Burkay11
Femtopat
- Katılım
- 11 Ocak 2021
- Mesajlar
- 1
Daha fazla
- Cinsiyet
- Erkek
................................................................
..........................................................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`303f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffd001`5cefee80=000000000000003b
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: ffffa287286d6234, Address of the instruction which caused the bugcheck
Arg3: ffffd0015ceff780, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 11234
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 12130
Key : Analysis.Memory.CommitPeak.Mb
Value: 91
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: ffffa287286d6234
BUGCHECK_P3: ffffd0015ceff780
BUGCHECK_P4: 0
CONTEXT: ffffd0015ceff780 -- (.cxr 0xffffd0015ceff780)
rax=ffffa287286d6230 rbx=ffffd0015cf003e8 rcx=000000005cf00510
rdx=ffffd0015cf003a0 rsi=0000000000000000 rdi=ffffd0015cf00510
rip=ffffa287286d6234 rsp=ffffd0015cf00180 rbp=ffffa2872844c0c0
r8=0000000004400000 r9=0000000000000001 r10=0000ffffa287286d
r11=ffff937e0ca00000 r12=ffffd0015cf004b0 r13=ffffa2d900690000
r14=0000000000000001 r15=ffffa28728416ea0
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
win32kfull!EditionGetInputTransform+0x4:
ffffa287`286d6234 488b4950 mov rcx,qword ptr [rcx+50h] ds:002b:00000000`5cf00560=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: dwm.exe
STACK_TEXT:
ffffd001`5cf00180 ffffa287`283d2f4a : 00000000`00000000 00000000`00000000 00000000`0000021c ffffd001`5cf0021c : win32kfull!EditionGetInputTransform+0x4
ffffd001`5cf001d0 ffffa287`282f8e91 : 0000021c`000003c0 ffffd001`5cf00310 ffffd001`5cf00510 ffffd001`5cf00670 : win32kbase!ApiSetEditionGetInputTransform+0x92
ffffd001`5cf00210 ffffa287`282611f9 : ffffd001`5cf00670 ffffd001`5cf00570 ffffa287`284140d0 ffff937e`0ca00000 : win32kbase!CMouseProcessor::ForwardInputToISM+0x99651
ffffd001`5cf00470 ffffa287`2826073e : ffffd001`5cf00720 ffffd001`5cf007a0 ffffd001`5cf00720 00000000`00000000 : win32kbase!CMouseProcessor::ProcessMouseMove+0x1bd
ffffd001`5cf00640 ffffa287`28263b9c : ffffa287`28409c80 ffffd001`5cf007a0 ffffa2d9`00690ad8 ffffd208`f05b7c20 : win32kbase!CMouseProcessor::ComputeAndDeliverMouseMove+0x6e
ffffd001`5cf006a0 ffffa287`282606b6 : fffff805`303f2e70 00000000`00000000 ffffa287`2844c0c0 00000000`00000000 : win32kbase!CMouseProcessor::ProcessMouseEvent+0x364
ffffd001`5cf00910 ffffa287`28591c9c : 00000000`00000002 ffffffff`800016a0 ffffa287`2844c0c0 00000000`00000000 : win32kbase!ProcessMouseEvent+0x16
ffffd001`5cf00940 ffffa287`2826057c : ffffd001`5cf009a0 00000000`00000000 00000000`00000002 ffffd001`00000000 : win32kfull!EditionHandleMitSignal+0x5c
ffffd001`5cf00980 ffffa287`282604ee : ffffa2d9`007b2a20 ffffa2d9`007b2010 00000000`00000000 00000000`00000000 : win32kbase!ApiSetEditionHandleMitSignal+0x6c
ffffd001`5cf009c0 ffffa287`2826046f : 00000000`00000000 00000000`00000000 ffffa287`2844c0c0 00000000`00000000 : win32kbase!IOCPDispatcher::HandleThreadDispatcherSignal+0x66
ffffd001`5cf00a00 ffffa287`28260411 : 00000000`00000000 0000019d`00000000 ffffa2d9`006138a0 0000008c`45d7f5b8 : win32kbase!IOCPDispatcher::Dispatch+0x1f
ffffd001`5cf00a60 ffffa287`28260395 : 00000000`00000740 ffffa2d9`006138a0 00000000`00000740 00000000`00000000 : win32kbase!UserDispatchMITCompletion+0x55
ffffd001`5cf00aa0 ffffa287`28e6f8a9 : ffffd208`f0696080 ffffd001`5cf00b80 0000019d`5fe0a830 00000000`00000020 : win32kbase!NtMITDispatchCompletion+0x85
ffffd001`5cf00ad0 fffff805`304071b8 : ffffd208`f0696080 ffffd208`f0625460 00000000`00000000 ffffd001`5cf00b80 : win32k!NtMITDispatchCompletion+0x15
ffffd001`5cf00b00 00007ffa`39eb76e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
0000008c`45d7f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`39eb76e4
SYMBOL_NAME: win32kfull!EditionGetInputTransform+4
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
IMAGE_VERSION: 10.0.19041.662
STACK_COMMAND: .cxr 0xffffd0015ceff780 ; kb
BUCKET_ID_FUNC_OFFSET: 4
FAILURE_BUCKET_ID: 0x3B_c0000005_win32kfull!EditionGetInputTransform
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {71032ff3-ac85-c173-273e-263ed716322e}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\011021-7140-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`1b400000 PsLoadedModuleList = 0xfffff805`1c02a2b0
Debug session time: Sun Jan 10 19:50:49.671 2021 (UTC + 3:00)
System Uptime: 0 days 0:00:14.334
Loading Kernel Symbols
...............................................................
................................................................
........................................................
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`1b7f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff805`21888d30=000000000000007f
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: fffff80521888e70
Arg3: 0000000000000000
Arg4: fffff8052ae19df2
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 9843
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 11683
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7f
BUGCHECK_P1: 8
BUGCHECK_P2: fffff80521888e70
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8052ae19df2
TRAP_FRAME: fffff80521888e70 -- (.trap 0xfffff80521888e70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000001a rbx=0000000000000000 rcx=0000000000989680
rdx=0000000008ad6877 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8052ae19df2 rsp=0000000000000000 rbp=fffff80521873760
r8=fffff8052ae52fa0 r9=fffff80530b0d8ba r10=0000fffff8051b76
r11=ffff8c7e32e00000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
dxgmms2!VidSchiProcessDpcCompletedPacket+0x182:
fffff805`2ae19df2 4c8b6c2460 mov r13,qword ptr [rsp+60h] ss:00000000`00000060=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
fffff805`21888d28 fffff805`1b807769 : 00000000`0000007f 00000000`00000008 fffff805`21888e70 00000000`00000000 : nt!KeBugCheckEx
fffff805`21888d30 fffff805`1b802583 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff805`21888e70 fffff805`2ae19df2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2c3
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dxgmms2!VidSchiProcessDpcCompletedPacket+0x182
CHKIMG_EXTENSION: !chkimg -lo 50 -d !dxgmms2
fffff8052ae19dc0 - dxgmms2!VidSchiProcessDpcCompletedPacket+150
[ e0:e4 ]
1 error : !dxgmms2 (fffff8052ae19dc0)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: ONE_BIT
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: memory_corruption
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\011121-6937-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Invalid directory table base value 0x0
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
*** ERROR: Module load completed but symbols could not be loaded for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff804`35600000 PsLoadedModuleList = 0xfffff804`3622a2b0
Debug session time: Mon Jan 11 00:02:36.054 2021 (UTC + 3:00)
System Uptime: 0 days 1:39:09.287
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
*** ERROR: Module load completed but symbols could not be loaded for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
.Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
*** ERROR: Module load completed but symbols could not be loaded for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
Loading User Symbols
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
fffff804`359f5780 ?? ???
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000003ba6b5c5, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8044aa7b638, address which referenced memory
Debugging Details:
------------------
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 46
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 48
Key : Analysis.Memory.CommitPeak.Mb
Value: 44
Key : Analysis.System
Value: CreateObject
Key : WER.CorruptModuleList
Value: 1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: d1
BUGCHECK_P1: 3ba6b5c5
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8044aa7b638
READ_ADDRESS: Unable to get size of nt!_MMPTE - probably bad symbols
000000003ba6b5c5
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
fffff804`3ba6acf8 fffff804`35a07769 : 00000000`0000000a 00000000`3ba6b5c5 00000000`00000002 00000000`00000000 : 0xfffff804`359f5780
fffff804`3ba6ad00 00000000`0000000a : 00000000`3ba6b5c5 00000000`00000002 00000000`00000000 fffff804`4aa7b638 : 0xfffff804`35a07769
fffff804`3ba6ad08 00000000`3ba6b5c5 : 00000000`00000002 00000000`00000000 fffff804`4aa7b638 00000000`00000000 : 0xa
fffff804`3ba6ad10 00000000`00000002 : 00000000`00000000 fffff804`4aa7b638 00000000`00000000 00000000`00000000 : 0x3ba6b5c5
fffff804`3ba6ad18 00000000`00000000 : fffff804`4aa7b638 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: CORRUPT_MODULELIST_AV
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {fc259191-ef0c-6215-476f-d32e5dcaf1b7}
Followup: MachineOwner
-----
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\011021-7296-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`50200000 PsLoadedModuleList = 0xfffff807`50e2a2b0
Debug session time: Sun Jan 10 18:19:54.132 2021 (UTC + 3:00)
System Uptime: 0 days 0:01:55.795
Loading Kernel Symbols
...............................................................
................................................................
.........................................................
Loading User Symbols
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`505f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffbf06`99bdb0b0=0000000000000139
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffbf0699bdb3d0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffbf0699bdb328, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 8296
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 9689
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffbf0699bdb3d0
BUGCHECK_P3: ffffbf0699bdb328
BUGCHECK_P4: 0
TRAP_FRAME: ffffbf0699bdb3d0 -- (.trap 0xffffbf0699bdb3d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffaf0fb221aee8 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffaf0fb221af48 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80750644de1 rsp=ffffbf0699bdb560 rbp=ffffbf0699bdb6b1
r8=ffffbf0699bdb570 r9=ffffaf0fb26f9510 r10=0000000000000001
r11=ffffaf0fb3ee68d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt!MiGetWsAndInsertVad+0x1a2691:
fffff807`50644de1 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffbf0699bdb328 -- (.exr 0xffffbf0699bdb328)
ExceptionAddress: fffff80750644de1 (nt!MiGetWsAndInsertVad+0x00000000001a2691)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: dwm.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffbf06`99bdb0a8 fffff807`50607769 : 00000000`00000139 00000000`00000003 ffffbf06`99bdb3d0 ffffbf06`99bdb328 : nt!KeBugCheckEx
ffffbf06`99bdb0b0 fffff807`50607b90 : ffffaf0f`aac02000 00000000`00000210 ffffdc01`d5343000 fffff807`50450cb9 : nt!KiBugCheckDispatch+0x69
ffffbf06`99bdb1f0 fffff807`50605f23 : 00000000`00000861 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffbf06`99bdb3d0 fffff807`50644de1 : ffffaf0f`b221aee0 ffffbf06`00000002 ffffaf0f`00000000 ffffaf0f`b221af48 : nt!KiRaiseSecurityCheckFailure+0x323
ffffbf06`99bdb560 fffff807`508326a5 : ffffffff`ffffffff ffffbf06`99bdb6b1 ffffaf0f`b0176c40 ffffaf0f`b0176c40 : nt!MiGetWsAndInsertVad+0x1a2691
ffffbf06`99bdb5c0 fffff807`50831eac : 00000000`00000001 ffffbf06`00000000 ffffbf06`99bdb980 ffffbf06`99bdb960 : nt!MiMapViewOfDataSection+0x475
ffffbf06`99bdb6f0 fffff807`508fa16f : ffffbf06`99bdb998 ffffdc01`c164bee0 ffffbf06`99bdb980 00000000`00000000 : nt!MiMapViewOfSection+0x34c
ffffbf06`99bdb840 ffffc4b0`c268423d : ffffc4ce`40677600 ffffbf06`99bdb9f0 00000000`00000028 ffffc4b0`c26807ad : nt!MmMapViewOfSection+0xaf
ffffbf06`99bdb910 ffffc4b0`c2683e5a : 00000000`00000000 ffffc4ce`40608a30 00000000`00000000 00000000`00000000 : win32kbase!DirectComposition::CBatchSharedMemoryPool::GetUserModeViewAtOffset+0xa5
ffffbf06`99bdb980 ffffc4b0`c2683d15 : ffffaf0f`b295a290 00000000`000030d6 ffffbf06`99bdbad8 ffffc4ce`40608a00 : win32kbase!DirectComposition::CConnection::RetrieveBatches+0xf2
ffffbf06`99bdba30 ffffc4b0`c2683bf7 : ffffdc01`d5303990 00000000`00000000 ffffbf06`99bdbb80 000000a5`0000442b : win32kbase!DirectComposition::CConnection::GetBatchesFromFrame+0xcd
ffffbf06`99bdba70 ffffc4b0`c2f9ecf5 : 00000000`00000004 00000000`00000000 000000a5`35b7f168 ffffc4ce`40608a30 : win32kbase!NtDCompositionGetConnectionBatch+0x157
ffffbf06`99bdbad0 fffff807`506071b8 : ffffaf0f`b279a080 00000000`000003e8 00000000`00000000 00000000`00000238 : win32k!NtDCompositionGetConnectionBatch+0x15
ffffbf06`99bdbb00 00007ff8`87a03664 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000a5`35b7f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`87a03664
SYMBOL_NAME: win32kbase!DirectComposition::CBatchSharedMemoryPool::GetUserModeViewAtOffset+a5
MODULE_NAME: win32kbase
IMAGE_NAME: win32kbase.sys
IMAGE_VERSION: 10.0.19041.662
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: a5
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_win32kbase!DirectComposition::CBatchSharedMemoryPool::GetUserModeViewAtOffset
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4041e589-2188-9491-6f40-61dabb9d54e5}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\011121-6984-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`62200000 PsLoadedModuleList = 0xfffff806`62e2a2b0
Debug session time: Mon Jan 11 00:40:35.622 2021 (UTC + 3:00)
System Uptime: 0 days 0:37:34.287
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
Loading unloaded module list
....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`625f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9901`0fccb020=000000000000003b
9: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the bugcheck
Arg2: fffff806624260bf, Address of the instruction which caused the bugcheck
Arg3: ffff99010fccb920, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 7061
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 19355
Key : Analysis.Memory.CommitPeak.Mb
Value: 76
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 3b
BUGCHECK_P1: c000001d
BUGCHECK_P2: fffff806624260bf
BUGCHECK_P3: ffff99010fccb920
BUGCHECK_P4: 0
CONTEXT: ffff99010fccb920 -- (.cxr 0xffff99010fccb920)
rax=0000000000000000 rbx=ffffc10553d0f080 rcx=0000000000000000
rdx=0000000000000001 rsi=ffff99010fc79180 rdi=0000000000000000
rip=fffff806624260bf rsp=ffffd481ab32a9e0 rbp=0000000000000004
r8=0000000000000004 r9=0000000000000000 r10=0000fffff8066256
r11=ffff88fa69e00000 r12=0000000000000000 r13=0000000000000001
r14=0000000000000001 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
nt!KiBeginThreadWait+0x9f:
fffff806`624260bf c6 ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csgo.exe
BAD_STACK_POINTER: ffff99010fccb018
STACK_TEXT:
ffffd481`ab32a9e0 fffff806`62429684 : 00000000`00000000 00000000`00000000 ffffc105`00000004 00000000`00000001 : nt!KiBeginThreadWait+0x9f
ffffd481`ab32aa40 fffff806`627edd7f : 00000000`007ac000 00000000`00040282 ffffd481`ab32aa00 00000000`00000002 : nt!KeDelayExecutionThread+0xd4
ffffd481`ab32aad0 fffff806`626071b8 : 00000000`19aefe34 00000000`00000001 ffffffff`ffffd8f0 ffffffff`fffcf2c0 : nt!NtDelayExecution+0x5f
ffffd481`ab32ab00 00000000`77b71cfc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`1970ecc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b71cfc
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff806624260c0 - nt!KiBeginThreadWait+a0
[ 83:8b ]
1 error : !nt (fffff806624260c0)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: ONE_BIT
STACK_COMMAND: .cxr 0xffff99010fccb920 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: memory_corruption
---------
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.