Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save chenshaoju/0bfe9983b4d20a278ff8b140bb20e762 to your computer and use it in GitHub Desktop.
Save chenshaoju/0bfe9983b4d20a278ff8b140bb20e762 to your computer and use it in GitHub Desktop.
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\ShareFiles\052916-10500-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*D:\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10586.306.amd64fre.th2_release_sec.160422-1850
Machine Name:
Kernel base = 0xfffff802`69276000 PsLoadedModuleList = 0xfffff802`69554cd0
Debug session time: Sun May 29 10:03:18.243 2016 (UTC + 8:00)
System Uptime: 5 days 9:00:41.936
Loading Kernel Symbols
...............................................................
................................................................
........................................................
Loading User Symbols
Loading unloaded module list
...........................................
Cannot read PEB32 from WOW64 TEB32 00007ba7 - Win32 error 0n30
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9614748e4e1, ffffd000206fa960, 0}
Probably caused by : Unknown_Image ( PAGE_NOT_ZERO )
Followup: MachineOwner
---------
*** Memory manager detected 31655 instance(s) of page corruption, target is likely to have memory corruption.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9614748e4e1, Address of the instruction which caused the bugcheck
Arg3: ffffd000206fa960, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
win32kfull!xxxDestroyWindow+21
fffff961`4748e4e1 488b8770010000 mov rax,qword ptr [rdi+170h]
CONTEXT: ffffd000206fa960 -- (.cxr 0xffffd000206fa960)
rax=fffff96147891d00 rbx=fffff90140ab75b0 rcx=fffff90140ab75b0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9614748e4e1 rsp=ffffd000206fb380 rbp=ffffd000206fb3e9
r8=ffffd000206fb4b0 r9=000000000000007f r10=fffff900000001c0
r11=fffff90144fb6c70 r12=0000000080070000 r13=ffffc0018d1d4e00
r14=ffffe0005e62f580 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010282
win32kfull!xxxDestroyWindow+0x21:
fffff961`4748e4e1 488b8770010000 mov rax,qword ptr [rdi+170h] ds:002b:00000000`00000170=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
BAD_PAGES_DETECTED: 7ba7
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff9614748e4e1
STACK_TEXT:
ffffd000`206fb380 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32kfull!xxxDestroyWindow+0x21
SYMBOL_NAME: PAGE_NOT_ZERO
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffd000206fa960 ; kb
BUCKET_ID: PAGE_NOT_ZERO
Followup: MachineOwner
---------
*** Memory manager detected 31655 instance(s) of page corruption, target is likely to have memory corruption.
0: kd> .cxr 0xffffd000206fa960
rax=fffff96147891d00 rbx=fffff90140ab75b0 rcx=fffff90140ab75b0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9614748e4e1 rsp=ffffd000206fb380 rbp=ffffd000206fb3e9
r8=ffffd000206fb4b0 r9=000000000000007f r10=fffff900000001c0
r11=fffff90144fb6c70 r12=0000000080070000 r13=ffffc0018d1d4e00
r14=ffffe0005e62f580 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010282
win32kfull!xxxDestroyWindow+0x21:
fffff961`4748e4e1 488b8770010000 mov rax,qword ptr [rdi+170h] ds:002b:00000000`00000170=????????????????
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment