466782
THREAD_SHA1_HASH_MOD: dc844b1b94baa204d070855e43bbbd27eee98b94
FOLLOWUP_IP:
nt!MmQueryMemoryListInformation+96
fffff804`13430a86 488b88b8000000 mov rcx,qword ptr [rax+0B8h]
FAULT_INSTR_CODE: b8888b48
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MmQueryMemoryListInformation+96
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4f6eba0
IMAGE_VERSION: 10.0.18362.592
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 96
FAILURE_BUCKET_ID: 0x1E_c0000005_R_nt!MmQueryMemoryListInformation
BUCKET_ID: 0x1E_c0000005_R_nt!MmQueryMemoryListInformation
PRIMARY_PROBLEM_CLASS: 0x1E_c0000005_R_nt!MmQueryMemoryListInformation
TARGET_TIME: 2020-01-29T20:30:00.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 174b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1e_c0000005_r_nt!mmquerymemorylistinformation
FAILURE_ID_HASH: {56e7e776-8ed8-d80e-571c-6a7e78782874}
Followup: MachineOwner
---------
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8075e68e0de, The address that the exception occurred at
Arg3: ffff990629594578, Exception Record Address
Arg4: ffff990629593dc0, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8075e68e0de
BUGCHECK_P3: ffff990629594578
BUGCHECK_P4: ffff990629593dc0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nvlddmkm+76e0de
fffff807`5e68e0de 418a0424 mov al,byte ptr [r12]
EXCEPTION_RECORD: ffff990629594578 -- (.exr 0xffff990629594578)
ExceptionAddress: fffff8075e68e0de (nvlddmkm+0x000000000076e0de)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000024748944
Attempt to read from address 0000000024748944
CONTEXT: ffff990629593dc0 -- (.cxr 0xffff990629593dc0)
rax=0000000000000002 rbx=ffff850703326010 rcx=0000000000000000
rdx=ffff990629594ec0 rsi=ffff8506f89e4000 rdi=ffff8506fb20d000
rip=fffff8075e68e0de rsp=ffff9906295947b0 rbp=ffff9906295948d0
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=fffff780000003b0 r12=0000000024748944 r13=ffff990629594ec0
r14=ffff8506fb20d000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nvlddmkm+0x76e0de:
fffff807`5e68e0de 418a0424 mov al,byte ptr [r12] ds:002b:00000000`24748944=??
Resetting default scope
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nvlddmkm+76e0de
fffff807`5e68e0de 418a0424 mov al,byte ptr [r12]
BUGCHECK_STR: AV
READ_ADDRESS: fffff8074a3733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000024748944
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000024748944
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-03-2020 03:25:26.0968
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from ffff8506fb20d000 to fffff8075e68e0de
STACK_TEXT:
ffff9906`295947b0 ffff8506`fb20d000 : 00000000`00000001 ffff8506`fb20d000 00000000`00000000 00000000`00000001 : nvlddmkm+0x76e0de
ffff9906`295947b8 00000000`00000001 : ffff8506`fb20d000 00000000`00000000 00000000`00000001 fffff807`5e68ea20 : 0xffff8506`fb20d000
ffff9906`295947c0 ffff8506`fb20d000 : 00000000`00000000 00000000`00000001 fffff807`5e68ea20 00000000`00000000 : 0x1
ffff9906`295947c8 00000000`00000000 : 00000000`00000001 fffff807`5e68ea20 00000000`00000000 00000000`40402a08 : 0xffff8506`fb20d000
THREAD_SHA1_HASH_MOD_FUNC: d79c3f9e9541b50dff558588ee91b494a55f2aae
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: aec45d7f8a6ffa744cacd570be4de2306ffa003f
THREAD_SHA1_HASH_MOD: d79c3f9e9541b50dff558588ee91b494a55f2aae
FAULT_INSTR_CODE: 24048a41
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nvlddmkm+76e0de
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5e01ccae
STACK_COMMAND: .cxr 0xffff990629593dc0 ; kb
BUCKET_ID_FUNC_OFFSET: 76e0de
FAILURE_BUCKET_ID: AV_nvlddmkm!unknown_function
BUCKET_ID: AV_nvlddmkm!unknown_function
PRIMARY_PROBLEM_CLASS: AV_nvlddmkm!unknown_function
TARGET_TIME: 2020-01-29T20:35:37.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: cf47
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nvlddmkm!unknown_function
FAILURE_ID_HASH: {7eea5677-f68d-2154-717e-887e07e55cd3}
Followup: MachineOwner
---------
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff868fc8844c30, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff868fc8844b88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for StreamingFSD.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffff868fc8844c30
BUGCHECK_P3: ffff868fc8844b88
BUGCHECK_P4: 0
TRAP_FRAME: ffff868fc8844c30 -- (.trap 0xffff868fc8844c30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff878ff4cf3000 rbx=0000000000000000 rcx=0000000000000003
rdx=ffff878fe4015488 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80309839e05 rsp=ffff868fc8844dc0 rbp=0000000000000000
r8=ffff878fe40154a8 r9=0000000000000000 r10=0000000000000000
r11=000000000000001a r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt!RtlpHpLfhSubsegmentFreeBlock+0x1542b5:
fffff803`09839e05 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff868fc8844b88 -- (.exr 0xffff868fc8844b88)
ExceptionAddress: fffff80309839e05 (nt!RtlpHpLfhSubsegmentFreeBlock+0x00000000001542b5)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: consent.exe
CURRENT_IRQL: 2
DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-03-2020 03:25:31.0410
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff803097d32e9 to fffff803097c14e0
STACK_TEXT:
ffff868f`c8844908 fffff803`097d32e9 : 00000000`00000139 00000000`00000003 ffff868f`c8844c30 ffff868f`c8844b88 : nt!KeBugCheckEx
ffff868f`c8844910 fffff803`097d3710 : ffff868f`c8845490 00000000`00000000 000004e8`fffffb30 000004d0`fffffb30 : nt!KiBugCheckDispatch+0x69
ffff868f`c8844a50 fffff803`097d1aa5 : ffff868f`c8844fc0 ffff868f`c8844c78 ffff868f`c8844fb4 ffff868f`c8845058 : nt!KiFastFailDispatch+0xd0
ffff868f`c8844c30 fffff803`09839e05 : fffff803`09b8d380 fffff803`09636a7a 00000000`0000001c 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x325
ffff868f`c8844dc0 fffff803`09645ed7 : ffff878f`e4010340 ffff868f`c8845700 ffff878f`e4015490 00000000`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x1542b5
ffff868f`c8844e80 fffff803`0996f0a9 : ffff868f`c8845018 00000000`00000000 00000000`00000001 01000000`00100000 : nt!ExFreeHeapPool+0x357
ffff868f`c8844fa0 fffff803`180021f7 : 00000000`00000001 ffff868f`c8845350 00000000`00000000 ffff878f`efe17d40 : nt!ExFreePool+0x9
ffff868f`c8844fd0 00000000`00000001 : ffff868f`c8845350 00000000`00000000 ffff878f`efe17d40 ffff878f`efe17d40 : StreamingFSD+0x721f7
ffff868f`c8844fd8 ffff868f`c8845350 : 00000000`00000000 ffff878f`efe17d40 ffff878f`efe17d40 fffff803`17fdc26d : 0x1
ffff868f`c8844fe0 00000000`00000000 : ffff878f`efe17d40 ffff878f`efe17d40 fffff803`17fdc26d 00000000`00000000 : 0xffff868f`c8845350
THREAD_SHA1_HASH_MOD_FUNC: 86da90ec639b8365e8627bec761c905acef325f7
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 858f3e15d1728e16dc00605b36d0177ade016f69
THREAD_SHA1_HASH_MOD: 38390f6ce24b9aab9b504f6ce7489ef7cd01cd93
FOLLOWUP_IP:
nt!ExFreePool+9
fffff803`0996f0a9 4883c428 add rsp,28h
FAULT_INSTR_CODE: 28c48348
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: nt!ExFreePool+9
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.592
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExFreePool
BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExFreePool
PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExFreePool
TARGET_TIME: 2020-01-31T19:12:15.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 170c3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_nt!exfreepool
FAILURE_ID_HASH: {909fba96-793b-fcdd-307f-f96f328d53ad}
Followup: Pool_corruption
---------
bir ay iade hakkım var biraz daha bekleyip yüzde yüz emin olduktan sonra geri yollayacağım sanırım. Teşekkürler tekrardan.
