vozersky/id1503381 - 2 Secret

## id1503381 - 2

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Downloads\Dumps\021117-34968-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 14393 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.693.amd64fre.rs1_release.161220-1747
Machine Name:
Kernel base = 0xfffff801`2a877000 PsLoadedModuleList = 0xfffff801`2ab7c060
Debug session time: Sat Feb 11 05:16:43.158 2017 (UTC + 3:00)
System Uptime: 0 days 11:01:22.925
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
...................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff8036116e01a, ffffc380873230b0, 0}

*** WARNING: Unable to verify timestamp for klwtp.sys
*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
Probably caused by : NETIO.SYS ( NETIO!StreamProcessCallout+2ae )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8036116e01a, Address of the instruction which caused the bugcheck
Arg3: ffffc380873230b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP:
NETIO!StreamProcessCallout+2ae
fffff803`6116e01a 837f5003        cmp     dword ptr [rdi+50h],3

CONTEXT:  ffffc380873230b0 -- (.cxr 0xffffc380873230b0;r)
rax=fffff803611c1000 rbx=ffffad845fe8ebe0 rcx=fffff803611c1ae0
rdx=ffffad845f3bea70 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8036116e01a rsp=ffffc38087323ac0 rbp=ffffc38087323bb1
 r8=fffff803611c1ae0  r9=ffffad846a1a4550 r10=fffff803611c1ae0
r11=000000000001ae2a r12=0000000000000001 r13=ffffad8462fa8901
r14=ffffc380873242c0 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
NETIO!StreamProcessCallout+0x2ae:
fffff803`6116e01a 837f5003        cmp     dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
Last set context:
rax=fffff803611c1000 rbx=ffffad845fe8ebe0 rcx=fffff803611c1ae0
rdx=ffffad845f3bea70 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8036116e01a rsp=ffffc38087323ac0 rbp=ffffc38087323bb1
 r8=fffff803611c1ae0  r9=ffffad846a1a4550 r10=fffff803611c1ae0
r11=000000000001ae2a r12=0000000000000001 r13=ffffad8462fa8901
r14=ffffc380873242c0 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
NETIO!StreamProcessCallout+0x2ae:
fffff803`6116e01a 837f5003        cmp     dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff8036116d8b7 to fffff8036116e01a

STACK_TEXT:
ffffc380`87323ac0 fffff803`6116d8b7 : ffffad84`5f790014 fffff803`635bb5d4 ffffad84`00000002 ffffad84`62fa8900 : NETIO!StreamProcessCallout+0x2ae
ffffc380`87323c00 fffff803`6116d02e : 00000000`00000014 ffffad84`62fa8900 ffffad84`6af26b10 ffffc380`873242c0 : NETIO!ProcessCallout+0x6b7
ffffc380`87323d80 fffff803`6116b1c3 : f4c523ee`c76f7f64 ffffc380`87323fc0 00000000`00000000 00010101`011fffff : NETIO!ArbitrateAndEnforce+0x4ee
ffffc380`87323ec0 fffff803`611abc65 : ffffad84`603fee40 fffff803`61170a95 00000000`00000005 00000000`00000002 : NETIO!KfdClassify+0x303
ffffc380`87324270 fffff803`611ab708 : 00000000`00000000 ffffc380`87324411 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
ffffc380`87324390 fffff803`611a8e25 : 00000000`00000014 ffffad84`6af26960 00000000`00000000 ffffad84`5f8eab50 : NETIO!StreamInject+0x214
ffffc380`87324460 fffff803`6141683d : ffffad84`6af26960 00000000`00000168 00000000`00000000 fffff801`00000005 : NETIO!FwppStreamInject+0x135
ffffc380`873244f0 fffff803`635ba0be : ffffad84`71365500 ffffc380`873245c1 ffffad84`5fb35ed8 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
ffffc380`87324550 ffffad84`71365500 : ffffc380`873245c1 ffffad84`5fb35ed8 00000000`00000000 00000000`00000168 : klwtp+0xa0be
ffffc380`87324558 ffffc380`873245c1 : ffffad84`5fb35ed8 00000000`00000000 00000000`00000168 00000000`00000014 : 0xffffad84`71365500
ffffc380`87324560 ffffad84`5fb35ed8 : 00000000`00000000 00000000`00000168 00000000`00000014 001f0003`00000005 : 0xffffc380`873245c1
ffffc380`87324568 00000000`00000000 : 00000000`00000168 00000000`00000014 001f0003`00000005 ffffad84`5f8eab50 : 0xffffad84`5fb35ed8


FOLLOWUP_IP:
NETIO!StreamProcessCallout+2ae
fffff803`6116e01a 837f5003        cmp     dword ptr [rdi+50h],3

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  NETIO!StreamProcessCallout+2ae

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  57899b40

IMAGE_VERSION:  10.0.14393.0

STACK_COMMAND:  .cxr 0xffffc380873230b0 ; kb

BUCKET_ID_FUNC_OFFSET:  2ae

FAILURE_BUCKET_ID:  0x3B_NETIO!StreamProcessCallout

BUCKET_ID:  0x3B_NETIO!StreamProcessCallout

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_netio!streamprocesscallout

FAILURE_ID_HASH:  {12d5d042-1527-3ed4-7567-edbc67fa5418}

Followup: MachineOwner
---------

	Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
	Copyright (c) Microsoft Corporation. All rights reserved.


	Loading Dump File [D:\Downloads\Dumps\021117-34968-01.dmp]
	Mini Kernel Dump File: Only registers and stack trace are available


	*********** Symbol Path validation summary ************
	Response Time (ms) Location
	Deferred srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Symbol search path is: srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Executable search path is:
	Windows 8 Kernel Version 14393 MP (4 procs) Free x64
	Product: WinNt, suite: TerminalServer SingleUserTS
	Built by: 14393.693.amd64fre.rs1_release.161220-1747
	Machine Name:
	Kernel base = 0xfffff801`2a877000 PsLoadedModuleList = 0xfffff801`2ab7c060
	Debug session time: Sat Feb 11 05:16:43.158 2017 (UTC + 3:00)
	System Uptime: 0 days 11:01:22.925
	Loading Kernel Symbols
	...............................................................
	................................................................
	................................................................
	....................
	Loading User Symbols
	Loading unloaded module list
	...................................
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	Use !analyze -v to get detailed debugging information.

	BugCheck 3B, {c0000005, fffff8036116e01a, ffffc380873230b0, 0}

	*** WARNING: Unable to verify timestamp for klwtp.sys
	*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
	Probably caused by : NETIO.SYS ( NETIO!StreamProcessCallout+2ae )

	Followup: MachineOwner
	---------

	0: kd> !analyze -v
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	SYSTEM_SERVICE_EXCEPTION (3b)
	An exception happened while executing a system service routine.
	Arguments:
	Arg1: 00000000c0000005, Exception code that caused the bugcheck
	Arg2: fffff8036116e01a, Address of the instruction which caused the bugcheck
	Arg3: ffffc380873230b0, Address of the context record for the exception that caused the bugcheck
	Arg4: 0000000000000000, zero.

	Debugging Details:
	------------------


	EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

	FAULTING_IP:
	NETIO!StreamProcessCallout+2ae
	fffff803`6116e01a 837f5003 cmp dword ptr [rdi+50h],3

	CONTEXT: ffffc380873230b0 -- (.cxr 0xffffc380873230b0;r)
	rax=fffff803611c1000 rbx=ffffad845fe8ebe0 rcx=fffff803611c1ae0
	rdx=ffffad845f3bea70 rsi=0000000000000000 rdi=0000000000000000
	rip=fffff8036116e01a rsp=ffffc38087323ac0 rbp=ffffc38087323bb1
	r8=fffff803611c1ae0 r9=ffffad846a1a4550 r10=fffff803611c1ae0
	r11=000000000001ae2a r12=0000000000000001 r13=ffffad8462fa8901
	r14=ffffc380873242c0 r15=0000000000000000
	iopl=0 nv up ei pl zr na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
	NETIO!StreamProcessCallout+0x2ae:
	fffff803`6116e01a 837f5003 cmp dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
	Last set context:
	rax=fffff803611c1000 rbx=ffffad845fe8ebe0 rcx=fffff803611c1ae0
	rdx=ffffad845f3bea70 rsi=0000000000000000 rdi=0000000000000000
	rip=fffff8036116e01a rsp=ffffc38087323ac0 rbp=ffffc38087323bb1
	r8=fffff803611c1ae0 r9=ffffad846a1a4550 r10=fffff803611c1ae0
	r11=000000000001ae2a r12=0000000000000001 r13=ffffad8462fa8901
	r14=ffffc380873242c0 r15=0000000000000000
	iopl=0 nv up ei pl zr na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
	NETIO!StreamProcessCallout+0x2ae:
	fffff803`6116e01a 837f5003 cmp dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
	Resetting default scope

	CUSTOMER_CRASH_COUNT: 1

	DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

	BUGCHECK_STR: 0x3B

	PROCESS_NAME: avp.exe

	CURRENT_IRQL: 0

	ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

	LAST_CONTROL_TRANSFER: from fffff8036116d8b7 to fffff8036116e01a

	STACK_TEXT:
	ffffc380`87323ac0 fffff803`6116d8b7 : ffffad84`5f790014 fffff803`635bb5d4 ffffad84`00000002 ffffad84`62fa8900 : NETIO!StreamProcessCallout+0x2ae
	ffffc380`87323c00 fffff803`6116d02e : 00000000`00000014 ffffad84`62fa8900 ffffad84`6af26b10 ffffc380`873242c0 : NETIO!ProcessCallout+0x6b7
	ffffc380`87323d80 fffff803`6116b1c3 : f4c523ee`c76f7f64 ffffc380`87323fc0 00000000`00000000 00010101`011fffff : NETIO!ArbitrateAndEnforce+0x4ee
	ffffc380`87323ec0 fffff803`611abc65 : ffffad84`603fee40 fffff803`61170a95 00000000`00000005 00000000`00000002 : NETIO!KfdClassify+0x303
	ffffc380`87324270 fffff803`611ab708 : 00000000`00000000 ffffc380`87324411 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
	ffffc380`87324390 fffff803`611a8e25 : 00000000`00000014 ffffad84`6af26960 00000000`00000000 ffffad84`5f8eab50 : NETIO!StreamInject+0x214
	ffffc380`87324460 fffff803`6141683d : ffffad84`6af26960 00000000`00000168 00000000`00000000 fffff801`00000005 : NETIO!FwppStreamInject+0x135
	ffffc380`873244f0 fffff803`635ba0be : ffffad84`71365500 ffffc380`873245c1 ffffad84`5fb35ed8 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
	ffffc380`87324550 ffffad84`71365500 : ffffc380`873245c1 ffffad84`5fb35ed8 00000000`00000000 00000000`00000168 : klwtp+0xa0be
	ffffc380`87324558 ffffc380`873245c1 : ffffad84`5fb35ed8 00000000`00000000 00000000`00000168 00000000`00000014 : 0xffffad84`71365500
	ffffc380`87324560 ffffad84`5fb35ed8 : 00000000`00000000 00000000`00000168 00000000`00000014 001f0003`00000005 : 0xffffc380`873245c1
	ffffc380`87324568 00000000`00000000 : 00000000`00000168 00000000`00000014 001f0003`00000005 ffffad84`5f8eab50 : 0xffffad84`5fb35ed8


	FOLLOWUP_IP:
	NETIO!StreamProcessCallout+2ae
	fffff803`6116e01a 837f5003 cmp dword ptr [rdi+50h],3

	SYMBOL_STACK_INDEX: 0

	SYMBOL_NAME: NETIO!StreamProcessCallout+2ae

	FOLLOWUP_NAME: MachineOwner

	MODULE_NAME: NETIO

	IMAGE_NAME: NETIO.SYS

	DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40

	IMAGE_VERSION: 10.0.14393.0

	STACK_COMMAND: .cxr 0xffffc380873230b0 ; kb

	BUCKET_ID_FUNC_OFFSET: 2ae

	FAILURE_BUCKET_ID: 0x3B_NETIO!StreamProcessCallout

	BUCKET_ID: 0x3B_NETIO!StreamProcessCallout

	ANALYSIS_SOURCE: KM

	FAILURE_ID_HASH_STRING: km:0x3b_netio!streamprocesscallout

	FAILURE_ID_HASH: {12d5d042-1527-3ed4-7567-edbc67fa5418}

	Followup: MachineOwner
	---------