M
Manjunath_bn
machine is crashing with following stack .
Any thoughts what is causing this.
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffe0002d21b700, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff800d373536f, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on IN-5CG0355GRV
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 5
Key : Analysis.Memory.CommitPeak.Mb
Value: 65
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffe0002d21b700
BUGCHECK_P2: 1
BUGCHECK_P3: fffff800d373536f
BUGCHECK_P4: 0
WRITE_ADDRESS: ffffe0002d21b700 Nonpaged pool
MM_INTERNAL_CODE: 0
PROCESS_NAME: System
TRAP_FRAME: ffffd00197751620 -- (.trap 0xffffd00197751620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720
rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030
r8=0000000000000016 r9=0000000000000002 r10=0000000000000000
r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
pefndis+0x136f:
fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????
Resetting default scope
STACK_TEXT:
ffffd001`97751488 fffff801`9ec678f0 : 00000000`00000050 ffffe000`2d21b700 00000000`00000001 ffffd001`97751620 : nt!KeBugCheckEx
ffffd001`97751490 fffff801`9eacbfb9 : 00000000`00000001 ffffe000`2d21b700 ffffd001`97751620 ffffe000`2d21b700 : nt!MiSystemFault+0x1048
ffffd001`97751520 fffff801`9ebceb9d : 00000000`c0000001 ffffe000`2d20c700 00000000`c0000000 fffff800`d249b57d : nt!MmAccessFault+0x219
ffffd001`97751620 fffff800`d373536f : fffff800`d3738845 ffffe000`2d20c780 00000000`00000000 00000000`c0000001 : nt!KiPageFault+0x31d
ffffd001`977517b8 fffff800`d3738845 : ffffe000`2d20c780 00000000`00000000 00000000`c0000001 00000000`00000088 : pefndis+0x136f
ffffd001`977517c0 fffff800`d37410f2 : ffffe000`2d20c780 ffffd001`97751950 ffffe000`2c897f90 ffffe000`2c897f90 : pefndis+0x4845
ffffd001`97751820 fffff801`9ef20edc : ffffe000`2d20c780 ffffe000`2d06f000 ffffffff`800000c0 ffffffff`00000000 : pefndis+0xd0f2
ffffd001`97751850 fffff801`9f17b08c : ffffe000`2d079f48 ffffe000`2d079f48 ffffd001`97751b70 ffffe000`00000004 : nt!IopLoadDriver+0x558
ffffd001`97751b10 fffff801`9f174932 : fffff801`00000000 ffffc000`cb18e850 00000000`00000000 fffff801`9d3f3550 : nt!IopInitializeSystemDrivers+0x138
ffffd001`97751ba0 fffff801`9ef58d0a : 00000000`00000000 fffff801`9d3f3550 ffffe000`2c898900 ffffc000`ca2052f0 : nt!IoInitSystem+0x16
ffffd001`97751bd0 fffff801`9eb4493e : 00000000`00000001 00000000`00000080 ffffe000`2c898900 fffff801`9ebc46b3 : nt!Phase1Initialization+0x2a
ffffd001`97751c00 fffff801`9ebc8f66 : fffff801`9ed62180 ffffe000`2c820040 fffff801`9edc9a00 fffff801`9d3f3550 : nt!PspSystemThreadStartup+0x18a
ffffd001`97751c60 00000000`00000000 : ffffd001`97752000 ffffd001`9774c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_NAME: pefndis+136f
MODULE_NAME: pefndis
IMAGE_NAME: pefndis.sys
IMAGE_VERSION: 0.3.1.0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 136f
FAILURE_BUCKET_ID: AV_pefndis!unknown_function
OS_VERSION: 8.1.9600.19880
BUILDLAB_STR: winblue_ltsb
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
FAILURE_ID_HASH: {786a9847-50c8-a977-e031-2ec66b6644b2}
Followup: MachineOwner
-----------------------------------------------------------------------
--lmvm pefndis
Browse full module list
start end module name
fffff800`d3734000 fffff800`d3747000 pefndis (no symbols)
Loaded symbol image file: pefndis.sys
Image path: \SystemRoot\system32\DRIVERS\pefndis.sys
Image name: pefndis.sys
Browse all global symbols functions data
Timestamp: Fri Oct 21 23:07:02 2016 (580A523E)
CheckSum: 0001C8E1
ImageSize: 00013000
File version: 0.3.1.0
Product version: 0.3.1.0
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft Message Analyzer NDIS Driver
InternalName: pefndis
OriginalFilename: pefndis.sys
ProductVersion: 0.03.01.00
FileVersion: 0.03.01.00
FileDescription: Message Analyzer -- NDIS 6.0 Monitoring Filter Driver
LegalCopyright: Copyright © 2012-2015 Microsoft Corporation. All rights reserved.
-------------------------------------------------------------------------------------------------------
Start memory scan : 0xffffd00197751488 ($csp)
End memory scan : 0xffffd00197752000 (Kernel Stack Base)
0xffffd00197751518 : 0xfffff8019eacbfb9 : nt!MmAccessFault+0x219
0xffffd00197751610 : 0xffffd001977516a0 : !du ""try: Reg""
0xffffd00197751618 : 0xfffff8019ebceb9d : nt!KiPageFault+0x31d
0xffffd00197751620 : 0x00000000c0000001 : Trap @ ffffd00197751620
0xffffd00197751638 : 0xfffff800d249b57d : NDIS!NdisFRegisterFilterDriver+0x3e1
0xffffd00197751690 : 0x0076006900720044 : !du ""DriverEntry: Reg""
0xffffd00197751698 : 0x006e004500720065 : !du ""erEntry: Reg""
0xffffd001977516a0 : 0x003a007900720074 : !du ""try: Reg""
0xffffd00197751708 : 0xfffff8019ed59c88 : nt!NonPagedPoolDescriptor+0x8
0xffffd00197751718 : 0xfffff8019ed59e80 : nt!NonPagedPoolDescriptor+0x200
0xffffd00197751728 : 0xfffff800d373d500 : !du "{BD583A2D-7410-4BD1-B9C0-ECA0E65E6980}"
0xffffd00197751738 : 0xfffff800d373d4f0 : !du "pefndis"
0xffffd001977517e8 : 0xfffff800d373d3a0 : !du ""DriverEntry: Register filter driver failed.""
0xffffd001977517f8 : 0xfffff800d373d550 : !du ""PEF NDISCAP Lightweight Filter Driver""
0xffffd00197751848 : 0xfffff8019ef20edc : nt!IopLoadDriver+0x558
0xffffd00197751898 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13
0xffffd001977518a8 : 0xffffc000cb30e8c0 : !du "\SystemRoot\system32\DRIVERS\pefndis.sys"
0xffffd001977518c0 : 0xffffc000cb2f73a0 : !du "pefndis"
0xffffd001977518e8 : 0xffffe0002d2080d0 : !du "\Driver\pefndis"
0xffffd00197751900 : 0xffffe0002d218af0 : 0xfffff8019ed465d0 : nt!PsLoadedModuleList
0xffffd00197751908 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13
0xffffd00197751918 : 0xfffff800d3734000 : pefndis
0xffffd00197751958 : 0xfffff8019ee622bb : nt!ObOpenObjectByName+0x40b
0xffffd001977519b8 : 0xfffff8019ed0e874 : nt!ExFreePoolWithTag+0x874
0xffffd001977519d8 : 0xfffff8019ed0f48e : nt!ExAllocatePoolWithTag+0x89e
0xffffd00197751a08 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"
0xffffd00197751a38 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"
0xffffd00197751a58 : 0xfffff8019ee32647 : nt!IopGetRegistryValue+0xdf
0xffffd00197751aa0 : 0xfffff8019f19a5d0 : !du "DependOnGroup"
0xffffd00197751ab8 : 0xfffff8019f17c4be : nt!PipCheckDependencies+0x26
0xffffd00197751ae8 : 0xfffff8019ef58ce0 : nt!Phase1Initialization
0xffffd00197751b08 : 0xfffff8019f17b08c : nt!IopInitializeSystemDrivers+0x138
0xffffd00197751b98 : 0xfffff8019f174932 : nt!IoInitSystem+0x16
0xffffd00197751bc8 : 0xfffff8019ef58d0a : nt!Phase1Initialization+0x2a
0xffffd00197751be8 : 0xffffc000ca2052f0 : !da "*SYSTEM*"
0xffffd00197751bf0 : 0xffffc000ca2052f0 : !da "*SYSTEM*"
0xffffd00197751bf8 : 0xfffff8019eb4493e : nt!PspSystemThreadStartup+0x18a
0xffffd00197751c18 : 0xfffff8019ebc46b3 : nt!SwapContext_PatchStMxCsr+0x54
0xffffd00197751c50 : 0xfffff8019ede3010 : nt!KiSystemStartup
0xffffd00197751c58 : 0xfffff8019ebc8f66 : nt!KiStartSystemThread+0x16
0xffffd00197751c60 : 0xfffff8019ed62180 : nt!KiInitialPCR+0x180
0xffffd00197751c70 : 0xfffff8019edc9a00 : nt!KiInitialThread
-----------------------------------------------------------------------------------------------
0: kd> .trap ffffd00197751620;knL
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720
rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030
r8=0000000000000016 r9=0000000000000002 r10=0000000000000000
r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
pefndis+0x136f:
fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????
*** Stack trace for last set context - .thread/.cxr resets it
# Child-SP RetAddr Call Site
00 ffffd001`977517b8 fffff800`d3738845 pefndis+0x136f
01 ffffd001`977517c0 fffff800`d37410f2 pefndis+0x4845
02 ffffd001`97751820 fffff801`9ef20edc pefndis+0xd0f2
03 ffffd001`97751850 fffff801`9f17b08c nt!IopLoadDriver+0x558
04 ffffd001`97751b10 fffff801`9f174932 nt!IopInitializeSystemDrivers+0x138
05 ffffd001`97751ba0 fffff801`9ef58d0a nt!IoInitSystem+0x16
06 ffffd001`97751bd0 fffff801`9eb4493e nt!Phase1Initialization+0x2a
07 ffffd001`97751c00 fffff801`9ebc8f66 nt!PspSystemThreadStartup+0x18a
08 ffffd001`97751c60 00000000`00000000 nt!KiStartSystemThread+0x16
Thank you
Manju
Continue reading...
Any thoughts what is causing this.
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffe0002d21b700, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff800d373536f, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on IN-5CG0355GRV
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 5
Key : Analysis.Memory.CommitPeak.Mb
Value: 65
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffe0002d21b700
BUGCHECK_P2: 1
BUGCHECK_P3: fffff800d373536f
BUGCHECK_P4: 0
WRITE_ADDRESS: ffffe0002d21b700 Nonpaged pool
MM_INTERNAL_CODE: 0
PROCESS_NAME: System
TRAP_FRAME: ffffd00197751620 -- (.trap 0xffffd00197751620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720
rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030
r8=0000000000000016 r9=0000000000000002 r10=0000000000000000
r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
pefndis+0x136f:
fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????
Resetting default scope
STACK_TEXT:
ffffd001`97751488 fffff801`9ec678f0 : 00000000`00000050 ffffe000`2d21b700 00000000`00000001 ffffd001`97751620 : nt!KeBugCheckEx
ffffd001`97751490 fffff801`9eacbfb9 : 00000000`00000001 ffffe000`2d21b700 ffffd001`97751620 ffffe000`2d21b700 : nt!MiSystemFault+0x1048
ffffd001`97751520 fffff801`9ebceb9d : 00000000`c0000001 ffffe000`2d20c700 00000000`c0000000 fffff800`d249b57d : nt!MmAccessFault+0x219
ffffd001`97751620 fffff800`d373536f : fffff800`d3738845 ffffe000`2d20c780 00000000`00000000 00000000`c0000001 : nt!KiPageFault+0x31d
ffffd001`977517b8 fffff800`d3738845 : ffffe000`2d20c780 00000000`00000000 00000000`c0000001 00000000`00000088 : pefndis+0x136f
ffffd001`977517c0 fffff800`d37410f2 : ffffe000`2d20c780 ffffd001`97751950 ffffe000`2c897f90 ffffe000`2c897f90 : pefndis+0x4845
ffffd001`97751820 fffff801`9ef20edc : ffffe000`2d20c780 ffffe000`2d06f000 ffffffff`800000c0 ffffffff`00000000 : pefndis+0xd0f2
ffffd001`97751850 fffff801`9f17b08c : ffffe000`2d079f48 ffffe000`2d079f48 ffffd001`97751b70 ffffe000`00000004 : nt!IopLoadDriver+0x558
ffffd001`97751b10 fffff801`9f174932 : fffff801`00000000 ffffc000`cb18e850 00000000`00000000 fffff801`9d3f3550 : nt!IopInitializeSystemDrivers+0x138
ffffd001`97751ba0 fffff801`9ef58d0a : 00000000`00000000 fffff801`9d3f3550 ffffe000`2c898900 ffffc000`ca2052f0 : nt!IoInitSystem+0x16
ffffd001`97751bd0 fffff801`9eb4493e : 00000000`00000001 00000000`00000080 ffffe000`2c898900 fffff801`9ebc46b3 : nt!Phase1Initialization+0x2a
ffffd001`97751c00 fffff801`9ebc8f66 : fffff801`9ed62180 ffffe000`2c820040 fffff801`9edc9a00 fffff801`9d3f3550 : nt!PspSystemThreadStartup+0x18a
ffffd001`97751c60 00000000`00000000 : ffffd001`97752000 ffffd001`9774c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_NAME: pefndis+136f
MODULE_NAME: pefndis
IMAGE_NAME: pefndis.sys
IMAGE_VERSION: 0.3.1.0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 136f
FAILURE_BUCKET_ID: AV_pefndis!unknown_function
OS_VERSION: 8.1.9600.19880
BUILDLAB_STR: winblue_ltsb
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
FAILURE_ID_HASH: {786a9847-50c8-a977-e031-2ec66b6644b2}
Followup: MachineOwner
-----------------------------------------------------------------------
--lmvm pefndis
Browse full module list
start end module name
fffff800`d3734000 fffff800`d3747000 pefndis (no symbols)
Loaded symbol image file: pefndis.sys
Image path: \SystemRoot\system32\DRIVERS\pefndis.sys
Image name: pefndis.sys
Browse all global symbols functions data
Timestamp: Fri Oct 21 23:07:02 2016 (580A523E)
CheckSum: 0001C8E1
ImageSize: 00013000
File version: 0.3.1.0
Product version: 0.3.1.0
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft Message Analyzer NDIS Driver
InternalName: pefndis
OriginalFilename: pefndis.sys
ProductVersion: 0.03.01.00
FileVersion: 0.03.01.00
FileDescription: Message Analyzer -- NDIS 6.0 Monitoring Filter Driver
LegalCopyright: Copyright © 2012-2015 Microsoft Corporation. All rights reserved.
-------------------------------------------------------------------------------------------------------
Start memory scan : 0xffffd00197751488 ($csp)
End memory scan : 0xffffd00197752000 (Kernel Stack Base)
0xffffd00197751518 : 0xfffff8019eacbfb9 : nt!MmAccessFault+0x219
0xffffd00197751610 : 0xffffd001977516a0 : !du ""try: Reg""
0xffffd00197751618 : 0xfffff8019ebceb9d : nt!KiPageFault+0x31d
0xffffd00197751620 : 0x00000000c0000001 : Trap @ ffffd00197751620
0xffffd00197751638 : 0xfffff800d249b57d : NDIS!NdisFRegisterFilterDriver+0x3e1
0xffffd00197751690 : 0x0076006900720044 : !du ""DriverEntry: Reg""
0xffffd00197751698 : 0x006e004500720065 : !du ""erEntry: Reg""
0xffffd001977516a0 : 0x003a007900720074 : !du ""try: Reg""
0xffffd00197751708 : 0xfffff8019ed59c88 : nt!NonPagedPoolDescriptor+0x8
0xffffd00197751718 : 0xfffff8019ed59e80 : nt!NonPagedPoolDescriptor+0x200
0xffffd00197751728 : 0xfffff800d373d500 : !du "{BD583A2D-7410-4BD1-B9C0-ECA0E65E6980}"
0xffffd00197751738 : 0xfffff800d373d4f0 : !du "pefndis"
0xffffd001977517e8 : 0xfffff800d373d3a0 : !du ""DriverEntry: Register filter driver failed.""
0xffffd001977517f8 : 0xfffff800d373d550 : !du ""PEF NDISCAP Lightweight Filter Driver""
0xffffd00197751848 : 0xfffff8019ef20edc : nt!IopLoadDriver+0x558
0xffffd00197751898 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13
0xffffd001977518a8 : 0xffffc000cb30e8c0 : !du "\SystemRoot\system32\DRIVERS\pefndis.sys"
0xffffd001977518c0 : 0xffffc000cb2f73a0 : !du "pefndis"
0xffffd001977518e8 : 0xffffe0002d2080d0 : !du "\Driver\pefndis"
0xffffd00197751900 : 0xffffe0002d218af0 : 0xfffff8019ed465d0 : nt!PsLoadedModuleList
0xffffd00197751908 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13
0xffffd00197751918 : 0xfffff800d3734000 : pefndis
0xffffd00197751958 : 0xfffff8019ee622bb : nt!ObOpenObjectByName+0x40b
0xffffd001977519b8 : 0xfffff8019ed0e874 : nt!ExFreePoolWithTag+0x874
0xffffd001977519d8 : 0xfffff8019ed0f48e : nt!ExAllocatePoolWithTag+0x89e
0xffffd00197751a08 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"
0xffffd00197751a38 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"
0xffffd00197751a58 : 0xfffff8019ee32647 : nt!IopGetRegistryValue+0xdf
0xffffd00197751aa0 : 0xfffff8019f19a5d0 : !du "DependOnGroup"
0xffffd00197751ab8 : 0xfffff8019f17c4be : nt!PipCheckDependencies+0x26
0xffffd00197751ae8 : 0xfffff8019ef58ce0 : nt!Phase1Initialization
0xffffd00197751b08 : 0xfffff8019f17b08c : nt!IopInitializeSystemDrivers+0x138
0xffffd00197751b98 : 0xfffff8019f174932 : nt!IoInitSystem+0x16
0xffffd00197751bc8 : 0xfffff8019ef58d0a : nt!Phase1Initialization+0x2a
0xffffd00197751be8 : 0xffffc000ca2052f0 : !da "*SYSTEM*"
0xffffd00197751bf0 : 0xffffc000ca2052f0 : !da "*SYSTEM*"
0xffffd00197751bf8 : 0xfffff8019eb4493e : nt!PspSystemThreadStartup+0x18a
0xffffd00197751c18 : 0xfffff8019ebc46b3 : nt!SwapContext_PatchStMxCsr+0x54
0xffffd00197751c50 : 0xfffff8019ede3010 : nt!KiSystemStartup
0xffffd00197751c58 : 0xfffff8019ebc8f66 : nt!KiStartSystemThread+0x16
0xffffd00197751c60 : 0xfffff8019ed62180 : nt!KiInitialPCR+0x180
0xffffd00197751c70 : 0xfffff8019edc9a00 : nt!KiInitialThread
-----------------------------------------------------------------------------------------------
0: kd> .trap ffffd00197751620;knL
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720
rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030
r8=0000000000000016 r9=0000000000000002 r10=0000000000000000
r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
pefndis+0x136f:
fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????
*** Stack trace for last set context - .thread/.cxr resets it
# Child-SP RetAddr Call Site
00 ffffd001`977517b8 fffff800`d3738845 pefndis+0x136f
01 ffffd001`977517c0 fffff800`d37410f2 pefndis+0x4845
02 ffffd001`97751820 fffff801`9ef20edc pefndis+0xd0f2
03 ffffd001`97751850 fffff801`9f17b08c nt!IopLoadDriver+0x558
04 ffffd001`97751b10 fffff801`9f174932 nt!IopInitializeSystemDrivers+0x138
05 ffffd001`97751ba0 fffff801`9ef58d0a nt!IoInitSystem+0x16
06 ffffd001`97751bd0 fffff801`9eb4493e nt!Phase1Initialization+0x2a
07 ffffd001`97751c00 fffff801`9ebc8f66 nt!PspSystemThreadStartup+0x18a
08 ffffd001`97751c60 00000000`00000000 nt!KiStartSystemThread+0x16
Thank you
Manju
Continue reading...