A
argard
When running deadspace3.exe after windows update
It started normally in October 6, but some update changed ntdll.dll version.
Windbg showing buffer overrun condition, that could be the cause of Exception Code: c0000005
Microsoft (R) Windows Debugger Version 10.0.20153.1000 X86
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: D:\SteamLibrary\steamapps\common\Dead Space 3\deadspace3.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00740000 019ef000 deadspace_f.exe
ModLoad: 77960000 77b03000 ntdll.dll
ModLoad: 76ab0000 76ba0000 C:\Windows\SysWOW64\KERNEL32.DLL
ModLoad: 77590000 777a4000 C:\Windows\SysWOW64\KERNELBASE.dll
ModLoad: 75a80000 75afa000 C:\Windows\SysWOW64\advapi32.dll
ModLoad: 76ba0000 76c5f000 C:\Windows\SysWOW64\msvcrt.dll
ModLoad: 76c60000 76cd5000 C:\Windows\SysWOW64\sechost.dll
ModLoad: 75f40000 75ffa000 C:\Windows\SysWOW64\RPCRT4.dll
ModLoad: 768e0000 76903000 C:\Windows\SysWOW64\gdi32.dll
ModLoad: 773e0000 773f8000 C:\Windows\SysWOW64\win32u.dll
ModLoad: 76700000 767da000 C:\Windows\SysWOW64\gdi32full.dll
ModLoad: 76e70000 76eeb000 C:\Windows\SysWOW64\msvcp_win.dll
ModLoad: 77410000 77530000 C:\Windows\SysWOW64\ucrtbase.dll
ModLoad: 76910000 76aa6000 C:\Windows\SysWOW64\USER32.dll
ModLoad: 75820000 75845000 C:\Windows\SysWOW64\imm32.dll
ModLoad: 76ce0000 76d76000 C:\Windows\SysWOW64\oleaut32.dll
ModLoad: 5fd10000 5fd47000 C:\Windows\SysWOW64\dinput8.dll
ModLoad: 76fa0000 77221000 C:\Windows\SysWOW64\combase.dll
ModLoad: 777d0000 777d6000 C:\Windows\SysWOW64\psapi.dll
ModLoad: 76040000 765f3000 C:\Windows\SysWOW64\shell32.dll
ModLoad: 59de0000 59e5f000 C:\Windows\SysWOW64\dsound.dll
ModLoad: 772e0000 77343000 C:\Windows\SysWOW64\ws2_32.dll
ModLoad: 767e0000 768c3000 C:\Windows\SysWOW64\ole32.dll
ModLoad: 74920000 74952000 C:\Windows\SysWOW64\iphlpapi.dll
ModLoad: 72d20000 72d64000 C:\Windows\SysWOW64\powrprof.dll
ModLoad: 043a0000 043e4000 C:\Windows\SysWOW64\powrprof.dll
ModLoad: 6a6d0000 6a6ed000 C:\Windows\SysWOW64\winmmbase.dll
ModLoad: 756e0000 756e8000 C:\Windows\SysWOW64\version.dll
ModLoad: 73f90000 73fb8000 C:\Windows\SysWOW64\winmm.dll
ModLoad: 626e0000 6286f000 C:\Windows\SysWOW64\d3d9.dll
ModLoad: 73550000 7355f000 C:\Windows\SysWOW64\kernel.appcore.dll
ModLoad: 043a0000 043b6000 C:\Windows\SysWOW64\xinput1_3.dll
ModLoad: 723a0000 729aa000 C:\Windows\SysWOW64\windows.storage.dll
ModLoad: 742f0000 74316000 C:\Windows\SysWOW64\dwmapi.dll
ModLoad: 72370000 72394000 C:\Windows\SysWOW64\Wldp.dll
ModLoad: 79050000 7924f000 C:\Windows\SysWOW64\d3dx9_43.dll
ModLoad: 043a0000 043b6000 C:\Windows\SysWOW64\xinput1_3.dll
ModLoad: 75b00000 75f34000 C:\Windows\SysWOW64\SETUPAPI.dll
ModLoad: 76000000 7603b000 C:\Windows\SysWOW64\cfgmgr32.dll
ModLoad: 75980000 75999000 C:\Windows\SysWOW64\bcrypt.dll
(4844.469c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a42 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
77a11a42 cc int 3
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a43 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!LdrpDoDebuggerBreak+0x2c:
77a11a43 eb07 jmp ntdll!LdrpDoDebuggerBreak+0x35 (77a11a4c)
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a4c esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x35:
77a11a4c c745fcfeffffff mov dword ptr [ebp-4],0FFFFFFFEh ss:002b:03d7f4f4=00000000
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a53 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x3c:
77a11a53 8b4df0 mov ecx,dword ptr [ebp-10h] ss:002b:03d7f4e8=03d7f748
0:000> t
eax=00000000 ebx=00000000 ecx=03d7f748 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a56 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x3f:
77a11a56 64890d00000000 mov dword ptr fs:[0],ecx fs:0053:00000000=03d7f4e8
0:000> t
eax=00000000 ebx=00000000 ecx=03d7f748 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5d esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x46:
77a11a5d 59 pop ecx
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5e esp=03d7f4d0 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x47:
77a11a5e 5f pop edi
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5f esp=03d7f4d4 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x48:
77a11a5f 5e pop esi
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a60 esp=03d7f4d8 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x49:
77a11a60 5b pop ebx
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a61 esp=03d7f4dc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x4a:
77a11a61 c9 leave
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a62 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x4b:
77a11a62 c3 ret
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf58 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1c98:
77a0bf58 e8dffefaff call ntdll!LdrpDropLastInProgressCount (779bbe3c)
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe3c esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount:
779bbe3c 64a118000000 mov eax,dword ptr fs:[00000018h] fs:0053:00000018=03ad3000
0:000> t
eax=03ad3000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe42 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x6:
779bbe42 b9ffef0000 mov ecx,0EFFFh
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe47 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0xb:
779bbe47 56 push esi
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe48 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0xc:
779bbe48 bee05ca877 mov esi,offset ntdll!LdrpWorkQueueLock (77a85ce0)
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe4d esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x11:
779bbe4d 56 push esi
0:000> p
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe4e esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x12:
779bbe4e 662188ca0f0000 and word ptr [eax+0FCAh],cx ds:002b:03ad3fca=1420
0:000> p
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe55 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpDropLastInProgressCount+0x19:
779bbe55 e8c62afeff call ntdll!RtlEnterCriticalSection (7799e920)
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe5a esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x1e:
779bbe5a 8325f85ca87700 and dword ptr [ntdll!LdrpWorkInProgress (77a85cf8)],0 ds:002b:77a85cf8=00000001
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe61 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x25:
779bbe61 56 push esi
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe62 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x26:
779bbe62 e8d91ffeff call ntdll!RtlLeaveCriticalSection (7799de40)
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe67 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x2b:
779bbe67 6a00 push 0
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe69 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x2d:
779bbe69 ff35a85ca877 push dword ptr [ntdll!LdrpLoadCompleteEvent (77a85ca8)] ds:002b:77a85ca8=00000084
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe6f esp=03d7f4f0 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x33:
779bbe6f e86c580100 call ntdll!NtSetEvent (779d16e0)
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe74 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x38:
779bbe74 5e pop esi
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe75 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x39:
779bbe75 c3 ret
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf5d esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1c9d:
77a0bf5d 803df965a87700 cmp byte ptr [ntdll!LdrpNXProcessPermanent (77a865f9)],0 ds:002b:77a865f9=01
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf64 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1ca4:
77a0bf64 0f8599000000 jne ntdll!LdrpInitializeProcess+0x1d43 (77a0c003) [br=1]
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c003 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d43:
77a0c003 a17c5aa877 mov eax,dword ptr [ntdll!Kernel32ThreadInitThunkFunction (77a85a7c)] ds:002b:77a85a7c={KERNEL32!BaseThreadInitThunk (76acfa10)}
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c008 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d48:
77a0c008 8985d8feffff mov dword ptr [ebp-128h],eax ss:002b:03d7f630=00000001
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c00e esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d4e:
77a0c00e 85c0 test eax,eax
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c010 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d50:
77a0c010 743d je ntdll!LdrpInitializeProcess+0x1d8f (77a0c04f) [br=0]
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c012 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d52:
77a0c012 53 push ebx
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c013 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d53:
77a0c013 8bc8 mov ecx,eax
0:000> p
eax=76acfa10 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c015 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d55:
77a0c015 ff15e091a877 call dword ptr [ntdll!__guard_check_icall_fptr (77a891e0)] ds:002b:77a891e0={ntdll!LdrpValidateUserCallTarget (779e7020)}
0:000> p
eax=0ed59f43 ebx=00000000 ecx=76acfa10 edx=00000008 esi=77971fe4 edi=779725ac
eip=77a0c01b esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000203
ntdll!LdrpInitializeProcess+0x1d5b:
77a0c01b 33d2 xor edx,edx
0:000> p
eax=0ed59f43 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c01d esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d5d:
77a0c01d 33c0 xor eax,eax
0:000> p
eax=00000000 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c01f esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d5f:
77a0c01f 8d4801 lea ecx,[eax+1]
0:000> p
eax=00000000 ebx=00000000 ecx=00000001 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c022 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d62:
77a0c022 ff95d8feffff call dword ptr [ebp-128h] ss:002b:03d7f630={KERNEL32!BaseThreadInitThunk (76acfa10)}
0:000> gu
ModLoad: 721f0000 721fd000 C:\Windows\SysWOW64\UMPDC.dll
(4844.469c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0014c483 ebx=00000000 ecx=14c48300 edx=019f0000 esi=00740000 edi=14c48300
eip=779e702b esp=03d7f478 ebp=03d7f4b0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202
ntdll!LdrpValidateUserCallTargetBitMapCheck:
779e702b 8b1482 mov edx,dword ptr [edx+eax*4] ds:002b:01f2120c=????????
