Crash Dump Analysis Patterns (Part 60c)
Sunday, October 3rd, 2021This part is a kernel space counterpart to unmanaged user space Execution Residue. We get the boundaries of the stack region from the output of !thread command:
THREAD ffff9a8e065f7080 Cid 1e7c.1e80 Teb: 000000ce1b0a7000 Win32Thread: ffff9a8e064c9a60 RUNNING on processor 1
IRP List:
ffff9a8e05e8f960: (0006,0118) Flags: 00060000 Mdl: 00000000
Not impersonating
DeviceMap ffffaa81e3622e30
Owning Process ffff9a8e06992080 Image: process.exe
Attached Process N/A Image: N/A
Wait Start TickCount 7953 Ticks: 1 (0:00:00:00.015)
Context Switch Count 1386 IdealProcessor: 1
UserTime 00:00:00.046
KernelTime 00:00:00.078
Win32 Start Address 0x00007ff79e985384
Stack Init ffffce833784cfd0 Current ffffce833784c690
Base ffffce833784d000 Limit ffffce8337847000 Call 0000000000000000
Priority 12 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
0: kd> dps ffffce8337847000 ffffce833784d000
[…]
ffffce83`3784b720 ffffffff`c0000000
ffffce83`3784b728 00000000`00040000
ffffce83`3784b730 fffff801`7e6f3b90 nt!HvlGetEncryptedData
ffffce83`3784b738 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784b740 00000000`00000000
ffffce83`3784b748 00000000`00000001
ffffce83`3784b750 fffff801`860d0b70 crashdmp!Context+0×50
ffffce83`3784b758 fffff801`860c695c crashdmp!DumpWrite+0×474
ffffce83`3784b760 fffff801`860d0b70 crashdmp!Context+0×50
ffffce83`3784b768 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784b770 00000000`50404286
ffffce83`3784b778 00000000`00002000
ffffce83`3784b780 00000000`0001f900
ffffce83`3784b788 fffff801`860cc123 crashdmp!CrashdmpTelemetrySaveEnvironmentVariable+0×5f
ffffce83`3784b790 ffff785d`5e18d8e1
ffffce83`3784b798 fffff801`860c290d crashdmp!CheckContextIntegrity+0×6d
ffffce83`3784b7a0 ffffffff`c0000005
ffffce83`3784b7a8 ffff9a8e`065f7080
ffffce83`3784b7b0 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784b7b8 00000000`0000001e
ffffce83`3784b7c0 00000000`00000000
ffffce83`3784b7c8 fffff801`860c50d6 crashdmp!CrashdmpWrite+0×1f6
ffffce83`3784b7d0 00000000`00000000
ffffce83`3784b7d8 ffffce83`3784b900
ffffce83`3784b7e0 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784b7e8 00000000`00000000
ffffce83`3784b7f0 00000000`00000000
ffffce83`3784b7f8 fffff801`7e6fdf0e nt!IoWriteCrashDump+0×53e
ffffce83`3784b800 ffffce83`3784bae0
ffffce83`3784b808 ffffce83`3784b900
ffffce83`3784b810 ffffce83`3784bae0
ffffce83`3784b818 00000000`00000000
ffffce83`3784b820 0067006f`00720050
ffffce83`3784b828 00730073`00650072
ffffce83`3784b830 00540050`00450000
ffffce83`3784b838 005f004e`004f0000
ffffce83`3784b840 00000000`00000000
ffffce83`3784b848 00000000`00000000
ffffce83`3784b850 00000000`00000000
ffffce83`3784b858 00000000`00000000
ffffce83`3784b860 ffff3902`484e7864
ffffce83`3784b868 fffff801`7e5c6b1a nt!IopIsAddressRangeValid+0×3e
ffffce83`3784b870 00000000`00c33a01
ffffce83`3784b878 00000000`00000008
ffffce83`3784b880 00000000`00000000
ffffce83`3784b888 00000000`00140000
ffffce83`3784b890 ffff9a8e`00f04038
ffffce83`3784b898 00000dff`00000000
ffffce83`3784b8a0 00000000`00000000
ffffce83`3784b8a8 ffff9a8e`065f7080
ffffce83`3784b8b0 ffffffff`c0000005
ffffce83`3784b8b8 fffff801`7e6fd6d0 nt!IoSetDumpRange
ffffce83`3784b8c0 fffff801`7e6fd060 nt!IoFreeDumpRange
ffffce83`3784b8c8 ffffce83`3784b888
ffffce83`3784b8d0 ffff9a8e`00f04000
ffffce83`3784b8d8 00000000`00000000
ffffce83`3784b8e0 00000000`00000000
ffffce83`3784b8e8 ffffffff`c0000005
ffffce83`3784b8f0 00000000`00000000
ffffce83`3784b8f8 00000000`00000008
ffffce83`3784b900 00000000`00000000
ffffce83`3784b908 ffff3902`484e7824
ffffce83`3784b910 00000000`0000001e
ffffce83`3784b918 ffff9a8e`065f7080
ffffce83`3784b920 00000000`00000001
ffffce83`3784b928 00000000`00000000
ffffce83`3784b930 00000000`00000003
ffffce83`3784b938 ffffd581`211c3180
ffffce83`3784b940 00000000`00000001
ffffce83`3784b948 00000000`00000000
ffffce83`3784b950 ffffce83`3784ba60
ffffce83`3784b958 fffff801`7e712456 nt!KeBugCheck2+0xca6
ffffce83`3784b960 00000000`00000001
ffffce83`3784b968 ffff9a8e`032bc000
ffffce83`3784b970 fffff801`7ee31a00 nt!KeBugCheckReasonCallbackListHead
ffffce83`3784b978 fffff801`7ee31a00 nt!KeBugCheckReasonCallbackListHead
ffffce83`3784b980 00000000`00000000
ffffce83`3784b988 ffffce83`3784bae0
ffffce83`3784b990 ffff9a8e`065f7080
ffffce83`3784b998 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784b9a0 ffffce83`3784c000
ffffce83`3784b9a8 00000000`00000000
ffffce83`3784b9b0 00000101`01000001
ffffce83`3784b9b8 ffff9a8e`065f7080
ffffce83`3784b9c0 00000000`0000001e
ffffce83`3784b9c8 00000000`00000000
ffffce83`3784b9d0 00000000`0000000f
ffffce83`3784b9d8 fffff801`7caf2100
ffffce83`3784b9e0 00000000`00000000
ffffce83`3784b9e8 00000000`00000000
ffffce83`3784b9f0 ffffd581`211c3180
ffffce83`3784b9f8 ffff86a6`00000004
ffffce83`3784ba00 00000000`00000000
ffffce83`3784ba08 ffff86a6`00000001
ffffce83`3784ba10 ffffce83`3784d000
ffffce83`3784ba18 ffffce83`37847000
ffffce83`3784ba20 fffff801`7e712bd0 nt!KiBugCheckProgress
ffffce83`3784ba28 fffff801`7e489594 nt!ExFreeHeapPool+0×4d4
ffffce83`3784ba30 00000000`00140001
ffffce83`3784ba38 00000000`00000001
ffffce83`3784ba40 00000000`00000000
ffffce83`3784ba48 00000000`00000000
ffffce83`3784ba50 00000000`00000000
ffffce83`3784ba58 00000000`00000000
ffffce83`3784ba60 00000000`00000000
ffffce83`3784ba68 00000000`00000000
ffffce83`3784ba70 00000000`00000000
ffffce83`3784ba78 00000000`00000000
ffffce83`3784ba80 00000000`00000000
ffffce83`3784ba88 00000000`00000000
ffffce83`3784ba90 00000000`00000000
ffffce83`3784ba98 00000000`00000000
ffffce83`3784baa0 00000000`00000000
ffffce83`3784baa8 00000000`00000000
ffffce83`3784bab0 00000000`00000000
ffffce83`3784bab8 00000000`00000000
ffffce83`3784bac0 00000000`00000000
ffffce83`3784bac8 00000000`00000000
ffffce83`3784bad0 00000000`00000000
ffffce83`3784bad8 fffff801`7e40ac67 nt!ExReleasePushLockSharedEx+0×37
ffffce83`3784bae0 00000000`00000000
ffffce83`3784bae8 00000000`00000000
ffffce83`3784baf0 00000000`00000000
ffffce83`3784baf8 00000000`00000000
ffffce83`3784bb00 00000000`00000000
ffffce83`3784bb08 00000000`00000000
ffffce83`3784bb10 00001f80`0010000f
ffffce83`3784bb18 0053002b`002b0010
ffffce83`3784bb20 00040246`0018002b
ffffce83`3784bb28 00000000`00000000
ffffce83`3784bb30 00000000`00000000
ffffce83`3784bb38 00000000`00000000
ffffce83`3784bb40 00000000`00000000
ffffce83`3784bb48 00000000`00000000
ffffce83`3784bb50 00000000`00000000
ffffce83`3784bb58 00000000`00000000
ffffce83`3784bb60 00000000`0000001e
ffffce83`3784bb68 ffffffff`c0000005
ffffce83`3784bb70 ffffce83`3784c8a8
ffffce83`3784bb78 ffffce83`3784c0a8
ffffce83`3784bb80 ffffce83`3784c5e0
ffffce83`3784bb88 ffffce83`3784c0e0
ffffce83`3784bb90 00000000`00000000
ffffce83`3784bb98 00000000`00000000
ffffce83`3784bba0 00000000`00000008
ffffce83`3784bba8 ffffce83`3784c8a8
ffffce83`3784bbb0 fffff801`7f000028 nt!PsInvertedFunctionTable+0×18
ffffce83`3784bbb8 00000000`00000000
ffffce83`3784bbc0 00000000`00000000
ffffce83`3784bbc8 ffffce83`3784c950
ffffce83`3784bbd0 00000000`0010001f
ffffce83`3784bbd8 fffff801`7e5f71c0 nt!KeBugCheckEx
ffffce83`3784bbe0 00000000`0000027f
ffffce83`3784bbe8 00000000`00000000
ffffce83`3784bbf0 00000000`00000000
ffffce83`3784bbf8 00000000`00001f80
ffffce83`3784bc00 00000000`00000000
ffffce83`3784bc08 00000000`00000000
ffffce83`3784bc10 00000000`00000000
ffffce83`3784bc18 00000000`00000000
ffffce83`3784bc20 00000000`00000000
ffffce83`3784bc28 00000000`00000000
ffffce83`3784bc30 00000000`00000000
ffffce83`3784bc38 00000000`00000000
ffffce83`3784bc40 00000000`00000000
ffffce83`3784bc48 00000000`00000000
ffffce83`3784bc50 00000000`00000000
ffffce83`3784bc58 00000000`00000000
ffffce83`3784bc60 00000000`00000000
ffffce83`3784bc68 00000000`00000000
ffffce83`3784bc70 00000000`00000000
ffffce83`3784bc78 00000000`00000000
ffffce83`3784bc80 00000000`00000000
ffffce83`3784bc88 00000000`00000000
ffffce83`3784bc90 00000000`00000000
ffffce83`3784bc98 ffff86a6`006136a0
ffffce83`3784bca0 00000000`00000000
ffffce83`3784bca8 00000000`00000000
ffffce83`3784bcb0 00000000`00000000
ffffce83`3784bcb8 00000000`00000000
ffffce83`3784bcc0 00000000`00000000
ffffce83`3784bcc8 00000000`00000000
ffffce83`3784bcd0 00000000`00000000
ffffce83`3784bcd8 00000000`00000000
ffffce83`3784bce0 00000000`00000000
ffffce83`3784bce8 00000000`00000000
ffffce83`3784bcf0 00000000`00000000
ffffce83`3784bcf8 00000000`00000000
ffffce83`3784bd00 00000000`00000000
ffffce83`3784bd08 00000000`00000000
ffffce83`3784bd10 00000000`00000000
ffffce83`3784bd18 00000000`00000000
ffffce83`3784bd20 00000000`00000000
ffffce83`3784bd28 00000000`00000000
ffffce83`3784bd30 00000000`00000000
ffffce83`3784bd38 00000000`00000000
ffffce83`3784bd40 00000000`00000000
ffffce83`3784bd48 00000000`00000000
ffffce83`3784bd50 00000000`00000000
ffffce83`3784bd58 00000000`00000000
ffffce83`3784bd60 00000000`00000000
ffffce83`3784bd68 00000000`00000000
ffffce83`3784bd70 00000000`00000000
ffffce83`3784bd78 00000000`00000000
ffffce83`3784bd80 00000000`00000000
ffffce83`3784bd88 00000000`00000000
ffffce83`3784bd90 00000000`00000000
ffffce83`3784bd98 00000000`00000000
ffffce83`3784bda0 00000000`00000000
ffffce83`3784bda8 00000000`00000000
ffffce83`3784bdb0 00000000`00000000
ffffce83`3784bdb8 00000000`00000000
ffffce83`3784bdc0 00000000`00000000
ffffce83`3784bdc8 00000000`00000000
ffffce83`3784bdd0 00000000`00000000
ffffce83`3784bdd8 00000000`00000000
ffffce83`3784bde0 00000000`00000000
ffffce83`3784bde8 00000000`00000000
ffffce83`3784bdf0 00000000`00000000
ffffce83`3784bdf8 00000000`00000000
ffffce83`3784be00 00000000`00000000
ffffce83`3784be08 00000000`00000000
ffffce83`3784be10 00000000`00000000
ffffce83`3784be18 00000000`00000000
ffffce83`3784be20 00000000`00000000
ffffce83`3784be28 00000000`00000000
ffffce83`3784be30 00000000`00000000
ffffce83`3784be38 00000000`00000000
ffffce83`3784be40 00000000`00000000
ffffce83`3784be48 00000000`00000000
ffffce83`3784be50 00000000`00000000
ffffce83`3784be58 00000000`00000000
ffffce83`3784be60 00000000`00000000
ffffce83`3784be68 00000000`00000000
ffffce83`3784be70 00000000`00000000
ffffce83`3784be78 00000000`00000000
ffffce83`3784be80 00000000`00000000
ffffce83`3784be88 00000000`00000000
ffffce83`3784be90 00000000`00000000
ffffce83`3784be98 00000000`00000000
ffffce83`3784bea0 00000000`00000000
ffffce83`3784bea8 00000000`00000000
ffffce83`3784beb0 00000000`00000000
ffffce83`3784beb8 00000000`00000000
ffffce83`3784bec0 00000000`00000000
ffffce83`3784bec8 00000000`00000000
ffffce83`3784bed0 00000000`00000000
ffffce83`3784bed8 00000000`00000000
ffffce83`3784bee0 00000000`00000000
ffffce83`3784bee8 00000000`00000000
ffffce83`3784bef0 00000000`00000000
ffffce83`3784bef8 00000000`00000000
ffffce83`3784bf00 00000000`00000000
ffffce83`3784bf08 00000000`00000000
ffffce83`3784bf10 00000000`00000000
ffffce83`3784bf18 00000000`00000000
ffffce83`3784bf20 00000000`00000000
ffffce83`3784bf28 00000000`00000000
ffffce83`3784bf30 00000000`00000000
ffffce83`3784bf38 00000000`00000000
ffffce83`3784bf40 00000000`00000000
ffffce83`3784bf48 00000000`00000000
ffffce83`3784bf50 00000000`00000000
ffffce83`3784bf58 00000000`00000000
ffffce83`3784bf60 00000000`00000000
ffffce83`3784bf68 00000000`00000000
ffffce83`3784bf70 00000000`00000000
ffffce83`3784bf78 00000000`00000000
ffffce83`3784bf80 00000000`00000000
ffffce83`3784bf88 00000000`00000000
ffffce83`3784bf90 00000000`00000000
ffffce83`3784bf98 00000000`00000000
ffffce83`3784bfa0 00000000`00000000
ffffce83`3784bfa8 00000000`00000000
ffffce83`3784bfb0 00000000`00000000
ffffce83`3784bfb8 00000000`00000000
ffffce83`3784bfc0 00000000`00000000
ffffce83`3784bfc8 00000000`00000000
ffffce83`3784bfd0 00000000`00000000
ffffce83`3784bfd8 00000000`00000000
ffffce83`3784bfe0 00000000`00000000
ffffce83`3784bfe8 00000000`00000000
ffffce83`3784bff0 00000000`00000000
ffffce83`3784bff8 00000000`00000000
ffffce83`3784c000 00000000`00000000
ffffce83`3784c008 00000000`00000000
ffffce83`3784c010 00000000`00000000
ffffce83`3784c018 00000000`00000000
ffffce83`3784c020 00000000`00000000
ffffce83`3784c028 00000000`00000000
ffffce83`3784c030 00000000`0010001f
ffffce83`3784c038 ffffce83`3784c950
ffffce83`3784c040 00000000`00000000
ffffce83`3784c048 00000000`00000000
ffffce83`3784c050 00000000`00000000
ffffce83`3784c058 ffffce83`3784c0e0
ffffce83`3784c060 ffffce83`3784c5e0
ffffce83`3784c068 fffff801`7e5f72c7 nt!KeBugCheckEx+0×107
ffffce83`3784c070 ffffce83`3784c8a8
ffffce83`3784c078 ffffce83`3784c5e0
ffffce83`3784c080 ffffce83`3784c8a8
ffffce83`3784c088 00000000`00000000
ffffce83`3784c090 00000000`00000000
ffffce83`3784c098 00000000`00000000
ffffce83`3784c0a0 00000000`00040246
ffffce83`3784c0a8 fffff801`7e659ecb nt!KiDispatchException+0×17467b
ffffce83`3784c0b0 00000000`0000001e
ffffce83`3784c0b8 ffffffff`c0000005
ffffce83`3784c0c0 00000000`00000000
ffffce83`3784c0c8 00000000`00000008
ffffce83`3784c0d0 00000000`00000000
ffffce83`3784c0d8 00000000`00000001
ffffce83`3784c0e0 ffff86a6`0312a600
ffffce83`3784c0e8 ffff86a6`0312a688
ffffce83`3784c0f0 ffff86a6`0312a4e8
ffffce83`3784c0f8 00000000`00000d0d
ffffce83`3784c100 00000001`00000000
ffffce83`3784c108 00000000`00000000
ffffce83`3784c110 00001f80`0010001f
ffffce83`3784c118 0053002b`002b0010
ffffce83`3784c120 00050282`0018002b
ffffce83`3784c128 00000000`00000000
ffffce83`3784c130 00000000`00000000
ffffce83`3784c138 00000000`00000000
ffffce83`3784c140 00000000`00000000
ffffce83`3784c148 00000000`00000000
ffffce83`3784c150 00000000`00000000
[…]
ffffce83`3784cda0 00000000`00000000
ffffce83`3784cda8 ffffce83`00000000
ffffce83`3784cdb0 ffff86a6`00000001
ffffce83`3784cdb8 00000000`00000000
ffffce83`3784cdc0 ffffaa81`e634c9c0
ffffce83`3784cdc8 fffff801`7e608bb5 nt!KiSystemServiceCopyEnd+0×25
ffffce83`3784cdd0 00000000`00000000
ffffce83`3784cdd8 ffff1496`0a767479
ffffce83`3784cde0 00000000`0002034c
ffffce83`3784cde8 000002aa`2d0d0180
ffffce83`3784cdf0 000000ce`1b2feac0
ffffce83`3784cdf8 00000023`83360010
ffffce83`3784ce00 00000000`00000000
ffffce83`3784ce08 00000000`00000000
ffffce83`3784ce10 00000000`00000000
ffffce83`3784ce18 00000000`00000000
ffffce83`3784ce20 ffff9a8e`065f7080
ffffce83`3784ce28 00000000`00000000
ffffce83`3784ce30 ffff9a8e`065f7080
ffffce83`3784ce38 fffff801`7e608bb5 nt!KiSystemServiceCopyEnd+0×25
ffffce83`3784ce40 00000000`00000001
ffffce83`3784ce48 ffffce83`38b5db80
ffffce83`3784ce50 000002aa`00000000
ffffce83`3784ce58 ffff868e`e8876c88 win32k!NtUserKillTimer
ffffce83`3784ce60 000000ce`00000000
ffffce83`3784ce68 00001f80`02080000
ffffce83`3784ce70 00000000`00000007
ffffce83`3784ce78 00000000`000001e4
ffffce83`3784ce80 00000000`00000000
ffffce83`3784ce88 000000ce`1b2ff5b8
ffffce83`3784ce90 000000ce`1b2ff689
ffffce83`3784ce98 00000000`00000000
ffffce83`3784cea0 00000000`00000246
ffffce83`3784cea8 000000ce`1b0a7000
ffffce83`3784ceb0 00000000`00000000
ffffce83`3784ceb8 00000000`00000000
ffffce83`3784cec0 00000000`00000000
ffffce83`3784cec8 00000000`00000000
ffffce83`3784ced0 00000000`00000000
ffffce83`3784ced8 00000000`00000000
ffffce83`3784cee0 00000000`00000000
ffffce83`3784cee8 00000000`00000000
ffffce83`3784cef0 00000000`00000000
ffffce83`3784cef8 00000000`00000000
ffffce83`3784cf00 00000000`00000000
ffffce83`3784cf08 00000000`00000000
ffffce83`3784cf10 00007ffb`8a73a5c2
ffffce83`3784cf18 00000000`00000000
ffffce83`3784cf20 00000000`00000000
ffffce83`3784cf28 00000000`00000000
ffffce83`3784cf30 00000000`00000000
ffffce83`3784cf38 00000000`00000000
ffffce83`3784cf40 00000000`00000000
ffffce83`3784cf48 00000000`00000000
ffffce83`3784cf50 00000000`00000000
ffffce83`3784cf58 00000000`00000000
ffffce83`3784cf60 00000000`00000000
ffffce83`3784cf68 00000000`00000000
ffffce83`3784cf70 00000000`00000000
ffffce83`3784cf78 00000000`00000000
ffffce83`3784cf80 00000000`00000000
ffffce83`3784cf88 00000000`000001e4
ffffce83`3784cf90 00000000`00000000
ffffce83`3784cf98 00000000`000001e4
ffffce83`3784cfa0 00000000`00000100
ffffce83`3784cfa8 00007ffb`8dc6ce54
ffffce83`3784cfb0 00000000`00000033
ffffce83`3784cfb8 00000000`00000246
ffffce83`3784cfc0 000000ce`1b2fea68
ffffce83`3784cfc8 00000000`0000002b
ffffce83`3784cfd0 ffffce83`3784d000
ffffce83`3784cfd8 ffffce83`37847000
ffffce83`3784cfe0 ffffce83`38b5e000
ffffce83`3784cfe8 ffffce83`38b58000
ffffce83`3784cff0 ffffce83`38b5d420
ffffce83`3784cff8 ffffce83`38b5dc90
ffffce83`3784d000 ????????`????????
In the case of Self-Diagnosis bugchecks Effect Components‘ execution residue (such as crashdmp and dump_diskdump) overwrite previous pre-bugcheck execution residue that makes reconstruction of Past Stack Trace impossible.
However, before Effect Components are executed, content of the stack region is saved in a special area:
0: kd> ? ffffce833784d000 - ffffce8337847000
Evaluate expression: 24576 = 00000000`00006000
0: kd> dps KiPreBugcheckStackSaveArea KiPreBugcheckStackSaveArea+6000
[…]
fffff801`7ee2f9f0 00000000`00000034
fffff801`7ee2f9f8 00000000`00000015
fffff801`7ee2fa00 ffff868e`e836edb0 win32kfull!vSrcTranCopyS8D32
fffff801`7ee2fa08 00000000`00000005
fffff801`7ee2fa10 00000000`0000000d
fffff801`7ee2fa18 00000000`00000014
fffff801`7ee2fa20 ffffce83`3784c020
fffff801`7ee2fa28 ffff868e`e8379289 win32kfull!vExpandAndCopyText+0×499
fffff801`7ee2fa30 ffff86a6`03358c65
fffff801`7ee2fa38 00000000`00000005
fffff801`7ee2fa40 ffff86a6`00000024
fffff801`7ee2fa48 ffff86a6`03361644
fffff801`7ee2fa50 00000000`ffcce4f7
fffff801`7ee2fa58 00000000`0000001f
fffff801`7ee2fa60 00000000`00000138
fffff801`7ee2fa68 00000000`00000000
fffff801`7ee2fa70 00000000`00000000
fffff801`7ee2fa78 00000000`ffcce4f7
fffff801`7ee2fa80 ffff86a6`03b27840
fffff801`7ee2fa88 00000000`0000002f
fffff801`7ee2fa90 00000000`00000024
fffff801`7ee2fa98 ffffce83`3784c68c
fffff801`7ee2faa0 00000000`0000002a
fffff801`7ee2faa8 fffff801`00000014
fffff801`7ee2fab0 00000000`0000002a
fffff801`7ee2fab8 ffff86a6`03358a90
fffff801`7ee2fac0 ffff868e`e836edb0 win32kfull!vSrcTranCopyS8D32
fffff801`7ee2fac8 ffffce83`3784c020
fffff801`7ee2fad0 ffff86a6`00000000
fffff801`7ee2fad8 ffff86a6`03b27840
fffff801`7ee2fae0 00000001`00000020
fffff801`7ee2fae8 00000000`00000138
fffff801`7ee2faf0 00000000`00000000
fffff801`7ee2faf8 ffff86a6`03356000
fffff801`7ee2fb00 ffff86a6`00000138
fffff801`7ee2fb08 ffff868e`e83c35a0 win32kfull!draw_clrt_nf_ntb_o_to_temp_start
fffff801`7ee2fb10 ffffce83`3784c010
fffff801`7ee2fb18 ffff86a6`03b27840
fffff801`7ee2fb20 ffff86a6`00911000
fffff801`7ee2fb28 ffff86a6`0312a4e8
fffff801`7ee2fb30 ffff86a6`0312a600
fffff801`7ee2fb38 ffff86a6`03b27840
fffff801`7ee2fb40 ffff868e`e83c35a0 win32kfull!draw_clrt_nf_ntb_o_to_temp_start
fffff801`7ee2fb48 ffff868e`e8559d80 win32kfull!draw_clrt_f_ntb_o_to_temp_start
fffff801`7ee2fb50 ffff86a6`03360000
fffff801`7ee2fb58 fffff801`7e407bae nt!ExAcquirePushLockExclusiveEx+0xee
fffff801`7ee2fb60 ffff9a8e`065f7080
fffff801`7ee2fb68 ffff86a6`00200280
fffff801`7ee2fb70 00000000`00000000
fffff801`7ee2fb78 00000000`00000000
fffff801`7ee2fb80 00000000`00000000
fffff801`7ee2fb88 ffff86a6`00200290
fffff801`7ee2fb90 00000000`00000022
fffff801`7ee2fb98 00000000`00000210
fffff801`7ee2fba0 00000000`00000000
fffff801`7ee2fba8 ffffce83`3784b85c
fffff801`7ee2fbb0 ffff86a6`00911000
fffff801`7ee2fbb8 00000000`00000000
fffff801`7ee2fbc0 00000000`00000000
fffff801`7ee2fbc8 fffff801`7e4dc26a nt!RtlpHpReleaseQueuedLockExclusive+0×20a
fffff801`7ee2fbd0 ffffce83`3784b9e0
fffff801`7ee2fbd8 ffff86a6`00200280
fffff801`7ee2fbe0 00000000`00040246
fffff801`7ee2fbe8 fffff801`7e49af8b nt!KeQueryCurrentStackInformationEx+0×8b
fffff801`7ee2fbf0 00000000`00000000
fffff801`7ee2fbf8 ffffce83`3784b9e0
fffff801`7ee2fc00 00000000`00000210
fffff801`7ee2fc08 ffff86a6`03358a60
fffff801`7ee2fc10 ffffce83`3784d000
fffff801`7ee2fc18 ffffce83`37847000
fffff801`7ee2fc20 00000000`00000000
fffff801`7ee2fc28 ffffce83`3784bf00
fffff801`7ee2fc30 00000000`00000000
fffff801`7ee2fc38 00000000`00000000
fffff801`7ee2fc40 ffffce83`3784b9f8
fffff801`7ee2fc48 fffff801`7e4e6aae nt!KeQueryCurrentStackInformation+0×2e
fffff801`7ee2fc50 ffffce83`3784ba10
fffff801`7ee2fc58 ffffce83`3784ba18
fffff801`7ee2fc60 ffffce83`3784ba60
fffff801`7ee2fc68 00000000`00000000
fffff801`7ee2fc70 00000000`00000008
fffff801`7ee2fc78 fffff801`7e7119e1 nt!KeBugCheck2+0×231
fffff801`7ee2fc80 00000000`00000000
fffff801`7ee2fc88 00000000`00000000
fffff801`7ee2fc90 00000000`00000000
fffff801`7ee2fc98 ffffce83`3784c8a8
fffff801`7ee2fca0 ffffce83`3784b9d0
fffff801`7ee2fca8 fffff801`7e65a4dc nt!RtlDispatchException+0×17399c
fffff801`7ee2fcb0 ffffce83`3784bed0
fffff801`7ee2fcb8 00000000`00000000
fffff801`7ee2fcc0 ffffce83`3784c0e0
fffff801`7ee2fcc8 00000000`00000000
fffff801`7ee2fcd0 00000101`01000000
fffff801`7ee2fcd8 ffff9a8e`065f7080
fffff801`7ee2fce0 00000000`0000001e
fffff801`7ee2fce8 00000000`00000000
fffff801`7ee2fcf0 00000000`0000000f
fffff801`7ee2fcf8 fffff801`7caf2100
fffff801`7ee2fd00 00000000`00000000
fffff801`7ee2fd08 00000000`00000000
fffff801`7ee2fd10 00000000`00000000
fffff801`7ee2fd18 ffff86a6`00000004
fffff801`7ee2fd20 00000000`00000000
fffff801`7ee2fd28 ffff86a6`03350010
fffff801`7ee2fd30 ffffce83`3784d000
fffff801`7ee2fd38 ffffce83`37847000
fffff801`7ee2fd40 fffff801`7e712bd0 nt!KiBugCheckProgress
fffff801`7ee2fd48 fffff801`7e489594 nt!ExFreeHeapPool+0×4d4
fffff801`7ee2fd50 00000000`00000000
fffff801`7ee2fd58 00000000`00000000
fffff801`7ee2fd60 00000000`00000000
fffff801`7ee2fd68 00000000`00000000
fffff801`7ee2fd70 00000000`00000000
fffff801`7ee2fd78 00000000`00000000
fffff801`7ee2fd80 00000000`00000000
fffff801`7ee2fd88 00000000`00000000
fffff801`7ee2fd90 00000000`00000000
fffff801`7ee2fd98 00000000`00000000
fffff801`7ee2fda0 00000000`00000000
fffff801`7ee2fda8 00000000`00000000
fffff801`7ee2fdb0 00000000`00000000
fffff801`7ee2fdb8 00000000`00000000
fffff801`7ee2fdc0 00000000`00000000
fffff801`7ee2fdc8 00000000`00000000
fffff801`7ee2fdd0 00000000`00000000
fffff801`7ee2fdd8 00000000`00000000
fffff801`7ee2fde0 00000000`00000000
fffff801`7ee2fde8 00000000`00000000
fffff801`7ee2fdf0 00000000`00000000
fffff801`7ee2fdf8 fffff801`7e40ac67 nt!ExReleasePushLockSharedEx+0×37
fffff801`7ee2fe00 ffff9a8e`00000002
fffff801`7ee2fe08 ffff86a6`00001f80
fffff801`7ee2fe10 ffff86a6`006136a0
fffff801`7ee2fe18 ffff86a6`0329ccd0
fffff801`7ee2fe20 00000000`000000bd
fffff801`7ee2fe28 ffff86a6`0329ccd0
fffff801`7ee2fe30 ffff86a6`03ac53f0
fffff801`7ee2fe38 ffff868e`e807e1d9 win32kbase!NSInstrumentation::CPlatformReaderWriterLock::ReleaseShared+0×19
fffff801`7ee2fe40 ffff86a6`006163d0
fffff801`7ee2fe48 ffff868e`00000003
fffff801`7ee2fe50 00000000`00000000
fffff801`7ee2fe58 ffff9a8e`00831120
fffff801`7ee2fe60 00000000`00000000
fffff801`7ee2fe68 ffff868e`e8123442 win32kbase!NSInstrumentation::CTypeIsolation<28672,112>::Free+0×8e
fffff801`7ee2fe70 00000000`00000000
fffff801`7ee2fe78 ffff86a6`006136a0
fffff801`7ee2fe80 ffff86a6`000000df
fffff801`7ee2fe88 00000000`00000000
fffff801`7ee2fe90 00000000`00000000
fffff801`7ee2fe98 ffff86a6`03358a70
fffff801`7ee2fea0 00000000`00000000
fffff801`7ee2fea8 ffff86a6`03358a90
fffff801`7ee2feb0 ffffce83`3784bcc0
fffff801`7ee2feb8 ffff868e`e837897f win32kfull!EngTextOut+0×68f
fffff801`7ee2fec0 ffff86a6`03358a90
fffff801`7ee2fec8 ffff86a6`03b27840
fffff801`7ee2fed0 ffffce83`3784bcc0
fffff801`7ee2fed8 00000000`00000005
fffff801`7ee2fee0 ffff86a6`03358a90
fffff801`7ee2fee8 ffff86a6`00000024
fffff801`7ee2fef0 00000000`00000000
fffff801`7ee2fef8 00000000`00000000
fffff801`7ee2ff00 00000000`00000000
fffff801`7ee2ff08 00000000`00000000
fffff801`7ee2ff10 00000000`00000000
fffff801`7ee2ff18 00000000`00000000
fffff801`7ee2ff20 00000000`00000000
fffff801`7ee2ff28 00000000`00000000
fffff801`7ee2ff30 00000000`00000000
fffff801`7ee2ff38 00000000`00000000
fffff801`7ee2ff40 00000000`00000000
fffff801`7ee2ff48 00000000`00000000
fffff801`7ee2ff50 00000000`00000000
fffff801`7ee2ff58 00000000`00000000
fffff801`7ee2ff60 00000000`00000000
fffff801`7ee2ff68 00000000`00000000
fffff801`7ee2ff70 00000000`00000000
fffff801`7ee2ff78 00000000`00000000
fffff801`7ee2ff80 00000000`00000000
fffff801`7ee2ff88 00000000`00000000
fffff801`7ee2ff90 ffffce83`3784c5d0
fffff801`7ee2ff98 00000000`00000000
fffff801`7ee2ffa0 ffff86a6`00000000
fffff801`7ee2ffa8 ffff86a6`03b27840
fffff801`7ee2ffb0 ffff86a6`03116220
fffff801`7ee2ffb8 00000000`000001d4
fffff801`7ee2ffc0 00000000`00000000
fffff801`7ee2ffc8 ffff86a6`03b27840
fffff801`7ee2ffd0 ffff86a6`03b27858
fffff801`7ee2ffd8 ffffce83`3784c68c
fffff801`7ee2ffe0 ffff86a6`0312a4e8
fffff801`7ee2ffe8 ffff86a6`0312a600
fffff801`7ee2fff0 ffff86a6`03b27840
fffff801`7ee2fff8 00000000`00000000
fffff801`7ee30000 00000000`00000000
fffff801`7ee30008 ffff86a6`03358a90
fffff801`7ee30010 00000000`00000000
fffff801`7ee30018 00000000`000000d0
