Created
February 20, 2017 12:50
-
-
Save vozersky/26c48059cd2fb71baa98aaa2ecd82f73 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 | |
Copyright (c) Microsoft Corporation. All rights reserved. | |
Loading Dump File [C:\Users\user\Desktop\MEMORY.DMP] | |
Kernel Bitmap Dump File: Only kernel address space is available | |
************* Symbol Path validation summary ************** | |
Response Time (ms) Location | |
Deferred srv*c:\symbols*https://msdl.microsoft.com/download/symbols | |
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols | |
Executable search path is: | |
Windows 8 Kernel Version 14393 MP (8 procs) Free x64 | |
Product: WinNt, suite: TerminalServer SingleUserTS | |
Built by: 14393.693.amd64fre.rs1_release.161220-1747 | |
Machine Name: | |
Kernel base = 0xfffff803`29e13000 PsLoadedModuleList = 0xfffff803`2a118060 | |
Debug session time: Sat Feb 18 14:23:52.440 2017 (UTC + 3:00) | |
System Uptime: 0 days 0:21:31.143 | |
Loading Kernel Symbols | |
............................................................... | |
................................................................ | |
....................................................... | |
Loading User Symbols | |
PEB is paged out (Peb.Ldr = 00000004`20f46018). Type ".hh dbgerr001" for details | |
Loading unloaded module list | |
...... | |
******************************************************************************* | |
* * | |
* Bugcheck Analysis * | |
* * | |
******************************************************************************* | |
Use !analyze -v to get detailed debugging information. | |
BugCheck 3B, {c0000005, fffff801f913e9f3, ffff8d012f9e70c0, 0} | |
*** ERROR: Module load completed but symbols could not be loaded for epfwwfp.sys | |
Page 109119 not present in the dump file. Type ".hh dbgerr004" for details | |
Probably caused by : NETIO.SYS ( NETIO!StreamInvokeCalloutAndNormalizeAction+20f ) | |
Followup: MachineOwner | |
--------- | |
4: kd> !analyze -v | |
******************************************************************************* | |
* * | |
* Bugcheck Analysis * | |
* * | |
******************************************************************************* | |
SYSTEM_SERVICE_EXCEPTION (3b) | |
An exception happened while executing a system service routine. | |
Arguments: | |
Arg1: 00000000c0000005, Exception code that caused the bugcheck | |
Arg2: fffff801f913e9f3, Address of the instruction which caused the bugcheck | |
Arg3: ffff8d012f9e70c0, Address of the context record for the exception that caused the bugcheck | |
Arg4: 0000000000000000, zero. | |
Debugging Details: | |
------------------ | |
Page 109119 not present in the dump file. Type ".hh dbgerr004" for details | |
OVERLAPPED_MODULE: Address regions for 'mrxsmb10' and 'dump_storport.sys' overlap | |
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> | |
FAULTING_IP: | |
NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 | |
CONTEXT: ffff8d012f9e70c0 -- (.cxr 0xffff8d012f9e70c0;r) | |
rax=ffffa285e73f9b01 rbx=ffff8d012f9e7cb0 rcx=ffff8d012a140100 | |
rdx=0000000000001001 rsi=ffff8d012f9e7c80 rdi=ffffa285e73f9be0 | |
rip=fffff801f913e9f3 rsp=ffff8d012f9e7ad0 rbp=ffff8d012f9e7b59 | |
r8=0000000000000000 r9=0000000000000014 r10=fffff801f9191ae0 | |
r11=000000000013dd0f r12=0000000000000000 r13=0000000000000004 | |
r14=ffff8d012f9e7f80 r15=fffff801f9191000 | |
iopl=0 nv up ei pl zr na po nc | |
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 | |
NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f: | |
fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 ds:002b:00000000`00000050=???????? | |
Last set context: | |
rax=ffffa285e73f9b01 rbx=ffff8d012f9e7cb0 rcx=ffff8d012a140100 | |
rdx=0000000000001001 rsi=ffff8d012f9e7c80 rdi=ffffa285e73f9be0 | |
rip=fffff801f913e9f3 rsp=ffff8d012f9e7ad0 rbp=ffff8d012f9e7b59 | |
r8=0000000000000000 r9=0000000000000014 r10=fffff801f9191ae0 | |
r11=000000000013dd0f r12=0000000000000000 r13=0000000000000004 | |
r14=ffff8d012f9e7f80 r15=fffff801f9191000 | |
iopl=0 nv up ei pl zr na po nc | |
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 | |
NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f: | |
fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 ds:002b:00000000`00000050=???????? | |
Resetting default scope | |
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT | |
BUGCHECK_STR: 0x3B | |
PROCESS_NAME: ekrn.exe | |
CURRENT_IRQL: 0 | |
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre | |
LAST_CONTROL_TRANSFER: from fffff801f913f3c0 to fffff801f913e9f3 | |
STACK_TEXT: | |
ffff8d01`2f9e7ad0 fffff801`f913f3c0 : ffffa285`e73f9be0 ffffa285`e73f9be0 00000000`00000000 ffff8d01`2f9e7f80 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f | |
ffff8d01`2f9e7bb0 fffff801`f913e3f6 : ffffa285`e73f9be0 00000000`00000000 00000000`00000000 ffffa285`e73f9be0 : NETIO!StreamCalloutProcessDisconnect+0x34 | |
ffff8d01`2f9e7c00 fffff801`f913d8b7 : ffffa285`df740014 fffff801`fa9e1890 ffffa285`00000001 ffffa285`dfb80670 : NETIO!StreamProcessCallout+0x68a | |
ffff8d01`2f9e7d40 fffff801`f913d02e : 00000001`ffff0014 ffffa285`dfb80670 ffffa285`dfb9a770 ffff8d01`2f9e8400 : NETIO!ProcessCallout+0x6b7 | |
ffff8d01`2f9e7ec0 fffff801`f913b1c3 : 790e1823`e2695c45 ffff8d01`2f9e8100 00000000`00000000 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x4ee | |
ffff8d01`2f9e8000 fffff801`f917bc65 : ffffa285`e1dbd280 fffff801`f9140a95 00000000`00000000 00000000`00000000 : NETIO!KfdClassify+0x303 | |
ffff8d01`2f9e83b0 fffff801`f917b708 : 00000000`00000000 ffff8d01`2f9e8551 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109 | |
ffff8d01`2f9e84d0 fffff801`f9178e25 : 00000000`00000014 ffffa285`dfb9a5c0 00000000`00000000 ffffa285`e8397570 : NETIO!StreamInject+0x214 | |
ffff8d01`2f9e85a0 fffff801`f947683d : ffffa285`dfb9a5c0 00000000`00000128 00000000`00000000 ffffa285`00000005 : NETIO!FwppStreamInject+0x135 | |
ffff8d01`2f9e8630 fffff801`faa04904 : ffffa285`e3207ba0 00000000`00000005 00000000`00000000 ffffa285`dfd2dbf8 : fwpkclnt!FwpsStreamInjectAsync0+0xfd | |
ffff8d01`2f9e8690 fffff801`faa04b2f : 00000000`00000005 ffffa285`dfd2dbf8 ffff8d01`2fbedca0 00000000`00000000 : epfwwfp+0x4904 | |
ffff8d01`2f9e8740 fffff801`faa06902 : ffffa285`e69617b0 ffff8d01`2f9e8810 00000000`00000000 00000000`00000000 : epfwwfp+0x4b2f | |
ffff8d01`2f9e87c0 fffff801`faa06e79 : ffffa285`e69617b0 00000000`00000000 ffffa285`e872ac70 ffffa285`e872ac70 : epfwwfp+0x6902 | |
ffff8d01`2f9e8840 fffff803`2a2a08c3 : ffffa285`e69617b0 00000000`88992273 ffffa285`e644fd00 ffffa285`00000018 : epfwwfp+0x6e79 | |
ffff8d01`2f9e88e0 fffff803`2a2a0536 : ffffa200`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x383 | |
ffff8d01`2f9e8a20 fffff803`29f68393 : ffffc663`0001f210 ffffc663`318000f8 ffffc663`3198c000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 | |
ffff8d01`2f9e8a90 00007ffa`abbb61b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 | |
00000007`57cb4b38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`abbb61b4 | |
FOLLOWUP_IP: | |
NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 | |
SYMBOL_STACK_INDEX: 0 | |
SYMBOL_NAME: NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
FOLLOWUP_NAME: MachineOwner | |
MODULE_NAME: NETIO | |
IMAGE_NAME: NETIO.SYS | |
DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40 | |
STACK_COMMAND: .cxr 0xffff8d012f9e70c0 ; kb | |
BUCKET_ID_FUNC_OFFSET: 20f | |
FAILURE_BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction | |
BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction | |
ANALYSIS_SOURCE: KM | |
FAILURE_ID_HASH_STRING: km:0x3b_netio!streaminvokecalloutandnormalizeaction | |
FAILURE_ID_HASH: {5c8d1e60-d80c-cb2d-a65a-8d02e5eeeffd} | |
Followup: MachineOwner | |
--------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment