Created
October 20, 2017 13:10
-
-
Save wdormann/c11750585c5c0eda2b09438ca30271ab to your computer and use it in GitHub Desktop.
Win10 BSOD after importing EMET profile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft (R) Windows Debugger Version 10.0.17016.1000 AMD64 | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| Loading Dump File [C:\Users\test\Documents\MEMORY.DMP] | |
| Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. | |
| Symbol search path is: srv* | |
| Executable search path is: | |
| Windows 10 Kernel Version 16299 MP (4 procs) Free x64 | |
| Product: WinNt, suite: TerminalServer SingleUserTS | |
| Built by: 16299.15.amd64fre.rs3_release.170928-1534 | |
| Machine Name: | |
| Kernel base = 0xfffff800`33406000 PsLoadedModuleList = 0xfffff800`33767fd0 | |
| Debug session time: Fri Oct 20 05:49:35.608 2017 (UTC - 7:00) | |
| System Uptime: 0 days 0:00:08.242 | |
| Loading Kernel Symbols | |
| ............................................................... | |
| ................................................................ | |
| .... | |
| Loading User Symbols | |
| Loading unloaded module list | |
| ... | |
| ******************************************************************************* | |
| * * | |
| * Bugcheck Analysis * | |
| * * | |
| ******************************************************************************* | |
| Use !analyze -v to get detailed debugging information. | |
| BugCheck C0000145, {ffffffffc0000034, 0, 0, 0} | |
| Probably caused by : ntkrnlmp.exe ( nt!NtSetSystemPowerState+b90 ) | |
| Followup: MachineOwner | |
| --------- | |
| nt!KeBugCheckEx: | |
| fffff800`33569960 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8b0d`73f9c6b0=000000000000004c | |
| 2: kd> !analyze -v | |
| ******************************************************************************* | |
| * * | |
| * Bugcheck Analysis * | |
| * * | |
| ******************************************************************************* | |
| Unknown bugcheck code (c0000145) | |
| Unknown bugcheck description | |
| Arguments: | |
| Arg1: ffffffffc0000034 | |
| Arg2: 0000000000000000 | |
| Arg3: 0000000000000000 | |
| Arg4: 0000000000000000 | |
| Debugging Details: | |
| ------------------ | |
| DUMP_CLASS: 1 | |
| DUMP_QUALIFIER: 401 | |
| BUILD_VERSION_STRING: 10.0.16299.19 (WinBuild.160101.0800) | |
| SYSTEM_MANUFACTURER: VMware, Inc. | |
| VIRTUAL_MACHINE: VMware | |
| SYSTEM_PRODUCT_NAME: VMware Virtual Platform | |
| SYSTEM_VERSION: None | |
| BIOS_VENDOR: Phoenix Technologies LTD | |
| BIOS_VERSION: 6.00 | |
| BIOS_DATE: 07/02/2015 | |
| BASEBOARD_MANUFACTURER: Intel Corporation | |
| BASEBOARD_PRODUCT: 440BX Desktop Reference Platform | |
| BASEBOARD_VERSION: None | |
| BUGCHECK_STR: 0xc0000145 | |
| ERROR_CODE: (NTSTATUS) 0xc0000145 - {Application Error} The application was unable to start correctly (0x%lx). Click OK to close the application. | |
| EXCEPTION_CODE: (NTSTATUS) 0xc0000145 - {Application Error} The application was unable to start correctly (0x%lx). Click OK to close the application. | |
| EXCEPTION_CODE_STR: c0000145 | |
| EXCEPTION_PARAMETER1: ffffffffc0000034 | |
| EXCEPTION_PARAMETER2: 0000000000000000 | |
| EXCEPTION_PARAMETER3: 0000000000000000 | |
| EXCEPTION_PARAMETER4: 0 | |
| DUMP_TYPE: 1 | |
| BUGCHECK_P1: ffffffffc0000034 | |
| BUGCHECK_P2: 0 | |
| BUGCHECK_P3: 0 | |
| BUGCHECK_P4: 0 | |
| CPU_COUNT: 4 | |
| CPU_MHZ: a23 | |
| CPU_VENDOR: GenuineIntel | |
| CPU_FAMILY: 6 | |
| CPU_MODEL: 46 | |
| CPU_STEPPING: 1 | |
| CPU_MICROCODE: 6,46,1,0 (F,M,S,R) SIG: F'00000000 (cache) F'00000000 (init) | |
| DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT | |
| PROCESS_NAME: smss.exe | |
| CURRENT_IRQL: 0 | |
| ANALYSIS_SESSION_HOST: DESKTOP-9AVSR0A | |
| ANALYSIS_SESSION_TIME: 10-20-2017 06:08:49.0541 | |
| ANALYSIS_VERSION: 10.0.17016.1000 amd64fre | |
| LAST_CONTROL_TRANSFER: from fffff8003382daff to fffff80033569960 | |
| STACK_TEXT: | |
| ffff8b0d`73f9c6a8 fffff800`3382daff : 00000000`0000004c 00000000`c0000145 ffff8b0d`73fb13f8 ffffe100`0dd7db10 : nt!KeBugCheckEx | |
| ffff8b0d`73f9c6b0 fffff800`33834bd0 : 00000000`00000000 ffff8b0d`73f9c7f0 00000000`00000002 ffff8b0d`73f9c7f0 : nt!PopGracefulShutdown+0x28f | |
| ffff8b0d`73f9c6f0 fffff800`33574d53 : 00000000`00000004 fffff800`00000006 00000000`c0000004 00000000`00000000 : nt!NtSetSystemPowerState+0xb90 | |
| ffff8b0d`73f9c8a0 fffff800`3356cbf0 : fffff800`33af9bb0 00000000`00000000 00000000`c0000004 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 | |
| ffff8b0d`73f9ca38 fffff800`33af9bb0 : 00000000`00000000 00000000`c0000004 00000000`00000000 fffff800`337635c0 : nt!KiServiceLinkage | |
| ffff8b0d`73f9ca40 fffff800`33af9e0d : ffffe100`0f5e6040 fffff800`33460c04 ffffe100`0f668410 00000000`00000000 : nt!PopIssueActionRequest+0x1cc | |
| ffff8b0d`73f9cae0 fffff800`3344aeea : 00000000`00000001 00000000`00000002 ffffe100`0dc7e800 00000000`00000000 : nt!PopPolicyWorkerAction+0x6d | |
| ffff8b0d`73f9cb50 fffff800`33460835 : ffffe100`0f5e6040 fffff800`3344ae70 ffffe100`0dc7e860 fffff800`33762688 : nt!PopPolicyWorkerThread+0x7a | |
| ffff8b0d`73f9cb80 fffff800`334e94e7 : ffffa700`2f4e4bc0 00000000`00000080 ffffe100`0dc98480 ffffe100`0f5e6040 : nt!ExpWorkerThread+0xf5 | |
| ffff8b0d`73f9cc10 fffff800`3356eef6 : ffffa700`2f4d8180 ffffe100`0f5e6040 fffff800`334e94a0 00000000`00000000 : nt!PspSystemThreadStartup+0x47 | |
| ffff8b0d`73f9cc60 00000000`00000000 : ffff8b0d`73f9d000 ffff8b0d`73f97000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 | |
| THREAD_SHA1_HASH_MOD_FUNC: 419b7cf41d42b3c6186404588cb590dfcdbb030a | |
| THREAD_SHA1_HASH_MOD_FUNC_OFFSET: bda932f4b5fb8bebbb7eaf768616ed23a76c8925 | |
| THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c | |
| FOLLOWUP_IP: | |
| nt!NtSetSystemPowerState+b90 | |
| fffff800`33834bd0 cc int 3 | |
| FAULT_INSTR_CODE: 44fb8bcc | |
| SYMBOL_STACK_INDEX: 2 | |
| SYMBOL_NAME: nt!NtSetSystemPowerState+b90 | |
| FOLLOWUP_NAME: MachineOwner | |
| MODULE_NAME: nt | |
| IMAGE_NAME: ntkrnlmp.exe | |
| DEBUG_FLR_IMAGE_TIMESTAMP: 59dc593b | |
| IMAGE_VERSION: 10.0.16299.19 | |
| STACK_COMMAND: .thread ; .cxr ; kb | |
| BUCKET_ID_FUNC_OFFSET: b90 | |
| FAILURE_BUCKET_ID: 0xc0000145_nt!NtSetSystemPowerState | |
| BUCKET_ID: 0xc0000145_nt!NtSetSystemPowerState | |
| PRIMARY_PROBLEM_CLASS: 0xc0000145_nt!NtSetSystemPowerState | |
| TARGET_TIME: 2017-10-20T12:49:35.000Z | |
| OSBUILD: 16299 | |
| OSSERVICEPACK: 19 | |
| SERVICEPACK_NUMBER: 0 | |
| OS_REVISION: 0 | |
| SUITE_MASK: 272 | |
| PRODUCT_TYPE: 1 | |
| OSPLATFORM_TYPE: x64 | |
| OSNAME: Windows 10 | |
| OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS | |
| OS_LOCALE: | |
| USER_LCID: 0 | |
| OSBUILD_TIMESTAMP: 2017-10-09 22:23:07 | |
| BUILDDATESTAMP_STR: 160101.0800 | |
| BUILDLAB_STR: WinBuild | |
| BUILDOSVER_STR: 10.0.16299.19 | |
| ANALYSIS_SESSION_ELAPSED_TIME: 4fb | |
| ANALYSIS_SOURCE: KM | |
| FAILURE_ID_HASH_STRING: km:0xc0000145_nt!ntsetsystempowerstate | |
| FAILURE_ID_HASH: {fd0f7920-78c3-6aab-7dc0-d7ab18763a0b} | |
| Followup: MachineOwner | |
| --------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment