2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc000001d, The exception code that was not handled
Arg2: fffff80002cbe389, The address that the exception occurred at
Arg3: fffff880033166b8, Exception Record Address
Arg4: fffff88003315f10, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {AUSNAHME} Ung ltige Anweisung Es wurde versucht, eine ung ltige Anweisung auszuf hren.
FAULTING_IP:
nt!KiDecrementProcessStackCount+45
fffff800`02cbe389 f0 ???
EXCEPTION_RECORD: fffff880033166b8 -- (.exr 0xfffff880033166b8)
ExceptionAddress: fffff80002cbe389 (nt!KiDecrementProcessStackCount+0x0000000000000045)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: fffff88003315f10 -- (.cxr 0xfffff88003315f10)
rax=0000000000000002 rbx=fffffa80080935d0 rcx=fffffa80080935d0
rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa8006d47b60
rip=fffff80002cbe389 rsp=fffff880033168f0 rbp=0000000000000000
r8=0000000000000002 r9=fffffa8006cf1990 r10=fffff80002eca2e0
r11=fffffa8006d47da0 r12=fffffa80080935d0 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiDecrementProcessStackCount+0x45:
fffff800`02cbe389 f0 ???
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x7E
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc000001d - {AUSNAHME} Ung ltige Anweisung Es wurde versucht, eine ung ltige Anweisung auszuf hren.
LAST_CONTROL_TRANSFER: from fffff80002cbd7fb to fffff80002cbe389
FAILED_INSTRUCTION_ADDRESS:
nt!KiDecrementProcessStackCount+45
fffff800`02cbe389 f0 ???
STACK_TEXT:
fffff880`033168f0 fffff800`02cbd7fb : fffffa80`06d47da0 00000000`00000008 fffffa80`06d47da0 fffff800`02cbd30f : nt!KiDecrementProcessStackCount+0x45
fffff880`03316930 fffff800`02cbd689 : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa80`00000002 : nt!KeDetachProcess+0x117
fffff880`03316990 fffff800`02cbcf9c : 00000000`00000000 fffff880`02f657f0 00000000`00000001 fffff880`03316a70 : nt!MiDetachAndUnlockWorkingSet+0x79
fffff880`033169c0 fffff800`02cbc8c6 : 00000000`0000021c 00000000`00000000 fffffa80`00000000 00000000`00000007 : nt!MiProcessWorkingSets+0x1fc
fffff880`03316a40 fffff800`02cbcd67 : 00000000`00000008 fffff880`03316ad0 00000000`00000001 fffffa80`00000000 : nt!MmWorkingSetManager+0x6e
fffff880`03316a90 fffff800`02f6e32e : fffffa80`06d47b60 00000000`00000080 fffffa80`06cf1990 00000000`00000001 : nt!KeBalanceSetManager+0x1c3
fffff880`03316c00 fffff800`02cc3666 : fffff880`02f65180 fffffa80`06d47b60 fffff880`02f6ffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03316c40 00000000`00000000 : fffff880`03317000 fffff880`03311000 fffff880`033165c0 00000000`00000000 : nt!KiStartSystemThread+0x16
FOLLOWUP_IP:
nt!KiDecrementProcessStackCount+45
fffff800`02cbe389 f0 ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiDecrementProcessStackCount+45
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b
STACK_COMMAND: .cxr 0xfffff88003315f10 ; kb
FAILURE_BUCKET_ID: X64_0x7E_BAD_IP_nt!KiDecrementProcessStackCount+45
BUCKET_ID: X64_0x7E_BAD_IP_nt!KiDecrementProcessStackCount+45
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002f8e326, Address of the instruction which caused the bugcheck
Arg3: fffff88007c5ca50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
FAULTING_IP:
nt!RtlpNewSecurityObject+d6
fffff800`02f8e326 0000 add byte ptr [rax],al
CONTEXT: fffff88007c5ca50 -- (.cxr 0xfffff88007c5ca50)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8a002c8fd30 rsi=fffffa8006c91f30 rdi=fffff88007c5d7c0
rip=fffff80002f8e326 rsp=fffff88007c5d430 rbp=fffffa8006c91f7c
r8=fffff88007c5d730 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=fffff8a0092fa700 r13=0000000000000001
r14=fffff8a0033a0060 r15=fffff8a0092fa700
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!RtlpNewSecurityObject+0xd6:
fffff800`02f8e326 0000 add byte ptr [rax],al ds:002b:00000000`00000000=??
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002f6bb72 to fffff80002f8e326
STACK_TEXT:
fffff880`07c5d430 fffff800`02f6bb72 : fffff880`07c5d7a0 fffff880`07c5d9e8 fffffa80`06c91f30 fffff800`02f6b2e5 : nt!RtlpNewSecurityObject+0xd6
fffff880`07c5d6c0 fffff800`02f6aa42 : 00000000`00000000 fffffa80`0831d7c0 fffff880`07c5d9e8 00000000`00000000 : nt!ObpAssignSecurity+0x82
fffff880`07c5d730 fffff800`02f54289 : 00000000`00000000 00000000`007aecb0 fffffa80`09288b00 fffffa80`082ed901 : nt!ObInsertObjectEx+0x1e2
fffff880`07c5d980 fffff800`02f544bd : fffffa80`09288b60 fffff880`00000008 00000000`00000000 00000000`007aed58 : nt!NtOpenThreadTokenEx+0x379
fffff880`07c5daa0 fffff800`02c7ff93 : fffffa80`09288b60 00000000`007aed58 00000000`00000000 fffffa80`08312960 : nt!NtOpenThreadToken+0x11
fffff880`07c5dae0 00000000`7787155a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`007aec28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7787155a
FOLLOWUP_IP:
nt!RtlpNewSecurityObject+d6
fffff800`02f8e326 0000 add byte ptr [rax],al
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!RtlpNewSecurityObject+d6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b
STACK_COMMAND: .cxr 0xfffff88007c5ca50 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!RtlpNewSecurityObject+d6
BUCKET_ID: X64_0x3B_nt!RtlpNewSecurityObject+d6
Followup: MachineOwner
---------