Skip to content

Instantly share code, notes, and snippets.

@vozersky

vozersky/id1503381 - 3 Secret

Created February 17, 2017 16:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save vozersky/8512797a5f164e02d49bfe3d442335b9 to your computer and use it in GitHub Desktop.
Save vozersky/8512797a5f164e02d49bfe3d442335b9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
id1503381 - 3
Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Downloads\Dumps\021217-28500-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 14393 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.693.amd64fre.rs1_release.161220-1747
Machine Name:
Kernel base = 0xfffff803`0041a000 PsLoadedModuleList = 0xfffff803`0071f060
Debug session time: Sun Feb 12 14:21:07.717 2017 (UTC + 3:00)
System Uptime: 1 days 9:03:31.482
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
...............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8094100d7f7, ffff9901a10a8010, 0}
*** WARNING: Unable to verify timestamp for klwtp.sys
*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8094100d7f7, Address of the instruction which caused the bugcheck
Arg3: ffff9901a10a8010, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
NETIO!StreamDataBlockEndOfStream+7
fffff809`4100d7f7 ff4154 inc dword ptr [rcx+54h]
CONTEXT: ffff9901a10a8010 -- (.cxr 0xffff9901a10a8010;r)
rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffc18a4eff9890 rsi=ffff9901a10a8e40 rdi=ffff9901a10a8b70
rip=fffff8094100d7f7 rsp=ffff9901a10a8a20 rbp=ffff9901a10a8bb1
r8=ffff9901a10a89d0 r9=0000000000000000 r10=fffff80941021ae0
r11=ffff9901a10a8a68 r12=0000000000000001 r13=ffffc18a54dfed01
r14=ffff9901a10a92c0 r15=0000000000000004
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
NETIO!StreamDataBlockEndOfStream+0x7:
fffff809`4100d7f7 ff4154 inc dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
Last set context:
rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffc18a4eff9890 rsi=ffff9901a10a8e40 rdi=ffff9901a10a8b70
rip=fffff8094100d7f7 rsp=ffff9901a10a8a20 rbp=ffff9901a10a8bb1
r8=ffff9901a10a89d0 r9=0000000000000000 r10=fffff80941021ae0
r11=ffff9901a10a8a68 r12=0000000000000001 r13=ffffc18a54dfed01
r14=ffff9901a10a92c0 r15=0000000000000004
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
NETIO!StreamDataBlockEndOfStream+0x7:
fffff809`4100d7f7 ff4154 inc dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x3B
PROCESS_NAME: avp.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff80940feed7c to fffff8094100d7f7
STACK_TEXT:
ffff9901`a10a8a20 fffff809`40feed7c : ffffc18a`5cf30010 ffffc18a`5cf30010 00000000`00000000 ffff9901`a10a8e40 : NETIO!StreamDataBlockEndOfStream+0x7
ffff9901`a10a8a70 fffff809`40fce3f6 : ffffc18a`5cf30010 00000000`00000000 00000000`00000000 ffffc18a`5cf30010 : NETIO! ?? ::FNODOBFM::`string'+0x731c
ffff9901`a10a8ac0 fffff809`40fcd8b7 : ffffc18a`4e340014 fffff809`41f11890 ffffc18a`00000001 ffffc18a`54dfeda0 : NETIO!StreamProcessCallout+0x68a
ffff9901`a10a8c00 fffff809`40fcd02e : 00000000`0ee50014 ffffc18a`54dfeda0 ffffc18a`51cd7ca0 ffff9901`a10a92c0 : NETIO!ProcessCallout+0x6b7
ffff9901`a10a8d80 fffff809`40fcb1c3 : a88becfc`de717eff ffff9901`a10a8fc0 00000000`00000000 0000d5d8`001d1000 : NETIO!ArbitrateAndEnforce+0x4ee
ffff9901`a10a8ec0 fffff809`4100bc65 : ffffc18a`4f110040 fffff809`40fd0a95 00000000`00000000 ffffc18a`5c4297f0 : NETIO!KfdClassify+0x303
ffff9901`a10a9270 fffff809`4100b708 : 00000000`00000000 ffff9901`a10a9411 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
ffff9901`a10a9390 fffff809`41008e25 : 00000000`00000014 ffffc18a`51cd7af0 00000000`00000000 ffffc18a`4e4da710 : NETIO!StreamInject+0x214
ffff9901`a10a9460 fffff809`4251683d : ffffc18a`51cd7af0 00000000`00000168 00000000`00000000 fffff803`00000005 : NETIO!FwppStreamInject+0x135
ffff9901`a10a94f0 fffff809`41f3a0be : ffffc18a`5b1a70e0 ffff9901`a10a95c1 ffffc18a`53db18d8 4c9d2258`da0341eb : fwpkclnt!FwpsStreamInjectAsync0+0xfd
ffff9901`a10a9550 ffffc18a`5b1a70e0 : ffff9901`a10a95c1 ffffc18a`53db18d8 4c9d2258`da0341eb aa81474c`00000168 : klwtp+0xa0be
ffff9901`a10a9558 ffff9901`a10a95c1 : ffffc18a`53db18d8 4c9d2258`da0341eb aa81474c`00000168 3e19e97a`76bd0014 : 0xffffc18a`5b1a70e0
ffff9901`a10a9560 ffffc18a`53db18d8 : 4c9d2258`da0341eb aa81474c`00000168 3e19e97a`76bd0014 001f0003`00000005 : 0xffff9901`a10a95c1
ffff9901`a10a9568 4c9d2258`da0341eb : aa81474c`00000168 3e19e97a`76bd0014 001f0003`00000005 ffffc18a`4e4da710 : 0xffffc18a`53db18d8
ffff9901`a10a9570 aa81474c`00000168 : 3e19e97a`76bd0014 001f0003`00000005 ffffc18a`4e4da710 00000000`00000000 : 0x4c9d2258`da0341eb
ffff9901`a10a9578 3e19e97a`76bd0014 : 001f0003`00000005 ffffc18a`4e4da710 00000000`00000000 fffff809`41f39e04 : 0xaa81474c`00000168
ffff9901`a10a9580 001f0003`00000005 : ffffc18a`4e4da710 00000000`00000000 fffff809`41f39e04 00000000`00000000 : 0x3e19e97a`76bd0014
ffff9901`a10a9588 ffffc18a`4e4da710 : 00000000`00000000 fffff809`41f39e04 00000000`00000000 00000000`00000000 : 0x001f0003`00000005
ffff9901`a10a9590 00000000`00000000 : fffff809`41f39e04 00000000`00000000 00000000`00000000 ffffc18a`4e4da710 : 0xffffc18a`4e4da710
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8030043005f-fffff80300430060 2 bytes - nt!MiGetWorkingSetInfoList+1cf
[ fb f6:e9 d2 ]
2 errors : !nt (fffff8030043005f-fffff80300430060)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xffff9901a10a8010 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment