FAULTING_IP: nt!RtlSetBits+3f fffff802`6c88bedf 0803 or byte ptr [rbx],al
PROCESS_NAME: SearchProtocol
....
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
FAILURE_ID_HASH_STRING: km:memory_corruption_large
....
[COLOR="#008000"]den hier normalerweise folgenden Stack überspringe ich und mache mit
dem letzten aktiven Thread weiter[/COLOR]
0: kd> !thread
THREAD ffffbd08455e6080 Cid 1da8.1dc0 Teb: 000000f5c4eb0000 Win32Thread: ffffbd084adb5150 RUNNING on processor 0
IRP List:
Unable to read nt!_IRP @ ffffbd083eebfa80
Not impersonating
GetUlongFromAddress: unable to read from fffff8026cb4b2d4
[COLOR="#FF0000"]Owning Process ffffbd0848bf5640 Image: SearchProtocolHost.exe[/COLOR]
Attached Process N/A Image: N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount 10806
Context Switch Count 273810 IdealProcessor: 2
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x00007ff6baa57b10
Stack Init ffffe481d4358c10 Current ffffe481d4357400
Base ffffe481d4359000 Limit ffffe481d4352000 Call 0
Priority 5 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 1
Child-SP RetAddr : Args to Child : Call Site
ffffe481`d4357f38 fffff802`6c9aff32 : 00000000`00000050 fffff802`7585c7c0 00000000`00000002 ffffe481`d43581d0 : nt!KeBugCheckEx
ffffe481`d4357f40 fffff802`6c89b246 : 00000000`00000002 fffff802`7585c7c0 ffffe481`d43581d0 ffffbd08`48bf5640 : nt!MiSystemFault+0x116e92
ffffe481`d4357fe0 fffff802`6c983c72 : 00000000`0000e8c0 00000000`00000000 ffffe481`d4358270 fffff802`6c983da0 : nt!MmAccessFault+0xae6
[COLOR="#FF0000"]ffffe481`d43581d0 fffff802`6c88bedf : ffffe481`d43583f8 ffffe481`d43583d0 ffffe481`d4358388 00000000`00000018 : nt!KiPageFault+0x132 (TrapFrame @ ffffe481`d43581d0)[/COLOR]
[COLOR="#FF0000"]ffffe481`d4358360 fffff802`6cce6215 : ffff800e`28c21db0 ffffe481`d4358401 00000000`0000000f ffffbd08`3e685f30 : nt!RtlSetBits+0x3f[/COLOR]
[COLOR="#008000"]Hier soll ein Bitmap-Bit gesetzt werden, wodurch es zum Absturz kommt. Die nächste Zeile
ist dann MmPageFault[/COLOR]
ffffe481`d4358390 fffff802`6cce4e07 : ffff800e`2fbd8048 00000000`0000013d ffff800e`2fbd8000 00000000`000003a3 : nt!MiUpdateCfgSystemWideBitmapWorker+0x2e5
ffffe481`d4358460 fffff802`6ccea9ac : 00000000`00000023 ffffe481`d43586d9 00000000`10000000 00000000`00000000 : nt!MiUpdateCfgSystemWideBitmap+0x83
ffffe481`d43584a0 fffff802`6cce8289 : ffffe481`d4358890 ffffe481`d4358890 ffffe481`d43586d9 ffffe481`d4358890 : nt!MiRelocateImage+0x30c
ffffe481`d4358600 fffff802`6ccc7479 : ffffe481`00000000 ffffe481`d4358890 ffffe481`d4358890 ffffbd08`55ba4c90 : nt!MiCreateNewSection+0x3ad
ffffe481`d4358740 fffff802`6ccc6bf2 : ffffe481`d4358770 ffff800e`2eb0ed50 ffffbd08`55ba4c90 00000000`0120011e : nt!MiCreateImageOrDataSection+0x289
ffffe481`d4358820 fffff802`6ccc7772 : 00000000`11000000 00000000`00000000 ffff800e`2ae5a9d0 fffff802`6ccb90c9 : nt!MiCreateSection+0xd2
ffffe481`d4358960 fffff802`6c985313 : ffffbd08`455e6080 00000000`00000005 00000000`00000000 000000f5`c5277e78 : nt!NtCreateSection+0x1e2
ffffe481`d4358a10 00007ff8`ab675cf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffe481`d4358a80)
000000f5`c5277e58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`ab675cf4