..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff803ad6f6065, ffffd000a4588bf0, 0}
*** WARNING: Unable to verify timestamp for esgiguard.sys
*** ERROR: Module load completed but symbols could not be loaded for esgiguard.sys
Probably caused by : esgiguard.sys ( esgiguard+14ec )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff803ad6f6065, Address of the instruction which caused the bugcheck
Arg3: ffffd000a4588bf0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%08lx verwijst naar geheugen op 0x%08lx. Een lees- of schrijfbewerking op het geheugen is mislukt: %s.
FAULTING_IP:
nt!MmUnmapLockedPages+21
fffff803`ad6f6065 6685530a test word ptr [rbx+0Ah],dx
CONTEXT: ffffd000a4588bf0 -- (.cxr 0xffffd000a4588bf0;r)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000200 rsi=0000000000000001 rdi=0000000000000000
rip=fffff803ad6f6065 rsp=ffffd000a4589620 rbp=fffff803ad953a90
r8=0000000000000002 r9=fffff803ad958180 r10=fffff780000003b0
r11=fffff78000000008 r12=0000000000000001 r13=0000000000000000
r14=ffffe00035fc7320 r15=0000000000000036
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!MmUnmapLockedPages+0x21:
fffff803`ad6f6065 6685530a test word ptr [rbx+0Ah],dx ds:002b:00000000`0000000a=????
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000200 rsi=0000000000000001 rdi=0000000000000000
rip=fffff803ad6f6065 rsp=ffffd000a4589620 rbp=fffff803ad953a90
r8=0000000000000002 r9=fffff803ad958180 r10=fffff780000003b0
r11=fffff78000000008 r12=0000000000000001 r13=0000000000000000
r14=ffffe00035fc7320 r15=0000000000000036
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!MmUnmapLockedPages+0x21:
fffff803`ad6f6065 6685530a test word ptr [rbx+0Ah],dx ds:002b:00000000`0000000a=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: plugin-contain
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffff801713204ec to fffff803ad6f6065
STACK_TEXT:
ffffd000`a4589620 fffff801`713204ec : ffffe000`3be74900 fffff803`ad953a90 00000000`00000001 fffff803`ad953a90 : nt!MmUnmapLockedPages+0x21
ffffd000`a4589650 ffffe000`3be74900 : fffff803`ad953a90 00000000`00000001 fffff803`ad953a90 ffffe000`3be74900 : esgiguard+0x14ec
ffffd000`a4589658 fffff803`ad953a90 : 00000000`00000001 fffff803`ad953a90 ffffe000`3be74900 fffff801`7132004e : 0xffffe000`3be74900
ffffd000`a4589660 00000000`00000001 : fffff803`ad953a90 ffffe000`3be74900 fffff801`7132004e fffff801`71322140 : nt!PspCreateProcessNotifyRoutine+0x50
ffffd000`a4589668 fffff803`ad953a90 : ffffe000`3be74900 fffff801`7132004e fffff801`71322140 ffff9c22`00000000 : 0x1
ffffd000`a4589670 ffffe000`3be74900 : fffff801`7132004e fffff801`71322140 ffff9c22`00000000 00000000`00000000 : nt!PspCreateProcessNotifyRoutine+0x50
ffffd000`a4589678 fffff801`7132004e : fffff801`71322140 ffff9c22`00000000 00000000`00000000 00000000`00000000 : 0xffffe000`3be74900
ffffd000`a4589680 fffff801`71322140 : ffff9c22`00000000 00000000`00000000 00000000`00000000 fffff803`ad958180 : esgiguard+0x104e
ffffd000`a4589688 ffff9c22`00000000 : 00000000`00000000 00000000`00000000 fffff803`ad958180 00000000`00000001 : esgiguard+0x3140
ffffd000`a4589690 00000000`00000000 : 00000000`00000000 fffff803`ad958180 00000000`00000001 ffffe000`3c7f7880 : 0xffff9c22`00000000
FOLLOWUP_IP:
esgiguard+14ec
fffff801`713204ec ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: esgiguard+14ec
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: esgiguard
IMAGE_NAME: esgiguard.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52cb30b5
STACK_COMMAND: .cxr 0xffffd000a4588bf0 ; kb
FAILURE_BUCKET_ID: 0x3B_esgiguard+14ec
BUCKET_ID: 0x3B_esgiguard+14ec
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_esgiguard+14ec
FAILURE_ID_HASH: {6f1bd547-208b-e086-22f6-9dfea7259b13}
Followup: MachineOwner
---------