API tools faq
paste
Advertisement
Darskiy

Windows dump

Darskiy
Apr 26th, 2020 (edited)
2,263
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Visual Pro Log 6.06 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4.  
  5. Loading Dump File [C:\Windows\Minidump\042620-6859-01.dmp]
  6. Mini Kernel Dump File: Only registers and stack trace are available
  7.  
  8.  
  9. ************* Path validation summary **************
  10. Response                         Time (ms)     Location
  11. Deferred                                       srv*
  12. Symbol search path is: srv*
  13. Executable search path is:
  14. Windows 10 Kernel Version 19536 MP (6 procs) Free x64
  15. Product: WinNt, suite: TerminalServer SingleUserTS
  16. 19536.1000.amd64fre.rs_prerelease.191211-1446
  17. Machine Name:
  18. Kernel base = 0xfffff804`80000000 PsLoadedModuleList = 0xfffff804`80c2a5d0
  19. Debug session time: Sun Apr 26 22:41:47.426 2020 (UTC + 3:00)
  20. System Uptime: 0 days 1:24:41.150
  21. Loading Kernel Symbols
  22. ...............................................................
  23. ................................................................
  24. ................................................................
  25. ........
  26. Loading User Symbols
  27. Loading unloaded module list
  28. ...........
  29. For analysis of this file, run !analyze -v
  30. nt!KeBugCheckEx:
  31. fffff804`80413bb0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffa083`7fe987a0=000000000000003b
  32. 5: kd> !analyze -v
  33. *******************************************************************************
  34. *                                                                             *
  35. *                        Bugcheck Analysis                                    *
  36. *                                                                             *
  37. *******************************************************************************
  38.  
  39. SYSTEM_SERVICE_EXCEPTION (3b)
  40. An exception happened while executing a system service routine.
  41. Arguments:
  42. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  43. Arg2: ffff8152aa14070e, Address of the instruction which caused the bugcheck
  44. Arg3: ffffa0837fe990a0, Address of the context record for the exception that caused the bugcheck
  45. Arg4: 0000000000000000, zero.
  46.  
  47. Debugging Details:
  48. ------------------
  49.  
  50.  
  51. KEY_VALUES_STRING: 1
  52.  
  53.     Key  : Analysis.CPU.Sec
  54.     Value: 6
  55.  
  56.     Key  : Analysis.DebugAnalysisProvider.CPP
  57.     Value: Create: 8007007e on DESKTOP-AJD
  58.  
  59.     Key  : Analysis.DebugData
  60.     Value: CreateObject
  61.  
  62.     Key  : Analysis.DebugModel
  63.     Value: CreateObject
  64.  
  65.     Key  : Analysis.Elapsed.Sec
  66.     Value: 41
  67.  
  68.     Key  : Analysis.Memory.CommitPeak.Mb
  69.     Value: 77
  70.  
  71.     Key  : Analysis.System
  72.     Value: CreateObject
  73.  
  74.  
  75. ADDITIONAL_XML: 1
  76.  
  77. BUGCHECK_CODE:  3b
  78.  
  79. BUGCHECK_P1: c0000005
  80.  
  81. BUGCHECK_P2: ffff8152aa14070e
  82.  
  83. BUGCHECK_P3: ffffa0837fe990a0
  84.  
  85. BUGCHECK_P4: 0
  86.  
  87. CONTEXT:  ffffa0837fe990a0 -- (.cxr 0xffffa0837fe990a0)
  88. rax=0000000000000000 rbx=0000000000000000 rcx=ffff900a9e2d7080
  89. rdx=0000000000000001 rsi=0000000057010a0e rdi=0000000057010a0e
  90. rip=ffff8152aa14070e rsp=ffffa0837fe99aa0 rbp=ffffa0837fe99b80
  91.  r8=0000000000000000  r9=0000000000000000 r10=fffff80480281f90
  92. r11=ffffa0837fe999d0 r12=ffffffffd7010a2e r13=ffffffffd7010a2e
  93. r14=ffffffffd7010a2e r15=0000000000040906
  94. iopl=0         nv up ei ng nz na po nc
  95. cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
  96. win32kfull!NtUserWindowFromDC+0x2e:
  97. ffff8152`aa14070e 488b18          mov     rbx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
  98. Resetting default scope
  99.  
  100. BLACKBOXBSD: 1 (!blackboxbsd)
  101.  
  102.  
  103. BLACKBOXNTFS: 1 (!blackboxntfs)
  104.  
  105.  
  106. BLACKBOXPNP: 1 (!blackboxpnp)
  107.  
  108.  
  109. BLACKBOXWINLOGON: 1
  110.  
  111. CUSTOMER_CRASH_COUNT:  1
  112.  
  113. PROCESS_NAME:  Illustrator.exe
  114.  
  115. STACK_TEXT:  
  116. ffffa083`7fe99aa0 ffff8152`aad58c91 : ffff900a`9e2d7080 00000057`932ff740 ffffa083`7fe99b18 00000000`00000000 : win32kfull!NtUserWindowFromDC+0x2e
  117. ffffa083`7fe99ad0 fffff804`80425578 : ffff900a`9e2d7080 000001fe`c1dcca68 ffffa083`7fe99b18 ffffffff`fff0bdc0 : win32k!NtUserWindowFromDC+0x15
  118. ffffa083`7fe99b00 00007ffb`223cb444 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
  119. 00000057`932ff6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`223cb444
  120.  
  121.  
  122. SYMBOL_NAME:  win32kfull!NtUserWindowFromDC+2e
  123.  
  124. MODULE_NAME: win32kfull
  125.  
  126. IMAGE_NAME:  win32kfull.sys
  127.  
  128. IMAGE_VERSION:  10.0.19536.1000
  129.  
  130. STACK_COMMAND:  .cxr 0xffffa0837fe990a0 ; kb
  131.  
  132. BUCKET_ID_FUNC_OFFSET:  2e
  133.  
  134. FAILURE_BUCKET_ID:  0x3B_c0000005_win32kfull!NtUserWindowFromDC
  135.  
  136. OS_VERSION:  10.0.19536.1000
  137.  
  138. BUILDLAB_STR:  rs_prerelease
  139.  
  140. OSPLATFORM_TYPE:  x64
  141.  
  142. OSNAME:  Windows 10
  143.  
  144. FAILURE_ID_HASH:  {157d2784-e9b3-0bf4-8d92-f9b3ac1af99d}
  145.  
  146. Followup:     MachineOwner
  147. ---------
  148.  
  149. 5: kd> lmvm win32kfull
  150. Browse full module list
  151. start             end                 module name
  152. ffff8152`aa0d0000 ffff8152`aa476000   win32kfull   (pdb symbols)          C:\ProgramData\Dbg\sym\win32kfull.pdb\841BD9FB895BA8DA32A86E88857C4C1D1\win32kfull.pdb
  153.     Loaded symbol image file: win32kfull.sys
  154.     Mapped memory image file: C:\ProgramData\Dbg\sym\win32kfull.sys\B969154D3a6000\win32kfull.sys
  155.     Image path: \SystemRoot\System32\win32kfull.sys
  156.     Image name: win32kfull.sys
  157.     Browse all global symbols  functions  data
  158.     Image was built with /Brepro flag.
  159.     Timestamp:        B969154D (This is a reproducible build file hash, not a timestamp)
  160.     CheckSum:         003A284D
  161.     ImageSize:        003A6000
  162.     File version:     10.0.19536.1000
  163.     Product version:  10.0.19536.1000
  164.     File flags:       0 (Mask 3F)
  165.     File OS:          40004 NT Win32
  166.     File type:        3.7 Driver
  167.     File date:        00000000.00000000
  168.     Translations:     0409.04b0
  169.     Information from resource tables:
  170.         CompanyName:      Microsoft Corporation
  171.         ProductName:      Microsoft® Windows® Operating System
  172.         InternalName:     win32kfull.sys
  173.         OriginalFilename: win32kfull.sys
  174.         ProductVersion:   10.0.19536.1000
  175.         FileVersion:      10.0.19536.1000 (WinBuild.160101.0800)
  176.         FileDescription:  Full/Desktop Win32k Kernel Driver
  177.         LegalCopyright:   © Microsoft Corporation. All rights reserved.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!