0:000> gu
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> g
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> g
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> gh
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> gn
eax=00000000 ebx=03ed9ee0 ecx=00000000 edx=00000000 esi=03ed9ee0 edi=03ed4338
eip=779d335c esp=0439f8d8 ebp=0439fa94 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
ntdll!NtWaitForWorkViaWorkerFactory+0xc:
779d335c c21400 ret 14h
Continue reading...
It started normally in October 6, but some update changed ntdll.dll version.
Windbg showing buffer overrun condition, that could be the cause of Exception Code: c0000005
Microsoft (R) Windows Debugger Version 10.0.20153.1000 X86
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: D:\SteamLibrary\steamapps\common\Dead Space 3\deadspace3.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00740000 019ef000 deadspace_f.exe
ModLoad: 77960000 77b03000 ntdll.dll
ModLoad: 76ab0000 76ba0000 C:\Windows\SysWOW64\KERNEL32.DLL
ModLoad: 77590000 777a4000 C:\Windows\SysWOW64\KERNELBASE.dll
ModLoad: 75a80000 75afa000 C:\Windows\SysWOW64\advapi32.dll
ModLoad: 76ba0000 76c5f000 C:\Windows\SysWOW64\msvcrt.dll
ModLoad: 76c60000 76cd5000 C:\Windows\SysWOW64\sechost.dll
ModLoad: 75f40000 75ffa000 C:\Windows\SysWOW64\RPCRT4.dll
ModLoad: 768e0000 76903000 C:\Windows\SysWOW64\gdi32.dll
ModLoad: 773e0000 773f8000 C:\Windows\SysWOW64\win32u.dll
ModLoad: 76700000 767da000 C:\Windows\SysWOW64\gdi32full.dll
ModLoad: 76e70000 76eeb000 C:\Windows\SysWOW64\msvcp_win.dll
ModLoad: 77410000 77530000 C:\Windows\SysWOW64\ucrtbase.dll
ModLoad: 76910000 76aa6000 C:\Windows\SysWOW64\USER32.dll
ModLoad: 75820000 75845000 C:\Windows\SysWOW64\imm32.dll
ModLoad: 76ce0000 76d76000 C:\Windows\SysWOW64\oleaut32.dll
ModLoad: 5fd10000 5fd47000 C:\Windows\SysWOW64\dinput8.dll
ModLoad: 76fa0000 77221000 C:\Windows\SysWOW64\combase.dll
ModLoad: 777d0000 777d6000 C:\Windows\SysWOW64\psapi.dll
ModLoad: 76040000 765f3000 C:\Windows\SysWOW64\shell32.dll
ModLoad: 59de0000 59e5f000 C:\Windows\SysWOW64\dsound.dll
ModLoad: 772e0000 77343000 C:\Windows\SysWOW64\ws2_32.dll
ModLoad: 767e0000 768c3000 C:\Windows\SysWOW64\ole32.dll
ModLoad: 74920000 74952000 C:\Windows\SysWOW64\iphlpapi.dll
ModLoad: 72d20000 72d64000 C:\Windows\SysWOW64\powrprof.dll
ModLoad: 043a0000 043e4000 C:\Windows\SysWOW64\powrprof.dll
ModLoad: 6a6d0000 6a6ed000 C:\Windows\SysWOW64\winmmbase.dll
ModLoad: 756e0000 756e8000 C:\Windows\SysWOW64\version.dll
ModLoad: 73f90000 73fb8000 C:\Windows\SysWOW64\winmm.dll
ModLoad: 626e0000 6286f000 C:\Windows\SysWOW64\d3d9.dll
ModLoad: 73550000 7355f000 C:\Windows\SysWOW64\kernel.appcore.dll
ModLoad: 043a0000 043b6000 C:\Windows\SysWOW64\xinput1_3.dll
ModLoad: 723a0000 729aa000 C:\Windows\SysWOW64\windows.storage.dll
ModLoad: 742f0000 74316000 C:\Windows\SysWOW64\dwmapi.dll
ModLoad: 72370000 72394000 C:\Windows\SysWOW64\Wldp.dll
ModLoad: 79050000 7924f000 C:\Windows\SysWOW64\d3dx9_43.dll
ModLoad: 043a0000 043b6000 C:\Windows\SysWOW64\xinput1_3.dll
ModLoad: 75b00000 75f34000 C:\Windows\SysWOW64\SETUPAPI.dll
ModLoad: 76000000 7603b000 C:\Windows\SysWOW64\cfgmgr32.dll
ModLoad: 75980000 75999000 C:\Windows\SysWOW64\bcrypt.dll
(4844.469c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a42 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
77a11a42 cc int 3
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a43 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!LdrpDoDebuggerBreak+0x2c:
77a11a43 eb07 jmp ntdll!LdrpDoDebuggerBreak+0x35 (77a11a4c)
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a4c esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x35:
77a11a4c c745fcfeffffff mov dword ptr [ebp-4],0FFFFFFFEh ss:002b:03d7f4f4=00000000
0:000> t
eax=00000000 ebx=00000000 ecx=a8050000 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a53 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x3c:
77a11a53 8b4df0 mov ecx,dword ptr [ebp-10h] ss:002b:03d7f4e8=03d7f748
0:000> t
eax=00000000 ebx=00000000 ecx=03d7f748 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a56 esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x3f:
77a11a56 64890d00000000 mov dword ptr fs:[0],ecx fs:0053:00000000=03d7f4e8
0:000> t
eax=00000000 ebx=00000000 ecx=03d7f748 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5d esp=03d7f4cc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x46:
77a11a5d 59 pop ecx
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5e esp=03d7f4d0 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x47:
77a11a5e 5f pop edi
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a5f esp=03d7f4d4 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x48:
77a11a5f 5e pop esi
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a60 esp=03d7f4d8 ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x49:
77a11a60 5b pop ebx
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a61 esp=03d7f4dc ebp=03d7f4f8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x4a:
77a11a61 c9 leave
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a11a62 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x4b:
77a11a62 c3 ret
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf58 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1c98:
77a0bf58 e8dffefaff call ntdll!LdrpDropLastInProgressCount (779bbe3c)
0:000> t
eax=00000000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe3c esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount:
779bbe3c 64a118000000 mov eax,dword ptr fs:[00000018h] fs:0053:00000018=03ad3000
0:000> t
eax=03ad3000 ebx=00000000 ecx=62c1ffa4 edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe42 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x6:
779bbe42 b9ffef0000 mov ecx,0EFFFh
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe47 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0xb:
779bbe47 56 push esi
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe48 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0xc:
779bbe48 bee05ca877 mov esi,offset ntdll!LdrpWorkQueueLock (77a85ce0)
0:000> t
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe4d esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x11:
779bbe4d 56 push esi
0:000> p
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe4e esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x12:
779bbe4e 662188ca0f0000 and word ptr [eax+0FCAh],cx ds:002b:03ad3fca=1420
0:000> p
eax=03ad3000 ebx=00000000 ecx=0000efff edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe55 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpDropLastInProgressCount+0x19:
779bbe55 e8c62afeff call ntdll!RtlEnterCriticalSection (7799e920)
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe5a esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x1e:
779bbe5a 8325f85ca87700 and dword ptr [ntdll!LdrpWorkInProgress (77a85cf8)],0 ds:002b:77a85cf8=00000001
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe61 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x25:
779bbe61 56 push esi
0:000> p
eax=00000000 ebx=00000000 ecx=77a85ce0 edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe62 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x26:
779bbe62 e8d91ffeff call ntdll!RtlLeaveCriticalSection (7799de40)
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe67 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x2b:
779bbe67 6a00 push 0
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe69 esp=03d7f4f4 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x2d:
779bbe69 ff35a85ca877 push dword ptr [ntdll!LdrpLoadCompleteEvent (77a85ca8)] ds:002b:77a85ca8=00000084
0:000> p
eax=00000000 ebx=00000000 ecx=ffffffff edx=03ad3000 esi=77a85ce0 edi=779725ac
eip=779bbe6f esp=03d7f4f0 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x33:
779bbe6f e86c580100 call ntdll!NtSetEvent (779d16e0)
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77a85ce0 edi=779725ac
eip=779bbe74 esp=03d7f4f8 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x38:
779bbe74 5e pop esi
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=779bbe75 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDropLastInProgressCount+0x39:
779bbe75 c3 ret
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf5d esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1c9d:
77a0bf5d 803df965a87700 cmp byte ptr [ntdll!LdrpNXProcessPermanent (77a865f9)],0 ds:002b:77a865f9=01
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0bf64 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1ca4:
77a0bf64 0f8599000000 jne ntdll!LdrpInitializeProcess+0x1d43 (77a0c003) [br=1]
0:000> p
eax=00000000 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c003 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d43:
77a0c003 a17c5aa877 mov eax,dword ptr [ntdll!Kernel32ThreadInitThunkFunction (77a85a7c)] ds:002b:77a85a7c={KERNEL32!BaseThreadInitThunk (76acfa10)}
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c008 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d48:
77a0c008 8985d8feffff mov dword ptr [ebp-128h],eax ss:002b:03d7f630=00000001
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c00e esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d4e:
77a0c00e 85c0 test eax,eax
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c010 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d50:
77a0c010 743d je ntdll!LdrpInitializeProcess+0x1d8f (77a0c04f) [br=0]
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c012 esp=03d7f500 ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d52:
77a0c012 53 push ebx
0:000> p
eax=76acfa10 ebx=00000000 ecx=77951cfc edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c013 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d53:
77a0c013 8bc8 mov ecx,eax
0:000> p
eax=76acfa10 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c015 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!LdrpInitializeProcess+0x1d55:
77a0c015 ff15e091a877 call dword ptr [ntdll!__guard_check_icall_fptr (77a891e0)] ds:002b:77a891e0={ntdll!LdrpValidateUserCallTarget (779e7020)}
0:000> p
eax=0ed59f43 ebx=00000000 ecx=76acfa10 edx=00000008 esi=77971fe4 edi=779725ac
eip=77a0c01b esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl nz na po cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000203
ntdll!LdrpInitializeProcess+0x1d5b:
77a0c01b 33d2 xor edx,edx
0:000> p
eax=0ed59f43 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c01d esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d5d:
77a0c01d 33c0 xor eax,eax
0:000> p
eax=00000000 ebx=00000000 ecx=76acfa10 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c01f esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d5f:
77a0c01f 8d4801 lea ecx,[eax+1]
0:000> p
eax=00000000 ebx=00000000 ecx=00000001 edx=00000000 esi=77971fe4 edi=779725ac
eip=77a0c022 esp=03d7f4fc ebp=03d7f758 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpInitializeProcess+0x1d62:
77a0c022 ff95d8feffff call dword ptr [ebp-128h] ss:002b:03d7f630={KERNEL32!BaseThreadInitThunk (76acfa10)}
0:000> gu
ModLoad: 721f0000 721fd000 C:\Windows\SysWOW64\UMPDC.dll
(4844.469c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0014c483 ebx=00000000 ecx=14c48300 edx=019f0000 esi=00740000 edi=14c48300
eip=779e702b esp=03d7f478 ebp=03d7f4b0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202
ntdll!LdrpValidateUserCallTargetBitMapCheck:
779e702b 8b1482 mov edx,dword ptr [edx+eax*4] ds:002b:01f2120c=????????
0:000> gu
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> g
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> g
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> gh
WARNING: Continuing a non-continuable exception
(4844.469c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE
eax=00000000 ebx=00000000 ecx=0000000a edx=14c48300 esi=14c48300 edi=14c48300
eip=779e7160 esp=03d7eef4 ebp=03d7ef20 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!RtlFailFast2:
779e7160 cd29 int 29h
0:000> gn
eax=00000000 ebx=03ed9ee0 ecx=00000000 edx=00000000 esi=03ed9ee0 edi=03ed4338
eip=779d335c esp=0439f8d8 ebp=0439fa94 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
ntdll!NtWaitForWorkViaWorkerFactory+0xc:
779d335c c21400 ret 14h
Continue reading...