windbg抓一个windows蓝屏分析
Posted 特立独行的猫a
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了windbg抓一个windows蓝屏分析相关的知识,希望对你有一定的参考价值。
前言
设备一直以来挺稳定,但还是小概率事件意外出现某设备突然蓝屏了。查看windows事件查看器提示计算机已经从检测错误后重新启动。检测错误: 0x0000009f (0x0000000000000003, 0xffffad0f4edc7570, 0xfffff8046a09ec20, 0xffffad0f4ef318a0)。已将转储的数据保存在: C:\\Windows\\MEMORY.DMP。
分析过程
蓝屏错误代码解释
首先查看微软csdn中关于蓝屏错误代码的解释:Bug 检查 0x9F:DRIVER_POWER_STATE_FAILUR,此 bug 检查表明驱动程序处于不一致或处于无效状态。
Bug 检查 0x9F DRIVER_POWER_STATE_FAILURE - Windows drivers | Microsoft Learn
WinDbg工具使用
Windbg是在windows平台下,强大的用户态和内核态调试工具。相比较于Visual Studio,它是一个轻量级的调试工具,它的另外一个用途是可以用来分析dump数据。
Windbg的symbol file path设置:
srv*C:\\symbols*http://msdl.microsoft.com/download/symbols
1.先使用!analyze -v 命令查看基础bug信息报告。
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: ffffad0f4edc7570, Physical Device Object of the stack
Arg3: fffff8046a09ec20, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
Arg4: ffffad0f4ef318a0, The blocked IRP
Debugging Details:
------------------
Implicit thread is now ffffad0f`4e521040
查看线程的堆栈信息:
0: kd> .thread 0xffffad0f4e521040 ; kb
从线程堆栈中看到,像是usb驱动层出了问题,通过调用 PoRequestPowerIrp 发送设备电源请求以响应系统电源请求。管理设备电源策略 - Windows drivers | Microsoft Learn
USBXHCI!Controller_WdfEvtPreprocessSetPowerIrp+0x14a
2.使用 ! irp 命令检查已阻止的 irp。 此 IRP 的地址位于 Arg4 中。
3.使用带有 Arg2 地址的 ! devstack 命令来显示与错误驱动程序关联的信息。
从以上过程看到,暴露出来了设备树ID,但是从这一长串中如何更进一步看到具体的设备呢?尤其是usb设备的vid和pid等信息。
接下来如何查看设备的节点信息呢?
4.使用!devnode 扩展显示有关设备树中节点的信息。
注意图中红色标注的child地址,接下来继续展开节点查看信息:
再接着展开:
接着展开查看:
最终显示如下,是一个hid类型的输入设备,设备硬件ID是"HID\\VID_03EB&PID_8A6E&MI_00\\8&5bc49fe&0&0000"。
那么最终大致确定出问题的可能是这个hid设备驱动异常导致的,如何在设备上找到具体是哪个硬件设备?推荐使用UsbTreeView工具。
UsbTreeView工具使用
UsbTreeView是Windows下的一款关于USB描述符分析的工具,可以显示USB设备的一系列属性值。其中包括驱动路径,和inf配置文件路径。该工具俱有以下特点:
- 实时显示USB设备的连接状态。
- 以树状的形式显示连接到PC机中的所有USB设备,集线器和控制器。
- 可完美的分析连接到PC机中USB设备的各类USB描述符信息。
- 支持USB1.0/USB2.0/USB3.x规范协议分析。
- 支持对UVC,UAC,HID设备的描述符信息分析。
UsbTreeView的下载地址:Uwe Sieber's Homepage
使用UsbTreeView可以看到电脑中的USB设备树,左边为设备的树状状系,右边为设备的详细信息。
最后附上完整的windbg日志:
Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\\Users\\Administrator\\Desktop\\test\\log\\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff804`678b6000 PsLoadedModuleList = 0xfffff804`67ccc490
Debug session time: Wed Jan 11 04:20:50.968 2023 (UTC + 8:00)
System Uptime: 8 days 19:36:27.847
Loading Kernel Symbols
...............................................................
................................................................
..........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00216018). Type ".hh dbgerr001" for details
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 9F, 3, ffffad0f4edc7570, fffff8046a09ec20, ffffad0f4ef318a0
Implicit thread is now ffffad0f`4e521040
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: ffffad0f4edc7570, Physical Device Object of the stack
Arg3: fffff8046a09ec20, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
Arg4: ffffad0f4ef318a0, The blocked IRP
Debugging Details:
------------------
Implicit thread is now ffffad0f`4e521040
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: To be filled by O.E.M.
SYSTEM_PRODUCT_NAME: To be filled by O.E.M.
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: To be filled by O.E.M.
Bios_VENDOR: American Megatrends Inc.
BIOS_VERSION: 4.6.5
BIOS_DATE: 01/19/2021
BASEBOARD_MANUFACTURER: INTEL Corporation
BASEBOARD_PRODUCT: MAHOBAY
BASEBOARD_VERSION: To be filled by O.E.M.
DUMP_TYPE: 1
BUGCHECK_P1: 3
BUGCHECK_P2: ffffad0f4edc7570
BUGCHECK_P3: fffff8046a09ec20
BUGCHECK_P4: ffffad0f4ef318a0
DRVPOWERSTATE_SUBCODE: 3
FAULTING_THREAD: 4e521040
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3a
CPU_STEPPING: 9
CPU_MICROCODE: 6,3a,9,0 (F,M,S,R) SIG: 21'00000000 (cache) 21'00000000 (init)
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x9F
PROCESS_NAME: LoadPointUI.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-3GQMSDN
ANALYSIS_SESSION_TIME: 01-29-2023 09:36:00.0108
ANALYSIS_VERSION: 10.0.14321.1024 x86fre
DPC_STACK_BASE: FFFFF8046A09EFB0
LAST_CONTROL_TRANSFER: from fffff804679e23a8 to fffff80467a74ba6
STACK_TEXT:
ffff8b84`2a61ac60 fffff804`679e23a8 : ffffad0f`5d7d5080 ffff8b84`2a61add8 ffffad0f`4e521040 00000000`00000000 : nt!KiSwapContext+0x76
ffff8b84`2a61ada0 fffff804`67a221ba : ffffad0f`00000000 ffff8b84`2a61ae90 00000000`00000000 00000000`00000000 : nt!KeSetSystemGroupAffinityThread+0x268
ffff8b84`2a61ae20 fffff804`67a22085 : 00000000`6e696f49 ffff8b84`00000000 ffffad0f`4edc7570 00000000`00000000 : nt!KiAcquireInterruptConnectLock+0x42
ffff8b84`2a61ae60 fffff804`67a21ed8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiConnectInterrupt+0x85
ffff8b84`2a61aed0 fffff804`67fbc2b9 : ffff8b84`2a61b004 ffff8b84`2a61b030 ffffad0f`75dc7e10 00000000`00000004 : nt!KeConnectInterrupt+0x58
ffff8b84`2a61af30 fffff804`67fbbf0a : ffff8b84`2a61b168 fffff804`6a3140a0 00000000`00000000 ffffad0f`51112bc0 : nt!IopConnectInterrupt+0x30d
ffff8b84`2a61b080 fffff804`6a32356c : ffffad0f`4ef618b0 00000000`00000000 ffffad0f`51112bc0 ffffad0f`4ef038b0 : nt!IoConnectInterruptEx+0x1da
