Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Master\Desktop\080317-4093-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is:
Windows 7 Kernel Version 14393 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.1480.amd64fre.rs1_release.170706-2004
Machine Name:
Kernel base = 0xfffff803`07a1b000 PsLoadedModuleList = 0xfffff803`07d1a040
Debug session time: Thu Aug 3 12:47:27.688 2017 (UTC + 8:00)
System Uptime: 0 days 18:30:48.463
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80307e4ecc5, ffffa781777cfe20, 0}
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80307e4ecc5, Address of the instruction which caused the bugcheck
Arg3: ffffa781777cfe20, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p
FAULTING_IP:
nt!RtlIsValidProcessTrustLabelSid+1d
fffff803`07e4ecc5 80790102 cmp byte ptr [rcx+1],2
CONTEXT: ffffa781777cfe20 -- (.cxr 0xffffa781777cfe20)
rax=ffff65799b7be7d9 rbx=ffffa781777d09e0 rcx=0000020000000000
rdx=0000020000000000 rsi=ffff93094ddb7340 rdi=ffff930940187060
rip=fffff80307e4ecc5 rsp=ffffa781777d0820 rbp=ffffa781777d08f9
r8=0000000000000000 r9=ffffa781777d08a1 r10=0000020000000000
r11=0000000000000000 r12=0000000000000000 r13=ffff930940187060
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!RtlIsValidProcessTrustLabelSid+0x1d:
fffff803`07e4ecc5 80790102 cmp byte ptr [rcx+1],2 ds:002b:00000200`00000001=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80307e4ecc5
STACK_TEXT:
ffffa781`777d0820 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlIsValidProcessTrustLabelSid+0x1d
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff80307a6d1f4-fffff80307a6d1f5 2 bytes - nt!MiCompletePrivateZeroFault+44
[ 80 f6:00 d6 ]
fffff80307b2e2dd-fffff80307b2e2de 2 bytes - nt!MiPurgeZeroList+6d (+0xc10e9)
[ 80 fa:00 bc ]
fffff80307c63387-fffff80307c63389 3 bytes - nt!ExFreePoolWithTag+387
[ 40 fb f6:00 6b d6 ]
7 errors : !nt (fffff80307a6d1f4-fffff80307c63389)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xffffa781777cfe20 ; kb
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
Followup: memory_corruption
---------