Буквы знаю, а понять не могу
Скрытый текст
Microsoft (R) Windows Debugger Version 10.0.18869.1002 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17134 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff803`966ac000 PsLoadedModuleList = 0xfffff803`96a59150
Debug session time: Mon Jun 10 13:18:22.682 2019 (UTC + 3:00)
System Uptime: 1 days 1:33:05.433
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`96856ab0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb785`2a35b1d0=000000000000007e
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff803969960c0, The address that the exception occurred at
Arg3: ffffb7852a35c188, Exception Record Address
Arg4: ffffb7852a35b9d0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.Elapsed.Sec
Value: 49
Key : Analysis.Memory.CommitPeak.Mb
Value: 60
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P1.70
BIOS_DATE: 01/29/2018
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: Z370 Pro4
BASEBOARD_VERSION:
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff803969960c0
BUGCHECK_P3: ffffb7852a35c188
BUGCHECK_P4: ffffb7852a35b9d0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
nt!ExDeferredFreePool+b0
fffff803`969960c0 488b10 mov rdx,qword ptr [rax]
EXCEPTION_RECORD: ffffb7852a35c188 -- (.exr 0xffffb7852a35c188)
ExceptionAddress: fffff803969960c0 (nt!ExDeferredFreePool+0x00000000000000b0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffb7852a35b9d0 -- (.cxr 0xffffb7852a35b9d0)
rax=fdffe18f4ab3f010 rbx=0000000000000002 rcx=ffffba015871d4e0
rdx=fdffe18f4ab3f010 rsi=0000000000000000 rdi=ffffba015871d280
rip=fffff803969960c0 rsp=ffffb7852a35c3c0 rbp=000000000000001d
r8=ffffe18f436e3520 r9=0000000000000013 r10=0000000000000513
r11=0000000000000000 r12=ffffba015871d288 r13=0000000000000001
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!ExDeferredFreePool+0xb0:
fffff803`969960c0 488b10 mov rdx,qword ptr [rax] ds:002b:fdffe18f`4ab3f010=????????????????
Resetting default scope
CPU_COUNT: 6
CPU_MHZ: c18
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: a
CPU_MICROCODE: 6,9e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 1
FOLLOWUP_IP:
nt!ExDeferredFreePool+b0
fffff803`969960c0 488b10 mov rdx,qword ptr [rax]
BUGCHECK_STR: AV
READ_ADDRESS: ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-BANBA47
ANALYSIS_SESSION_TIME: 06-10-2019 14:10:43.0050
ANALYSIS_VERSION: 10.0.18869.1002 amd64fre
LAST_CONTROL_TRANSFER: from fffff80396996bf7 to fffff803969960c0
STACK_TEXT:
ffffb785`2a35c3c0 fffff803`96996bf7 : ffff808f`00000000 ffffe18f`4a096330 ffffe18f`4556e7a0 00000000`c0000225 : nt!ExDeferredFreePool+0xb0
ffffb785`2a35c450 fffff801`1529cd9d : ffffe18f`4a096358 ffffe18f`3ff274c8 00000000`000004b6 fffff801`6e664d46 : nt!ExFreePoolWithTag+0x807
ffffb785`2a35c530 fffff801`1529c63f : ffffe18f`4a096358 00000000`ffffbfff fffff801`00000000 ffffe18f`4a096358 : FLTMGR!FltReleaseFileNameInformation+0x8d
ffffb785`2a35c570 fffff801`15266c15 : ffff808f`d19519a0 ffff808f`d9599b50 ffff808f`d5079660 ffffb785`2a35c699 : FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x19f
ffffb785`2a35c5e0 fffff801`1526629c : ffffb785`2a35c7b0 ffff808f`ccd63a00 ffff808f`d8efb002 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x7f5
ffffb785`2a35c700 fffff801`152653b4 : ffff808f`d8efb010 00000000`00000002 ffff808f`d8efb010 ffffb785`2a35c7c0 : FLTMGR!FltpPassThroughInternal+0x8c
ffffb785`2a35c730 fffff801`152651ae : ffffffff`fffe7960 ffff808f`ccd639b0 ffff808f`d3f139d0 ffff808f`ccd63a30 : FLTMGR!FltpPassThrough+0x144
ffffb785`2a35c790 fffff803`96735839 : ffff808f`d9599b50 fffff803`9673e90c 00000000`00000000 00000000`00000000 : FLTMGR!FltpDispatch+0x9e
ffffb785`2a35c7f0 fffff803`96bcab04 : ffff808f`d9599b50 ffff808f`cf3b5db0 ffff808f`ccd639b0 ffff808f`d8efb010 : nt!IofCallDriver+0x59
ffffb785`2a35c830 fffff803`96bb5e10 : ffffb785`2a35c9e0 00000000`00000000 ffff808f`ccd69b00 ffff808f`624d6343 : nt!IopDeleteFile+0x124
ffffb785`2a35c8b0 fffff803`9673b761 : 00000000`00000000 00000000`00000000 ffffb785`2a35c9e0 ffff808f`d9599b50 : nt!ObpRemoveObjectRoutine+0x80
ffffb785`2a35c910 fffff803`96712f6b : 00000000`0000000f ffff808f`d9599b50 ffff808f`d4b90520 ffffb785`2a35c9f8 : nt!ObfDereferenceObject+0xa1
ffffb785`2a35c950 fffff803`96716ac4 : 00000000`0009dcee ffffb785`2a35ca19 ffff808f`d4b90520 ffff808f`d4b90520 : nt!CcDeleteSharedCacheMap+0x18b
ffffb785`2a35c9a0 fffff803`9675e155 : 00000000`00000000 ffff808f`cccd8301 ffff808f`00000000 00000000`0009dcee : nt!CcWriteBehindInternal+0x334
ffffb785`2a35ca80 fffff803`966d0e27 : ffff808f`d7aad700 00000000`00000080 ffff808f`cccc5040 ffff808f`d7aad700 : nt!ExpWorkerThread+0xf5
ffffb785`2a35cb10 fffff803`9685df26 : ffffba01`58a9e180 ffff808f`d7aad700 fffff803`966d0de0 e5e5e5e5`e5e5e5e5 : nt!PspSystemThreadStartup+0x47
ffffb785`2a35cb60 00000000`00000000 : ffffb785`2a35d000 ffffb785`2a356000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
THREAD_SHA1_HASH_MOD_FUNC: 126d05e5e68f1f8186df527bcb5990b05d90cd2d
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 91f79682fcba7001532bdd2d4f8d40918e9ce70d
THREAD_SHA1_HASH_MOD: 125d71d0e736f07ae4df0933ed49fcd65c695052
FAULT_INSTR_CODE: 4c108b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+b0
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xffffb7852a35b9d0 ; kb
BUCKET_ID_FUNC_OFFSET: b0
FAILURE_BUCKET_ID: AV_nt!ExDeferredFreePool
BUCKET_ID: AV_nt!ExDeferredFreePool
PRIMARY_PROBLEM_CLASS: AV_nt!ExDeferredFreePool
TARGET_TIME: 2019-06-10T10:18:22.000Z
OSBUILD: 17134
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-05-03 08:57:58
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: c310
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!exdeferredfreepool
FAILURE_ID_HASH: {aaf8d76c-c268-017e-0a9e-61dec58a4184}
Followup: Pool_corruption
Microsoft (R) Windows Debugger Version 10.0.18869.1002 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
