Loading Dump File [F:\061221-52203-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
***** Path validation summary **
Response Time (ms) Location
Deferred srv
Symbol search path is: srv
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff8056cc00000 PsLoadedModuleList = 0xfffff8056d0432b0
Debug session time: Sat Jun 12 13:51:05.767 2021 (UTC + 11:00)
System Uptime: 0 days 16:38:38.687
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff8056cdbc8a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa2824a02f2d0=0000000000000050
4: kd> !analyze -v
*
Bugcheck Analysis *
*
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffba8c0b649900, memory referenced.
Arg2: 0000000000000011, value 0 = read operation, 1 = write operation.
Arg3: ffffba8c0b649900, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
*** WARNING: Unable to verify timestamp for HyperHideDrv.sys
WRITE_ADDRESS: fffff8056d16e3b0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffba8c0b649900
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: procexp64.exe
TRAP_FRAME: ffffa2824a02f570 -- (.trap 0xffffa2824a02f570)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000004025 rbx=0000000000000000 rcx=0000000fffffffff
rdx=fffffc7e3f1f8000 rsi=0000000000000000 rdi=0000000000000000
rip=ffffba8c0b649900 rsp=ffffa2824a02f708 rbp=fffff805781a9ea0
r8=0000000000000001 r9=0000000000010fd4 r10=fffffffff4a68134
r11=000000000034bdea r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
ffffba8c0b649900 0300 add eax,dword ptr [rax] ds:0000000000004025=????????
Resetting default scope
Air14
commented
3 years ago
Loading Dump File [F:\061221-52203-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
***** Path validation summary ** Response Time (ms) Location Deferred srv Symbol search path is: srv Executable search path is: Windows 10 Kernel Version 18362 MP (16 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 18362.1.amd64fre.19h1_release.190318-1202 Machine Name: Kernel base = 0xfffff805
6cc00000 PsLoadedModuleList = 0xfffff8056d0432b0 Debug session time: Sat Jun 12 13:51:05.767 2021 (UTC + 11:00) System Uptime: 0 days 16:38:38.687 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list .................................................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff8056cdbc8a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa2824a02f2d0=0000000000000050 4: kd> !analyze -vPAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: ffffba8c0b649900, memory referenced. Arg2: 0000000000000011, value 0 = read operation, 1 = write operation. Arg3: ffffba8c0b649900, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000002, (reserved)
Debugging Details:
*** WARNING: Unable to verify timestamp for HyperHideDrv.sys
Could not read faulting driver name
KEY_VALUES_STRING: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffba8c0b649900
BUGCHECK_P2: 11
BUGCHECK_P3: ffffba8c0b649900
BUGCHECK_P4: 2
WRITE_ADDRESS: fffff8056d16e3b0: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock unable to get nt!MmSpecialPagesInUse ffffba8c0b649900
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: procexp64.exe
TRAP_FRAME: ffffa2824a02f570 -- (.trap 0xffffa2824a02f570) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000004025 rbx=0000000000000000 rcx=0000000fffffffff rdx=fffffc7e3f1f8000 rsi=0000000000000000 rdi=0000000000000000 rip=ffffba8c0b649900 rsp=ffffa2824a02f708 rbp=fffff805781a9ea0 r8=0000000000000001 r9=0000000000010fd4 r10=fffffffff4a68134 r11=000000000034bdea r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz ac po nc ffffba8c
0b649900 0300 add eax,dword ptr [rax] ds:0000000000004025=???????? Resetting default scopeSTACK_TEXT:
ffffa282
4a02f2c8 fffff8056cddfd54 : 0000000000000050 ffffba8c0b649900 0000000000000011 ffffa2824a02f570 : nt!KeBugCheckEx ffffa2824a02f2d0 fffff8056cc7aaef : 0000000000000000 0000000000000011 0000000000000000 ffffba8c0b649900 : nt!MiSystemFault+0x1d2d64 ffffa2824a02f3d0 fffff8056cdca79a : 0000000000000000 00001f8000000100 0000000000000000 fffff805781a9ebc : nt!MmAccessFault+0x34f ffffa2824a02f570 ffffba8c0b649900 : 9100000004025025 ffff82812e603000 ffffba8c003de870 000000023ff05000 : nt!KiPageFault+0x35a ffffa2824a02f708 9100000004025025 : ffff82812e603000 ffffba8c003de870 000000023ff05000 fffff805781a36c2 : 0xffffba8c0b649900 ffffa2824a02f710 ffff82812e603000 : ffffba8c003de870 000000023ff05000 fffff805781a36c2 0000000000000002 : 0x9100000004025025 ffffa2824a02f718 ffffba8c003de870 : 000000023ff05000 fffff805781a36c2 0000000000000002 000000000034be08 : 0xffff82812e603000 ffffa2824a02f720 000000023ff05000 : fffff805781a36c2 0000000000000002 000000000034be08 fffff8056cc01000 : 0xffffba8c003de870 ffffa2824a02f728 fffff805781a36c2 : 0000000000000002 000000000034be08 fffff8056cc01000 ffffba8c0b649900 : 0x000000023ff05000 ffffa2824a02f730 0000000000000002 : 000000000034be08 fffff8056cc01000 ffffba8c0b649900 fffff805781ac2b0 : HyperHideDrv+0x36c2 ffffa2824a02f738 000000000034be08 : fffff8056cc01000 ffffba8c0b649900 fffff805781ac2b0 fffff8056ccdc92c : 0x2 ffffa2824a02f740 fffff8056cc01000 : ffffba8c0b649900 fffff805781ac2b0 fffff8056ccdc92c ffffba8c08e71eb0 : 0x34be08 ffffa2824a02f748 ffffba8c0b649900 : fffff805781ac2b0 fffff8056ccdc92c ffffba8c08e71eb0 0000000000000002 : nt!SeConvertSecurityDescriptorToStringSecurityDescriptor+0xfffffffffffffff0 ffffa2824a02f750 fffff805781ac2b0 : fffff8056ccdc92c ffffba8c08e71eb0 0000000000000002 0000000000000000 : 0xffffba8c0b649900 ffffa2824a02f758 fffff8056ccdc92c : ffffba8c08e71eb0 0000000000000002 0000000000000000 0000000000000000 : HyperHideDrv+0xc2b0 ffffa2824a02f760 fffff805781a1e10 : ffffba8c003de870 ffffba8c0dc8e380 ffffba8c08e71eb0 fffff8056cf503a9 : nt!KeAcquireGuardedMutex+0x1c ffffa2824a02f790 ffffba8c003de870 : ffffba8c0dc8e380 ffffba8c08e71eb0 fffff8056cf503a9 0000000000000000 : HyperHideDrv+0x1e10 ffffa2824a02f798 ffffba8c0dc8e380 : ffffba8c08e71eb0 fffff8056cf503a9 0000000000000000 0000000000000000 : 0xffffba8c003de870 ffffa2824a02f7a0 ffffba8c08e71eb0 : fffff8056cf503a9 0000000000000000 0000000000000000 0000000000000000 : 0xffffba8c0dc8e380 ffffa2824a02f7a8 fffff8056cf503a9 : 0000000000000000 0000000000000000 0000000000000000 fffff805781a1489 : 0xffffba8c08e71eb0 ffffa2824a02f7b0 fffff8056cc31cc9 : ffffba8c08e71eb0 0000000000000001 0000000000000001 000000000000020c : nt!_guard_retpoline_exit_indirect_rax+0x9 ffffa2824a02f800 fffff8056d1eb6c5 : ffffa2824a02fb80 ffffba8c08e71eb0 0000000000000001 ffffba8c0b70d690 : nt!IofCallDriver+0x59 ffffa2824a02f840 fffff8056d1eb01a : ffffba8c08e71eb0 ffffa2824a02fb80 000000000022240c ffffa2824a02fb80 : nt!IopSynchronousServiceTail+0x1a5 ffffa2824a02f8e0 fffff8056d1eaa36 : ba8c0d9ed5b0ffed 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x5ca ffffa2824a02fa20 fffff8056cdcdf98 : 0000000000000001 ffffa2824a02fb00 0000000000000000 ffffa2824a02fa00 : nt!NtDeviceIoControlFile+0x56 ffffa2824a02fa90 00007ffeb4bdc144 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28 000000c7ab4ff758 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffe`b4bdc144SYMBOL_NAME: HyperHideDrv+36c2
MODULE_NAME: HyperHideDrv
IMAGE_NAME: HyperHideDrv.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 36c2
FAILURE_BUCKET_ID: AV_INVALID_HyperHideDrv!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d37c959a-417f-c891-0472-d90c19d031fc}
Followup: MachineOwner