You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Loading Dump File [F:\061221-52203-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff8056cc00000 PsLoadedModuleList = 0xfffff8056d0432b0
Debug session time: Sat Jun 12 13:51:05.767 2021 (UTC + 11:00)
System Uptime: 0 days 16:38:38.687
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff8056cdbc8a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa2824a02f2d0=0000000000000050
4: kd> !analyze -v
*
Bugcheck Analysis *
*
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffba8c0b649900, memory referenced.
Arg2: 0000000000000011, value 0 = read operation, 1 = write operation.
Arg3: ffffba8c0b649900, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
*** WARNING: Unable to verify timestamp for HyperHideDrv.sys
WRITE_ADDRESS: fffff8056d16e3b0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffba8c0b649900
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: procexp64.exe
TRAP_FRAME: ffffa2824a02f570 -- (.trap 0xffffa2824a02f570)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000004025 rbx=0000000000000000 rcx=0000000fffffffff
rdx=fffffc7e3f1f8000 rsi=0000000000000000 rdi=0000000000000000
rip=ffffba8c0b649900 rsp=ffffa2824a02f708 rbp=fffff805781a9ea0
r8=0000000000000001 r9=0000000000010fd4 r10=fffffffff4a68134
r11=000000000034bdea r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
ffffba8c0b649900 0300 add eax,dword ptr [rax] ds:0000000000004025=????????
Resetting default scope
Loading Dump File [F:\061221-52203-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff805
6cc00000 PsLoadedModuleList = 0xfffff8056d0432b0Debug session time: Sat Jun 12 13:51:05.767 2021 (UTC + 11:00)
System Uptime: 0 days 16:38:38.687
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805
6cdbc8a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa2824a02f2d0=00000000000000504: kd> !analyze -v
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffba8c0b649900, memory referenced.
Arg2: 0000000000000011, value 0 = read operation, 1 = write operation.
Arg3: ffffba8c0b649900, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
*** WARNING: Unable to verify timestamp for HyperHideDrv.sys
Could not read faulting driver name
KEY_VALUES_STRING: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffba8c0b649900
BUGCHECK_P2: 11
BUGCHECK_P3: ffffba8c0b649900
BUGCHECK_P4: 2
WRITE_ADDRESS: fffff8056d16e3b0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
fffff8056d0253b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffba8c0b649900
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: procexp64.exe
TRAP_FRAME: ffffa2824a02f570 -- (.trap 0xffffa2824a02f570)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000004025 rbx=0000000000000000 rcx=0000000fffffffff
rdx=fffffc7e3f1f8000 rsi=0000000000000000 rdi=0000000000000000
rip=ffffba8c0b649900 rsp=ffffa2824a02f708 rbp=fffff805781a9ea0
r8=0000000000000001 r9=0000000000010fd4 r10=fffffffff4a68134
r11=000000000034bdea r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
ffffba8c
0b649900 0300 add eax,dword ptr [rax] ds:0000000000004025=????????Resetting default scope
STACK_TEXT:
ffffa282
4a02f2c8 fffff8056cddfd54 : 0000000000000050 ffffba8c0b649900 0000000000000011 ffffa2824a02f570 : nt!KeBugCheckExffffa282
4a02f2d0 fffff8056cc7aaef : 0000000000000000 0000000000000011 0000000000000000 ffffba8c0b649900 : nt!MiSystemFault+0x1d2d64ffffa282
4a02f3d0 fffff8056cdca79a : 0000000000000000 00001f8000000100 0000000000000000 fffff805781a9ebc : nt!MmAccessFault+0x34fffffa282
4a02f570 ffffba8c0b649900 : 9100000004025025 ffff82812e603000 ffffba8c003de870 000000023ff05000 : nt!KiPageFault+0x35affffa282
4a02f708 9100000004025025 : ffff82812e603000 ffffba8c003de870 000000023ff05000 fffff805781a36c2 : 0xffffba8c0b649900 ffffa2824a02f710 ffff82812e603000 : ffffba8c003de870 000000023ff05000 fffff805781a36c2 0000000000000002 : 0x9100000004025025ffffa282
4a02f718 ffffba8c003de870 : 000000023ff05000 fffff805781a36c2 0000000000000002 000000000034be08 : 0xffff82812e603000 ffffa2824a02f720 000000023ff05000 : fffff805781a36c2 0000000000000002 000000000034be08 fffff8056cc01000 : 0xffffba8c003de870ffffa282
4a02f728 fffff805781a36c2 : 0000000000000002 000000000034be08 fffff8056cc01000 ffffba8c0b649900 : 0x000000023ff05000 ffffa2824a02f730 0000000000000002 : 000000000034be08 fffff8056cc01000 ffffba8c0b649900 fffff805781ac2b0 : HyperHideDrv+0x36c2 ffffa2824a02f738 000000000034be08 : fffff8056cc01000 ffffba8c0b649900 fffff805781ac2b0 fffff8056ccdc92c : 0x2 ffffa2824a02f740 fffff8056cc01000 : ffffba8c0b649900 fffff805781ac2b0 fffff8056ccdc92c ffffba8c08e71eb0 : 0x34be08 ffffa2824a02f748 ffffba8c0b649900 : fffff805781ac2b0 fffff8056ccdc92c ffffba8c08e71eb0 0000000000000002 : nt!SeConvertSecurityDescriptorToStringSecurityDescriptor+0xfffffffffffffff0ffffa282
4a02f750 fffff805781ac2b0 : fffff8056ccdc92c ffffba8c08e71eb0 0000000000000002 0000000000000000 : 0xffffba8c0b649900 ffffa2824a02f758 fffff8056ccdc92c : ffffba8c08e71eb0 0000000000000002 0000000000000000 0000000000000000 : HyperHideDrv+0xc2b0 ffffa2824a02f760 fffff805781a1e10 : ffffba8c003de870 ffffba8c0dc8e380 ffffba8c08e71eb0 fffff8056cf503a9 : nt!KeAcquireGuardedMutex+0x1c ffffa2824a02f790 ffffba8c003de870 : ffffba8c0dc8e380 ffffba8c08e71eb0 fffff8056cf503a9 0000000000000000 : HyperHideDrv+0x1e10 ffffa2824a02f798 ffffba8c0dc8e380 : ffffba8c08e71eb0 fffff8056cf503a9 0000000000000000 0000000000000000 : 0xffffba8c003de870ffffa282
4a02f7a0 ffffba8c08e71eb0 : fffff8056cf503a9 0000000000000000 0000000000000000 0000000000000000 : 0xffffba8c0dc8e380 ffffa2824a02f7a8 fffff8056cf503a9 : 0000000000000000 0000000000000000 0000000000000000 fffff805781a1489 : 0xffffba8c08e71eb0ffffa282
4a02f7b0 fffff8056cc31cc9 : ffffba8c08e71eb0 0000000000000001 0000000000000001 000000000000020c : nt!_guard_retpoline_exit_indirect_rax+0x9ffffa282
4a02f800 fffff8056d1eb6c5 : ffffa2824a02fb80 ffffba8c08e71eb0 0000000000000001 ffffba8c0b70d690 : nt!IofCallDriver+0x59ffffa282
4a02f840 fffff8056d1eb01a : ffffba8c08e71eb0 ffffa2824a02fb80 000000000022240c ffffa2824a02fb80 : nt!IopSynchronousServiceTail+0x1a5ffffa282
4a02f8e0 fffff8056d1eaa36 : ba8c0d9ed5b0ffed 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x5caffffa282
4a02fa20 fffff8056cdcdf98 : 0000000000000001 ffffa2824a02fb00 0000000000000000 ffffa2824a02fa00 : nt!NtDeviceIoControlFile+0x56ffffa282
4a02fa90 00007ffeb4bdc144 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28000000c7
ab4ff758 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffe`b4bdc144SYMBOL_NAME: HyperHideDrv+36c2
MODULE_NAME: HyperHideDrv
IMAGE_NAME: HyperHideDrv.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 36c2
FAILURE_BUCKET_ID: AV_INVALID_HyperHideDrv!unknown_function
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d37c959a-417f-c891-0472-d90c19d031fc}
Followup: MachineOwner
The text was updated successfully, but these errors were encountered: