Crash dump file: C:\Windows\MEMORY.DMP (Kernel memory dump)
Bugcheck code: 0xC4(0xE2, 0xFFFFBF887E376AF0, 0x142F8052, 0x0)
Bugcheck name: DRIVER_VERIFIER_DETECTED_VIOLATION
Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.
Analysis: An IRP with Irp->RequestorMode set to KernelMode was found to have a user-mode address as one of its members. This is a typical software problem. Most likely this is caused by a bug in a driver.
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000e2, IRP field is a user-mode address but Irp->RequestorMode is KernelMode.
Arg2: ffffbf887e376af0, IRP address.
Arg3: 00000000142f8052, User-mode address present as the value of an IRP field.
Arg4: 0000000000000000
Debugging Details:
------------------
Unable to load image \SystemRoot\system32\DRIVERS\360FsFlt.sys, Win32 error 0n2
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2749
Key : Analysis.Elapsed.mSec
Value: 7382
Key : Analysis.IO.Other.Mb
Value: 7
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 19
Key : Analysis.Init.CPU.mSec
Value: 3453
Key : Analysis.Init.Elapsed.mSec
Value: 115553
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Bugcheck.Code.KiBugCheckData
Value: 0xc4
Key : Bugcheck.Code.LegacyAPI
Value: 0xc4
Key : Failure.Bucket
Value: 0xc4_e2_VRF_360FsFlt!unknown_function
Key : Failure.Hash
Value: {99c5a810-58ff-2bf8-2149-294e4d6676a1}
Key : Hypervisor.Enlightenments.Value
Value: 0
Key : Hypervisor.Enlightenments.ValueHex
Value: 0
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 0
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 0
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 16908288
Key : Hypervisor.Flags.ValueHex
Value: 1020000
Key : Hypervisor.Flags.VpAssistPage
Value: 0
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0
Key : SecureKernel.HalpHvciEnabled
Value: 0
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: c4
BUGCHECK_P1: e2
BUGCHECK_P2: ffffbf887e376af0
BUGCHECK_P3: 142f8052
BUGCHECK_P4: 0
FILE_IN_CAB: MEMORY.DMP
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: 360tray.exe
STACK_TEXT:
fffff90c`39a7ed08 fffff803`631e9e34 : 00000000`000000c4 00000000`000000e2 ffffbf88`7e376af0 00000000`142f8052 : nt!KeBugCheckEx
fffff90c`39a7ed10 fffff803`631ea8fb : 00000000`142f8052 ffffbf88`7e376f20 ffffbf88`44b7f030 ffffbf88`7e376af0 : nt!VerifierBugCheckIfAppropriate+0xe0
fffff90c`39a7ed50 fffff803`631ea0c2 : ffffbf88`7e376af0 fffff90c`39a7f2b8 ffffbf88`7e376f20 00000000`00000000 : nt!ViIrpCheckKernelAddressForIrp+0x73
fffff90c`39a7ed90 fffff803`631ddef6 : ffffbf88`7e376af0 ffffbf88`44b7f030 fffff90c`39a7ee00 ffffbf88`3fd14905 : nt!VfBeforeCallDriver+0x4a
fffff90c`39a7edc0 fffff803`62c40ff9 : ffffbf88`7e378a70 00000000`00000008 00000000`00000000 ffffbf88`5c844130 : nt!IovCallDriver+0x242
fffff90c`39a7ee00 fffff803`6254710f : fffff803`62e60008 00000000`00000000 ffffbf88`44bac3e0 ffffbf88`742e49a0 : nt!IofCallDriver+0x1fdc59
fffff90c`39a7ee40 fffff803`62544a43 : fffff90c`39a7eed0 fffff90c`39a7f2b8 ffffbf88`76c79010 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
fffff90c`39a7eeb0 fffff803`62b87197 : ffffbf88`7e376af0 fffff803`631ea1ae ffffbf88`00000001 ffffbf88`00000001 : FLTMGR!FltpDispatch+0xa3
fffff90c`39a7ef10 fffff803`631ddf1a : ffffbf88`7e376af0 ffffbf88`3fd149a0 00000000`142f800f ffffbf88`3d1e8880 : nt!IopfCallDriver+0x53
fffff90c`39a7ef50 fffff803`62c40ff9 : ffffbf88`7e376af0 00000000`142f8052 ffffbf88`7e376b10 ffffbf88`44bac3e0 : nt!IovCallDriver+0x266
fffff90c`39a7ef90 fffff803`62e6c7a6 : 00000000`00000000 ffffbf88`7e376af0 ffffbf88`3fd149a0 ffffbf88`774e9080 : nt!IofCallDriver+0x1fdc59
fffff90c`39a7efd0 fffff803`62e6c3d0 : 00000000`00000000 fffff90c`39a7f560 00000000`142f8052 fffff90c`39a7f090 : nt!IopGetFileInformation+0xe2
fffff90c`39a7f050 fffff803`62e6a966 : ffffbf88`45fbf880 ffffbf88`00000000 00000000`142f8000 00000000`142f8018 : nt!IopQueryNameInternal+0x21c
fffff90c`39a7f100 fffff803`62e6af13 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopQueryName+0x26
fffff90c`39a7f150 fffff803`62ea5b54 : ffffbf88`45fbf880 00000000`142f8018 ffffbf88`00000218 fffff90c`39a7f2b8 : nt!ObQueryNameStringMode+0xd3
fffff90c`39a7f270 fffff803`62ea4f55 : 00000000`00000004 fffff90c`39a7f560 00000000`00000010 fffff803`62ea4f30 : nt!MmQueryVirtualMemory+0xbe4
fffff90c`39a7f420 fffff803`62c27d08 : 00000000`00000000 00001f80`01080000 00000000`00000002 00000000`0848b038 : nt!NtQueryVirtualMemory+0x25
fffff90c`39a7f470 fffff803`62c18bd0 : fffff800`59cd4f25 00000000`00000000 00000000`00000000 00000000`142f8018 : nt!KiSystemServiceCopyEnd+0x28
fffff90c`39a7f678 fffff800`59cd4f25 : 00000000`00000000 00000000`00000000 00000000`142f8018 fffff803`62e31ddc : nt!KiServiceLinkage
fffff90c`39a7f680 fffff800`59cb0dbf : ffffbf88`63a72e50 ffffbf88`63a72e50 ffffbf88`7128b080 ffffffff`800030b0 : 360FsFlt+0x44f25
fffff90c`39a7f700 fffff803`62b87197 : ffffbf88`63a72f68 fffff803`631ea1ae ffffbf88`00000001 ffffbf88`00000001 : 360FsFlt+0x20dbf
fffff90c`39a7f730 fffff803`631ddf1a : ffffbf88`63a72e50 ffffbf88`44186e00 00000000`20206f49 00000000`00000000 : nt!IopfCallDriver+0x53
fffff90c`39a7f770 fffff803`62c40ff9 : 00000000`00000002 ffffbf88`77cd1330 ffffbf88`63a72e70 ffffbf88`44bac0a0 : nt!IovCallDriver+0x266
fffff90c`39a7f7b0 fffff803`62e31ddc : 00000000`00000002 00000000`00000000 ffffbf88`77cd1330 fffff90c`39a7fb40 : nt!IofCallDriver+0x1fdc59
fffff90c`39a7f7f0 fffff803`62e31a2a : 00000000`002223f8 fffff90c`39a7fb40 00000000`00040000 00000000`002223f8 : nt!IopSynchronousServiceTail+0x34c
fffff90c`39a7f890 fffff803`62e30d06 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0xd0a
fffff90c`39a7f9e0 fffff803`62c27d08 : 00000000`078afda0 00000000`007dd000 00000000`00000000 00000000`0848b018 : nt!NtDeviceIoControlFile+0x56
fffff90c`39a7fa50 00000000`77bc1cfc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`078af268 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77bc1cfc
SYMBOL_NAME: 360FsFlt+44f25
MODULE_NAME: 360FsFlt
IMAGE_NAME: 360FsFlt.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 44f25
FAILURE_BUCKET_ID: 0xc4_e2_VRF_360FsFlt!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {99c5a810-58ff-2bf8-2149-294e4d6676a1}
Followup: MachineOwner
---------
|
|
|
|
评论
直达楼层