Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
Opened \\.\pipe\kd_exploit32
|
Waiting to reconnect...
|
Connected to Windows 7 7601 x86 compatible target at (Fri Mar 27 13:54:29.299 2015 (UTC + 1:00)), ptr64 FALSE
|
Kernel Debugger connection established.
|
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.comSRV*c:\symbols\*http://symbols.mozilla.org/firefox;srv*c:\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
|
Executable search path is:
|
Windows 7 Kernel Version 7601 MP (1 procs) Free x86 compatible
|
Built by: 7601.18741.x86fre.win7sp1_gdr.150202-1526
|
Machine Name:
|
Kernel base = 0x82a3b000 PsLoadedModuleList = 0x82b855b0
|
System Uptime: not available
|
nt!DbgLoadImageSymbols+0x47:
|
82a53578 cc int 3
|
kd> g
|
nt!DbgLoadImageSymbols+0x47:
|
82a53578 cc int 3
|
1: kd> g
|
|
*** Fatal System Error: 0x00000019
|
(0x00000003,0x8CFAEFC8,0x8CFAEFC7,0x8CFAEFC8)
|
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x86 compatible target at (Fri Mar 27 14:10:12.004 2015 (UTC + 1:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
................................................................
|
.........................
|
Loading User Symbols
|
...........
|
Loading unloaded module list
|
....
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck 19, {3, 8cfaefc8, 8cfaefc7, 8cfaefc8}
|
|
*** WARNING: Unable to verify checksum for prime.exe
|
*** ERROR: Module load completed but symbols could not be loaded for prime.exe
|
Probably caused by : win32k.sys ( win32k!Win32AllocPool+13 )
|
|
Followup: MachineOwner
|
---------
|
|
Assertion: *** DPC watchdog timeout
|
This is NOT a break in update time
|
This is most likely a BUG in an ISR
|
Perform a stack trace to find the culprit
|
The period will be doubled on continuation
|
Use gh to continue!!
|
|
nt!KeAccumulateTicks+0x3c5:
|
82ab638c cd2c int 2Ch
|
0: kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
BAD_POOL_HEADER (19)
|
The pool is already corrupt at the time of the current request.
|
This may or may not be due to the caller.
|
The internal pool links must be walked to figure out a possible cause of
|
the problem, and then special pool applied to the suspect tags or the driver
|
verifier to a suspect driver.
|
Arguments:
|
Arg1: 00000003, the pool freelist is corrupt.
|
Arg2: 8cfaefc8, the pool entry being checked.
|
Arg3: 8cfaefc7, the read back flink freelist value (should be the same as 2).
|
Arg4: 8cfaefc8, the read back blink freelist value (should be the same as 2).
|
|
Debugging Details:
|
------------------
|
|
|
BUGCHECK_STR: 0x19_3
|
|
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
|
|
PROCESS_NAME: prime.exe
|
|
CURRENT_IRQL: 1c
|
|
LAST_CONTROL_TRANSFER: from 82ab5853 to 82ab638c
|
|
STACK_TEXT:
|
9ff6c598 82ab5853 0002625a 00000000 0000aa00 nt!KeAccumulateTicks+0x3c5
|
9ff6c5d8 82ab5700 82a1d0a8 26ea587c 00000000 nt!KeUpdateRunTime+0x145
|
9ff6c630 82ab4f03 ffae0002 ffae0002 000000d1 nt!KeUpdateSystemTime+0x613
|
9ff6c630 82a1d0a8 ffae0002 ffae0002 000000d1 nt!KeUpdateSystemTimeAssist+0x13
|
9ff6c6b4 82a0bb8c 00001000 00000000 9ff6c714 hal!READ_PORT_USHORT+0x8
|
9ff6c6c4 82a0bcf5 82b19f92 4aadd2e2 00000065 hal!HalpCheckPowerButton+0x2e
|
9ff6c6c8 82b19f92 4aadd2e2 00000065 00000000 hal!HaliHaltSystem+0x7
|
9ff6c714 82b1aa39 00000003 8cfaee04 8cfaefc8 nt!KiBugCheckDebugBreak+0x73
|
9ff6cad8 82b5c68c 00000019 00000003 8cfaefc8 nt!KeBugCheck2+0x68b
|
9ff6cb40 9675c9ef 00000021 00000084 40616c47 nt!ExAllocatePoolWithTag+0x682
|
9ff6cb54 96753b36 00000084 40616c47 9ff6cb7c win32k!Win32AllocPool+0x13
|
9ff6cb64 96754e29 00000021 00000084 40616c47 win32k!StubGdiAlloc+0x10
|
9ff6cb7c 9675418f 858b92f8 00000001 00000000 win32k!ExAllocateFromPagedLookasideList+0x27
|
9ff6cb94 96762918 00000084 00000010 00000001 win32k!AllocateObject+0x23
|
9ff6cbac 96762977 00000004 097c8fc4 00000001 win32k!BRUSHMEMOBJ::pbrAllocBrush+0x21
|
9ff6cbf8 9684b956 deadbeef 00000001 00000004 win32k!BRUSHMEMOBJ::BRUSHMEMOBJ+0x29
|
9ff6cc20 82a78896 00000001 deadbeef 00000004 win32k!hCreateHatchBrushInternal+0x23
|
9ff6cc20 76ea70f4 00000001 deadbeef 00000004 nt!KiSystemServicePostCall
|
0020f770 0129105a 00000000 00000001 deadbeef ntdll!KiFastSystemCallRet
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0020f788 012910e9 00000001 deadbeef 00000004 prime+0x105a
|
0020f7b4 0129131b 00000001 002ca4c0 002ca4e0 prime+0x10e9
|
0020f7fc 760fee1c 7ffd4000 0020f848 76ec37eb prime+0x131b
|
0020f808 76ec37eb 7ffd4000 76d987f7 00000000 kernel32!BaseThreadInitThunk+0xe
|
0020f848 76ec37be 01291398 7ffd4000 00000000 ntdll!__RtlUserThreadStart+0x70
|
0020f860 00000000 01291398 7ffd4000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!Win32AllocPool+13
|
9675c9ef 5d pop ebp
|
|
SYMBOL_STACK_INDEX: a
|
|
SYMBOL_NAME: win32k!Win32AllocPool+13
|
|
FOLLOWUP_NAME: MachineOwner
|
|
MODULE_NAME: win32k
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 54ee8ecd
|
|
FAILURE_BUCKET_ID: 0x19_3_win32k!Win32AllocPool+13
|
|
BUCKET_ID: 0x19_3_win32k!Win32AllocPool+13
|
|
Followup: MachineOwner
|
---------
|