PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffdc04bcd00010, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8004f245c32, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffdc04bcd00010
BUGCHECK_P2: 0
BUGCHECK_P3: fffff8004f245c32
BUGCHECK_P4: 2
READ_ADDRESS: fffff8004f7733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffdc04bcd00010
FAULTING_IP:
nt!ExFreeHeapPool+b2
fffff800`4f245c32 488b5810 mov rbx,qword ptr [rax+10h]
MM_INTERNAL_CODE: 2
CPU_COUNT: c
CPU_MHZ: e10
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-09-2020 18:45:00.0230
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffd98db3ea5720 -- (.trap 0xffffd98db3ea5720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffdc04bcd00000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8004f200000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8004f245c32 rsp=ffffd98db3ea58b0 rbp=0000000000000000
r8=ffffc785e501b08a r9=0000000000000002 r10=fffff8004f56f0a0
r11=000000000000000e r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!ExFreeHeapPool+0xb2:
fffff800`4f245c32 488b5810 mov rbx,qword ptr [rax+10h] ds:ffffdc04`bcd00010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8004f3e35d6 to fffff8004f3c14e0
STACK_TEXT:
ffffd98d`b3ea5478 fffff800`4f3e35d6 : 00000000`00000050 ffffdc04`bcd00010 00000000`00000000 ffffd98d`b3ea5720 : nt!KeBugCheckEx
ffffd98d`b3ea5480 fffff800`4f272eef : 00000000`00000000 00000000`00000000 00000000`00000000 ffffdc04`bcd00010 : nt!MiSystemFault+0x1d6866
ffffd98d`b3ea5580 fffff800`4f3cf520 : fffff800`50a9a570 00000000`00000000 ffff8000`00000000 ffffd98d`b3ea5a20 : nt!MmAccessFault+0x34f
ffffd98d`b3ea5720 fffff800`4f245c32 : ffffc785`d5010340 00000000`000000ff 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
ffffd98d`b3ea58b0 fffff800`4f56f0a9 : 00000000`00000005 ffffc785`f1487740 00000000`00000000 01000000`00100000 : nt!ExFreeHeapPool+0xb2
ffffd98d`b3ea59d0 fffff800`5b5d29a7 : ffffc785`f1487740 00000000`0000afd1 00000000`00000000 00000000`0000afd1 : nt!ExFreePool+0x9
ffffd98d`b3ea5a00 fffff800`5b5d2720 : ffffc785`f1487740 fffff800`5b5d8350 fffff800`4f78f240 ffffc785`d4e79b00 : afd!AfdFreeEndpointResources+0x1f7
ffffd98d`b3ea5aa0 fffff800`5b5a50ad : ffffc785`f1487870 00000000`0000000d fffff800`5b5a5020 ffffc785`d4e79b00 : afd!AfdFreeEndpoint+0x20
ffffd98d`b3ea5ad0 fffff800`4f267c0f : ffffc785`d74512a0 ffffc785`d7428940 ffffc785`df807080 fffff800`5b5a5020 : afd!AfdDoWork+0x8d
ffffd98d`b3ea5b00 fffff800`4f2bd095 : ffffc785`d4e79b00 ffffc785`eb416040 fffff800`4f267b10 00000000`0000000c : nt!IopProcessWorkItem+0xff
ffffd98d`b3ea5b70 fffff800`4f32a7a5 : ffffc785`eb416040 00000000`00000080 ffffc785`d4e7a040 00000000`00000001 : nt!ExpWorkerThread+0x105
ffffd98d`b3ea5c10 fffff800`4f3c8b2a : ffffb080`5fedf180 ffffc785`eb416040 fffff800`4f32a750 00000000`00000246 : nt!PspSystemThreadStartup+0x55
ffffd98d`b3ea5c60 00000000`00000000 : ffffd98d`b3ea6000 ffffd98d`b3ea0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x2a
THREAD_SHA1_HASH_MOD_FUNC: 9e608683d7c88adaef1488218210ad7e080f5904
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8ba4a4a02d9c49842e7793aba3bd2c7f89d2388a
THREAD_SHA1_HASH_MOD: 2bcc06f06a09ec75965497751fa494dc5b96ab75
FOLLOWUP_IP:
nt!ExFreePool+9
fffff800`4f56f0a9 4883c428 add rsp,28h
FAULT_INSTR_CODE: 28c48348
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: nt!ExFreePool+9
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.628
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: AV_R_INVALID_nt!ExFreePool
BUCKET_ID: AV_R_INVALID_nt!ExFreePool
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_nt!ExFreePool
TARGET_TIME: 2020-02-09T13:07:41.000Z
OSBUILD: 18362
OSSERVICEPACK: 628
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1991-11-30 08:21:39
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 6525
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_nt!exfreepool
FAILURE_ID_HASH: {abe5a486-9a07-9785-197c-226bb9273d2c}
Followup: Pool_corruption
---------