64bit sys BSOD check plz.
Posted: Mon Jul 24, 2017 7:31 am
hello madshi,
sorry minidump...
version : madCodeHook 3.1.16
module name : jshkdrv.sys == renameme64.sys
Can you check?
thanks.
sorry minidump...
version : madCodeHook 3.1.16
module name : jshkdrv.sys == renameme64.sys
Can you check?
thanks.
Code: Select all
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, fffff80197151e70, ffffb200b2e4ffd0, fffff80198053d40}
*** WARNING: Unable to verify timestamp for jshkdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for jshkdrv.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: fffff80197151e70
Arg3: ffffb200b2e4ffd0
Arg4: fffff80198053d40
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 15063.0.amd64fre.rs2_release.170317-1834
SYSTEM_MANUFACTURER: Hewlett-Packard
SYSTEM_PRODUCT_NAME: HP ProDesk 400 G2 MT
SYSTEM_SKU: G3V26AV
BIOS_VENDOR: Hewlett-Packard
BIOS_VERSION: L02 v02.36
BIOS_DATE: 11/05/2014
BASEBOARD_MANUFACTURER: Hewlett-Packard
BASEBOARD_PRODUCT: 198E
DUMP_TYPE: 2
BUGCHECK_P1: 8
BUGCHECK_P2: fffff80197151e70
BUGCHECK_P3: ffffb200b2e4ffd0
BUGCHECK_P4: fffff80198053d40
BUGCHECK_STR: 0x7f_8
TRAP_FRAME: fffff80197151e70 -- (.trap 0xfffff80197151e70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffc784800373a0
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80198053d40 rsp=ffffb200b2e4ffd0 rbp=ffffb200b2e50039
r8=ffffb200b2e50038 r9=0000000000000000 r10=00007ffffffeffff
r11=fffff801981919a3 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiAbProcessContextSwitch+0x120:
fffff801`98053d40 e8ab160000 call nt!KiAbEntryGetLockedHeadEntry (fffff801`980553f0)
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: cdc
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: conhost.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-3DKN04D
ANALYSIS_SESSION_TIME: 07-24-2017 16:22:48.0454
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
EXCEPTION_RECORD: ffffb200b2e519d0 -- (.exr 0xffffb200b2e519d0)
ExceptionAddress: 00007ff5e1647000
ExceptionCode: 00000002
ExceptionFlags: 00000000
NumberParameters: -136
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Parameter[2]: 0000000000000000
Parameter[3]: 0000000000000000
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: fffff80198194e57
Parameter[14]: 0000000000000000
STACK_OVERFLOW: Stack Limit: ffffb200b2e50000. Use (kF) and (!stackusage) to investigate stack usage.
LAST_CONTROL_TRANSFER: from fffff801981968a9 to fffff8019818b4c0
STACK_TEXT:
fffff801`97151d28 fffff801`981968a9 : 00000000`0000007f 00000000`00000008 fffff801`97151e70 ffffb200`b2e4ffd0 : nt!KeBugCheckEx
fffff801`97151d30 fffff801`981946f3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff801`97151e70 fffff801`98053d40 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb3
ffffb200`b2e4ffd0 fffff801`981904a5 : 005c0073`00650063 005c0070`00000000 006f0073`00000000 00650063`00000000 : nt!KiAbProcessContextSwitch+0x120
ffffb200`b2e500a0 fffff801`9818ec9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxDispatchInterrupt+0xb5
ffffb200`b2e501e0 fffff801`9804b42d : ffffb200`b2e56000 ffffb200`b2e50470 ffffb200`b2e50bd0 00000000`00000000 : nt!KiDpcInterrupt+0xca
ffffb200`b2e50370 fffff801`98175472 : fffff801`98325464 00000000`00000001 ffffb200`b2e51bf0 ffffb200`b2e56000 : nt!RtlUnwindEx+0x11d
ffffb200`b2e50a40 fffff801`9819199d : 00000000`00000000 ffffb200`b2e50be0 00000000`00000000 00000000`00000000 : nt!_C_specific_handler+0xe2
ffffb200`b2e50ab0 fffff801`9804ad94 : ffffb200`b2e51200 ffffb200`b2e50be0 00000000`00000000 00000000`00000000 : nt!RtlpExecuteHandlerForException+0xd
ffffb200`b2e50ae0 fffff801`98049b36 : ffffb200`b2e519b8 ffffb200`b2e51700 ffffb200`b2e519b8 ffffb200`b2e519b8 : nt!RtlDispatchException+0x404
ffffb200`b2e511d0 fffff801`9819698e : ffffb200`b2e519d0 00000000`00000000 ffffc784`80694580 00000000`00000000 : nt!KiDispatchException+0x1f6
ffffb200`b2e51880 fffff801`98194e57 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xce
ffffb200`b2e51a60 fffff801`98127b42 : ffffffff`00000420 fffff801`9805f03e ffff98cc`662ffeb8 ffff98cc`663317f8 : nt!KiPageFault+0x217
ffffb200`b2e51bf0 fffff801`980db97c : ffff98bf`faf0b238 ffff98bf`00000018 ffffffff`ffffffff ffffc784`80694580 : nt!MiMakeProtoLeafValid+0x7a
ffffb200`b2e51c70 fffff801`984f6be9 : 00007ff5`e1647000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!MiSplitPrivatePage+0x2fc
ffffb200`b2e51d30 fffff801`984f6a65 : 00007ff5`e1647000 ffffc784`79ec5e08 00000000`00000280 00007ff5`e1647000 : nt!MiCopyToCfgBitMap+0x129
ffffb200`b2e51e00 fffff801`984f6134 : ffffc784`80037400 fffff801`98082059 00007ff8`5d9ca000 fffff801`980782a9 : nt!MiPopulateCfgBitMap+0xb1
ffffb200`b2e51e90 fffff801`984ace45 : 00000000`00002000 fffff801`9807891b 00000000`0000a000 ffffc784`7dc59550 : nt!MiMarkPrivateOpenCfgBits+0x30
ffffb200`b2e51ed0 fffff801`984d6d81 : 00000000`00000002 ffffb200`b2e52280 00000000`00000000 00000000`00002000 : nt!MiCommitVadCfgBits+0x175
ffffb200`b2e51f10 fffff801`984d6390 : ffffc784`80037080 fffff801`984ab8c1 00000000`00000000 00000000`00000000 : nt!MiAllocateVirtualMemory+0x9e1
ffffb200`b2e52130 fffff801`98196413 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtAllocateVirtualMemory+0x40
ffffb200`b2e52190 fffff801`9818e6a0 : fffff800`908c7b76 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
ffffb200`b2e52398 fffff800`908c7b76 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
ffffb200`b2e523a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00002000 : jshkdrv+0x7b76
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8019805f052 - nt!MiIsAddressValid+c2
[ f6:98 ]
fffff8019805f0e4 - nt!MmUnmapLockedPages+74 (+0x92)
[ f6:98 ]
fffff801980b0b54 - nt!MiGetPage+a4 (+0x51a70)
[ fa:fb ]
fffff801980b1558 - nt!MiCompletePrivateZeroFault+518 (+0xa04)
[ f6:98 ]
fffff801980b1568 - nt!MiCompletePrivateZeroFault+528 (+0x10)
[ fa:fb ]
fffff80198127b16 - nt!MiMakeProtoLeafValid+4e (+0x765ae)
[ f6:98 ]
fffff8019829f384-fffff8019829f385 2 bytes - nt!ExFreePoolWithTag+364
[ fb f6:cc 98 ]
8 errors : !nt (fffff8019805f052-fffff8019829f385)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
TARGET_TIME: 2017-07-24T07:12:03.000Z
OSBUILD: 15063
OSSERVICEPACK: 483
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-07-07 15:06:35
BUILDDATESTAMP_STR: 170317-1834
BUILDLAB_STR: rs2_release
BUILDOSVER_STR: 10.0.15063.0.amd64fre.rs2_release.170317-1834
ANALYSIS_SESSION_ELAPSED_TIME: 19a4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption