| 1 |
|
|---|
| 2 | Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
|
|---|
| 3 | Copyright (c) Microsoft Corporation. All rights reserved.
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 | Loading Dump File [C:\Windows\MEMORY.DMP]
|
|---|
| 7 | Kernel Bitmap Dump File: Full address space is available
|
|---|
| 8 |
|
|---|
| 9 |
|
|---|
| 10 | ************* Symbol Path validation summary **************
|
|---|
| 11 | Response Time (ms) Location
|
|---|
| 12 | Deferred srv*c:\symcache*http://msdl.microsoft.com/download/symbols
|
|---|
| 13 | Symbol search path is: srv*c:\symcache*http://msdl.microsoft.com/download/symbols
|
|---|
| 14 | Executable search path is:
|
|---|
| 15 | Windows 8 Kernel Version 9600 MP (2 procs) Free x64
|
|---|
| 16 | Product: WinNt, suite: TerminalServer SingleUserTS Personal
|
|---|
| 17 | Built by: 9600.17328.amd64fre.winblue_r3.140827-1500
|
|---|
| 18 | Machine Name:
|
|---|
| 19 | Kernel base = 0xfffff800`3668a000 PsLoadedModuleList = 0xfffff800`36960370
|
|---|
| 20 | Debug session time: Wed Nov 12 03:49:22.876 2014 (UTC + 0:00)
|
|---|
| 21 | System Uptime: 0 days 0:23:13.623
|
|---|
| 22 | Loading Kernel Symbols
|
|---|
| 23 | ...............................................................
|
|---|
| 24 | ................................................................
|
|---|
| 25 | ...................................................
|
|---|
| 26 | Loading User Symbols
|
|---|
| 27 | ................................................................
|
|---|
| 28 | ......................................
|
|---|
| 29 | Loading unloaded module list
|
|---|
| 30 | ..............................................................................
|
|---|
| 31 | *******************************************************************************
|
|---|
| 32 | * *
|
|---|
| 33 | * Bugcheck Analysis *
|
|---|
| 34 | * *
|
|---|
| 35 | *******************************************************************************
|
|---|
| 36 |
|
|---|
| 37 | Use !analyze -v to get detailed debugging information.
|
|---|
| 38 |
|
|---|
| 39 | BugCheck 3B, {80000003, fffff8017f0c7ed4, ffffd00035a8c0f0, 0}
|
|---|
| 40 |
|
|---|
| 41 | *** ERROR: Symbol file could not be found. Defaulted to export symbols for VBoxDrv.sys -
|
|---|
| 42 | *** ERROR: Module load completed but symbols could not be loaded for aswSnx.sys
|
|---|
| 43 | Probably caused by : VBoxDrv.sys ( VBoxDrv!SUPR0GetKernelFeatures+1024 )
|
|---|
| 44 |
|
|---|
| 45 | Followup: MachineOwner
|
|---|
| 46 | ---------
|
|---|
| 47 |
|
|---|
| 48 | 0: kd> !analyze -v
|
|---|
| 49 | *******************************************************************************
|
|---|
| 50 | * *
|
|---|
| 51 | * Bugcheck Analysis *
|
|---|
| 52 | * *
|
|---|
| 53 | *******************************************************************************
|
|---|
| 54 |
|
|---|
| 55 | SYSTEM_SERVICE_EXCEPTION (3b)
|
|---|
| 56 | An exception happened while executing a system service routine.
|
|---|
| 57 | Arguments:
|
|---|
| 58 | Arg1: 0000000080000003, Exception code that caused the bugcheck
|
|---|
| 59 | Arg2: fffff8017f0c7ed4, Address of the instruction which caused the bugcheck
|
|---|
| 60 | Arg3: ffffd00035a8c0f0, Address of the context record for the exception that caused the bugcheck
|
|---|
| 61 | Arg4: 0000000000000000, zero.
|
|---|
| 62 |
|
|---|
| 63 | Debugging Details:
|
|---|
| 64 | ------------------
|
|---|
| 65 |
|
|---|
| 66 |
|
|---|
| 67 | EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
|
|---|
| 68 |
|
|---|
| 69 | FAULTING_IP:
|
|---|
| 70 | VBoxDrv!SUPR0GetKernelFeatures+1024
|
|---|
| 71 | fffff801`7f0c7ed4 cc int 3
|
|---|
| 72 |
|
|---|
| 73 | CONTEXT: ffffd00035a8c0f0 -- (.cxr 0xffffd00035a8c0f0;r)
|
|---|
| 74 | rax=0000000000000001 rbx=ffffe001afeae710 rcx=ffffd00035a8caf0
|
|---|
| 75 | rdx=0000000000000008 rsi=00000000ffffffff rdi=0000000000000000
|
|---|
| 76 | rip=fffff8017f0c7ed4 rsp=ffffd00035a8cb20 rbp=0000000000001368
|
|---|
| 77 | r8=0000000000000065 r9=0000000000000001 r10=0000000000000001
|
|---|
| 78 | r11=ffffd00035a8ca68 r12=0000000000000be4 r13=ffffe001a857b418
|
|---|
| 79 | r14=ffffd00035a8cdd0 r15=ffffc0013f9649b8
|
|---|
| 80 | iopl=0 nv up ei ng nz na pe nc
|
|---|
| 81 | cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282
|
|---|
| 82 | VBoxDrv!SUPR0GetKernelFeatures+0x1024:
|
|---|
| 83 | fffff801`7f0c7ed4 cc int 3
|
|---|
| 84 | Last set context:
|
|---|
| 85 | rax=0000000000000001 rbx=ffffe001afeae710 rcx=ffffd00035a8caf0
|
|---|
| 86 | rdx=0000000000000008 rsi=00000000ffffffff rdi=0000000000000000
|
|---|
| 87 | rip=fffff8017f0c7ed4 rsp=ffffd00035a8cb20 rbp=0000000000001368
|
|---|
| 88 | r8=0000000000000065 r9=0000000000000001 r10=0000000000000001
|
|---|
| 89 | r11=ffffd00035a8ca68 r12=0000000000000be4 r13=ffffe001a857b418
|
|---|
| 90 | r14=ffffd00035a8cdd0 r15=ffffc0013f9649b8
|
|---|
| 91 | iopl=0 nv up ei ng nz na pe nc
|
|---|
| 92 | cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282
|
|---|
| 93 | VBoxDrv!SUPR0GetKernelFeatures+0x1024:
|
|---|
| 94 | fffff801`7f0c7ed4 cc int 3
|
|---|
| 95 | Resetting default scope
|
|---|
| 96 |
|
|---|
| 97 | DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
|
|---|
| 98 |
|
|---|
| 99 | BUGCHECK_STR: 0x3B
|
|---|
| 100 |
|
|---|
| 101 | PROCESS_NAME: svchost.exe
|
|---|
| 102 |
|
|---|
| 103 | CURRENT_IRQL: 2
|
|---|
| 104 |
|
|---|
| 105 | ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
|
|---|
| 106 |
|
|---|
| 107 | LAST_CONTROL_TRANSFER: from fffff8017f0c9935 to fffff8017f0c7ed4
|
|---|
| 108 |
|
|---|
| 109 | STACK_TEXT:
|
|---|
| 110 | ffffd000`35a8cb20 fffff801`7f0c9935 : ffffe001`afeae790 00000000`00001368 ffffe001`afeae710 ffffc001`4b6a4df0 : VBoxDrv!SUPR0GetKernelFeatures+0x1024
|
|---|
| 111 | ffffd000`35a8cb50 fffff801`7f0c9eec : 00000000`00000000 ffffe001`afeae790 00000000`00000000 ffffc001`4482c720 : VBoxDrv!SUPR0GetKernelFeatures+0x2a85
|
|---|
| 112 | ffffd000`35a8cb80 fffff800`36aafdfb : ffffc001`3f964980 00000000`00000000 ffffc001`4ab8a720 ffffe001`000007aa : VBoxDrv!SUPR0GetKernelFeatures+0x303c
|
|---|
| 113 | ffffd000`35a8cbc0 fffff800`36a41b14 : ffffc001`4ac54a00 00000000`00000000 ffffd000`35a8cd60 ffffd000`35a8cf90 : nt!ObpCallPreOperationCallbacks+0x16f
|
|---|
| 114 | ffffd000`35a8cc40 fffff800`36a5cf8c : ffffe001`af789080 00000000`00000000 00000000`00000000 ffffe001`001fffff : nt!ObpCreateHandle+0xa04
|
|---|
| 115 | ffffd000`35a8ce70 fffff800`36a5cb4b : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!PsOpenProcess+0x43c
|
|---|
| 116 | ffffd000`35a8d160 fffff801`7eae099c : 00000000`00000d00 ffffd000`35a8dc80 ffffd000`35a8d1d0 ffffe001`b006e110 : nt!NtOpenProcess+0x23
|
|---|
| 117 | ffffd000`35a8d1a0 fffff801`7eba3200 : 00000000`00000000 ffffd000`001fffff 00000046`d61cf560 00000000`00000000 : aswSnx+0x2999c
|
|---|
| 118 | ffffd000`35a8d2b0 fffff801`7eaba798 : ffffe001`afddad40 00000000`00000000 00000000`00000001 00000000`00000000 : aswSnx+0xec200
|
|---|
| 119 | ffffd000`35a8d930 fffff800`36a4e15f : 00000000`00000000 00000000`00000000 ffffe001`aea0c010 00000000`00000001 : aswSnx+0x3798
|
|---|
| 120 | ffffd000`35a8d980 fffff800`36a4fa76 : 00000400`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
|
|---|
| 121 | ffffd000`35a8db20 fffff800`367e49b3 : ffffe001`af789080 00000046`d61cf8a8 ffffd000`35a8dba8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
|
|---|
| 122 | ffffd000`35a8db90 00007fff`7d1316ea : 00007ffe`fd2600ff 00000046`d486bcc0 00007fff`73571621 00000000`0000000c : nt!KiSystemServiceCopyEnd+0x13
|
|---|
| 123 | 00000046`d61cf4b8 00007ffe`fd2600ff : 00000046`d486bcc0 00007fff`73571621 00000000`0000000c 00000000`00000004 : ntdll!NtDeviceIoControlFile+0xa
|
|---|
| 124 | 00000046`d61cf4c0 00000046`d486bcc0 : 00007fff`73571621 00000000`0000000c 00000000`00000004 00007ffe`fd26065c : 0x00007ffe`fd2600ff
|
|---|
| 125 | 00000046`d61cf4c8 00007fff`73571621 : 00000000`0000000c 00000000`00000004 00007ffe`fd26065c ffffffff`82ac8004 : 0x00000046`d486bcc0
|
|---|
| 126 | 00000046`d61cf4d0 00007fff`7a592dde : 00000000`000007d0 00000046`d48e0250 00000000`00000be4 00000000`00000000 : pcasvc!PcaEventTriagerExecute+0x89
|
|---|
| 127 | 00000046`d61cf530 00007fff`73574253 : 00000000`00000000 00000046`d61cf6a0 00000000`00000000 00000000`00000000 : KERNELBASE!OpenProcess+0x4e
|
|---|
| 128 | 00000046`d61cf5a0 00007fff`7357409e : 00000000`00000000 00000000`00000000 00000000`00000000 00000046`d488fdf0 : pcasvc!PcaChainManagerProcessStart+0x193
|
|---|
| 129 | 00000046`d61cf8b0 00007fff`73573e76 : 00000046`d488fdf0 00000000`00000000 00000000`00000000 00000000`00000000 : pcasvc!PcapProcessStartCallback+0x16
|
|---|
| 130 | 00000046`d61cf8f0 00007fff`7be916ad : 00000000`00000006 00000000`00001368 00000046`d630ffb0 00000000`00000000 : pcasvc!PcapJobTrackerThread+0xa2
|
|---|
| 131 | 00000046`d61cf930 00007fff`7d0f4409 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0xd
|
|---|
| 132 | 00000046`d61cf960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
|
|---|
| 133 |
|
|---|
| 134 |
|
|---|
| 135 | FOLLOWUP_IP:
|
|---|
| 136 | VBoxDrv!SUPR0GetKernelFeatures+1024
|
|---|
| 137 | fffff801`7f0c7ed4 cc int 3
|
|---|
| 138 |
|
|---|
| 139 | SYMBOL_STACK_INDEX: 0
|
|---|
| 140 |
|
|---|
| 141 | SYMBOL_NAME: VBoxDrv!SUPR0GetKernelFeatures+1024
|
|---|
| 142 |
|
|---|
| 143 | FOLLOWUP_NAME: MachineOwner
|
|---|
| 144 |
|
|---|
| 145 | MODULE_NAME: VBoxDrv
|
|---|
| 146 |
|
|---|
| 147 | IMAGE_NAME: VBoxDrv.sys
|
|---|
| 148 |
|
|---|
| 149 | DEBUG_FLR_IMAGE_TIMESTAMP: 54391470
|
|---|
| 150 |
|
|---|
| 151 | STACK_COMMAND: .cxr 0xffffd00035a8c0f0 ; kb
|
|---|
| 152 |
|
|---|
| 153 | BUCKET_ID_FUNC_OFFSET: 1024
|
|---|
| 154 |
|
|---|
| 155 | FAILURE_BUCKET_ID: 0x3B_VBoxDrv!SUPR0GetKernelFeatures
|
|---|
| 156 |
|
|---|
| 157 | BUCKET_ID: 0x3B_VBoxDrv!SUPR0GetKernelFeatures
|
|---|
| 158 |
|
|---|
| 159 | ANALYSIS_SOURCE: KM
|
|---|
| 160 |
|
|---|
| 161 | FAILURE_ID_HASH_STRING: km:0x3b_vboxdrv!supr0getkernelfeatures
|
|---|
| 162 |
|
|---|
| 163 | FAILURE_ID_HASH: {f0802ef1-a112-42bb-e16c-5e16864d095d}
|
|---|
| 164 |
|
|---|
| 165 | Followup: MachineOwner
|
|---|
| 166 | ---------
|
|---|
| 167 |
|
|---|
| 168 | 0: kd> lmvm VBoxDrv
|
|---|
| 169 | start end module name
|
|---|
| 170 | fffff801`7f0b9000 fffff801`7f19e000 VBoxDrv (export symbols) VBoxDrv.sys
|
|---|
| 171 | Loaded symbol image file: VBoxDrv.sys
|
|---|
| 172 | Image path: \SystemRoot\system32\DRIVERS\VBoxDrv.sys
|
|---|
| 173 | Image name: VBoxDrv.sys
|
|---|
| 174 | Timestamp: Sat Oct 11 12:28:48 2014 (54391470)
|
|---|
| 175 | CheckSum: 000EEA0A
|
|---|
| 176 | ImageSize: 000E5000
|
|---|
| 177 | Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
|
|---|
| 178 |
|
|---|