-
-
Save barcharcraz/437db6c66b1c3f7c7ade to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:000> !analyze -v | |
| ******************************************************************************* | |
| * * | |
| * Exception Analysis * | |
| * * | |
| ******************************************************************************* | |
| APPLICATION_VERIFIER_HEAPS_FIRST_CHANCE_ACCESS_VIOLATION (13) | |
| First chance access violation for current stack trace. | |
| This is the most common application verifier stop. Typically it is caused by a | |
| buffer overrun error. The heap verifier places a non-accessible page at the end | |
| of a heap allocation and a buffer overrun will cause an exception by | |
| touching this page. To debug this stop identify the access address that caused | |
| the exception and then use the following debugger command: | |
| !heap -p -a ACCESS_ADDRESS | |
| This command will give details about the nature of the error and what heap block is | |
| overrun. It will also give the stack trace for the block allocation. | |
| There are several other causes for this stop. For example accessing a heap block | |
| after being freed. The same debugger command will be useful for this case too. | |
| Arguments: | |
| Arg1: 0000000000000000, Invalid address causing the exception. | |
| Arg2: 00007ff874d7331d, Code address executing the invalid access. | |
| Arg3: 000000000023fb40, Exception record. | |
| Arg4: 000000000023f650, Context record. | |
| FAULTING_IP: | |
| KERNELBASE!GetQueuedCompletionStatus+5d | |
| 00007ff8`74d7331d 890f mov dword ptr [rdi],ecx | |
| EXCEPTION_RECORD: 000000000023fb40 -- (.exr 0x23fb40) | |
| ExceptionAddress: 00007ff874d7331d (KERNELBASE!GetQueuedCompletionStatus+0x000000000000005d) | |
| ExceptionCode: c0000005 (Access violation) | |
| ExceptionFlags: 00000000 | |
| NumberParameters: 2 | |
| Parameter[0]: 0000000000000001 | |
| Parameter[1]: 0000000000000000 | |
| Attempt to write to address 0000000000000000 | |
| CONTEXT: 0000000000000000 -- (.cxr 0x0;r) | |
| rax=00007ff86b3c4930 rbx=00007ff86b3c3070 rcx=00007ff5ffffc000 | |
| rdx=bad1bad1bad1bad1 rsi=00000000000001a1 rdi=000000000023fb40 | |
| rip=00007ff86b3b3a00 rsp=000000000023e8c0 rbp=000000000023e960 | |
| r8=0000000000000000 r9=bad1bad1bad1bad1 r10=00007ff86b3c38d0 | |
| r11=bad1bad1bad1bad1 r12=00007ff86aee36e0 r13=00007ff86aee3700 | |
| r14=0000000000000000 r15=0000000000000000 | |
| iopl=0 nv up ei pl nz na pe nc | |
| cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000200 | |
| vrfcore!VerifierStopMessageEx+0x6f4: | |
| 00007ff8`6b3b3a00 cc int 3 | |
| FAULTING_THREAD: 0000000000001abc | |
| DEFAULT_BUCKET_ID: STATUS_BREAKPOINT | |
| PROCESS_NAME: image00000000`00400000 | |
| ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. | |
| EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid | |
| EXCEPTION_PARAMETER1: 0000000000000000 | |
| NTGLOBALFLAG: 2000100 | |
| APPLICATION_VERIFIER_FLAGS: 81643267 | |
| APP: image00000000`00400000 | |
| ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre | |
| PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT | |
| BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT | |
| LAST_CONTROL_TRANSFER: from 00007ff86b3b9d20 to 00007ff86b3b3a00 | |
| STACK_TEXT: | |
| 00000000`0023e8c0 00007ff8`6b3b9d20 : bad1bad1`bad1bad1 bad1bad1`bad1bad1 bad1bad1`bad1bad1 bad1bad1`bad1bad1 : vrfcore!VerifierStopMessageEx+0x6f4 | |
| 00000000`0023ec20 00007ff8`6660a236 : bad1bad1`bad1bad1 bad1bad1`bad1bad1 00000000`0023f430 00007ff8`76b715cd : vrfcore!VfCoreRedirectedStopMessage+0x90 | |
| 00000000`0023ecb0 00007ff8`7799f894 : 00000000`0023fb40 00007ff8`779f9c00 00000000`00000000 bad1bad1`bad1bad1 : verifier!VerifierStopMessage+0x86 | |
| 00000000`0023ed50 00007ff8`6aee62d9 : 00000000`00229000 bad1bad1`bad1bad1 bad1bad1`00000000 bad1bad1`00000005 : ntdll!RtlApplicationVerifierStop+0xd4 | |
| 00000000`0023edb0 00007ff8`6aee8246 : 00000000`0023fb40 00007ff8`779f9c00 00000000`05e95fe0 00007ff8`77a054c8 : vfbasics!VerifierStopMessage+0x245 | |
| 00000000`0023ee10 00007ff8`6aee787e : 00000000`0023ef18 00000000`05e95fe0 bad1bad1`bad1bad1 bad1bad1`bad1bad1 : vfbasics!AVrfpCheckFirstChanceException+0x136 | |
| 00000000`0023eea0 00007ff8`77927e14 : 00000000`00000000 bad1bad1`9cc3ec32 bad1bad1`bad1bad1 00000000`0023fb40 : vfbasics!AVrfpVectoredExceptionHandler+0x1a | |
| 00000000`0023eef0 00007ff8`77925a23 : 00000000`0023fb40 00000000`0023f650 bad10000`00000002 00007ff8`6aee7864 : ntdll!RtlpCallVectoredHandlers+0xb8 | |
| 00000000`0023ef80 00007ff8`779683de : 00000000`00000000 00000000`00000000 00000000`0023fcf0 bad1bad1`bad1bad1 : ntdll!RtlDispatchException+0x63 | |
| 00000000`0023f650 00007ff8`74d7331d : 00000000`0023fcf0 00000000`07384ff0 00000000`0023fbf0 00000000`07384ff0 : ntdll!KiUserExceptionDispatch+0x2e | |
| 00000000`0023fc10 00000000`00422be7 : 00000000`0023fd20 00000000`0042a270 00000000`00000003 00000000`0023ffe0 : KERNELBASE!GetQueuedCompletionStatus+0x5d | |
| 00000000`0023fc70 00000000`004236fe : 00000000`00424450 00000000`0000002d 00000000`07382ff0 00000000`00000001 : image00000000_00400000+0x22be7 | |
| 00000000`0023fdf0 00000000`0042555d : 00000000`00000001 00000000`00423899 00000000`07386fd0 00000000`0000002d : image00000000_00400000+0x236fe | |
| 00000000`0023fe20 00000000`004013b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : image00000000_00400000+0x2555d | |
| 00000000`0023fe60 00000000`004014e8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : image00000000_00400000+0x13b5 | |
| 00000000`0023ff30 00007ff8`76b715cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : image00000000_00400000+0x14e8 | |
| 00000000`0023ff60 00007ff8`779443d1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0xd | |
| 00000000`0023ff90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d | |
| STACK_COMMAND: .cxr 0x0 ; kb | |
| FOLLOWUP_IP: | |
| image00000000_00400000+22be7 | |
| 00000000`00422be7 488d0d6a730000 lea rcx,[image00000000_00400000+0x29f58 (00000000`00429f58)] | |
| SYMBOL_STACK_INDEX: b | |
| SYMBOL_NAME: image00000000+22be7 | |
| FOLLOWUP_NAME: MachineOwner | |
| MODULE_NAME: image00000000_00400000 | |
| IMAGE_NAME: proactor.exe | |
| DEBUG_FLR_IMAGE_TIMESTAMP: 0 | |
| FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_proactor.exe!Unknown | |
| BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_image00000000+22be7 | |
| ANALYSIS_SOURCE: UM | |
| FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_proactor.exe!unknown | |
| FAILURE_ID_HASH: {b45941ee-87a4-d945-b94f-3ef3cfcbdd0f} | |
| Followup: MachineOwner | |
| --------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment