PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a012e26000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88006e2dbd2, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000000, (reserved)
.....
[COLOR="#FF0000"]FAULTING_IP: acedrv08+4bd2 fffff880`06e2dbd2 450fb70452 movzx r8d,word ptr [r10+rdx*2]
PROCESS_NAME: LeagueClient.exe[/COLOR]
.....
[COLOR="#008000"]Den hier folgenden Stack überspring ich, weil der Stack des letzten Thread zutreffend ist.[/COLOR]
MODULE_NAME: acedrv08
[COLOR="#FF0000"]IMAGE_NAME: acedrv08.sys[/COLOR]
FAILURE_BUCKET_ID: X64_0x50_acedrv08+4bd2
.....
[COLOR="#008000"]Den letzten Thread abfragen[/COLOR]
0: kd> !thread
GetPointerFromAddress: unable to read from fffff8000390c000
THREAD fffffa800748cb50 Cid 0c14.0ed4 Teb: 00000000fffdb000 Win32Thread: fffff900c2ada810 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from fffff8000384ac18
[COLOR="#FF0000"]Owning Process fffffa80073cdb10 Image: LeagueClient.e[/COLOR]
Attached Process N/A Image: N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount 36006
Context Switch Count 259 IdealProcessor: 0 LargeStack
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x0000000000bbfcd5
Stack Init fffff8800cbfdc70 Current fffff8800cbfc990
Base fffff8800cbfe000 Limit fffff8800cbf4000 Call 0
Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880`0cbfd378 fffff800`0374d46e : 00000000`00000050 fffff8a0`12e26000 00000000`00000000 fffff880`0cbfd4e0 : nt!KeBugCheckEx
fffff880`0cbfd380 fffff800`036cd56e : 00000000`00000000 fffff8a0`12e26000 00000000`00000000 00000000`0000b01c : nt! ?? ::FNODOBFM::`string'+0x3bc5f
fffff880`0cbfd4e0 fffff880`06e2dbd2 : 004e0052`0045004b 00320033`004c0045 004c004c`0044002e 00000000`00000000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`0cbfd4e0)
[COLOR="#FF0000"]fffff880`0cbfd670 004e0052`0045004b : 00320033`004c0045 004c004c`0044002e 00000000`00000000 ffff0000`0a5b5064 : acedrv08+0x4bd2[/COLOR]
[COLOR="#008000"]Der Treiber acedrv08.sys verursacht mit seiner Funktion an der relativen Adresse 0x4bd2
ein PageFault, also einen Speicherfehler [/COLOR]
fffff880`0cbfd678 00320033`004c0045 : 004c004c`0044002e 00000000`00000000 ffff0000`0a5b5064 00000000`00000c14 : 0x004e0052`0045004b
fffff880`0cbfd680 004c004c`0044002e : 00000000`00000000 ffff0000`0a5b5064 00000000`00000c14 fffff880`0cbfd858 : 0x00320033`004c0045
fffff880`0cbfd688 00000000`00000000 : ffff0000`0a5b5064 00000000`00000c14 fffff880`0cbfd858 fffff880`06e2dde8 : 0x004c004c`0044002e