ffff8b84`2a61b160 fffff804`6a3233fa : ffffad0f`51112bc0 ffffad0f`4ef4cc90 ffffad0f`4ef038b0 fffff804`6a3151ca : Wdf01000!FxInterrupt::ConnectInternal+0xd4 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\km\\interruptobjectkm.cpp @ 173]
ffff8b84`2a61b1e0 fffff804`6a323623 : ffffad0f`51112d78 00000000`00000000 ffffad0f`51112bc0 ffff8b84`2a61b308 : Wdf01000!FxInterrupt::Connect+0x62 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\interruptobject.cpp @ 1263]
ffff8b84`2a61b270 fffff804`6a3218a6 : ffffad0f`4ef038b0 ffff8b84`2a61b3e0 00000000`00000000 fffff804`6a3aa518 : Wdf01000!FxPkgPnp::PowerWakingConnectInterrupt+0x93 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\powerstatemachine.cpp @ 3614]
ffff8b84`2a61b2e0 fffff804`6a320c6c : ffffad0f`4ef03ab0 ffffad0f`00000000 ffffad0f`4ef03a88 ffffad0f`4ed59a00 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0x1f6 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\powerstatemachine.cpp @ 1557]
ffff8b84`2a61b450 fffff804`6a31ffb9 : 00000000`00000000 ffffad0f`5102cd80 ffffad0f`4ef318a0 00000000`00000000 : Wdf01000!FxPkgPnp::PowerProcessEvent+0x15c [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\powerstatemachine.cpp @ 1338]
ffff8b84`2a61b4f0 fffff804`679d4f06 : ffffad0f`5102cd80 ffffad0f`5e1c7670 ffffad0f`4ef31a4b ffffad0f`5102cd80 : Wdf01000!FxPkgFdo::RaiseDevicePowerCompletion+0x39 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\fdopower.cpp @ 396]
ffff8b84`2a61b520 fffff804`67938b3d : ffffad0f`4ef31a4b ffff8b84`2a61b5f9 00000000`00000002 ffffad0f`5102cd80 : nt!IopUnloadSafeCompletion+0x56
ffff8b84`2a61b550 fffff804`67938957 : ffffad0f`4ef318a0 00000000`00000000 00000000`00000000 ffffad0f`4edc76c0 : nt!IopfCompleteRequest+0x1cd
ffff8b84`2a61b660 fffff804`6ab4b826 : 00000000`00000103 ffffad0f`4edc7be8 00000000`00000103 fffff804`6a412053 : nt!IofCompleteRequest+0x17
ffff8b84`2a61b690 fffff804`6ab41d1e : 00000000`00000000 ffffad0f`4ef31801 ffffad0f`4ef31801 00000000`00000103 : pci!PciPowerUpDeviceTimerCallback+0x426
ffff8b84`2a61b790 fffff804`6ab42577 : ffffad0f`4edc76c0 ffffad0f`4edc76c0 00000000`00000002 fffff804`6a31faa4 : pci!PciDevice_RetireD0Irp+0xe2
ffff8b84`2a61b7f0 fffff804`6ab4371d : ffffad0f`4ef318a0 00000000`00000000 ffffad0f`4ef31a48 00000000`00000000 : pci!PciDevice_SetPower+0x177
ffff8b84`2a61b850 fffff804`67a260e2 : ffffad0f`4ef318a0 ffffad0f`4ef4ce40 fffff804`6a31ff80 00000000`00000000 : pci!PciDispatchPnpPower+0xad
ffff8b84`2a61b8c0 fffff804`67930d90 : ffffad0f`4ef318a0 fffff804`6a31ff80 00000000`00000000 ffffad0f`5102cd80 : nt!IopPoHandleIrp+0x36
ffff8b84`2a61b8f0 fffff804`67a2a879 : ffffad0f`4ef03801 ffff8b84`2a61b9f0 00000000`00000000 ffffad0f`4ef61a20 : nt!IofCallDriver+0x70
ffff8b84`2a61b930 fffff804`6a31fbf4 : ffff8b84`2a61ba70 ffffad0f`4ef4ce40 fffff804`6a31ff80 ffffad0f`4ef038b0 : nt!IoCallDriver+0x9
ffff8b84`2a61b960 fffff804`6a31fc81 : ffff8b84`2a61ba70 00000000`00000000 00000000`00000001 ffff8b84`2a61ba40 : Wdf01000!FxPkgFdo::RaiseDevicePower+0xb4 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\fdopower.cpp @ 367]
ffff8b84`2a61b9b0 fffff804`6a312ef3 : ffffad0f`4ef038b0 fffff804`67a26442 ffffad0f`5117d001 fffff804`67a2a879 : Wdf01000!FxPkgFdo::_DispatchSetPower+0x71 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\fdopower.cpp @ 122]
ffff8b84`2a61ba00 fffff804`6a3114cf : ffffad0f`4ef318a0 ffffad0f`4ef318a0 ffffad0f`4ef4cc90 fffff804`67922ed0 : Wdf01000!FxPkgPnp::Dispatch+0xb3 [minkernel\\wdf\\framework\\shared\\irphandlers\\pnp\\fxpkgpnp.cpp @ 745]
ffff8b84`2a61ba70 fffff804`6c6b12ca : ffffad0f`51017960 ffffad0f`4ef618b0 ffffad0f`4ef61ba0 ffffad0f`510e7c50 : Wdf01000!imp_WdfDeviceWdmDispatchPreprocessedIrp+0x10f [minkernel\\wdf\\framework\\shared\\core\\km\\fxdeviceapikm.cpp @ 255]
ffff8b84`2a61bac0 fffff804`6a311c4d : ffffad0f`4ef318a0 00000000`00000016 00000000`00000210 ffffad0f`4ef618b0 : USBXHCI!Controller_WdfEvtPreprocessSetPowerIrp+0x14a
ffff8b84`2a61bb00 fffff804`67a25ec6 : ffff8b84`2a61bbe0 ffffad0f`4ef318a0 00000000`00000000 ffffad0f`5102cd80 : Wdf01000!FxDevice::DispatchWithLock+0x1ed [minkernel\\wdf\\framework\\shared\\core\\fxdevice.cpp @ 1430]
ffff8b84`2a61bb60 fffff804`679d43a5 : ffffad0f`4e521040 fffff804`67a25ca0 00000000`00000000 002d0064`00610070 : nt!PopIrpWorker+0x226
ffff8b84`2a61bc10 fffff804`67a7545c : ffffbd00`deb40180 ffffad0f`4e521040 fffff804`679d4350 00200020`0020000a : nt!PspSystemThreadStartup+0x55
ffff8b84`2a61bc60 00000000`00000000 : ffff8b84`2a61c000 ffff8b84`2a616000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c
STACK_COMMAND: .thread 0xffffad0f4e521040 ; kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff804678b7071-fffff804678b7072 2 bytes - nt!MmFreeIndependentPages+61
[ 80 f6:00 8e ]
fffff804678b707f - nt!MmFreeIndependentPages+6f (+0x0e)
[ fa:f2 ]
fffff804678b8c61-fffff804678b8c62 2 bytes - nt!RtlGetMultiTimePrecise+101 (+0x1be2)
[ 48 ff:4c 8b ]
fffff804678b8c68-fffff804678b8c6c 5 bytes - nt!RtlGetMultiTimePrecise+108 (+0x07)
[ 0f 1f 44 00 00:e8 63 09 f6 ff ]
fffff804678c5423-fffff804678c5424 2 bytes - nt!PfFileInfoNotify+2d3 (+0xc7bb)
[ ff e1:e8 98 ]
fffff804678c5426-fffff804678c5427 2 bytes - nt!PfFileInfoNotify+2d6 (+0x03)
[ cc cc:31 00 ]
fffff804678c6aec - nt!MiMakeSystemCachePteValid+44 (+0x16c6)
[ fa:f2 ]
fffff804678c6b19-fffff804678c6b1a 2 bytes - nt!MiMakeSystemCachePteValid+71 (+0x2d)
[ 80 f6:00 8e ]
fffff804678c73b9-fffff804678c73ba 2 bytes - nt!MmProtectPool+a5 (+0x8a0)
[ 80 f6:00 8e ]
fffff804678c7408-fffff804678c7409 2 bytes - nt!MmProtectPool+f4 (+0x4f)
[ 80 f6:00 8e ]
fffff804678c7475 - nt!MmProtectPool+161 (+0x6d)
[ fa:f2 ]
fffff804678c74a5-fffff804678c74a6 2 bytes - nt!MmProtectPool+191 (+0x30)
[ 80 f6:00 8e ]
fffff804678c74d3 - nt!MmProtectPool+1bf (+0x2e)
[ fa:f2 ]
fffff804678c75bc-fffff804678c75bd 2 bytes - nt!MmProtectPool+2a8 (+0xe9)
[ 80 f6:00 8e ]
fffff804678c765a - nt!MmProtectPool+346 (+0x9e)
[ fa:f2 ]
fffff804678c799a - nt!MiCopyHeaderIfResident+15e (+0x340)
[ fa:f2 ]
fffff804678c7d82 - nt!MiInitializeImageProtos+21e (+0x3e8)
[ fa:f2 ]
fffff804678c7e35 - nt!MiInitializeImageProtos+2d1 (+0xb3)
[ fa:f2 ]
fffff804678c7efe - nt!MiGetPageForHeader+7a (+0xc9)
[ fa:f2 ]
fffff804678c7fff - nt!MiGetSystemPage+4f (+0x101)
[ fa:f2 ]
fffff804678c8570 - nt!MiSectionCreated+14c (+0x571)
[ fa:f2 ]
fffff804678c94f5-fffff804678c94f6 2 bytes - nt!MiEncodeProtoFill+25 (+0xf85)
[ 80 f6:00 8e ]
fffff804678c9e70 - nt!MiCoalesceFreeLargePages+90 (+0x97b)
[ fa:f2 ]
fffff804678c9eb7 - nt!MiCoalesceFreeLargePages+d7 (+0x47)
[ fa:f2 ]
fffff804678ca7d1 - nt!MiConstructNewLargeFreePage+51 (+0x91a)
[ fa:f2 ]
fffff804678ca861 - nt!MiConstructNewLargeFreePage+e1 (+0x90)
[ fa:f2 ]
fffff804678cab8e - nt!MiDeleteFinalPageTables+56 (+0x32d)
[ fa:f2 ]
fffff804678cabc7-fffff804678cabcb 5 bytes - nt!MiDeleteFinalPageTables+8f (+0x39)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cacbe - nt!MiDeleteTopLevelPage+1e (+0xf7)
[ fa:f2 ]
fffff804678cad69-fffff804678cad6a 2 bytes - nt!MiClearContainingMapping+35 (+0xab)
[ 80 f6:00 8e ]
fffff804678cad7e - nt!MiClearContainingMapping+4a (+0x15)
[ fa:f2 ]
fffff804678cce5d - nt!MiChangePageAttribute+45 (+0x20df)
[ fa:f2 ]
fffff804678cd345-fffff804678cd349 5 bytes - nt!MiReplenishBitMap+65 (+0x4e8)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cd34f-fffff804678cd353 5 bytes - nt!MiReplenishBitMap+6f (+0x0a)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff804678cd590-fffff804678cd594 5 bytes - nt!MiReplenishBitMap+2b0 (+0x241)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff804678cd59c-fffff804678cd5a0 5 bytes - nt!MiReplenishBitMap+2bc (+0x0c)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cd613-fffff804678cd617 5 bytes - nt!MiReplenishBitMap+333 (+0x77)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cd76b-fffff804678cd76f 5 bytes - nt!MiReplenishBitMap+48b (+0x158)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cd823-fffff804678cd824 2 bytes - nt!MiReplenishBitMap+543 (+0xb8)
[ 80 f6:00 8e ]
fffff804678cda6f - nt!MiFreePageFileHashPfns+87 (+0x24c)
[ fa:f2 ]
fffff804678cdf04-fffff804678cdf05 2 bytes - nt!MiDeleteCachedKernelStack+3c (+0x495)
[ 80 f6:00 8e ]
fffff804678ceb89 - nt!MiEmptyDecayClusterTimers+a9 (+0xc85)
[ fa:f2 ]
fffff804678cf284-fffff804678cf288 5 bytes - nt!MiAttachSession+44 (+0x6fb)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff804678cf549-fffff804678cf54a 2 bytes - nt!MiStealPage+a1 (+0x2c5)
[ 80 f6:00 8e ]
fffff804678cf59b - nt!MiStealPage+f3 (+0x52)
[ fa:f2 ]
fffff804678cf71e - nt!MiStealPage+276 (+0x183)
[ fa:f2 ]
fffff804678cfc83-fffff804678cfc84 2 bytes - nt!MiStealPage+7db (+0x565)
[ ff f6:7f 8e ]
fffff804678d0246-fffff804678d0247 2 bytes - nt!MiStealPage+d9e (+0x5c3)
[ 80 f6:00 8e ]
fffff804678d08c6-fffff804678d08c7 2 bytes - nt!MiMoveDirtyBitsToPfns+66 (+0x680)
[ 80 f6:00 8e ]
fffff804678d09e5-fffff804678d09e6 2 bytes - nt!MiMoveDirtyBitsToPfns+185 (+0x11f)
[ 80 f6:00 8e ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
Page 40100 not present in the dump file. Type ".hh dbgerr004" for details
fffff80467bfdd0e-fffff80467bfdd10 3 bytes - nt!ExFreePoolWithTag+10ae
[ 40 fb f6:00 47 8e ]
fffff80467bfdd19-fffff80467bfdd1d 5 bytes - nt!ExFreePoolWithTag+10b9 (+0x0b)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467bfdd29-fffff80467bfdd2d 5 bytes - nt!ExFreePoolWithTag+10c9 (+0x10)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467bfddbe-fffff80467bfddbf 2 bytes - nt!ExFreePoolWithTag+115e (+0x95)
[ 80 f6:00 8e ]
fffff80467df0788-fffff80467df078a 3 bytes - nt!_guard_check_icall_fptr
[ 60 ad a2:90 67 a7 ]
fffff80467df0790-fffff80467df0792 3 bytes - nt!_guard_dispatch_icall_fptr (+0x08)
[ b0 a2 a6:e0 67 a7 ]
fffff80467e19b8f-fffff80467e19b90 2 bytes - nt!ExUpdateSystemTimeFromCmos+33
[ 48 ff:4c 8b ]
fffff80467e19b96-fffff80467e19b9a 5 bytes - nt!ExUpdateSystemTimeFromCmos+3a (+0x07)
[ 0f 1f 44 00 00:e8 c5 77 a0 ff ]
fffff80467e1a8d8-fffff80467e1a8d9 2 bytes - nt!PopTransitionSystemPowerStateEx+b74 (+0xd42)
[ 48 ff:4c 8b ]
fffff80467e1a8df-fffff80467e1a8e3 5 bytes - nt!PopTransitionSystemPowerStateEx+b7b (+0x07)
[ 0f 1f 44 00 00:e8 ec ec 9f ff ]
fffff80467e1ab05-fffff80467e1ab06 2 bytes - nt!PopTransitionSystemPowerStateEx+da1 (+0x226)
[ 48 ff:4c 8b ]
fffff80467e1ab0c-fffff80467e1ab10 5 bytes - nt!PopTransitionSystemPowerStateEx+da8 (+0x07)
[ 0f 1f 44 00 00:e8 bf ea 9f ff ]
fffff80467e1ab89-fffff80467e1ab8a 2 bytes - nt!PopTransitionSystemPowerStateEx+e25 (+0x7d)
[ 48 ff:4c 8b ]
fffff80467e1ab90-fffff80467e1ab94 5 bytes - nt!PopTransitionSystemPowerStateEx+e2c (+0x07)
[ 0f 1f 44 00 00:e8 3b ea 9f ff ]
fffff80467e1b5a7-fffff80467e1b5a8 2 bytes - nt!PoBroadcastSystemState+3e3 (+0xa17)
[ 48 ff:4c 8b ]
fffff80467e1b5ae-fffff80467e1b5b2 5 bytes - nt!PoBroadcastSystemState+3ea (+0x07)
[ 0f 1f 44 00 00:e8 1d e0 9f ff ]
fffff80467e1b5eb-fffff80467e1b5ec 2 bytes - nt!PoBroadcastSystemState+427 (+0x3d)
[ 48 ff:4c 8b ]
fffff80467e1b5f2-fffff80467e1b5f6 5 bytes - nt!PoBroadcastSystemState+42e (+0x07)
[ 0f 1f 44 00 00:e8 d9 df 9f ff ]
fffff80467e1b729-fffff80467e1b72a 2 bytes - nt!PoBroadcastSystemState+565 (+0x137)
[ 48 ff:4c 8b ]
fffff80467e1b730-fffff80467e1b734 5 bytes - nt!PoBroadcastSystemState+56c (+0x07)
[ 0f 1f 44 00 00:e8 9b de 9f ff ]
fffff80467e1bf58-fffff80467e1bf59 2 bytes - nt!PopInvokeSystemStateHandler+1bc (+0x828)
[ 48 ff:4c 8b ]
fffff80467e1bf5f-fffff80467e1bf63 5 bytes - nt!PopInvokeSystemStateHandler+1c3 (+0x07)
[ 0f 1f 44 00 00:e8 6c d6 9f ff ]
fffff80467e1c242-fffff80467e1c243 2 bytes - nt!PopInvokeSystemStateHandler+4a6 (+0x2e3)
[ 48 ff:4c 8b ]
fffff80467e1c249-fffff80467e1c24d 5 bytes - nt!PopInvokeSystemStateHandler+4ad (+0x07)
[ 0f 1f 44 00 00:e8 82 d3 9f ff ]
fffff80467e1c461-fffff80467e1c465 5 bytes - nt!PopHandleNextState+71 (+0x218)
[ ff e2 cc cc cc:e8 7a 5c dc ff ]
fffff80467e1cf3d-fffff80467e1cf3e 2 bytes - nt!PopDecompressHiberBlocks+fd (+0xadc)
[ 48 ff:4c 8b ]
fffff80467e1cf44-fffff80467e1cf48 5 bytes - nt!PopDecompressHiberBlocks+104 (+0x07)
[ 0f 1f 44 00 00:e8 87 c6 9f ff ]
fffff80467e1d111-fffff80467e1d112 2 bytes - nt!PopSaveHiberContext+d1 (+0x1cd)
[ 48 ff:4c 8b ]
fffff80467e1d118-fffff80467e1d11b 4 bytes - nt!PopSaveHiberContext+d8 (+0x07)
[ 0f 1f 44 00:e8 13 37 ab ]
fffff80467e1e009-fffff80467e1e00a 2 bytes - nt!PopHiberCheckForDebugBreak+31 (+0xef1)
[ 48 ff:4c 8b ]
fffff80467e1e010-fffff80467e1e014 5 bytes - nt!PopHiberCheckForDebugBreak+38 (+0x07)
[ 0f 1f 44 00 00:e8 bb b5 9f ff ]
fffff80467e1e0ba-fffff80467e1e0bb 2 bytes - nt!KiCalibrateTimeAdjustment+9a (+0xaa)
[ 48 ff:4c 8b ]
fffff80467e1e0c1-fffff80467e1e0c5 5 bytes - nt!KiCalibrateTimeAdjustment+a1 (+0x07)
[ 0f 1f 44 00 00:e8 6a f6 9f ff ]
fffff80467e1e151-fffff80467e1e152 2 bytes - nt!KiCalibrateTimeAdjustment+131 (+0x90)
[ 48 ff:4c 8b ]
fffff80467e1e158-fffff80467e1e15c 5 bytes - nt!KiCalibrateTimeAdjustment+138 (+0x07)
[ 0f 1f 44 00 00:e8 73 b4 9f ff ]
fffff80467e1e3f7-fffff80467e1e3f8 2 bytes - nt!PopHiberCheckResume+f7 (+0x29f)
[ 48 ff:4c 8b ]
fffff80467e1e3fe-fffff80467e1e402 5 bytes - nt!PopHiberCheckResume+fe (+0x07)
[ 0f 1f 44 00 00:e8 dd fb 9f ff ]
fffff80467e1ef60-fffff80467e1ef61 2 bytes - nt!PopGetHwConfigurationSignature+d4 (+0xb62)
[ 48 ff:4c 8b ]
fffff80467e1ef67-fffff80467e1ef6b 5 bytes - nt!PopGetHwConfigurationSignature+db (+0x07)
[ 0f 1f 44 00 00:e8 24 23 a0 ff ]
fffff80467e1f5c5-fffff80467e1f5c9 5 bytes - nt!MiConvertHiberPhasePte+15 (+0x65e)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467e1f5d4-fffff80467e1f5d8 5 bytes - nt!MiConvertHiberPhasePte+24 (+0x0f)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467e20f91-fffff80467e20f95 5 bytes - nt!MiUpdateUserMappings+9 (+0x19bd)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467e20fbc-fffff80467e20fc0 5 bytes - nt!MiUpdateUserMappings+34 (+0x2b)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467e22f8d-fffff80467e22f8e 2 bytes - nt!KiInitializeBootStructures+23d (+0x1fd1)
[ 48 ff:4c 8b ]
fffff80467e22f94-fffff80467e22f98 5 bytes - nt!KiInitializeBootStructures+244 (+0x07)
[ 0f 1f 44 00 00:e8 b7 8d a0 ff ]
fffff80467e2301d-fffff80467e2301e 2 bytes - nt!KiInitializeBootStructures+2cd (+0x89)
[ 48 ff:4c 8b ]
fffff80467e23024-fffff80467e23028 5 bytes - nt!KiInitializeBootStructures+2d4 (+0x07)
[ 0f 1f 44 00 00:e8 c7 ae a0 ff ]
fffff80467e23d1e-fffff80467e23d1f 2 bytes - nt!KiSetFeatureBits+5f2 (+0xcfa)
[ 48 ff:4c 8b ]
fffff80467e23d25-fffff80467e23d29 5 bytes - nt!KiSetFeatureBits+5f9 (+0x07)
[ 0f 1f 44 00 00:e8 16 c1 a0 ff ]
fffff80467e247c6-fffff80467e247c7 2 bytes - nt!KiInitializeKernel+4f6 (+0xaa1)
[ 48 ff:4c 8b ]
fffff80467e247cd-fffff80467e247d1 5 bytes - nt!KiInitializeKernel+4fd (+0x07)
[ 0f 1f 44 00 00:e8 be 79 a7 ff ]
fffff80467e25a87-fffff80467e25a88 2 bytes - nt!MmInitializeProcessor+47 (+0x12ba)
[ 80 f6:00 8e ]
fffff80467e274c7-fffff80467e274c8 2 bytes - nt!ExpSetSystemTime+dc93 (+0x1a40)
[ 48 ff:4c 8b ]
fffff80467e274ce-fffff80467e274d2 5 bytes - nt!ExpSetSystemTime+dc9a (+0x07)
[ 0f 1f 44 00 00:e8 6d 22 a2 ff ]
fffff80467e2792c-fffff80467e2792d 2 bytes - nt!PopInvokeSystemStateHandler+bb90 (+0x45e)
[ 48 ff:4c 8b ]
fffff80467e27933-fffff80467e27937 5 bytes - nt!PopInvokeSystemStateHandler+bb97 (+0x07)
[ 0f 1f 44 00 00:e8 48 10 a2 ff ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
fffff80467e394af-fffff80467e394b0 2 bytes - nt!EtwpAddLogHeader+17f
[ 48 ff:4c 8b ]
fffff80467e394b6-fffff80467e394ba 5 bytes - nt!EtwpAddLogHeader+186 (+0x07)
[ 0f 1f 44 00 00:e8 15 01 9e ff ]
fffff80467e45522-fffff80467e45526 5 bytes - nt!NtPowerInformation+452 (+0xc06c)
[ ff e0 cc cc cc:e8 79 cb d9 ff ]
fffff80467e4552a-fffff80467e4552b 2 bytes - nt!NtPowerInformation+45a (+0x08)
[ 48 ff:4c 8b ]
fffff80467e45531-fffff80467e45535 5 bytes - nt!NtPowerInformation+461 (+0x07)
[ 0f 1f 44 00 00:e8 9a 40 9d ff ]
fffff80467e4c35e-fffff80467e4c35f 2 bytes - nt!PiDqQueryRelease+4a (+0x6e2d)
[ 48 ff:4c 8b ]
fffff80467e4c365-fffff80467e4c368 4 bytes - nt!PiDqQueryRelease+51 (+0x07)
[ 0f 1f 44 00:e8 06 29 9e ]
fffff80467e4ce7d-fffff80467e4ce7e 2 bytes - nt!PiDqIrpQueryCreate+115 (+0xb18)
[ 48 ff:4c 8b ]
fffff80467e4ce84-fffff80467e4ce87 4 bytes - nt!PiDqIrpQueryCreate+11c (+0x07)
[ 0f 1f 44 00:e8 17 1a 9e ]
fffff80467e4ceb8-fffff80467e4ceb9 2 bytes - nt!PiDqIrpQueryCreate+150 (+0x34)
[ 48 ff:4c 8b ]
fffff80467e4cebf-fffff80467e4cec2 4 bytes - nt!PiDqIrpQueryCreate+157 (+0x07)
[ 0f 1f 44 00:e8 0c e5 9d ]
fffff80467e4d367-fffff80467e4d368 2 bytes - nt!PiDqQuerySerializeActionQueue+c3 (+0x4a8)
[ 48 ff:4c 8b ]
fffff80467e4d36e-fffff80467e4d371 4 bytes - nt!PiDqQuerySerializeActionQueue+ca (+0x07)
[ 0f 1f 44 00:e8 6d 12 9e ]
fffff80467e4d3a0-fffff80467e4d3a1 2 bytes - nt!PiDqQuerySerializeActionQueue+fc (+0x32)
[ 48 ff:4c 8b ]
fffff80467e4d3a7-fffff80467e4d3aa 4 bytes - nt!PiDqQuerySerializeActionQueue+103 (+0x07)
[ 0f 1f 44 00:e8 b4 13 9e ]
fffff80467e4d44d-fffff80467e4d44e 2 bytes - nt!PiDqQuerySerializeActionQueue+1a9 (+0xa6)
[ 48 ff:4c 8b ]
fffff80467e4d454-fffff80467e4d457 4 bytes - nt!PiDqQuerySerializeActionQueue+1b0 (+0x07)
[ 0f 1f 44 00:e8 37 65 9d ]
fffff80467e4d599-fffff80467e4d59a 2 bytes - nt!PiDqQuerySerializeActionQueue+2f5 (+0x145)
[ 48 ff:4c 8b ]
fffff80467e4d5a0-fffff80467e4d5a3 4 bytes - nt!PiDqQuerySerializeActionQueue+2fc (+0x07)
[ 0f 1f 44 00:e8 cb 16 9e ]
fffff80467e5facb-fffff80467e5facc 2 bytes - nt!KGetUnlockSetting+6f (+0x1252b)
[ 48 ff:4c 8b ]
fffff80467e5fad2-fffff80467e5fad6 5 bytes - nt!KGetUnlockSetting+76 (+0x07)
[ 0f 1f 44 00 00:e8 49 29 d8 ff ]
fffff80467e5faff-fffff80467e5fb00 2 bytes - nt!KGetUnlockSetting+a3 (+0x2d)
[ 48 ff:4c 8b ]
fffff80467e5fb06-fffff80467e5fb0a 5 bytes - nt!KGetUnlockSetting+aa (+0x07)
[ 0f 1f 44 00 00:e8 15 29 d8 ff ]
fffff80467e5fb38-fffff80467e5fb39 2 bytes - nt!KGetUnlockSetting+dc (+0x32)
[ 48 ff:4c 8b ]
fffff80467e5fb3f-fffff80467e5fb43 5 bytes - nt!KGetUnlockSetting+e3 (+0x07)
[ 0f 1f 44 00 00:e8 dc 28 d8 ff ]
fffff80467e69a39-fffff80467e69a3d 5 bytes - nt!BuildQueryDirectoryIrp+1c9 (+0x9efa)
[ ff e1 cc cc cc:e8 82 86 d7 ff ]
fffff80467e6a852-fffff80467e6a856 5 bytes - nt!FsRtlpOplockFsctrlInternal+4c2 (+0xe19)
[ ff e1 cc cc cc:e8 69 78 d7 ff ]
fffff80467e6eaff - nt!MiCreateImageFileMap+12b (+0x42ad)
[ fa:f2 ]
fffff80467e71908-fffff80467e7190c 5 bytes - nt!MiChargeSegmentCommit+a8 (+0x2e09)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467e71912-fffff80467e71916 5 bytes - nt!MiChargeSegmentCommit+b2 (+0x0a)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467e71dff-fffff80467e71e03 5 bytes - nt!MiParseImageSectionHeaders+36f (+0x4ed)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467e71e11-fffff80467e71e15 5 bytes - nt!MiParseImageSectionHeaders+381 (+0x12)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467e77ebb-fffff80467e77ebf 5 bytes - nt!MiAddMappedPtes+5b (+0x60aa)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467e77ec5-fffff80467e77ec9 5 bytes - nt!MiAddMappedPtes+65 (+0x0a)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467e7df9f-fffff80467e7dfa3 5 bytes - nt!RtlpCombineAcls+5af (+0x60da)
[ ff e1 cc cc cc:e8 1c 41 d6 ff ]
fffff80467e7dff3-fffff80467e7dff7 5 bytes - nt!RtlpCombineAcls+603 (+0x54)
[ ff e1 cc cc cc:e8 c8 40 d6 ff ]
fffff80467e7f5ef-fffff80467e7f5f3 5 bytes - nt!NtSetInformationThread+cf (+0x15fc)
[ ff e1 cc cc cc:e8 cc 2a d6 ff ]
fffff80467e7f83d-fffff80467e7f841 5 bytes - nt!NtSetInformationThread+31d (+0x24e)
[ ff e1 cc cc cc:e8 7e 28 d6 ff ]
fffff80467e81c85-fffff80467e81c89 5 bytes - nt!NtWaitForAlertByThreadId+14a5 (+0x2448)
[ ff e1 cc cc cc:e8 36 04 d6 ff ]
fffff80467e8242b-fffff80467e8242c 2 bytes - nt!NtWaitForAlertByThreadId+1c4b (+0x7a6)
[ 48 ff:4c 8b ]
fffff80467e82432-fffff80467e82436 5 bytes - nt!NtWaitForAlertByThreadId+1c52 (+0x07)
[ 0f 1f 44 00 00:e8 69 02 b7 ff ]
fffff80467e8fad9-fffff80467e8fada 2 bytes - nt!SeQuerySigningPolicy+9d (+0xd6a7)
[ 48 ff:4c 8b ]
fffff80467e8fae0-fffff80467e8fae4 5 bytes - nt!SeQuerySigningPolicy+a4 (+0x07)
[ 0f 1f 44 00 00:e8 bb 2b b6 ff ]
fffff80467eaf4fc-fffff80467eaf500 5 bytes - nt!NtTraceControl+1ec (+0x1fa1c)
[ ff e0 cc cc cc:e8 9f 2b d3 ff ]
fffff80467eaf54e-fffff80467eaf552 5 bytes - nt!NtTraceControl+23e (+0x52)
[ ff e2 cc cc cc:e8 8d 2b d3 ff ]
fffff80467eb2643-fffff80467eb2647 5 bytes - nt!NtQueryInformationToken+e3 (+0x30f5)
[ ff e1 cc cc cc:e8 78 fa d2 ff ]
fffff80467eb7085-fffff80467eb7086 2 bytes - nt!MiPrefetchDriverPages+45 (+0x4a42)
[ 80 f6:00 8e ]
fffff80467eb708c-fffff80467eb7090 5 bytes - nt!MiPrefetchDriverPages+4c (+0x07)
[ d0 be 7d fb f6:c0 91 23 47 8e ]
fffff80467eb7096-fffff80467eb709a 5 bytes - nt!MiPrefetchDriverPages+56 (+0x0a)
[ d7 be 7d fb f6:c7 91 23 47 8e ]
fffff80467eb7381 - nt!MiProcessCrcList+e1 (+0x2eb)
[ fa:f2 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
fffff804681c818d-fffff804681c818e 2 bytes - nt!KdInitSystem+4d
[ 48 ff:4c 8b ]
fffff804681c8194-fffff804681c8198 5 bytes - nt!KdInitSystem+54 (+0x07)
[ 0f 1f 44 00 00:e8 37 14 65 ff ]
fffff804681c8a44-fffff804681c8a45 2 bytes - nt!KdInitSystem+904 (+0x8b0)
[ 48 ff:4c 8b ]
fffff804681c8a4b-fffff804681c8a4e 4 bytes - nt!KdInitSystem+90b (+0x07)
[ 0f 1f 44 00:e8 d0 85 23 ]
fffff804681c90a2-fffff804681c90a3 2 bytes - nt!KdSendTraceData+ee (+0x657)
[ 48 ff:4c 8b ]
fffff804681c90a9-fffff804681c90ac 4 bytes - nt!KdSendTraceData+f5 (+0x07)
[ 0f 1f 44 00:e8 b2 7f 23 ]
fffff804681c91fa-fffff804681c91fb 2 bytes - nt!KdpFillMemory+fa (+0x151)
[ 48 ff:4c 8b ]
fffff804681c9201-fffff804681c9204 4 bytes - nt!KdpFillMemory+101 (+0x07)
[ 0f 1f 44 00:e8 5a 7e 23 ]
fffff804681c92c1-fffff804681c92c2 2 bytes - nt!KdpGetBusData+9d (+0xc0)
[ 48 ff:4c 8b ]
fffff804681c92c8-fffff804681c92cb 4 bytes - nt!KdpGetBusData+a4 (+0x07)
[ 0f 1f 44 00:e8 93 7d 23 ]
fffff804681c943e-fffff804681c943f 2 bytes - nt!KdpQueryMemory+72 (+0x176)
[ 48 ff:4c 8b ]
fffff804681c9445-fffff804681c9448 4 bytes - nt!KdpQueryMemory+79 (+0x07)
[ 0f 1f 44 00:e8 16 7c 23 ]
fffff804681c94ed-fffff804681c94ee 2 bytes - nt!KdpReadControlSpace+91 (+0xa8)
[ 48 ff:4c 8b ]
fffff804681c94f4-fffff804681c94f7 4 bytes - nt!KdpReadControlSpace+98 (+0x07)
[ 0f 1f 44 00:e8 67 7b 23 ]
fffff804681c9630-fffff804681c9631 2 bytes - nt!KdpReadPhysicalMemory+120 (+0x13c)
[ 48 ff:4c 8b ]
fffff804681c9637-fffff804681c963a 4 bytes - nt!KdpReadPhysicalMemory+127 (+0x07)
[ 0f 1f 44 00:e8 24 7a 23 ]
fffff804681c97b5-fffff804681c97b6 2 bytes - nt!KdpReadVirtualMemory+99 (+0x17e)
[ 48 ff:4c 8b ]
fffff804681c97bc-fffff804681c97bf 4 bytes - nt!KdpReadVirtualMemory+a0 (+0x07)
[ 0f 1f 44 00:e8 9f 78 23 ]
fffff804681c9c08-fffff804681c9c09 2 bytes - nt!KdpRestoreBreakPointEx+cc (+0x44c)
[ 48 ff:4c 8b ]
fffff804681c9c0f-fffff804681c9c12 4 bytes - nt!KdpRestoreBreakPointEx+d3 (+0x07)
[ 0f 1f 44 00:e8 4c 74 23 ]
fffff804681c9e0a-fffff804681c9e0b 2 bytes - nt!KdpSearchMemory+1ca (+0x1fb)
[ 48 ff:4c 8b ]
fffff804681c9e11-fffff804681c9e14 4 bytes - nt!KdpSearchMemory+1d1 (+0x07)
[ 0f 1f 44 00:e8 4a 72 23 ]
fffff804681ca194-fffff804681ca195 2 bytes - nt!KdpSendWaitContinue+94 (+0x383)
[ 48 ff:4c 8b ]
fffff804681ca19b-fffff804681ca19e 4 bytes - nt!KdpSendWaitContinue+9b (+0x07)
[ 0f 1f 44 00:e8 c0 6e 23 ]
fffff804681ca1be-fffff804681ca1bf 2 bytes - nt!KdpSendWaitContinue+be (+0x23)
[ 48 ff:4c 8b ]
fffff804681ca1c5-fffff804681ca1c9 5 bytes - nt!KdpSendWaitContinue+c5 (+0x07)
[ 0f 1f 44 00 00:e8 06 f4 64 ff ]
fffff804681ca1e0-fffff804681ca1e1 2 bytes - nt!KdpSendWaitContinue+e0 (+0x1b)
[ 48 ff:4c 8b ]
fffff804681ca1e7-fffff804681ca1ea 4 bytes - nt!KdpSendWaitContinue+e7 (+0x07)
[ 0f 1f 44 00:e8 84 6e 23 ]
fffff804681ca21f-fffff804681ca223 5 bytes - nt!KdpSendWaitContinue+11f (+0x38)
[ ff e1 cc cc cc:e8 9c 7e a1 ff ]
fffff804681ca733-fffff804681ca734 2 bytes - nt!KdpSendWaitContinue+633 (+0x514)
[ 48 ff:4c 8b ]
fffff804681ca73a-fffff804681ca73e 5 bytes - nt!KdpSendWaitContinue+63a (+0x07)
[ 0f 1f 44 00 00:e8 41 e2 67 ff ]
fffff804681ca855-fffff804681ca856 2 bytes - nt!KdpSendWaitContinue+755 (+0x11b)
[ 48 ff:4c 8b ]
fffff804681ca85c-fffff804681ca85f 4 bytes - nt!KdpSendWaitContinue+75c (+0x07)
[ 0f 1f 44 00:e8 ff 67 23 ]
fffff804681ca874-fffff804681ca875 2 bytes - nt!KdpSendWaitContinue+774 (+0x18)
[ 48 ff:4c 8b ]
fffff804681ca87b-fffff804681ca87e 4 bytes - nt!KdpSendWaitContinue+77b (+0x07)
[ 0f 1f 44 00:e8 e0 67 23 ]
fffff804681caa92-fffff804681caa93 2 bytes - nt!KdpSetContext+a2 (+0x217)
[ 48 ff:4c 8b ]
fffff804681caa99-fffff804681caa9c 4 bytes - nt!KdpSetContext+a9 (+0x07)
[ 0f 1f 44 00:e8 c2 65 23 ]
fffff804681cab3c-fffff804681cab3d 2 bytes - nt!KdpSysReadBusData+40 (+0xa3)
[ 48 ff:4c 8b ]
fffff804681cab43-fffff804681cab47 5 bytes - nt!KdpSysReadBusData+47 (+0x07)
[ 0f 1f 44 00 00:e8 18 40 65 ff ]
fffff804681caba8-fffff804681caba9 2 bytes - nt!KdpSysWriteBusData+40 (+0x65)
[ 48 ff:4c 8b ]
fffff804681cabaf-fffff804681cabb3 5 bytes - nt!KdpSysWriteBusData+47 (+0x07)
[ 0f 1f 44 00 00:e8 8c 3e 65 ff ]
fffff804681cae11-fffff804681cae12 2 bytes - nt!KdpWriteBreakPointEx+141 (+0x262)
[ 48 ff:4c 8b ]
fffff804681cae18-fffff804681cae1b 4 bytes - nt!KdpWriteBreakPointEx+148 (+0x07)
[ 0f 1f 44 00:e8 43 62 23 ]
fffff804681cae46-fffff804681cae47 2 bytes - nt!KdpWriteBreakPointEx+176 (+0x2e)
[ 48 ff:4c 8b ]
fffff804681cae4d-fffff804681cae50 4 bytes - nt!KdpWriteBreakPointEx+17d (+0x07)
[ 0f 1f 44 00:e8 0e 62 23 ]
fffff804681caf05-fffff804681caf06 2 bytes - nt!KdpWritePhysicalMemory+7d (+0xb8)
[ 48 ff:4c 8b ]
fffff804681caf0c-fffff804681caf0f 4 bytes - nt!KdpWritePhysicalMemory+84 (+0x07)
[ 0f 1f 44 00:e8 4f 61 23 ]
fffff804681cc374-fffff804681cc375 2 bytes - nt!KdpPrintString+b0 (+0x1468)
[ 48 ff:4c 8b ]
fffff804681cc37b-fffff804681cc37e 4 bytes - nt!KdpPrintString+b7 (+0x07)
[ 0f 1f 44 00:e8 e0 4c 23 ]
fffff804681cc46b-fffff804681cc46c 2 bytes - nt!KdpPromptString+c3 (+0xf0)
[ 48 ff:4c 8b ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
fffff804681fedb3-fffff804681fedb4 2 bytes - nt!HdlspBugCheckProcessing+97
[ 48 ff:4c 8b ]
fffff804681fedba-fffff804681fedbe 5 bytes - nt!HdlspBugCheckProcessing+9e (+0x07)
[ 0f 1f 44 00 00:e8 81 a6 61 ff ]
fffff804681fedc8-fffff804681fedc9 2 bytes - nt!HdlspBugCheckProcessing+ac (+0x0e)
[ 48 ff:4c 8b ]
fffff804681fedcf-fffff804681fedd3 5 bytes - nt!HdlspBugCheckProcessing+b3 (+0x07)
[ 0f 1f 44 00 00:e8 ac 9b 64 ff ]
10310 errors : !nt (fffff804678b7071-fffff804681fedd3)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
TARGET_TIME: 2023-01-10T20:20:50.000Z
OSBUILD: 17763
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1995-05-09 16:52:36
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 18a7
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: e29154ac-69a4-0eb8-172a-a860f73c0a3c
Followup: memory_corruption
---------
0: kd> !irp ffffad0f4ef318a0
Irp is active with 6 stacks 5 is current (= 0xffffad0f4ef31a90)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace. Pending has been returned
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[IRP_MJ_POWER(16), IRP_MN_WAIT_WAKE(0)]
0 0 ffffad0f4edc7570 00000000 00000000-00000000
\\Driver\\pci
Args: 00000000 00000000 00000000 00000000
>[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]
0 e1 ffffad0f5102cd80 00000000 fffff80467a253b0-ffffad0f5130d200 Success Error Cancel pending
\\Driver\\USBXHCI nt!PopRequestCompletion
Args: 00000000 00000001 00000001 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-ffffad0f5130d200
Args: 00000000 00000000 00000000 00000000
0: kd> !devstack ffffad0f4edc7570
!DevObj !DrvObj !DevExt ObjectName
ffffad0f5102cd80 \\Driver\\USBXHCI ffffad0f4ef61ba0 USBFDO-0
> ffffad0f4edc7570 \\Driver\\pci ffffad0f4edc76c0 NTPNP_PCI0017
!DevNode ffffad0f4ee156e0 :
DeviceInst is "PCI\\VEN_1912&DEV_0014&SUBSYS_00000000&REV_03\\4&382692a7&0&0008"
ServiceName is "USBXHCI"
0: kd> !drvobj \\Driver\\USBXHCI
Driver object (ffffad0f4ef4dd00) is for:
\\Driver\\USBXHCI
Driver Extension List: (id , addr)
(fffff8046a367960 ffffad0f510e7ad0)
Device Object list:
ffffad0f5102bd80 ffffad0f5102cd80
0: kd> !devobj ffffad0f5102bd80
Device object (ffffad0f5102bd80) is for:
USBPDO-0 \\Driver\\USBXHCI DriverObject ffffad0f4ef4dd00
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003044
SecurityDescriptor ffffde89f63741a0 DevExt ffffad0f4efbcba0 DevObjExt ffffad0f5102bef8 DevNode ffffad0f59579c40
ExtensionFlags (0000000000)
Characteristics (0x00000100) FILE_DEVICE_SECURE_OPEN
AttachedDevice (Upper) ffffad0f4ef738d0 \\Driver\\USBHUB3
Device queue is not busy.
0: kd> !devobj ffffad0f5102cd80
Device object (ffffad0f5102cd80) is for:
USBFDO-0 \\Driver\\USBXHCI DriverObject ffffad0f4ef4dd00
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00002044
SecurityDescriptor ffffde89f63741a0 DevExt ffffad0f4ef61ba0 DevObjExt ffffad0f5102cef8
ExtensionFlags (0000000000)
Characteristics (0x00000100) FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) ffffad0f4edc7570 \\Driver\\pci
Device queue is not busy.
0: kd> !devobj ffffad0f4edc7570
Device object (ffffad0f4edc7570) is for:
NTPNP_PCI0017 \\Driver\\pci DriverObject ffffad0f4e4e4cf0
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00001040
SecurityDescriptor ffffde89f62029a0 DevExt ffffad0f4edc76c0 DevObjExt ffffad0f4edc7d80 DevNode ffffad0f4ee156e0
ExtensionFlags (0x00000800) DOE_DEFAULT_SD_PRESENT
Characteristics (0x00000100) FILE_DEVICE_SECURE_OPEN
AttachedDevice (Upper) ffffad0f5102cd80 \\Driver\\USBXHCI
Device queue is not busy.
0: kd> !devnode ffffad0f4ee156e0
DevNode 0xffffad0f4ee156e0 for PDO 0xffffad0f4edc7570
Parent 0xffffad0f4ee0a9a0 Sibling 0000000000 Child 0xffffad0f59579c40
InstancePath is "PCI\\VEN_1912&DEV_0014&SUBSYS_00000000&REV_03\\4&382692a7&0&0008"
ServiceName is "USBXHCI"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c0000f0) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_HAS_BOOT_CONFIG, DNF_BOOT_CONFIG_RESERVED,
DNF_NO_LOWER_DEVICE_FILTERS, DNF_NO_LOWER_CLASS_FILTERS,
DNF_NO_UPPER_DEVICE_FILTERS, DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00002400) WakeFromD0, WakeFromD3
0: kd> !drvobj \\Driver\\USBXHCI
Driver object (ffffad0f4ef4dd00) is for:
\\Driver\\USBXHCI
Driver Extension List: (id , addr)
(fffff8046a367960 ffffad0f510e7ad0)
Device Object list:
ffffad0f5102bd80 ffffad0f5102cd80
0: kd> !devobj ffffad0f5102bd80
Device object (ffffad0f5102bd80) is for:
USBPDO-0 \\Driver\\USBXHCI DriverObject ffffad0f4ef4dd00
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003044
SecurityDescriptor ffffde89f63741a0 DevExt ffffad0f4efbcba0 DevObjExt ffffad0f5102bef8 DevNode ffffad0f59579c40
ExtensionFlags (0000000000)
Characteristics (0x00000100) FILE_DEVICE_SECURE_OPEN
AttachedDevice (Upper) ffffad0f4ef738d0 \\Driver\\USBHUB3
Device queue is not busy.
0: kd> !devobj ffffad0f5102cd80
Device object (ffffad0f5102cd80) is for:
USBFDO-0 \\Driver\\USBXHCI DriverObject ffffad0f4ef4dd00
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00002044
SecurityDescriptor ffffde89f63741a0 DevExt ffffad0f4ef61ba0 DevObjExt ffffad0f5102cef8
ExtensionFlags (0000000000)
Characteristics (0x00000100) FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) ffffad0f4edc7570 \\Driver\\pci
Device queue is not busy.
0: kd> !sd ffffde89f63741a0 0x1
->Revision: 0x1
->Sbz1 : 0x0
->Control : 0x9814
SE_DACL_PRESENT
SE_SACL_PRESENT
SE_SACL_AUTO_INHERITED
SE_DACL_PROTECTED
SE_SELF_RELATIVE
->Owner : S-1-5-32-544 (Alias: BUILTIN\\Administrators)
->Group : S-1-5-18 (Well Known Group: NT AUTHORITY\\SYSTEM)
->Dacl :
->Dacl : ->AclRevision: 0x2
->Dacl : ->Sbz1 : 0x0
->Dacl : ->AclSize : 0x5c
->Dacl : ->AceCount : 0x4
->Dacl : ->Sbz2 : 0x0
->Dacl : ->Ace[0]: ->AceType: ACCESS_ALLOWED_ACE_TYPE
->Dacl : ->Ace[0]: ->AceFlags: 0x0
->Dacl : ->Ace[0]: ->AceSize: 0x14
->Dacl : ->Ace[0]: ->Mask : 0x001f01ff
->Dacl : ->Ace[0]: ->SID: S-1-5-18 (Well Known Group: NT AUTHORITY\\SYSTEM)
->Dacl : ->Ace[1]: ->AceType: ACCESS_ALLOWED_ACE_TYPE
->Dacl : ->Ace[1]: ->AceFlags: 0x0
->Dacl : ->Ace[1]: ->AceSize: 0x18
->Dacl : ->Ace[1]: ->Mask : 0x001201bf
->Dacl : ->Ace[1]: ->SID: S-1-5-32-544 (Alias: BUILTIN\\Administrators)
->Dacl : ->Ace[2]: ->AceType: ACCESS_ALLOWED_ACE_TYPE
->Dacl : ->Ace[2]: ->AceFlags: 0x0
->Dacl : ->Ace[2]: ->AceSize: 0x14
->Dacl : ->Ace[2]: ->Mask : 0x0012019f
->Dacl : ->Ace[2]: ->SID: S-1-1-0 (Well Known Group: localhost\\Everyone)
->Dacl : ->Ace[3]: ->AceType: ACCESS_ALLOWED_ACE_TYPE
->Dacl : ->Ace[3]: ->AceFlags: 0x0
->Dacl : ->Ace[3]: ->AceSize: 0x14
->Dacl : ->Ace[3]: ->Mask : 0x00120089
->Dacl : ->Ace[3]: ->SID: S-1-5-12 (Well Known Group: NT AUTHORITY\\RESTRICTED)
->Sacl :
->Sacl : ->AclRevision: 0x2
->Sacl : ->Sbz1 : 0x0
->Sacl : ->AclSize : 0x1c
->Sacl : ->AceCount : 0x1
->Sacl : ->Sbz2 : 0x0
->Sacl : ->Ace[0]: ->AceType: SYSTEM_MANDATORY_LABEL_ACE_TYPE
->Sacl : ->Ace[0]: ->AceFlags: 0x0
->Sacl : ->Ace[0]: ->AceSize: 0x14
->Sacl : ->Ace[0]: ->Mask : 0x00000001
->Sacl : ->Ace[0]: ->SID: S-1-16-4096 (Label: Mandatory Label\\Low Mandatory Level)
0: kd> !drvobj \\Driver\\USBHUB3
Driver object (ffffad0f4ef9d8f0) is for:
\\Driver\\USBHUB3
Driver Extension List: (id , addr)
(fffff8046a367960 ffffad0f512d5fc0)
Device Object list:
ffffad0f51019d80 ffffad0f4ef738d0
0: kd> !devnode ffffad0f59579c40
DevNode 0xffffad0f59579c40 for PDO 0xffffad0f5102bd80
Parent 0xffffad0f4ee156e0 Sibling 0000000000 Child 0xffffad0f511639a0
InstancePath is "USB\\ROOT_HUB30\\5&23341d40&0&0"
ServiceName is "USBHUB3"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[15] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[14] = DeviceNodeEnumeratePending (0x30c)
StateHistory[13] = DeviceNodeStarted (0x308)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001602) DeviceD2, SurpriseRemovalOK,
WakeFromD0, WakeFromD2
0: kd> !devnode ffffad0f511639a0
DevNode 0xffffad0f511639a0 for PDO 0xffffad0f51019d80
Parent 0xffffad0f59579c40 Sibling 0000000000 Child 0xffffad0f5129bcb0
InstancePath is "USB\\VID_03EB&PID_8A6E\\L20R019413"
ServiceName is "usbccgp"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001e53) DeviceD1, DeviceD2,
Removable, UniqueID,
SurpriseRemovalOK, WakeFromD0,
WakeFromD1, WakeFromD2
0: kd> !devnode ffffad0f511639a0
DevNode 0xffffad0f511639a0 for PDO 0xffffad0f51019d80
Parent 0xffffad0f59579c40 Sibling 0000000000 Child 0xffffad0f5129bcb0
InstancePath is "USB\\VID_03EB&PID_8A6E\\L20R019413"
ServiceName is "usbccgp"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001e53) DeviceD1, DeviceD2,
Removable, UniqueID,
SurpriseRemovalOK, WakeFromD0,
WakeFromD1, WakeFromD2
0: kd> !devnode ffffad0f5129bcb0
DevNode 0xffffad0f5129bcb0 for PDO 0xffffad0f5117c110
Parent 0xffffad0f511639a0 Sibling 0xffffad0f5129ccb0 Child 0xffffad0f5960d0c0
InstancePath is "USB\\VID_03EB&PID_8A6E&MI_00\\7&3a8f0aba&0&0000"
ServiceName is "HidUsb"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001e03) DeviceD1, DeviceD2,
SurpriseRemovalOK, WakeFromD0,
WakeFromD1, WakeFromD2
0: kd> !devnode ffffad0f59579c40
DevNode 0xffffad0f59579c40 for PDO 0xffffad0f5102bd80
Parent 0xffffad0f4ee156e0 Sibling 0000000000 Child 0xffffad0f511639a0
InstancePath is "USB\\ROOT_HUB30\\5&23341d40&0&0"
ServiceName is "USBHUB3"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[15] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[14] = DeviceNodeEnumeratePending (0x30c)
StateHistory[13] = DeviceNodeStarted (0x308)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001602) DeviceD2, SurpriseRemovalOK,
WakeFromD0, WakeFromD2
0: kd> !devnode ffffad0f511639a0
DevNode 0xffffad0f511639a0 for PDO 0xffffad0f51019d80
Parent 0xffffad0f59579c40 Sibling 0000000000 Child 0xffffad0f5129bcb0
InstancePath is "USB\\VID_03EB&PID_8A6E\\L20R019413"
ServiceName is "usbccgp"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001e53) DeviceD1, DeviceD2,
Removable, UniqueID,
SurpriseRemovalOK, WakeFromD0,
WakeFromD1, WakeFromD2
0: kd> !devnode ffffad0f511639a0
DevNode 0xffffad0f511639a0 for PDO 0xffffad0f51019d80
Parent 0xffffad0f59579c40 Sibling 0000000000 Child 0xffffad0f5129bcb0
InstancePath is "USB\\VID_03EB&PID_8A6E\\L20R019413"
ServiceName is "usbccgp"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
StateHistory[10] = DeviceNodeStarted (0x308)
StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
StateHistory[07] = DeviceNodeStarted (0x308)
StateHistory[06] = DeviceNodeStartPostWork (0x307)
StateHistory[05] = DeviceNodeStartCompletion (0x306)
StateHistory[04] = DeviceNodeStartPending (0x305)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
Flags (0x6c000130) DNF_ENUMERATED, DNF_IDS_QUERIED,
DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS,
DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS,
DNF_NO_UPPER_CLASS_FILTERS
CapabilityFlags (0x00001e53) DeviceD1, DeviceD2,
Removable, UniqueID,
SurpriseRemovalOK, WakeFromD0,
WakeFromD1, WakeFromD2
0: kd> !devstack ffffad0f5102cd80
!DevObj !DrvObj !DevExt ObjectName
> ffffad0f5102cd80 \\Driver\\USBXHCI ffffad0f4ef61ba0 USBFDO-0
ffffad0f4edc7570 \\Driver\\pci ffffad0f4edc76c0 NTPNP_PCI0017
!DevNode ffffad0f4ee156e0 :
DeviceInst is "PCI\\VEN_1912&DEV_0014&SUBSYS_00000000&am以上是关于windbg抓一个windows蓝屏分析的主要内容,如果未能解决你的问题,请参考以下文章