*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002f9a916, 1, 8}
Probably caused by : ntkrnlmp.exe ( nt!CmpAllocateKeyControlBlock+72 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002f9a916, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 0000000000000008, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!CmpAllocateKeyControlBlock+72
fffff800`02f9a916 48895808 mov qword ptr [rax+8],rbx
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000008
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef30e0
0000000000000008
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880046a0da8 -- (.exr 0xfffff880046a0da8)
ExceptionAddress: fffff80002f9a916 (nt!CmpAllocateKeyControlBlock+0x0000000000000072)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000008
Attempt to write to address 0000000000000008
TRAP_FRAME: fffff880046a0e50 -- (.trap 0xfffff880046a0e50)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a001cba8b8
rdx=fffff880046a1048 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002f9a916 rsp=fffff880046a0fe0 rbp=0000000000c08110
r8=fffff8a003dba114 r9=fffff8a007b8fcc0 r10=fffff8a000ebff2c
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!CmpAllocateKeyControlBlock+0x72:
fffff800`02f9a916 48895808 mov qword ptr [rax+8],rbx ds:d120:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cf5a39 to fffff80002cbb740
STACK_TEXT:
fffff880`046a05d8 fffff800`02cf5a39 : 00000000`0000001e ffffffff`c0000005 fffff800`02f9a916 00000000`00000001 : nt!KeBugCheckEx
fffff880`046a05e0 fffff800`02cbad82 : fffff880`046a0da8 fffff800`02ec1040 fffff880`046a0e50 fffff8a0`00023380 : nt!KiDispatchException+0x1b9
fffff880`046a0c70 fffff800`02cb98fa : 00000000`00000001 fffff800`02ec1040 00000000`00000000 fffff8a0`00eab3f0 : nt!KiExceptionDispatch+0xc2
fffff880`046a0e50 fffff800`02f9a916 : 00000000`0000001d 00000000`00000001 00000000`00000001 fffffa80`06ec5601 : nt!KiPageFault+0x23a
fffff880`046a0fe0 fffff800`02f9a477 : 00000000`00000000 00000000`55a6a3a0 00000000`000002c8 00000000`0000001d : nt!CmpAllocateKeyControlBlock+0x72
fffff880`046a1010 fffff800`02f991b7 : fffff8a0`00023380 00000000`00c08110 fffff8a0`03dba114 fffff8a0`07b8fcc0 : nt!CmpCreateKeyControlBlock+0xe8
fffff880`046a10b0 fffff800`02f95195 : fffff8a0`00000000 fffff8a0`00c08110 fffff8a0`00023380 fffffa80`06ec5610 : nt!CmpDoOpen+0x387
fffff880`046a1170 fffff800`02fb4e84 : fffff800`02f94cc0 00000000`00000001 fffffa80`06ec5610 00000000`00000000 : nt!CmpParseKey+0x4d5
fffff880`046a1440 fffff800`02fb9e4d : fffffa80`06ec5610 fffff880`046a15a0 00000000`00000240 fffffa80`03cfb900 : nt!ObpLookupObjectName+0x585
fffff880`046a1540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByName+0x1cd
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CmpAllocateKeyControlBlock+72
fffff800`02f9a916 48895808 mov qword ptr [rax+8],rbx
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!CmpAllocateKeyControlBlock+72
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x1E_nt!CmpAllocateKeyControlBlock+72
BUCKET_ID: X64_0x1E_nt!CmpAllocateKeyControlBlock+72
Followup: MachineOwner
---------