What about this nice one ?
Userland context is WerFault.exe
(WER = Windows Error Reporting)
PS. I promise, there won't be only BSoD during MOVB ;)
1: kd> !analyze -v
*******************************************************************************
Bugcheck Analysis *******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8c2c5881, The address that the exception occurred at
Arg3: b30b3c04, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005
FAULTING_IP: win32k+c5881 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch]
TRAP_FRAME: b30b3c04 -- (.trap 0xffffffffb30b3c04)
ErrCode = 00000000 eax=00000000 ebx=000000c0 ecx=ffa6e8e0 edx=00000000 esi=00000000 edi=00000000 eip=8c2c5881 esp=b30b3c78 ebp=b30b3c88 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 win32k+0xc5881: 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch] ds:0023:0000002c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8c2cdf9c to 8c2c5881
STACK_TEXT:
b30b3c88 8c2cdf9c 00000000 00000000 00000010 win32k!HMAllocObject+0x27
b30b3cac 8c2b4fd6 00000000 00000000 000088b8 win32k!InternalSetTimer+0x86
b30b3cc8 8c2a68a2 00000000 000088b8 8c286d62 win32k!SetRITTimer+0x22
b30b3ce0 8c2bc1fe ffabce50 ffabce50 ffabce50 win32k!SetAppStarting+0x3d
b30b3d00 8c2bc00e 00000000 ffabce50 8445d410 win32k!xxxInitProcessInfo+0xaa
b30b3d24 8c2bbfa7 ffabce50 00000001 8445d410 win32k!xxxUserProcessCallout+0x1f
b30b3d40 81e19337 83851438 00000001 81d31b10 win32k!W32pProcessCallout+0x43
b30b3d4c 81d31b10 8445d410 81c8c62e 000010e4 nt!PsConvertToGuiThread+0x47
b30b3d64 77640f34 badb0d00 0019ee54 00000000 nt!KeServiceDescriptorTable+0x10
WARNING: Frame IP not in any known module. Following frames may be wrong.
b30b3d68 badb0d00 0019ee54 00000000 00000000 0x77640f34
b30b3d6c 0019ee54 00000000 00000000 00000000 0xbadb0d00
b30b3d70 00000000 00000000 00000000 00000000 0x19ee54
STACK_COMMAND: kb
FOLLOWUP_IP: win32k+c5881 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d3cc1d
SYMBOL_NAME: win32k+c5881
FAILURE_BUCKET_ID: 0x8E_win32k+c5881
BUCKET_ID: 0x8E_win32k+c5881
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment