Two of our customers had blue screen errors occur on some of their computers after installing our program.
This problem only occurred on Windows 10 without affecting other operating systems for both companies.
After analyzing the minidump file from the customer using windbg, the results pointed to “conhost.exe” as the source of the error.
We would like to know if there is a problem when injecting to conhost.exe.
The results are as follows.
Code: Select all
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: conhost.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff8006e793469 to fffff8006e780c50
STACK_TEXT:
fffff800`70bdcd08 fffff800`6e793469 : 00000000`0000007f 00000000`00000008 fffff800`70bdce50 ffffc901`60120fd0 : nt!KeBugCheckEx
fffff800`70bdcd10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8006e641865 - nt!MiMakeProtoLeafValid+4d
[ 80:00 ]
fffff8006e68b4ff-fffff8006e68b500 2 bytes - nt!MiCompletePrivateZeroFault+95f (+0x49c9a)
[ 80 fa:00 ad ]
fffff8006e6b7620 - nt!MiUpdatePrefetchPriority+30 (+0x2c121)
[ 80:00 ]
fffff8006e6eb743 - nt!MiReleasePtes+373 (+0x34123)
[ 80:00 ]
fffff8006e6eb7ce - nt!MiInsertCachedPte+4e (+0x8b)
[ 80:00 ]
fffff8006e6eb7ee - nt!MiInsertCachedPte+6e (+0x20)
[ ff:7f ]
fffff8006e6ec156-fffff8006e6ec157 2 bytes - nt!MiMapArbitraryPage+36 (+0x968)
[ 80 fa:00 ad ]
fffff8006e77c782 - nt!MiReadWriteAnyLevelShadowPte+6a (+0x9062c)
[ 80:00 ]
10 errors : !nt (fffff8006e641865-fffff8006e77c782)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
Followup: memory_corruption
---------
0: kd> lm
start end module name
ffffdd96`48a00000 ffffdd96`48d93000 win32kfull (deferred)
ffffdd96`48da0000 ffffdd96`48fa5000 win32kbase (deferred)
ffffdd96`48fc0000 ffffdd96`48fca000 TSDDD (deferred)
ffffdd96`48fd0000 ffffdd96`49011000 cdd (deferred)
ffffdd96`49740000 ffffdd96`497b4000 win32k (pdb symbols) C:\WinDDK\7600.16385.1\Debuggers\sym\win32k.pdb\47CCBA45EC8F4E1835B719A034F21B541\win32k.pdb
fffff800`6e603000 fffff800`6ee93000 nt (private pdb symbols) C:\WinDDK\7600.16385.1\Debuggers\sym\ntkrnlmp.pdb\2980EE566EE240BAA4CC403AB766D2651\ntkrnlmp.pdb
fffff800`6ee93000 fffff800`6ef0f000 hal (deferred)
fffff800`6f000000 fffff800`6f00b000 kd (deferred)
fffff800`6f099000 fffff800`6f0a5000 HalExtIntcLpioDma (deferred)
fffff803`10e00000 fffff803`10e65000 CLFS (deferred)
fffff803`10e70000 fffff803`10e95000 tm (deferred)
fffff803`10ea0000 fffff803`10eb7000 PSHED (deferred)
fffff803`10ec0000 fffff803`10ecb000 BOOTVID (deferred)
fffff803`10ed0000 fffff803`10f35000 FLTMGR (deferred)
fffff803`10f40000 fffff803`11020000 clipsp (deferred)
fffff803`11020000 fffff803`1102e000 cmimcext (deferred)
fffff803`11030000 fffff803`1103c000 ntosext (deferred)
fffff803`11040000 fffff803`110e8000 CI (deferred)
fffff803`110f0000 fffff803`11192000 cng (deferred)
fffff803`111a0000 fffff803`1127e000 Wdf01000 (deferred)
fffff803`11280000 fffff803`11293000 WDFLDR (deferred)
fffff803`112a0000 fffff803`112ae000 SleepStudyHelper (deferred)
fffff803`112b0000 fffff803`112d3000 acpiex (deferred)
fffff803`112e0000 fffff803`112ee000 WppRecorder (deferred)
fffff803`112f0000 fffff803`113a7000 ACPI (deferred)
fffff803`113b0000 fffff803`113bc000 WMILIB (deferred)
fffff803`113c0000 fffff803`113d7000 intelpep (deferred)
fffff803`113e0000 fffff803`113f6000 WindowsTrustedRT (deferred)
fffff803`11400000 fffff803`1140b000 WindowsTrustedRTProxy (deferred)
fffff803`11410000 fffff803`11423000 pcw (deferred)
fffff803`11430000 fffff803`1143b000 msisadrv (deferred)
fffff803`11440000 fffff803`1149b000 pci (deferred)
fffff803`114a0000 fffff803`114b2000 vdrvroot (deferred)
fffff803`114c0000 fffff803`114e3000 pdc (deferred)
fffff803`114f0000 fffff803`11508000 CEA (deferred)
fffff803`11510000 fffff803`1153b000 partmgr (deferred)
fffff803`11540000 fffff803`115d4000 spaceport (deferred)
fffff803`115e0000 fffff803`115f9000 volmgr (deferred)
fffff803`11600000 fffff803`1165e000 volmgrx (deferred)
fffff803`11660000 fffff803`1167e000 mountmgr (deferred)
fffff803`11860000 fffff803`118ee000 mcupdate_GenuineIntel (deferred)
fffff803`118f0000 fffff803`1194f000 msrpc (deferred)
fffff803`11950000 fffff803`11979000 ksecdd (deferred)
fffff803`11980000 fffff803`11991000 werkernel (deferred)
fffff803`11a00000 fffff803`11a3b000 Wof (deferred)
fffff803`11a40000 fffff803`11c83000 NTFS (deferred)
fffff803`11c90000 fffff803`11c9d000 Fs_Rec (deferred)
fffff803`11ca0000 fffff803`11dd5000 ndis (deferred)
fffff803`11de0000 fffff803`11e65000 NETIO (deferred)
fffff803`11e70000 fffff803`11ea0000 ksecpkg (deferred)
fffff803`11ea0000 fffff803`12139000 tcpip (deferred)
fffff803`12140000 fffff803`121aa000 fwpkclnt (deferred)
fffff803`121b0000 fffff803`121dc000 wfplwfs (deferred)
fffff803`121e0000 fffff803`12295000 fvevol (deferred)
fffff803`122a0000 fffff803`122ab000 volume (deferred)
fffff803`122b0000 fffff803`12314000 volsnap (deferred)
fffff803`12320000 fffff803`1236c000 rdyboost (deferred)
fffff803`12370000 fffff803`12394000 mup (deferred)
fffff803`123a0000 fffff803`123b1000 iorate (deferred)
fffff803`123d0000 fffff803`123ee000 disk (deferred)
fffff803`123f0000 fffff803`12455000 CLASSPNP (deferred)
fffff803`12480000 fffff803`1249b000 crashdmp (deferred)
fffff803`124c0000 fffff803`124c8000 PantaProc64 (deferred)
fffff803`124d0000 fffff803`124e1000 PantaFS64 (deferred)
fffff803`124f0000 fffff803`12505000 PantaFF64 (deferred)
fffff803`12510000 fffff803`12522000 nsiproxy (deferred)
fffff803`12530000 fffff803`1253f000 npsvctrig (deferred)
fffff803`12540000 fffff803`12550000 mssmbios (deferred)
fffff803`12550000 fffff803`1255a000 gpuenergydrv (deferred)
fffff803`12560000 fffff803`1258b000 dfsc (deferred)
fffff803`125b0000 fffff803`125d8000 cbfltfs (deferred)
fffff803`125e0000 fffff803`12621000 ahcache (deferred)
fffff803`12630000 fffff803`12641000 CompositeBus (deferred)
fffff803`12650000 fffff803`1265d000 kdnic (deferred)
fffff803`12660000 fffff803`12675000 umbus (deferred)
fffff803`12680000 fffff803`12693000 CAD (deferred)
fffff803`126a0000 fffff803`126d9000 ucx01000 (deferred)
fffff803`126e0000 fffff803`1270f000 TeeDriverW8x64 (deferred)
fffff803`127a0000 fffff803`12d12000 iaStorA (deferred)
fffff803`12d20000 fffff803`12daa000 storport (deferred)
fffff803`12db0000 fffff803`12dcc000 EhStorClass (deferred)
fffff803`12dd0000 fffff803`12dea000 fileinfo (deferred)
fffff803`13600000 fffff803`1362f000 klb64mkd (deferred)
fffff803`13630000 fffff803`13650000 HSBDrv64 (deferred)
fffff803`13650000 fffff803`1365f000 AHAWKENT_fffff80313650000 (deferred)
fffff803`13660000 fffff803`1368e000 TfFRegNt_fffff80313660000 (deferred)
fffff803`13690000 fffff803`1378a000 MeDCoreD (deferred)
fffff803`13790000 fffff803`137a0000 ESCAW64 (deferred)
fffff803`137a0000 fffff803`137ae000 asyncmac (deferred)
fffff803`137b0000 fffff803`137c6000 NDProxy (deferred)
fffff803`137d0000 fffff803`137e5000 np_ck64s (deferred)
fffff803`137f0000 fffff803`137fb000 noskp64 (deferred)
fffff803`13800000 fffff803`1381e000 iMonProcMonX641016 (deferred)
fffff803`13820000 fffff803`13857000 TKCtrl2k64 (deferred)
fffff803`13860000 fffff803`1386b000 TKTool2k64 (deferred)
fffff803`13870000 fffff803`1388e000 iMonDefenceX64 (deferred)
fffff803`13bc0000 fffff803`13bee000 cdrom (deferred)
fffff803`13bf0000 fffff803`13f3f000 ascrts (deferred)
fffff803`13f40000 fffff803`13f54000 filecrypt (deferred)
fffff803`13f60000 fffff803`13f6d000 tbs (deferred)
fffff803`13f70000 fffff803`13ff0000 TSFLTDRV (deferred)
fffff803`13ff0000 fffff803`14045000 ATamptNt (deferred)
fffff803`14050000 fffff803`14068000 AhnRghNt (deferred)
fffff803`14070000 fffff803`140c9000 ATamptNt_fffff80314070000 (deferred)
fffff803`140d0000 fffff803`140de000 SGResFlt64 (deferred)
fffff803`140e0000 fffff803`140ea000 Null (deferred)
fffff803`140f0000 fffff803`140fa000 Beep (deferred)
fffff803`14100000 fffff803`14115000 BasicDisplay (deferred)
fffff803`14120000 fffff803`14134000 watchdog (deferred)
fffff803`14140000 fffff803`1439a000 dxgkrnl (deferred)
fffff803`143a0000 fffff803`143ba000 vmbkmclr (deferred)
fffff803`143c0000 fffff803`143d0000 BasicRender (deferred)
fffff803`143d0000 fffff803`143e9000 Npfs (deferred)
fffff803`143f0000 fffff803`14400000 Msfs (deferred)
fffff803`14400000 fffff803`14422000 tdx (deferred)
fffff803`14430000 fffff803`14440000 TDI (deferred)
fffff803`14440000 fffff803`14492000 netbt (deferred)
fffff803`144a0000 fffff803`14515000 rdbss (deferred)
fffff803`14520000 fffff803`1452b000 PantaReg64 (deferred)
fffff803`14530000 fffff803`14576000 srvnet (deferred)
fffff803`14580000 fffff803`14638000 srv2 (deferred)
fffff803`14640000 fffff803`1468e000 mrxsmb10 (deferred)
fffff803`14690000 fffff803`14756000 peauth (deferred)
fffff803`14760000 fffff803`147ed000 srv (deferred)
fffff803`147f0000 fffff803`14802000 condrv (deferred)
fffff803`14810000 fffff803`14816000 ImageSAFERDrv64 (deferred)
fffff803`14840000 fffff803`14854000 TENXWGuard64 (deferred)
fffff803`14860000 fffff803`14877000 Cdm2DrNt (deferred)
fffff803`14880000 fffff803`14887000 TEWEBPROECT (deferred)
fffff803`14890000 fffff803`148ae000 NASCA64 (deferred)
fffff803`148b0000 fffff803`148bf000 AHAWKENT (deferred)
fffff803`148c0000 fffff803`148ee000 TfFRegNt (deferred)
fffff803`148f0000 fffff803`14920000 tunnel (deferred)
fffff803`14920000 fffff803`14975000 ATamptNt_fffff80314920000 (deferred)
fffff803`14980000 fffff803`14989000 TKFsFt64 (deferred)
fffff803`14990000 fffff803`149a4000 TKPcFtCb64 (deferred)
fffff803`149b0000 fffff803`149ee000 TKFsAv64 (deferred)
fffff803`149f0000 fffff803`14a07000 TKRgFtXp64 (deferred)
fffff803`14a10000 fffff803`14a32000 TKRgAc2k64 (deferred)
fffff803`14a40000 fffff803`14a4d000 WSDPrint (deferred)
fffff803`14a50000 fffff803`14a5d000 WSDScan (deferred)
fffff803`14a60000 fffff803`14a92000 Mkd3kfNt (deferred)
fffff803`14ab0000 fffff803`14b4b000 afd (deferred)
fffff803`14b50000 fffff803`14b5b000 TKFWFV64 (deferred)
fffff803`14b60000 fffff803`14b7a000 vwififlt (deferred)
fffff803`14b80000 fffff803`14ba9000 pacer (deferred)
fffff803`14bb0000 fffff803`14bc2000 netbios (deferred)
fffff803`14bd0000 fffff803`14bef000 SDiskWindows10 (deferred)
fffff803`14bf0000 fffff803`14bff000 PantaVDisk64 (deferred)
fffff803`15400000 fffff803`15467000 ks (deferred)
fffff803`15470000 fffff803`154d4000 USBXHCI (deferred)
fffff803`154e0000 fffff803`154e8000 SSPORT (deferred)
fffff803`154f0000 fffff803`15cb2000 igdkmd64 (deferred)
fffff803`15cc0000 fffff803`15d1c000 fastfat (deferred)
fffff803`15d20000 fffff803`15d3d000 HDAudBus (deferred)
fffff803`15d40000 fffff803`15da3000 portcls (deferred)
fffff803`15db0000 fffff803`15dd1000 drmk (deferred)
fffff803`15de0000 fffff803`15df3000 tcpipreg (deferred)
fffff803`15e00000 fffff803`15ed9000 rt640x64 (deferred)
fffff803`15ee0000 fffff803`15f02000 i8042prt (deferred)
fffff803`15f10000 fffff803`15f23000 kbdclass (deferred)
fffff803`15f30000 fffff803`15f3d000 iaLPSSi_GPIO (deferred)
fffff803`15f40000 fffff803`15f6d000 msgpioclx (deferred)
fffff803`15f70000 fffff803`15f92000 iaLPSSi_I2C (deferred)
fffff803`15fa0000 fffff803`15fb9000 SpbCx (deferred)
fffff803`15fc0000 fffff803`15fcc000 wmiacpi (deferred)
fffff803`15fd0000 fffff803`16008000 intelppm (deferred)
fffff803`16010000 fffff803`1601b000 acpipagr (deferred)
fffff803`16020000 fffff803`1602e000 CmBatt (deferred)
fffff803`16030000 fffff803`1603e000 BATTC (deferred)
fffff803`16040000 fffff803`1604d000 UEFI (deferred)
fffff803`16050000 fffff803`1605d000 NdisVirtualBus (deferred)
fffff803`16060000 fffff803`1606c000 swenum (deferred)
fffff803`16070000 fffff803`1607d000 rdpbus (deferred)
fffff803`16080000 fffff803`1610c000 UsbHub3 (deferred)
fffff803`16110000 fffff803`1611e000 USBD (deferred)
fffff803`16120000 fffff803`16134000 hidi2c (deferred)
fffff803`16140000 fffff803`1614b000 mshidkmdf (deferred)
fffff803`16150000 fffff803`16183000 HIDCLASS (deferred)
fffff803`16190000 fffff803`161a2000 HIDPARSE (deferred)
fffff803`161b0000 fffff803`161bf000 mouhid (deferred)
fffff803`161c0000 fffff803`161d3000 mouclass (deferred)
fffff803`161e0000 fffff803`161ec000 MTConfig (deferred)
fffff803`161f0000 fffff803`162a3000 dxgmms2 (deferred)
fffff803`162b0000 fffff803`162b9b00 ezusb (deferred)
fffff803`162c0000 fffff803`162da000 rspndr (deferred)
fffff803`162e0000 fffff803`162fb000 wanarp (deferred)
fffff803`16300000 fffff803`16316000 ndisuio (deferred)
fffff803`16320000 fffff803`163ac000 nwifi (deferred)
fffff803`163b0000 fffff803`164c5000 HTTP (deferred)
fffff803`164d0000 fffff803`164f1000 bowser (deferred)
fffff803`16500000 fffff803`1651a000 mpsdrv (deferred)
fffff803`16520000 fffff803`1659b000 mrxsmb (deferred)
fffff803`165a0000 fffff803`165dd000 mrxsmb20 (deferred)
fffff803`165e0000 fffff803`165f1000 vwifimp (deferred)
fffff803`16600000 fffff803`16633000 AMonCDW8 (deferred)
fffff803`16640000 fffff803`1664d000 f_npm (deferred)
fffff803`16650000 fffff803`16664000 mmcss (deferred)
fffff803`16670000 fffff803`168fa000 Qcamain10x64 (deferred)
fffff803`16900000 fffff803`169c0000 wdiwifi (deferred)
fffff803`169c0000 fffff803`169ce000 vwifibus (deferred)
fffff803`169d0000 fffff803`169f6000 Ndu (deferred)
fffff803`16a00000 fffff803`16a0e000 ksthunk (deferred)
fffff803`16a10000 fffff803`16a19000 spsm245usb2g_64b (deferred)
fffff803`16a20000 fffff803`16a3a000 mslldp (deferred)
fffff803`16a40000 fffff803`16a5e000 ESCORT64 (deferred)
fffff803`16a60000 fffff803`16a76000 lltdio (deferred)
fffff803`16a80000 fffff803`16a88000 f_ih (deferred)
fffff803`16a90000 fffff803`16ac1000 usbccgp (deferred)
fffff803`16ad0000 fffff803`16ade000 nosku64 (deferred)
fffff803`16ae0000 fffff803`16b04000 Mkd2Nadr (deferred)
fffff803`16b10000 fffff803`16b22000 hidusb (deferred)
fffff803`16b30000 fffff803`16b3a000 JRSUKD25 (deferred)
fffff803`16b40000 fffff803`16b50000 kbdhid (deferred)
fffff803`16b50000 fffff803`170c2000 dump_iaStorA (deferred)
fffff803`170f0000 fffff803`170fb000 registry (deferred)
fffff803`17110000 fffff803`1711f000 dump_diskdump (deferred)
fffff803`176a0000 fffff803`176bd000 dump_dumpfve (deferred)
fffff803`176c0000 fffff803`176d1000 monitor (deferred)
fffff803`176e0000 fffff803`17706000 luafv (deferred)
fffff803`17710000 fffff803`17736000 wcifs (deferred)
fffff803`17740000 fffff803`17759000 storqosflt (deferred)
fffff803`17760000 fffff803`17bf9000 RTKVHD64 (deferred)
Unloaded modules:
fffff803`14820000 fffff803`1483e000 iMonDefenceX
fffff803`16a20000 fffff803`16a3e000 ESCORT64.SYS
fffff803`16a10000 fffff803`16a87000 IntcDAud.sys
fffff803`17740000 fffff803`1774b000 cldflt.sys
fffff803`124b0000 fffff803`124bf000 dump_storpor
fffff803`13600000 fffff803`13b72000 dump_iaStorA
fffff803`13ba0000 fffff803`13bbd000 dump_dumpfve
fffff803`12590000 fffff803`125b0000 dam.sys
fffff803`123c0000 fffff803`123cf000 hwpolicy.sys
Is it also possible to check if there is a problem with conhost.exe using madcodeHook?
The two dump files have been uploaded as well.
Thank you for your help.