vozersky/gist:f8c395fb8ac66603ad2df2b5c07f4c98 Secret

## gistfile1.txt

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\user\Desktop\021117-11406-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 14393 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.693.amd64fre.rs1_release.161220-1747
Machine Name:
Kernel base = 0xfffff802`21283000 PsLoadedModuleList = 0xfffff802`21588060
Debug session time: Sat Feb 11 11:52:59.084 2017 (UTC + 3:00)
System Uptime: 0 days 9:35:17.947
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff804c3d7d7f7, ffffa680de48b090, 0}

*** WARNING: Unable to verify timestamp for klwtp.sys
*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
Probably caused by : NETIO.SYS ( NETIO!StreamDataBlockEndOfStream+7 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff804c3d7d7f7, Address of the instruction which caused the bugcheck
Arg3: ffffa680de48b090, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP:
NETIO!StreamDataBlockEndOfStream+7
fffff804`c3d7d7f7 ff4154          inc     dword ptr [rcx+54h]

CONTEXT:  ffffa680de48b090 -- (.cxr 0xffffa680de48b090;r)
rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffe205daaae8c0 rsi=ffffa680de48bec0 rdi=ffffa680de48bbf0
rip=fffff804c3d7d7f7 rsp=ffffa680de48baa0 rbp=ffffa680de48bc31
 r8=ffffa680de48ba50  r9=0000000000000000 r10=fffff804c3d91ae0
r11=ffffa680de48bae8 r12=0000000000000001 r13=ffffe205decdc301
r14=ffffa680de48c340 r15=0000000000000004
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
NETIO!StreamDataBlockEndOfStream+0x7:
fffff804`c3d7d7f7 ff4154          inc     dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
Last set context:
rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffe205daaae8c0 rsi=ffffa680de48bec0 rdi=ffffa680de48bbf0
rip=fffff804c3d7d7f7 rsp=ffffa680de48baa0 rbp=ffffa680de48bc31
 r8=ffffa680de48ba50  r9=0000000000000000 r10=fffff804c3d91ae0
r11=ffffa680de48bae8 r12=0000000000000001 r13=ffffe205decdc301
r14=ffffa680de48c340 r15=0000000000000004
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
NETIO!StreamDataBlockEndOfStream+0x7:
fffff804`c3d7d7f7 ff4154          inc     dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff804c3d5ed7c to fffff804c3d7d7f7

STACK_TEXT:
ffffa680`de48baa0 fffff804`c3d5ed7c : ffffe205`dd34e2f0 ffffe205`dd34e2f0 00000000`00000000 ffffa680`de48bec0 : NETIO!StreamDataBlockEndOfStream+0x7
ffffa680`de48baf0 fffff804`c3d3e3f6 : ffffe205`dd34e2f0 00000000`00000000 00000000`00000000 ffffe205`dd34e2f0 : NETIO! ?? ::FNODOBFM::`string'+0x731c
ffffa680`de48bb40 fffff804`c3d3d8b7 : ffffe205`d9980014 fffff804`c4641890 ffffe205`00000001 ffffe205`decdc310 : NETIO!StreamProcessCallout+0x68a
ffffa680`de48bc80 fffff804`c3d3d02e : ffffa680`de480014 ffffe205`decdc310 ffffe205`df0f6950 ffffa680`de48c340 : NETIO!ProcessCallout+0x6b7
ffffa680`de48be00 fffff804`c3d3b1c3 : cc9f430e`484f99aa ffffa680`de48c040 00000000`00000000 00000000`0000002f : NETIO!ArbitrateAndEnforce+0x4ee
ffffa680`de48bf40 fffff804`c3d7bc65 : ffffe205`daae7380 fffff804`c3d40a95 8f15a42d`00000005 252571ce`00000040 : NETIO!KfdClassify+0x303
ffffa680`de48c2f0 fffff804`c3d7b708 : 00000000`00000000 ffffa680`de48c491 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
ffffa680`de48c410 fffff804`c3d78e25 : 00000000`00000014 ffffe205`df0f67a0 00000000`00000000 ffffe205`e318bb90 : NETIO!StreamInject+0x214
ffffa680`de48c4e0 fffff804`c309683d : ffffe205`df0f67a0 00000000`00000180 00000000`00000000 fffff802`00000005 : NETIO!FwppStreamInject+0x135
ffffa680`de48c570 fffff804`c467a0be : ffffe205`e0e3e780 ffffa680`de48c641 ffffe205`df414d18 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
ffffa680`de48c5d0 ffffe205`e0e3e780 : ffffa680`de48c641 ffffe205`df414d18 00000000`00000000 00000000`00000180 : klwtp+0xa0be
ffffa680`de48c5d8 ffffa680`de48c641 : ffffe205`df414d18 00000000`00000000 00000000`00000180 00000000`00000014 : 0xffffe205`e0e3e780
ffffa680`de48c5e0 ffffe205`df414d18 : 00000000`00000000 00000000`00000180 00000000`00000014 001f0003`00000005 : 0xffffa680`de48c641
ffffa680`de48c5e8 00000000`00000000 : 00000000`00000180 00000000`00000014 001f0003`00000005 ffffe205`e318bb90 : 0xffffe205`df414d18


FOLLOWUP_IP:
NETIO!StreamDataBlockEndOfStream+7
fffff804`c3d7d7f7 ff4154          inc     dword ptr [rcx+54h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  NETIO!StreamDataBlockEndOfStream+7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  57899b40

IMAGE_VERSION:  10.0.14393.0

STACK_COMMAND:  .cxr 0xffffa680de48b090 ; kb

BUCKET_ID_FUNC_OFFSET:  7

FAILURE_BUCKET_ID:  0x3B_NETIO!StreamDataBlockEndOfStream

BUCKET_ID:  0x3B_NETIO!StreamDataBlockEndOfStream

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_netio!streamdatablockendofstream

FAILURE_ID_HASH:  {2448eb81-e02a-68db-ec2c-67a93487a5c0}

Followup: MachineOwner
---------

	Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
	Copyright (c) Microsoft Corporation. All rights reserved.


	Loading Dump File [C:\Users\user\Desktop\021117-11406-01.dmp]
	Mini Kernel Dump File: Only registers and stack trace are available


	*********** Symbol Path validation summary ************
	Response Time (ms) Location
	Deferred srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Symbol search path is: srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Executable search path is:
	Windows 8 Kernel Version 14393 MP (8 procs) Free x64
	Product: WinNt, suite: TerminalServer SingleUserTS
	Built by: 14393.693.amd64fre.rs1_release.161220-1747
	Machine Name:
	Kernel base = 0xfffff802`21283000 PsLoadedModuleList = 0xfffff802`21588060
	Debug session time: Sat Feb 11 11:52:59.084 2017 (UTC + 3:00)
	System Uptime: 0 days 9:35:17.947
	Loading Kernel Symbols
	.

	Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
	Run !sym noisy before .reload to track down problems loading symbols.

	..............................................................
	................................................................
	................................................................
	..........
	Loading User Symbols
	Loading unloaded module list
	............
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	Use !analyze -v to get detailed debugging information.

	BugCheck 3B, {c0000005, fffff804c3d7d7f7, ffffa680de48b090, 0}

	*** WARNING: Unable to verify timestamp for klwtp.sys
	*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
	Probably caused by : NETIO.SYS ( NETIO!StreamDataBlockEndOfStream+7 )

	Followup: MachineOwner
	---------

	1: kd> !analyze -v
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	SYSTEM_SERVICE_EXCEPTION (3b)
	An exception happened while executing a system service routine.
	Arguments:
	Arg1: 00000000c0000005, Exception code that caused the bugcheck
	Arg2: fffff804c3d7d7f7, Address of the instruction which caused the bugcheck
	Arg3: ffffa680de48b090, Address of the context record for the exception that caused the bugcheck
	Arg4: 0000000000000000, zero.

	Debugging Details:
	------------------


	EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

	FAULTING_IP:
	NETIO!StreamDataBlockEndOfStream+7
	fffff804`c3d7d7f7 ff4154 inc dword ptr [rcx+54h]

	CONTEXT: ffffa680de48b090 -- (.cxr 0xffffa680de48b090;r)
	rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
	rdx=ffffe205daaae8c0 rsi=ffffa680de48bec0 rdi=ffffa680de48bbf0
	rip=fffff804c3d7d7f7 rsp=ffffa680de48baa0 rbp=ffffa680de48bc31
	r8=ffffa680de48ba50 r9=0000000000000000 r10=fffff804c3d91ae0
	r11=ffffa680de48bae8 r12=0000000000000001 r13=ffffe205decdc301
	r14=ffffa680de48c340 r15=0000000000000004
	iopl=0 nv up ei ng nz na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
	NETIO!StreamDataBlockEndOfStream+0x7:
	fffff804`c3d7d7f7 ff4154 inc dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
	Last set context:
	rax=0000000000001001 rbx=0000000000000000 rcx=0000000000000000
	rdx=ffffe205daaae8c0 rsi=ffffa680de48bec0 rdi=ffffa680de48bbf0
	rip=fffff804c3d7d7f7 rsp=ffffa680de48baa0 rbp=ffffa680de48bc31
	r8=ffffa680de48ba50 r9=0000000000000000 r10=fffff804c3d91ae0
	r11=ffffa680de48bae8 r12=0000000000000001 r13=ffffe205decdc301
	r14=ffffa680de48c340 r15=0000000000000004
	iopl=0 nv up ei ng nz na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
	NETIO!StreamDataBlockEndOfStream+0x7:
	fffff804`c3d7d7f7 ff4154 inc dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
	Resetting default scope

	CUSTOMER_CRASH_COUNT: 1

	DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

	BUGCHECK_STR: 0x3B

	PROCESS_NAME: avp.exe

	CURRENT_IRQL: 0

	ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

	LAST_CONTROL_TRANSFER: from fffff804c3d5ed7c to fffff804c3d7d7f7

	STACK_TEXT:
	ffffa680`de48baa0 fffff804`c3d5ed7c : ffffe205`dd34e2f0 ffffe205`dd34e2f0 00000000`00000000 ffffa680`de48bec0 : NETIO!StreamDataBlockEndOfStream+0x7
	ffffa680`de48baf0 fffff804`c3d3e3f6 : ffffe205`dd34e2f0 00000000`00000000 00000000`00000000 ffffe205`dd34e2f0 : NETIO! ?? ::FNODOBFM::`string'+0x731c
	ffffa680`de48bb40 fffff804`c3d3d8b7 : ffffe205`d9980014 fffff804`c4641890 ffffe205`00000001 ffffe205`decdc310 : NETIO!StreamProcessCallout+0x68a
	ffffa680`de48bc80 fffff804`c3d3d02e : ffffa680`de480014 ffffe205`decdc310 ffffe205`df0f6950 ffffa680`de48c340 : NETIO!ProcessCallout+0x6b7
	ffffa680`de48be00 fffff804`c3d3b1c3 : cc9f430e`484f99aa ffffa680`de48c040 00000000`00000000 00000000`0000002f : NETIO!ArbitrateAndEnforce+0x4ee
	ffffa680`de48bf40 fffff804`c3d7bc65 : ffffe205`daae7380 fffff804`c3d40a95 8f15a42d`00000005 252571ce`00000040 : NETIO!KfdClassify+0x303
	ffffa680`de48c2f0 fffff804`c3d7b708 : 00000000`00000000 ffffa680`de48c491 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
	ffffa680`de48c410 fffff804`c3d78e25 : 00000000`00000014 ffffe205`df0f67a0 00000000`00000000 ffffe205`e318bb90 : NETIO!StreamInject+0x214
	ffffa680`de48c4e0 fffff804`c309683d : ffffe205`df0f67a0 00000000`00000180 00000000`00000000 fffff802`00000005 : NETIO!FwppStreamInject+0x135
	ffffa680`de48c570 fffff804`c467a0be : ffffe205`e0e3e780 ffffa680`de48c641 ffffe205`df414d18 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
	ffffa680`de48c5d0 ffffe205`e0e3e780 : ffffa680`de48c641 ffffe205`df414d18 00000000`00000000 00000000`00000180 : klwtp+0xa0be
	ffffa680`de48c5d8 ffffa680`de48c641 : ffffe205`df414d18 00000000`00000000 00000000`00000180 00000000`00000014 : 0xffffe205`e0e3e780
	ffffa680`de48c5e0 ffffe205`df414d18 : 00000000`00000000 00000000`00000180 00000000`00000014 001f0003`00000005 : 0xffffa680`de48c641
	ffffa680`de48c5e8 00000000`00000000 : 00000000`00000180 00000000`00000014 001f0003`00000005 ffffe205`e318bb90 : 0xffffe205`df414d18


	FOLLOWUP_IP:
	NETIO!StreamDataBlockEndOfStream+7
	fffff804`c3d7d7f7 ff4154 inc dword ptr [rcx+54h]

	SYMBOL_STACK_INDEX: 0

	SYMBOL_NAME: NETIO!StreamDataBlockEndOfStream+7

	FOLLOWUP_NAME: MachineOwner

	MODULE_NAME: NETIO

	IMAGE_NAME: NETIO.SYS

	DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40

	IMAGE_VERSION: 10.0.14393.0

	STACK_COMMAND: .cxr 0xffffa680de48b090 ; kb

	BUCKET_ID_FUNC_OFFSET: 7

	FAILURE_BUCKET_ID: 0x3B_NETIO!StreamDataBlockEndOfStream

	BUCKET_ID: 0x3B_NETIO!StreamDataBlockEndOfStream

	ANALYSIS_SOURCE: KM

	FAILURE_ID_HASH_STRING: km:0x3b_netio!streamdatablockendofstream

	FAILURE_ID_HASH: {2448eb81-e02a-68db-ec2c-67a93487a5c0}

	Followup: MachineOwner
	---------