*** Fatal System Error: 0x000000be
|
(0xFFFFF960001879D2,0x00B0000022588021,0xFFFFF88004D9B410,0x000000000000000B)
|
|
Driver at fault:
|
*** win32k.sys - Address FFFFF960001F7526 base at FFFFF960000C0000, DateStamp 56422d98
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x64 target at (Fri Jan 29 15:51:16.929 2016 (UTC - 8:00)), ptr64 TRUE
|
Loading Kernel Symbols
|
...............................................................
|
......................
|
|
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
|
Run !sym noisy before .reload to track down problems loading symbols.
|
|
......................................
|
Loading User Symbols
|
.....
|
Loading unloaded module list
|
.....*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
|
|
Loading Wow64 Symbols
|
.................
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck BE, {fffff960001879d2, b0000022588021, fffff88004d9b410, b}
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
|
"kernel32.dll" was not found in the image list.
|
Debugger will attempt to load "kernel32.dll" at given base 00000000`00000000.
|
|
Please provide the full image name, including the extension (i.e. kernel32.dll)
|
for more reliable results.Base address and size overrides can be given as
|
.reload <image.ext>=<base>,<size>.
|
Unable to add module at 00000000`00000000
|
Probably caused by : win32k.sys ( win32k!xxxRealDrawMenuItem+6ea )
|
|
Followup: MachineOwner
|
---------
|
|
nt!DbgBreakPointWithStatus:
|
fffff800`02676a70 cc int 3
|
1: kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
|
An attempt was made to write to readonly memory. The guilty driver is on the
|
stack trace (and is typically the current instruction pointer).
|
When possible, the guilty driver's name (Unicode string) is printed on
|
the bugcheck screen and saved in KiBugCheckDriver.
|
Arguments:
|
Arg1: fffff960001879d2, Virtual address for the attempted write.
|
Arg2: 00b0000022588021, PTE contents.
|
Arg3: fffff88004d9b410, (reserved)
|
Arg4: 000000000000000b, (reserved)
|
|
Debugging Details:
|
------------------
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422D98325000\win32k.sys
|
The system cannot find the file specified.
|
|
|
"kernel32.dll" was not found in the image list.
|
Debugger will attempt to load "kernel32.dll" at given base 00000000`00000000.
|
|
Please provide the full image name, including the extension (i.e. kernel32.dll)
|
for more reliable results.Base address and size overrides can be given as
|
.reload <image.ext>=<base>,<size>.
|
Unable to add module at 00000000`00000000
|
|
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
|
|
BUGCHECK_STR: 0xBE
|
|
PROCESS_NAME: b6_x64.exe
|
|
CURRENT_IRQL: 2
|
|
TRAP_FRAME: fffff88004d9b410 -- (.trap 0xfffff88004d9b410)
|
NOTE: The trap frame does not contain all registers.
|
Some register values may be zeroed or incorrect.
|
rax=0000000024747474 rbx=0000000000000000 rcx=0000000000005d0a
|
rdx=0000000000000074 rsi=0000000000000000 rdi=0000000000000000
|
rip=fffff960001f7526 rsp=fffff88004d9b5a0 rbp=000000007fffff69
|
r8=fffff960001879d2 r9=000000007fffa365 r10=0000000000000001
|
r11=000000007fffa365 r12=0000000000000000 r13=0000000000000000
|
r14=0000000000000000 r15=0000000000000000
|
iopl=0 nv up ei pl nz na po nc
|
win32k!xxxRealDrawMenuItem+0x6ea:
|
fffff960`001f7526 418900 mov dword ptr [r8],eax ds:0001:fffff960`001879d2=245c8d4c
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from fffff800027703b2 to fffff80002676a70
|
|
STACK_TEXT:
|
fffff880`04d9ab38 fffff800`027703b2 : fffff960`001879d2 fffffa80`0283f5c0 00000000`00000065 fffff800`026ba298 : nt!DbgBreakPointWithStatus
|
fffff880`04d9ab40 fffff800`0277119e : fffff880`00000003 00000000`00000000 fffff800`026bab40 fffff880`04d9b1a0 : nt!KiBugCheckDebugBreak+0x12
|
fffff880`04d9aba0 fffff800`0267ed44 : 00000000`000000e0 00000000`00000000 00000000`fffff900 00000000`00000008 : nt!KeBugCheck2+0x71e
|
fffff880`04d9b270 fffff800`026fae6d : 00000000`000000be fffff960`001879d2 00b00000`22588021 fffff880`04d9b410 : nt!KeBugCheckEx+0x104
|
fffff880`04d9b2b0 fffff800`0267cd6e : 00000000`00000001 fffff960`001879d2 00000000`00000000 fffff900`c2e66f70 : nt! ?? ::FNODOBFM::`string'+0x4132e
|
fffff880`04d9b410 fffff960`001f7526 : ffffffff`9c0109e3 00000000`00000000 fffff900`00000000 fffff900`0000009d : nt!KiPageFault+0x16e
|
fffff880`04d9b5a0 fffff960`0023c48f : 00000000`60010691 00000000`00000000 00000000`00000000 fffff960`001877a1 : win32k!xxxRealDrawMenuItem+0x6ea
|
fffff880`04d9b740 fffff960`001f6d66 : 00000000`00000001 00000000`01100062 fffff880`04d9b910 fffff900`c2e66ee0 : win32k!xxxDrawState+0x5e7
|
fffff880`04d9b8b0 fffff960`001f840e : fffff900`c2e8e3d0 00000000`60010691 fffff900`00000020 00000000`00000000 : win32k!xxxDrawMenuItem+0x516
|
fffff880`04d9b970 fffff960`001f8d46 : fffff960`003b66c0 fffff960`00000000 fffff880`04d9bb50 00000000`00000000 : win32k!xxxMenuDraw+0x346
|
fffff880`04d9ba40 fffff960`001a55eb : 00000000`00000000 00000000`60010691 fffff900`00000007 fffff960`00000000 : win32k!xxxDrawMenuBarTemp+0x2aa
|
fffff880`04d9bb20 fffff800`0267ded3 : fffffa80`0283f5c0 00000000`0015e1d8 fffff880`04d9bbc8 00000980`00000000 : win32k!NtUserDrawMenuBarTemp+0xe7
|
fffff880`04d9bbb0 00000000`7523280a : 00000000`7521dc14 00000000`747b3ff4 00000000`7520ae9f 00000000`751e2450 : nt!KiSystemServiceCopyEnd+0x13
|
00000000`0015e1b8 00000000`7521dc14 : 00000000`747b3ff4 00000000`7520ae9f 00000000`751e2450 00000000`0015eb30 : wow64win!NtUserDrawMenuBarTemp+0xa
|
00000000`0015e1c0 00000000`7525d18f : 00000000`00000000 00000000`0028f754 00000000`7efdb000 00000000`7efdd000 : wow64win!whNtUserDrawMenuBarTemp+0x24
|
00000000`0015e200 00000000`751e2776 : 00000000`77b701b4 00000000`75250023 00000000`00000246 00000000`0028f93c : wow64!Wow64SystemServiceEx+0xd7
|
00000000`0015eac0 00000000`7525d286 : 00000000`00000000 00000000`751e1920 ffffffff`fc680000 00000000`779adfc1 : wow64cpu!TurboDispatchJumpAddressEnd+0x2d
|
00000000`0015eb80 00000000`7525c69e : 00000000`00000000 00000000`00000000 00000000`75254b10 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
|
00000000`0015ebd0 00000000`779c16a6 : 00000000`004049a0 00000000`00000000 00000000`77aae670 00000000`77a81950 : wow64!Wow64LdrpInitialize+0x42a
|
00000000`0015f120 00000000`004049a0 : 00000000`00000000 00000000`77aae670 00000000`77a81950 00000000`00000000 : ntdll+0x416a6
|
00000000`0015f128 00000000`00000000 : 00000000`77aae670 00000000`77a81950 00000000`00000000 00000000`0015f2a0 : 0x4049a0
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!xxxRealDrawMenuItem+6ea
|
fffff960`001f7526 418900 mov dword ptr [r8],eax
|
|
SYMBOL_STACK_INDEX: 6
|
|
SYMBOL_NAME: win32k!xxxRealDrawMenuItem+6ea
|
|
FOLLOWUP_NAME: MachineOwner
|
|
MODULE_NAME: win32k
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 56422d98
|
|
FAILURE_BUCKET_ID: X64_0xBE_VRF_win32k!xxxRealDrawMenuItem+6ea
|
|
BUCKET_ID: X64_0xBE_VRF_win32k!xxxRealDrawMenuItem+6ea
|
|
Followup: MachineOwner
|
---------
|