| 1 |
|
|---|
| 2 | Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
|
|---|
| 3 | Copyright (c) Microsoft Corporation. All rights reserved.
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 | Loading Dump File [C:\Windows\minidump\080219-11296-01.dmp]
|
|---|
| 7 | Mini Kernel Dump File: Only registers and stack trace are available
|
|---|
| 8 |
|
|---|
| 9 |
|
|---|
| 10 | ************* Path validation summary **************
|
|---|
| 11 | Response Time (ms) Location
|
|---|
| 12 | Deferred srv*C:\MySymbols*https://msdl.microsoft.com/download/symbols
|
|---|
| 13 | Symbol search path is: srv*C:\MySymbols*https://msdl.microsoft.com/download/symbols
|
|---|
| 14 | Executable search path is:
|
|---|
| 15 | Windows 10 Kernel Version 18362 MP (8 procs) Free x64
|
|---|
| 16 | Product: WinNt, suite: TerminalServer SingleUserTS
|
|---|
| 17 | Built by: 18362.1.amd64fre.19h1_release.190318-1202
|
|---|
| 18 | Machine Name:
|
|---|
| 19 | Kernel base = 0xfffff803`62c00000 PsLoadedModuleList = 0xfffff803`630432f0
|
|---|
| 20 | Debug session time: Fri Aug 2 20:37:09.365 2019 (UTC + 3:00)
|
|---|
| 21 | System Uptime: 0 days 0:11:15.077
|
|---|
| 22 | Loading Kernel Symbols
|
|---|
| 23 | ...............................................................
|
|---|
| 24 | ................................................................
|
|---|
| 25 | ................................................................
|
|---|
| 26 | ..................
|
|---|
| 27 | Loading User Symbols
|
|---|
| 28 | Loading unloaded module list
|
|---|
| 29 | ................
|
|---|
| 30 | For analysis of this file, run !analyze -v
|
|---|
| 31 | 0: kd> !analyze -v
|
|---|
| 32 | *******************************************************************************
|
|---|
| 33 | * *
|
|---|
| 34 | * Bugcheck Analysis *
|
|---|
| 35 | * *
|
|---|
| 36 | *******************************************************************************
|
|---|
| 37 |
|
|---|
| 38 | ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
|
|---|
| 39 | An attempt was made to execute non-executable memory. The guilty driver
|
|---|
| 40 | is on the stack trace (and is typically the current instruction pointer).
|
|---|
| 41 | When possible, the guilty driver's name (Unicode string) is printed on
|
|---|
| 42 | the bugcheck screen and saved in KiBugCheckDriver.
|
|---|
| 43 | Arguments:
|
|---|
| 44 | Arg1: ffff800803df71a0, Virtual address for the attempted execute.
|
|---|
| 45 | Arg2: 8a00000809c008e3, PTE contents.
|
|---|
| 46 | Arg3: ffff908edb1c8340, (reserved)
|
|---|
| 47 | Arg4: 0000000000000003, (reserved)
|
|---|
| 48 |
|
|---|
| 49 | Debugging Details:
|
|---|
| 50 | ------------------
|
|---|
| 51 |
|
|---|
| 52 | *** WARNING: Unable to verify timestamp for e1d65x64.sys
|
|---|
| 53 | *** WARNING: Unable to verify timestamp for win32k.sys
|
|---|
| 54 |
|
|---|
| 55 | KEY_VALUES_STRING: 1
|
|---|
| 56 |
|
|---|
| 57 |
|
|---|
| 58 | PROCESSES_ANALYSIS: 1
|
|---|
| 59 |
|
|---|
| 60 | SERVICE_ANALYSIS: 1
|
|---|
| 61 |
|
|---|
| 62 | STACKHASH_ANALYSIS: 1
|
|---|
| 63 |
|
|---|
| 64 | TIMELINE_ANALYSIS: 1
|
|---|
| 65 |
|
|---|
| 66 |
|
|---|
| 67 | DUMP_CLASS: 1
|
|---|
| 68 |
|
|---|
| 69 | DUMP_QUALIFIER: 400
|
|---|
| 70 |
|
|---|
| 71 | BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
|
|---|
| 72 |
|
|---|
| 73 | DUMP_TYPE: 2
|
|---|
| 74 |
|
|---|
| 75 | BUGCHECK_P1: ffff800803df71a0
|
|---|
| 76 |
|
|---|
| 77 | BUGCHECK_P2: 8a00000809c008e3
|
|---|
| 78 |
|
|---|
| 79 | BUGCHECK_P3: ffff908edb1c8340
|
|---|
| 80 |
|
|---|
| 81 | BUGCHECK_P4: 3
|
|---|
| 82 |
|
|---|
| 83 | CPU_COUNT: 8
|
|---|
| 84 |
|
|---|
| 85 | CPU_MHZ: 1068
|
|---|
| 86 |
|
|---|
| 87 | CPU_VENDOR: GenuineIntel
|
|---|
| 88 |
|
|---|
| 89 | CPU_FAMILY: 6
|
|---|
| 90 |
|
|---|
| 91 | CPU_MODEL: 9e
|
|---|
| 92 |
|
|---|
| 93 | CPU_STEPPING: 9
|
|---|
| 94 |
|
|---|
| 95 | CUSTOMER_CRASH_COUNT: 1
|
|---|
| 96 |
|
|---|
| 97 | DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
|
|---|
| 98 |
|
|---|
| 99 | BUGCHECK_STR: 0xFC
|
|---|
| 100 |
|
|---|
| 101 | PROCESS_NAME: System
|
|---|
| 102 |
|
|---|
| 103 | CURRENT_IRQL: 2
|
|---|
| 104 |
|
|---|
| 105 | ANALYSIS_SESSION_HOST: 7700K
|
|---|
| 106 |
|
|---|
| 107 | ANALYSIS_SESSION_TIME: 08-19-2019 19:08:23.0965
|
|---|
| 108 |
|
|---|
| 109 | ANALYSIS_VERSION: 10.0.18362.1 amd64fre
|
|---|
| 110 |
|
|---|
| 111 | TRAP_FRAME: ffff908edb1c8340 -- (.trap 0xffff908edb1c8340)
|
|---|
| 112 | NOTE: The trap frame does not contain all registers.
|
|---|
| 113 | Some register values may be zeroed or incorrect.
|
|---|
| 114 | rax=ffff800803df71a0 rbx=0000000000000000 rcx=ffff8008042dab50
|
|---|
| 115 | rdx=ffff80080ae10600 rsi=0000000000000000 rdi=0000000000000000
|
|---|
| 116 | rip=ffff800803df71a0 rsp=ffff908edb1c84d8 rbp=ffff908edb1c8559
|
|---|
| 117 | r8=0000000000000001 r9=0000000000000000 r10=fffff8036e9c5b90
|
|---|
| 118 | r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
|
|---|
| 119 | r14=0000000000000000 r15=0000000000000000
|
|---|
| 120 | iopl=0 nv up ei pl zr na po nc
|
|---|
| 121 | ffff8008`03df71a0 1101 adc dword ptr [rcx],eax ds:ffff8008`042dab50=03da7ef0
|
|---|
| 122 | Resetting default scope
|
|---|
| 123 |
|
|---|
| 124 | LAST_CONTROL_TRANSFER: from fffff80362e554bc to fffff80362dbc900
|
|---|
| 125 |
|
|---|
| 126 | STACK_TEXT:
|
|---|
| 127 | ffff908e`db1c8118 fffff803`62e554bc : 00000000`000000fc ffff8008`03df71a0 8a000008`09c008e3 ffff908e`db1c8340 : nt!KeBugCheckEx
|
|---|
| 128 | ffff908e`db1c8120 fffff803`62e4fbc1 : 00000000`00000003 00000000`00000001 00000000`00000000 ffff908e`db1c8260 : nt!MiCheckSystemNxFault+0x125330
|
|---|
| 129 | ffff908e`db1c8160 fffff803`62c7ac2a : 00000000`00000006 00000000`00000011 ffff908e`db1c82a0 00000000`00000000 : nt!MiRaisedIrqlFault+0x12a6e1
|
|---|
| 130 | ffff908e`db1c81a0 fffff803`62dca920 : 00000000`00000000 fffff803`b2503711 00000000`00000002 00000000`00000036 : nt!MmAccessFault+0x48a
|
|---|
| 131 | ffff908e`db1c8340 ffff8008`03df71a0 : fffff803`6778aa51 ffff8008`0451aa20 ffff8008`03e223f0 fffff803`6ea910b0 : nt!KiPageFault+0x360
|
|---|
| 132 | ffff908e`db1c84d8 fffff803`6778aa51 : ffff8008`0451aa20 ffff8008`03e223f0 fffff803`6ea910b0 ffff8008`0ae10600 : 0xffff8008`03df71a0
|
|---|
| 133 | ffff908e`db1c84e0 fffff803`6778eba3 : 00000000`00000002 00000000`00000000 fffff803`00000001 fffff803`6ea62101 : ndis!ndisMSendCompleteNetBufferListsInternal+0x121
|
|---|
| 134 | ffff908e`db1c85c0 fffff803`6778bcdf : fffff803`60367101 ffff8008`03afb9a1 ffff8008`043198c0 ffff8008`0ae10600 : ndis!ndisCallSendCompleteHandler+0x33
|
|---|
| 135 | ffff908e`db1c8600 fffff803`70ed33b4 : 00000000`00000002 00000001`00000000 00000001`00000000 fffff803`70ed0d00 : ndis!NdisMSendNetBufferListsComplete+0x1df
|
|---|
| 136 | ffff908e`db1c86f0 00000000`00000002 : 00000001`00000000 00000001`00000000 fffff803`70ed0d00 00000000`00000000 : e1d65x64+0x133b4
|
|---|
| 137 | ffff908e`db1c86f8 00000001`00000000 : 00000001`00000000 fffff803`70ed0d00 00000000`00000000 00000000`00000000 : 0x2
|
|---|
| 138 | ffff908e`db1c8700 00000001`00000000 : fffff803`70ed0d00 00000000`00000000 00000000`00000000 ffff8008`03e23000 : 0x00000001`00000000
|
|---|
| 139 | ffff908e`db1c8708 fffff803`70ed0d00 : 00000000`00000000 00000000`00000000 ffff8008`03e23000 ffff8008`03e23e40 : 0x00000001`00000000
|
|---|
| 140 | ffff908e`db1c8710 00000000`00000000 : 00000000`00000000 ffff8008`03e23000 ffff8008`03e23e40 00000001`03e3ed01 : e1d65x64+0x10d00
|
|---|
| 141 |
|
|---|
| 142 |
|
|---|
| 143 | THREAD_SHA1_HASH_MOD_FUNC: c0ffbf375cd55e1aa93daf3c03427b8881b1e850
|
|---|
| 144 |
|
|---|
| 145 | THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5058410cce10b80427a1f7de155fad955a47b3fb
|
|---|
| 146 |
|
|---|
| 147 | THREAD_SHA1_HASH_MOD: f2616a5e3854c666781435d2d0ed7d6384206ea6
|
|---|
| 148 |
|
|---|
| 149 | FOLLOWUP_IP:
|
|---|
| 150 | e1d65x64+133b4
|
|---|
| 151 | fffff803`70ed33b4 448b7dcb mov r15d,dword ptr [rbp-35h]
|
|---|
| 152 |
|
|---|
| 153 | FAULT_INSTR_CODE: cb7d8b44
|
|---|
| 154 |
|
|---|
| 155 | SYMBOL_STACK_INDEX: 9
|
|---|
| 156 |
|
|---|
| 157 | SYMBOL_NAME: e1d65x64+133b4
|
|---|
| 158 |
|
|---|
| 159 | FOLLOWUP_NAME: MachineOwner
|
|---|
| 160 |
|
|---|
| 161 | MODULE_NAME: e1d65x64
|
|---|
| 162 |
|
|---|
| 163 | IMAGE_NAME: e1d65x64.sys
|
|---|
| 164 |
|
|---|
| 165 | DEBUG_FLR_IMAGE_TIMESTAMP: 57f4c1b3
|
|---|
| 166 |
|
|---|
| 167 | STACK_COMMAND: .thread ; .cxr ; kb
|
|---|
| 168 |
|
|---|
| 169 | BUCKET_ID_FUNC_OFFSET: 133b4
|
|---|
| 170 |
|
|---|
| 171 | FAILURE_BUCKET_ID: 0xFC_e1d65x64!unknown_function
|
|---|
| 172 |
|
|---|
| 173 | BUCKET_ID: 0xFC_e1d65x64!unknown_function
|
|---|
| 174 |
|
|---|
| 175 | PRIMARY_PROBLEM_CLASS: 0xFC_e1d65x64!unknown_function
|
|---|
| 176 |
|
|---|
| 177 | TARGET_TIME: 2019-08-02T17:37:09.000Z
|
|---|
| 178 |
|
|---|
| 179 | OSBUILD: 18362
|
|---|
| 180 |
|
|---|
| 181 | OSSERVICEPACK: 239
|
|---|
| 182 |
|
|---|
| 183 | SERVICEPACK_NUMBER: 0
|
|---|
| 184 |
|
|---|
| 185 | OS_REVISION: 0
|
|---|
| 186 |
|
|---|
| 187 | SUITE_MASK: 272
|
|---|
| 188 |
|
|---|
| 189 | PRODUCT_TYPE: 1
|
|---|
| 190 |
|
|---|
| 191 | OSPLATFORM_TYPE: x64
|
|---|
| 192 |
|
|---|
| 193 | OSNAME: Windows 10
|
|---|
| 194 |
|
|---|
| 195 | OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
|
|---|
| 196 |
|
|---|
| 197 | OS_LOCALE:
|
|---|
| 198 |
|
|---|
| 199 | USER_LCID: 0
|
|---|
| 200 |
|
|---|
| 201 | OSBUILD_TIMESTAMP: 1972-02-02 11:33:06
|
|---|
| 202 |
|
|---|
| 203 | BUILDDATESTAMP_STR: 190318-1202
|
|---|
| 204 |
|
|---|
| 205 | BUILDLAB_STR: 19h1_release
|
|---|
| 206 |
|
|---|
| 207 | BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
|
|---|
| 208 |
|
|---|
| 209 | ANALYSIS_SESSION_ELAPSED_TIME: 10b20
|
|---|
| 210 |
|
|---|
| 211 | ANALYSIS_SOURCE: KM
|
|---|
| 212 |
|
|---|
| 213 | FAILURE_ID_HASH_STRING: km:0xfc_e1d65x64!unknown_function
|
|---|
| 214 |
|
|---|
| 215 | FAILURE_ID_HASH: {7259990a-ebc1-3d2e-33f5-0c4abf098887}
|
|---|
| 216 |
|
|---|
| 217 | Followup: MachineOwner
|
|---|
| 218 | ---------
|
|---|
| 219 |
|
|---|