fffff801`7ee30020 ffff86a6`03116220
fffff801`7ee30028 00000000`00000000
fffff801`7ee30030 00000000`00000000
fffff801`7ee30038 00000000`00000000
fffff801`7ee30040 00000000`00000000
fffff801`7ee30048 00000000`00000000
fffff801`7ee30050 00000000`00000000
fffff801`7ee30058 00000000`00000000
fffff801`7ee30060 00000000`00000000
fffff801`7ee30068 00000000`00000000
fffff801`7ee30070 00000000`00000000
fffff801`7ee30078 00000000`00000000
fffff801`7ee30080 00000000`00000000
fffff801`7ee30088 00000000`00000000
fffff801`7ee30090 00000000`00000000
fffff801`7ee30098 00000000`00000000
fffff801`7ee300a0 00000000`00000000
fffff801`7ee300a8 00000000`00000000
fffff801`7ee300b0 00000000`00000000
fffff801`7ee300b8 00000000`00000000
fffff801`7ee300c0 00000000`00000000
fffff801`7ee300c8 00000000`00000000
fffff801`7ee300d0 00000000`00000000
fffff801`7ee300d8 00000000`00000000
fffff801`7ee300e0 00000000`00000000
fffff801`7ee300e8 00000000`00000000
fffff801`7ee300f0 00000000`00000000
fffff801`7ee300f8 00000000`00000000
fffff801`7ee30100 00000000`00000000
fffff801`7ee30108 00000000`00000000
fffff801`7ee30110 00000000`00040293
fffff801`7ee30118 fffff801`7e49af8b nt!KeQueryCurrentStackInformationEx+0×8b
fffff801`7ee30120 00000000`00000000
fffff801`7ee30128 00000000`00000000
fffff801`7ee30130 00000000`00000000
fffff801`7ee30138 00000000`00000000
fffff801`7ee30140 ffffce83`3784d000
fffff801`7ee30148 ffffce83`37847000
fffff801`7ee30150 00000000`00000000
fffff801`7ee30158 00000000`00000000
fffff801`7ee30160 00000000`00000000
fffff801`7ee30168 fffff801`7e4e9cc6 nt!RtlGetExtendedContextLength2+0×46
fffff801`7ee30170 00000000`00000000
fffff801`7ee30178 fffff801`7e4e6a64 nt!RtlpGetStackLimitsEx+0×14
fffff801`7ee30180 ffffce83`3784c0e0
fffff801`7ee30188 ffffce83`3784c8a8
fffff801`7ee30190 00000001`00000010
fffff801`7ee30198 ffffce83`3784c0e0
fffff801`7ee301a0 ffffce83`3784c0a0
fffff801`7ee301a8 fffff801`7e4e6c59 nt!RtlDispatchException+0×119
fffff801`7ee301b0 ffffce83`3784c0e0
fffff801`7ee301b8 00000000`00000000
fffff801`7ee301c0 000004e8`fffffb30
fffff801`7ee301c8 000004d0`fffffb30
fffff801`7ee301d0 00000000`00000019
fffff801`7ee301d8 ffff86a6`03360000
fffff801`7ee301e0 ffffce83`3784c5d0
fffff801`7ee301e8 ffff86a6`0312a688
fffff801`7ee301f0 00000000`00000000
fffff801`7ee301f8 000004f7`00000000
fffff801`7ee30200 00000000`00000000
fffff801`7ee30208 ffffce83`3784d000
fffff801`7ee30210 ffffce83`37847000
fffff801`7ee30218 ffffce83`3784bea0
fffff801`7ee30220 00000000`00000000
fffff801`7ee30228 00000000`00000000
fffff801`7ee30230 00000000`00000000
fffff801`7ee30238 ffffce83`3784c8a8
fffff801`7ee30240 00000000`00000000
fffff801`7ee30248 00000000`00000000
fffff801`7ee30250 00000000`00000000
fffff801`7ee30258 00000000`00000000
fffff801`7ee30260 00000000`00000000
fffff801`7ee30268 00000000`00000000
fffff801`7ee30270 00000000`00000000
fffff801`7ee30278 00000000`00000000
fffff801`7ee30280 00000000`00000000
fffff801`7ee30288 00000000`00000000
fffff801`7ee30290 ffffce83`3784c0e0
fffff801`7ee30298 ffff86a6`00615054
fffff801`7ee302a0 00000000`00000000
fffff801`7ee302a8 ffffffff`ffffffff
fffff801`7ee302b0 00000000`00000000
fffff801`7ee302b8 00000000`00000000
fffff801`7ee302c0 00000000`00000000
fffff801`7ee302c8 00000000`00000000
fffff801`7ee302d0 00000000`00000000
fffff801`7ee302d8 00000000`00000000
fffff801`7ee302e0 00000000`00000000
fffff801`7ee302e8 00000000`00000000
fffff801`7ee302f0 00000000`00000000
fffff801`7ee302f8 00000000`00000000
fffff801`7ee30300 00000000`00000000
fffff801`7ee30308 00000000`00000000
fffff801`7ee30310 00000000`00000000
fffff801`7ee30318 00000000`00000000
fffff801`7ee30320 00000000`00000000
fffff801`7ee30328 00000000`00000000
fffff801`7ee30330 00000000`00000000
fffff801`7ee30338 00000000`00000000
fffff801`7ee30340 00000000`00000000
fffff801`7ee30348 00000000`00000000
fffff801`7ee30350 00000000`0010001f
fffff801`7ee30358 ffffce83`3784c950
fffff801`7ee30360 00000000`00000000
fffff801`7ee30368 00000000`00000000
fffff801`7ee30370 00000000`00000000
fffff801`7ee30378 ffffce83`3784c0e0
fffff801`7ee30380 ffffce83`3784c5e0
fffff801`7ee30388 fffff801`7e5f72c7 nt!KeBugCheckEx+0×107
fffff801`7ee30390 ffffce83`3784c8a8
fffff801`7ee30398 ffffce83`3784c5e0
fffff801`7ee303a0 ffffce83`3784c8a8
fffff801`7ee303a8 00000000`00000000
fffff801`7ee303b0 00000000`00000000
fffff801`7ee303b8 00000000`00000000
fffff801`7ee303c0 00000000`00040246
fffff801`7ee303c8 fffff801`7e659ecb nt!KiDispatchException+0×17467b
fffff801`7ee303d0 00000000`0000001e
fffff801`7ee303d8 ffffffff`c0000005
fffff801`7ee303e0 00000000`00000000
fffff801`7ee303e8 00000000`00000008
fffff801`7ee303f0 00000000`00000000
fffff801`7ee303f8 00000000`00000001
fffff801`7ee30400 ffff86a6`0312a600
fffff801`7ee30408 ffff86a6`0312a688
fffff801`7ee30410 ffff86a6`0312a4e8
fffff801`7ee30418 00000000`00000d0d
fffff801`7ee30420 00000001`00000000
fffff801`7ee30428 00000000`00000000
fffff801`7ee30430 00001f80`0010001f
fffff801`7ee30438 0053002b`002b0010
fffff801`7ee30440 00050282`0018002b
fffff801`7ee30448 00000000`00000000
fffff801`7ee30450 00000000`00000000
fffff801`7ee30458 00000000`00000000
fffff801`7ee30460 00000000`00000000
fffff801`7ee30468 00000000`00000000
fffff801`7ee30470 00000000`00000000
[…]
fffff801`7ee310c0 00000000`00000000
fffff801`7ee310c8 ffffce83`00000000
fffff801`7ee310d0 ffff86a6`00000001
fffff801`7ee310d8 00000000`00000000
fffff801`7ee310e0 ffffaa81`e634c9c0
fffff801`7ee310e8 fffff801`7e608bb5 nt!KiSystemServiceCopyEnd+0×25
fffff801`7ee310f0 00000000`00000000
fffff801`7ee310f8 ffff1496`0a767479
fffff801`7ee31100 00000000`0002034c
fffff801`7ee31108 000002aa`2d0d0180
fffff801`7ee31110 000000ce`1b2feac0
fffff801`7ee31118 00000023`83360010
fffff801`7ee31120 00000000`00000000
fffff801`7ee31128 00000000`00000000
fffff801`7ee31130 00000000`00000000
fffff801`7ee31138 00000000`00000000
fffff801`7ee31140 ffff9a8e`065f7080
fffff801`7ee31148 00000000`00000000
fffff801`7ee31150 ffff9a8e`065f7080
fffff801`7ee31158 fffff801`7e608bb5 nt!KiSystemServiceCopyEnd+0×25
fffff801`7ee31160 00000000`00000001
fffff801`7ee31168 ffffce83`38b5db80
fffff801`7ee31170 000002aa`00000000
fffff801`7ee31178 ffff868e`e8876c88 win32k!NtUserKillTimer
fffff801`7ee31180 000000ce`00000000
fffff801`7ee31188 00001f80`02080000
fffff801`7ee31190 00000000`00000007
fffff801`7ee31198 00000000`000001e4
fffff801`7ee311a0 00000000`00000000
fffff801`7ee311a8 000000ce`1b2ff5b8
fffff801`7ee311b0 000000ce`1b2ff689
fffff801`7ee311b8 00000000`00000000
fffff801`7ee311c0 00000000`00000246
fffff801`7ee311c8 000000ce`1b0a7000
fffff801`7ee311d0 00000000`00000000
fffff801`7ee311d8 00000000`00000000
fffff801`7ee311e0 00000000`00000000
fffff801`7ee311e8 00000000`00000000
fffff801`7ee311f0 00000000`00000000
fffff801`7ee311f8 00000000`00000000
fffff801`7ee31200 00000000`00000000
fffff801`7ee31208 00000000`00000000
fffff801`7ee31210 00000000`00000000
fffff801`7ee31218 00000000`00000000
fffff801`7ee31220 00000000`00000000
fffff801`7ee31228 00000000`00000000
fffff801`7ee31230 00007ffb`8a73a5c2
fffff801`7ee31238 00000000`00000000
fffff801`7ee31240 00000000`00000000
fffff801`7ee31248 00000000`00000000
fffff801`7ee31250 00000000`00000000
fffff801`7ee31258 00000000`00000000
fffff801`7ee31260 00000000`00000000
fffff801`7ee31268 00000000`00000000
fffff801`7ee31270 00000000`00000000
fffff801`7ee31278 00000000`00000000
fffff801`7ee31280 00000000`00000000
fffff801`7ee31288 00000000`00000000
fffff801`7ee31290 00000000`00000000
fffff801`7ee31298 00000000`00000000
fffff801`7ee312a0 00000000`00000000
fffff801`7ee312a8 00000000`000001e4
fffff801`7ee312b0 00000000`00000000
fffff801`7ee312b8 00000000`000001e4
fffff801`7ee312c0 00000000`00000100
fffff801`7ee312c8 00007ffb`8dc6ce54
fffff801`7ee312d0 00000000`00000033
fffff801`7ee312d8 00000000`00000246
fffff801`7ee312e0 000000ce`1b2fea68
fffff801`7ee312e8 00000000`0000002b
fffff801`7ee312f0 ffffce83`3784d000
fffff801`7ee312f8 ffffce83`37847000
fffff801`7ee31300 ffffce83`38b5e000
fffff801`7ee31308 ffffce83`38b58000
fffff801`7ee31310 ffffce83`38b5d420
fffff801`7ee31318 ffffce83`38b5dc90
fffff801`7ee31320 ffff9a8e`002f9448
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -