Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mrpep\AppData\Local\Temp\Temp1_TERRY-Thu_01_16_2020_181127_94.zip\011620-36083-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
7601.24520.amd64fre.win7sp1_ldr_escrow.190828-1732
Machine Name:
Kernel base = 0xfffff800`04e10000 PsLoadedModuleList = 0xfffff800`05049c90
Debug session time: Fri Jan 17 02:41:50.498 2020 (UTC + 1:00)
System Uptime: 0 days 0:16:56.326
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!DebugPrompt+0x17:
fffff800`04eaa567 cc int 3
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff80004eaa568, The address that the exception occurred at
Arg3: fffff880033af5c8, Exception Record Address
Arg4: fffff880033aee30, Context Record Address
Debugging Details:
------------------
fffff80004ff20e8: Unable to get Flags value from nt!KdVersionBlock
GetUlongPtrFromAddress: unable to read from fffff800050ad300
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-QO9C72C
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 1
Key : Analysis.Memory.CommitPeak.Mb
Value: 60
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffff80000003
BUGCHECK_P2: fffff80004eaa568
BUGCHECK_P3: fffff880033af5c8
BUGCHECK_P4: fffff880033aee30
EXCEPTION_RECORD: fffff880033af5c8 -- (.exr 0xfffff880033af5c8)
ExceptionAddress: fffff80004eaa568 (nt!DebugPrompt+0x0000000000000018)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000002
CONTEXT: fffff880033aee30 -- (.cxr 0xfffff880033aee30)
rax=0000000000000002 rbx=fffff880010839a0 rcx=fffff880010a6070
rdx=fffff880033a001f rsi=00000000000001e7 rdi=fffff880010a6090
rip=fffff80004eaa567 rsp=fffff880033af808 rbp=fffffa800d6ad190
r8=fffff880033af880 r9=fffff880010a0002 r10=0000000000000000
r11=fffff880033af858 r12=000000000000012c r13=fffff880033a1870
r14=0000000000000408 r15=0000000000000001
iopl=0 nv up ei pl nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000212
nt!DebugPrompt+0x17:
fffff800`04eaa567 cc int 3
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0x80000003 - {WYJ TEK} Punkt przerwania Osi gni to punkt przerwania.
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 0000000000000002
EXCEPTION_STR: 0x80000003
STACK_TEXT:
fffff880`033af808 fffff800`04ee7d6b : fffff880`010839a0 fffff800`04e7b658 fffff880`010839a0 00000000`000001e7 : nt!DebugPrompt+0x17
fffff880`033af810 fffff880`010a64bb : fffffa80`0c7b2ce8 00000000`00000000 fffff880`010a6060 00000000`00000007 : nt!DbgPrompt+0x3b
fffff880`033af860 fffff880`010a6ec1 : 00000000`00000029 fffffa80`0d6ad190 fffffa80`0f9de640 00000000`00000000 : fltmgr!FltpvPrintErrors+0x11b
fffff880`033afac0 fffff800`04e535f9 : ffffffff`fff0bdc0 fffff880`010a6d10 fffff800`050207f8 fffffa80`0c7b2b50 : fltmgr!FltpvDoLostObjectCheck+0x1b1
fffff880`033afb70 fffff800`05150578 : 00000000`00000000 fffff880`031b1180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`033afc00 fffff800`04ea9cc6 : fffff880`031b1180 fffffa80`0c7b2b50 fffff880`031c0240 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`033afc40 00000000`00000000 : fffff880`033b0000 fffff880`033aa000 fffff880`033af840 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_NAME: nt!DebugPrompt+18
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 6.1.7601.24520
STACK_COMMAND: .cxr 0xfffff880033aee30 ; kb
FAILURE_BUCKET_ID: X64_0x7E_VRF_nt!DebugPrompt+18
OS_VERSION: 7.1.7601.24520
BUILDLAB_STR: win7sp1_ldr_escrow
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
FAILURE_ID_HASH: {0e885d28-8a96-6740-4fce-8c5082a1dfb8}
Followup: MachineOwner
---------
4: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
4: kd> !dpx
Start memory scan : 0xfffff880033af808 ($csp)
End memory scan : 0xfffff880033b0000 (Kernel Stack Base)
rcx : 0xfffff880010a6070 : !da ""Break, ignore, zap or remove ? ""
rsp : 0xfffff880033af808 : 0xfffff80004ee7d6b : nt!DbgPrompt+0x3b
rdi : 0xfffff880010a6090 : !da ""Breaking in... (press g<enter> to return to assert menu).""
r11 : 0xfffff880033af858 : 0xfffff880010a64bb : fltmgr!FltpvPrintErrors+0x11b
0xfffff880033af808 : 0xfffff80004ee7d6b : nt!DbgPrompt+0x3b
0xfffff880033af810 : 0xfffff880010839a0 : fltmgr!FltvMessageTable+0x290
0xfffff880033af818 : 0xfffff80004e7b658 : nt!DbgPrintEx+0x30
0xfffff880033af820 : 0xfffff880010839a0 : fltmgr!FltvMessageTable+0x290
0xfffff880033af848 : 0xfffff880010a6070 : !da ""Break, ignore, zap or remove ? ""
0xfffff880033af858 : 0xfffff880010a64bb : fltmgr!FltpvPrintErrors+0x11b
0xfffff880033af888 : 0xfffff80004e10000 : "nt!_imp_CiInitialize <PERF> (nt+0x0)"
0xfffff880033af890 : 0x56205245544c4946 : !da ""FILTER VERIFIER ERROR: A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) l...""
0xfffff880033af898 : 0x2052454946495245 : !da ""ERIFIER ERROR: A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked re...""
0xfffff880033af8a0 : 0x20203a524f525245 : !da ""ERROR: A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references...""
0xfffff880033af8a8 : 0x65746c6966204120 : !da "" A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the ...""
0xfffff880033af8b0 : 0x65746c6946282072 : !da ""r (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the followin...""
0xfffff880033af8b8 : 0x46464646203d2072 : !da ""r = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the following resour...""
0xfffff880033af8c0 : 0x4136443030384146 : !da ""FA800D6AD190 (MBAMProtection)) leaked references to the following resources:..00...""
0xfffff880033af8c8 : 0x424d282030393144 : !da ""D190 (MBAMProtection)) leaked references to the following resources:..00000000 F...""
0xfffff880033af8d0 : 0x6365746f72504d41 : !da ""AMProtection)) leaked references to the following resources:..00000000 Filter Co...""
0xfffff880033af8d8 : 0x6c2029296e6f6974 : !da ""tion)) leaked references to the following resources:..00000000 Filter Context St...""
0xfffff880033af8e0 : 0x65722064656b6165 : !da ""eaked references to the following resources:..00000000 Filter Context Structures...""
0xfffff880033af8e8 : 0x7365636e65726566 : !da ""ferences to the following resources:..00000000 Filter Context Structures..000000...""
0xfffff880033af8f0 : 0x20656874206f7420 : !da "" to the following resources:..00000000 Filter Context Structures..00000000 FLT_C...""
0xfffff880033af8f8 : 0x6e69776f6c6c6f66 : !da ""following resources:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_...""
0xfffff880033af900 : 0x72756f7365722067 : !da ""g resources:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA str...""
0xfffff880033af908 : 0x3030090a3a736563 : !da ""ces:..00000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA structures....""
0xfffff880033af910 : 0x4620303030303030 : !da ""000000 Filter Context Structures..00000000 FLT_CALLBACK_DATA structures..0000000...""
0xfffff880033af918 : 0x6f43207265746c69 : !da ""ilter Context Structures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DE...""
0xfffff880033af920 : 0x745320747865746e : !da ""ntext Structures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_I...""
0xfffff880033af928 : 0x7365727574637572 : !da ""ructures..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKIT...""
0xfffff880033af930 : 0x303030303030090a : !da ""..00000000 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM struc...""
0xfffff880033af938 : 0x435f544c46203030 : !da ""00 FLT_CALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..0...""
0xfffff880033af940 : 0x5f4b4341424c4c41 : !da ""ALLBACK_DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 ...""
0xfffff880033af948 : 0x7274732041544144 : !da ""DATA structures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENE...""
0xfffff880033af950 : 0x0a73657275746375 : !da ""uctures..00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORK...""
0xfffff880033af958 : 0x3030303030303009 : !da "".00000000 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM str...""
0xfffff880033af960 : 0x45445f544c462030 : !da ""0 FLT_DEFERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures....""
0xfffff880033af968 : 0x495f444552524546 : !da ""FERRED_IO_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures..0000000...""
0xfffff880033af970 : 0x54494b524f575f4f : !da ""O_WORKITEM structures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FI...""
0xfffff880033af978 : 0x6375727473204d45 : !da ""EM structures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_...""
0xfffff880033af980 : 0x30090a7365727574 : !da ""tures..00000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMAT...""
0xfffff880033af988 : 0x2033343230303030 : !da ""0000243 FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION stru...""
0xfffff880033af990 : 0x454e45475f544c46 : !da ""FLT_GENERIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures.....""
0xfffff880033af998 : 0x4b524f575f434952 : !da ""RIC_WORKITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000...""
0xfffff880033af9a0 : 0x727473204d455449 : !da ""ITEM structures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OB...""
0xfffff880033af9a8 : 0x0a73657275746375 : !da ""uctures..00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT str...""
0xfffff880033af9b0 : 0x3030303030303009 : !da "".00000000 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures....""
0xfffff880033af9b8 : 0x49465f544c462030 : !da ""0 FLT_FILE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures..0000000...""
0xfffff880033af9c0 : 0x5f454d414e5f454c : !da ""LE_NAME_INFORMATION structures..00000000 FILE_OBJECT structures..00000000 FLT_OB...""
0xfffff880033af9c8 : 0x54414d524f464e49 : !da ""INFORMATION structures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT str...""
0xfffff880033af9d0 : 0x75727473204e4f49 : !da ""ION structures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures....""
0xfffff880033af9d8 : 0x090a736572757463 : !da ""ctures..00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!f...""
0xfffff880033af9e0 : 0x3030303030303030 : !da ""00000000 FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.fil...""
0xfffff880033af9e8 : 0x424f5f454c494620 : !da "" FILE_OBJECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFF...""
0xfffff880033af9f0 : 0x727473205443454a : !da ""JECT structures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6A...""
0xfffff880033af9f8 : 0x0a73657275746375 : !da ""uctures..00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1...""
0xfffff880033afa00 : 0x3030303030303009 : !da "".00000000 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the...""
0xfffff880033afa08 : 0x424f5f544c462030 : !da ""0 FLT_OBJECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugge...""
0xfffff880033afa10 : 0x727473205443454a : !da ""JECT structures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a ...""
0xfffff880033afa18 : 0x0a73657275746375 : !da ""uctures.Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of ...""
0xfffff880033afa20 : 0x6621222065707954 : !da ""Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked r...""
0xfffff880033afa28 : 0x6c69662e646b746c : !da ""ltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked reference...""
0xfffff880033afa30 : 0x4646464620726574 : !da ""ter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa38 : 0x4136443030384146 : !da ""FA800D6AD190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa40 : 0x3120382030393144 : !da ""D190 8 1" in the debugger for a list of leaked references.""
0xfffff880033afa48 : 0x656874206e692022 : !da """ in the debugger for a list of leaked references.""
0xfffff880033afa50 : 0x6567677562656420 : !da "" debugger for a list of leaked references.""
0xfffff880033afa58 : 0x206120726f662072 : !da ""r for a list of leaked references.""
0xfffff880033afa60 : 0x20666f207473696c : !da ""list of leaked references.""
0xfffff880033afa68 : 0x722064656b61656c : !da ""leaked references.""
0xfffff880033afa70 : 0x65636e6572656665 : !da "eferences."
0xfffff880033afab8 : 0xfffff880010a6ec1 : fltmgr!FltpvDoLostObjectCheck+0x1b1
0xfffff880033afb38 : 0xfffff880010a6d10 : fltmgr!FltpvDoLostObjectCheck
0xfffff880033afb68 : 0xfffff80004e535f9 : nt!ExpWorkerThread+0x111
0xfffff880033afb78 : 0xfffff880010a6d10 : fltmgr!FltpvDoLostObjectCheck
0xfffff880033afb80 : 0xfffff800050207f8 : nt!ExWorkerQueue+0x58
0xfffff880033afbd0 : 0xfffff80004e534e8 : nt!ExpWorkerThread
0xfffff880033afbf8 : 0xfffff80005150578 : nt!PspSystemThreadStartup+0x194
0xfffff880033afc38 : 0xfffff80004ea9cc6 : nt!KxStartSystemThread+0x16
4: kd> !PDE.da fffff880033af890
FILTER VERIFIER ERROR: A filter (Filter = FFFFFA800D6AD190 (MBAMProtection)) leaked references to the following resources:
00000000 Filter Context Structures
00000000 FLT_CALLBACK_DATA structures
00000000 FLT_DEFERRED_IO_WORKITEM structures
00000243 FLT_GENERIC_WORKITEM structures
00000000 FLT_FILE_NAME_INFORMATION structures
00000000 FILE_OBJECT structures
00000000 FLT_OBJECT structures
Type "!fltkd.filter FFFFFA800D6AD190 8 1" in the debugger for a list of leaked references
4: kd> !fltkd.filter FFFFFA800D6AD190 8 1
Could not read field "Base.Flags" of FltMgr!_FLT_FILTER from address: fffffa800d6ad190
4: kd> !fltkd.filter FFFFFA800D6AD190
Could not read field "Base.Flags" of FltMgr!_FLT_FILTER from address: fffffa800d6ad190