Skip to content

Instantly share code, notes, and snippets.

@2072

2072/BSOD.txt Secret

Created Sep 10, 2018
Embed
What would you like to do?
AOMEI backuper pro crash
Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [N:\Memory.dmp]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17134 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff801`4c202000 PsLoadedModuleList = 0xfffff801`4c5b0170
Debug session time: Mon Sep 10 11:06:00.806 2018 (UTC + 2:00)
System Uptime: 4 days 11:26:04.756
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`003bd018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {0, ffffc18715b45060, 2, ffffffffffffffff}
*** ERROR: Module load completed but symbols could not be loaded for amwrtdrv.sys
Probably caused by : amwrtdrv.sys ( amwrtdrv+1bce )
Followup: MachineOwner
---------
6: kd> !analyze -v
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffc18715b45060, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
SYSTEM_MANUFACTURER: ASUS
SYSTEM_PRODUCT_NAME: All Series
SYSTEM_SKU: All
SYSTEM_VERSION: System Version
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 2302
BIOS_DATE: 03/06/2017
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: SABERTOOTH Z87
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 1
BUGCHECK_P1: 0
BUGCHECK_P2: ffffc18715b45060
BUGCHECK_P3: 2
BUGCHECK_P4: ffffffffffffffff
CPU_COUNT: 8
CPU_MHZ: d48
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 24'00000000 (cache) 24'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: Backupper.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: XXXXXX
ANALYSIS_SESSION_TIME: 09-11-2018 00:46:22.0251
ANALYSIS_VERSION: 10.0.17134.12 amd64fre
LAST_CONTROL_TRANSFER: from fffff8014c3c436a to fffff8014c3aaca0
STACK_TEXT:
ffffb909`0a3b1788 fffff801`4c3c436a : 00000000`00000018 00000000`00000000 ffffc187`15b45060 00000000`00000002 : nt!KeBugCheckEx
ffffb909`0a3b1790 fffff801`4aa51bce : ffffc187`25a217d0 ffffc187`25a217d0 00000000`00000001 00000000`00000004 : nt!ObfDereferenceObject+0x1ae25a
ffffb909`0a3b17d0 fffff801`4c21b199 : ffffc187`1eb57330 fffff801`4c21b465 ffffc187`7a483a40 ffffc187`1eb57330 : amwrtdrv+0x1bce
ffffb909`0a3b1800 fffff801`4c6dffa4 : ffffc187`1eb57330 00000000`00000001 ffffc187`25a217d0 fffff801`4c24fb63 : nt!IofCallDriver+0x59
ffffb909`0a3b1840 fffff801`4c6d0170 : 00000000`00000001 00000000`00000000 ffffc187`01f6c9a0 00000000`00000001 : nt!IopDeleteFile+0x124
ffffb909`0a3b18c0 fffff801`4c217556 : 00000000`00000000 00000000`00000000 00000000`00000001 ffffc187`1eb57330 : nt!ObpRemoveObjectRoutine+0x80
ffffb909`0a3b1920 fffff801`4c6c5b49 : 00000000`00000000 ffffc187`01f6c9a0 ffffa780`00000000 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0xc6
ffffb909`0a3b1960 fffff801`4c6cd48d : 00000000`00000000 00000000`0009e5b8 00000000`00001000 00000000`00000004 : nt!ObCloseHandleTableEntry+0x259
ffffb909`0a3b1aa0 fffff801`4c3bb343 : ffffc187`7a483300 00000000`05b72978 ffffc187`7a483300 ffffb909`0a3b1b80 : nt!NtClose+0xcd
ffffb909`0a3b1b00 00000000`77961e4c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0009ef08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77961e4c
THREAD_SHA1_HASH_MOD_FUNC: bfc44085b28be2cdacd267077a974a30c548f45f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f6f8190f9da77f7597ea529b1bdeb7ee660685df
THREAD_SHA1_HASH_MOD: 36ba479a424706c6cd7f252f81c1734db9b2c6e0
FOLLOWUP_IP:
amwrtdrv+1bce
fffff801`4aa51bce 488b4f18 mov rcx,qword ptr [rdi+18h]
FAULT_INSTR_CODE: 184f8b48
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: amwrtdrv+1bce
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: amwrtdrv
IMAGE_NAME: amwrtdrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 50d967ee
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1bce
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_amwrtdrv!unknown_function
BUCKET_ID: 0x18_OVER_DEREFERENCE_amwrtdrv!unknown_function
PRIMARY_PROBLEM_CLASS: 0x18_OVER_DEREFERENCE_amwrtdrv!unknown_function
TARGET_TIME: 2018-09-10T09:06:00.000Z
OSBUILD: 17134
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-08-09 06:25:05
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: 8ff
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x18_over_dereference_amwrtdrv!unknown_function
FAILURE_ID_HASH: {b6cff8c8-943a-2f66-912f-21ccfc8c6939}
Followup: MachineOwner
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.