0: kd> !pool edx
|
Pool page 88a0b018 region is Unknown
|
88a0b000 is not a valid large pool allocation, checking large session pool...
|
*88a0b000 : large page allocation, Tag is Adbe, size is 0x4000 bytes
|
Pooltag Adbe : Adobe's font driver
|
|
0: kd> g
|
KDTARGET: Refreshing KD connection
|
|
*** Fatal System Error: 0x00000050
|
(0x88A0F000,0x00000000,0x9956DEC8,0x00000000)
|
|
Driver at fault:
|
*** ATMFD.DLL - Address 9956DEC8 base at 99542000, DateStamp 52158fac
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 8 9600 x86 compatible target at (Tue Nov 18 11:37:41.209 2014 (UTC + 1:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
................................................................
|
.......................
|
Loading User Symbols
|
..............
|
Loading unloaded module list
|
.........
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck 50, {88a0f000, 0, 9956dec8, 0}
|
|
Probably caused by : ATMFD.DLL ( ATMFD+2bec8 )
|
|
Followup: MachineOwner
|
---------
|
|
nt!RtlpBreakWithStatusInstruction:
|
8170cef4 cc int 3
|
0: kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
PAGE_FAULT_IN_NONPAGED_AREA (50)
|
Invalid system memory was referenced. This cannot be protected by try-except,
|
it must be protected by a Probe. Typically the address is just plain bad or it
|
is pointing at freed memory.
|
Arguments:
|
Arg1: 88a0f000, memory referenced.
|
Arg2: 00000000, value 0 = read operation, 1 = write operation.
|
Arg3: 9956dec8, If non-zero, the instruction address which referenced the bad memory
|
address.
|
Arg4: 00000000, (reserved)
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: 88a0f000
|
|
FAULTING_IP:
|
ATMFD+2bec8
|
9956dec8 0fb60a movzx ecx,byte ptr [edx]
|
|
MM_INTERNAL_CODE: 0
|
|
IMAGE_NAME: ATMFD.DLL
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 52158fac
|
|
MODULE_NAME: ATMFD
|
|
FAULTING_MODULE: 99542000 ATMFD
|
|
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
|
|
BUGCHECK_STR: AV
|
|
PROCESS_NAME: csrss.exe
|
|
CURRENT_IRQL: 0
|
|
TRAP_FRAME: af7e6e44 -- (.trap 0xffffffffaf7e6e44)
|
ErrCode = 00000000
|
eax=00000000 ebx=00000000 ecx=00420000 edx=000000cd esi=ffffffff edi=af7e7060
|
eip=9956dec8 esp=af7e6eb8 ebp=af7e75bc iopl=0 nv up ei ng nz na pe cy
|
cs=0008 ss=0010 ds=f000 es=0023 fs=0030 gs=0023 efl=00010287
|
ATMFD+0x2bec8:
|
9956dec8 0fb60a movzx ecx,byte ptr [edx] ds:f000:00cd=??
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from 8178dcbe to 8170cef4
|
|
STACK_TEXT:
|
af7e685c 8178dcbe 00000003 67ea4aa1 00000065 nt!RtlpBreakWithStatusInstruction
|
af7e68b0 8178d7d8 8181d138 af7e6cac af7e6d20 nt!KiBugCheckDebugBreak+0x1f
|
af7e6c80 8170bab6 00000050 88a0f000 00000000 nt!KeBugCheck2+0x676
|
af7e6ca4 8170b9ed 00000050 88a0f000 00000000 nt!KiBugCheck2+0xc6
|
af7e6cc4 8172a70c 00000050 88a0f000 00000000 nt!KeBugCheckEx+0x19
|
af7e6d20 81654fa5 af7e6e44 000083c4 af7e6d98 nt! ?? ::FNODOBFM::`string'+0x534a
|
af7e6da8 8171fff5 00000000 88a0f000 00000000 nt!MmAccessFault+0x735
|
af7e6da8 9956dec8 00000000 88a0f000 00000000 nt!KiTrap0E+0xf1
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
af7e75bc 9957237c af7e7810 af7e7854 af7e7834 ATMFD+0x2bec8
|
af7e769c 9956164b af7e7810 af7e7854 af7e7834 ATMFD+0x3037c
|
af7e77a8 995616fe af7e7854 00000000 af7e7834 ATMFD+0x1f64b
|
af7e77cc 99554e2e 98fcd6e8 99586268 af7e7810 ATMFD+0x1f6fe
|
af7e793c 99554b52 ffffffff af7e7a70 9962d1c0 ATMFD+0x12e2e
|
af7e798c 99545f11 ffffffff af7e7a70 00000000 ATMFD+0x12b52
|
af7e79e0 93d6ef3a 93a7e010 996bd310 00000001 ATMFD+0x3f11
|
af7e7a3c 93d01356 93a7e010 996bd310 00000001 win32k!PDEVOBJ::QueryFontData+0x5c
|
af7e7abc 93d00eb6 00000002 996a6608 af7e7cec win32k!RFONTOBJ::bInitCache+0xd5
|
af7e7b94 93d9edf1 af7e7cec af7e7bf0 996a6720 win32k!RFONTOBJ::bRealizeFont+0x4ff
|
af7e7c9c 93d231ec af7e7cec 00000000 00000002 win32k!RFONTOBJ::bInit+0x9cb
|
af7e7cb4 93cf5d9a af7e7cec 00000000 00000002 win32k!RFONTOBJ::vInit+0x16
|
af7e7cd4 93cf5d6b 00000000 00000000 00000000 win32k!ulGetFontData2+0x17
|
af7e7cf8 93cf5d28 00000000 00000000 00000000 win32k!ulGetFontData+0x31
|
af7e7d38 8171cb27 0801091a 20464643 00000000 win32k!NtGdiGetFontData+0xa1
|
af7e7d38 775d6ce4 0801091a 20464643 00000000 nt!KiSystemServicePostCall
|
00cafa64 00000000 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
ATMFD+2bec8
|
9956dec8 0fb60a movzx ecx,byte ptr [edx]
|
|
SYMBOL_STACK_INDEX: 8
|
|
SYMBOL_NAME: ATMFD+2bec8
|
|
FOLLOWUP_NAME: MachineOwner
|
|
FAILURE_BUCKET_ID: AV_ATMFD+2bec8
|
|
BUCKET_ID: AV_ATMFD+2bec8
|
|
Followup: MachineOwner
|
---------
|
|
|