Bluescreen mit Windbg Daten

H

hokdan

Neuling
Thread Starter
Mitglied seit
11.10.2023
Beiträge
2
Hallo zusammen,

ein Freund von mir hat seit Kurzem das Problem, dass sein Win10-Rechner einen Bluescreen verursacht und neu startet.
Während eines laufendes Spieles treten zunächst keine Probleme auf. Erst nach dem Beenden des Spieles und ein paar Sekunden nachdem er sich auf dem Desktop befindet knallts.

Ich pack hier drunter den Output von Windbg ran. Vielleicht kann mir von euch jemand helfen woran das Problem liegen könnte und wie wir es lösen können.

Grüße

Florian

Code: 
************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Portable\Liberkey\MyApps\MobaXterm\Home\101023-19968-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff801`5ee00000 PsLoadedModuleList = 0xfffff801`5fa2a220
Debug session time: Tue Oct 10 12:13:00.749 2023 (UTC + 2:00)
System Uptime: 0 days 0:01:36.423
Loading Kernel Symbols
...............................................................
................................................................
..........................................................
Loading User Symbols

Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`5f1fcd70 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff9d81`77d8f170=0000000000000139
10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000000, A stack-based buffer has been overrun.
Arg2: 0000000000000000, Address of the trap frame for the exception that caused the BugCheck
Arg3: 0000000000000000, Address of the exception record for the exception that caused the BugCheck
Arg4: ffff9d8177d8f920, Reserved

Debugging Details:
------------------

*** WARNING: Check Image - Checksum mismatch - Dump: 0x18de0, File: 0x18f42 - C:\ProgramData\Dbg\sym\rassstp.sys\DDE4E1561d000\rassstp.sys

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 733

    Key  : Analysis.Elapsed.mSec
    Value: 5442

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 187

    Key  : Analysis.Init.Elapsed.mSec
    Value: 3487

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 80

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x139

    Key  : Failure.Bucket
    Value: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_handler

    Key  : Failure.Hash
    Value: {9ac18088-8c91-40fd-01fb-5255bc467cba}

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1


BUGCHECK_CODE:  139

BUGCHECK_P1: 0

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: ffff9d8177d8f920

FILE_IN_CAB:  101023-19968-01.dmp

TRAP_FRAME:  0000000000000000 -- (.trap 0x0)

EXCEPTION_RECORD:  0000000000000000 -- (.exr 0x0)
Cannot read Exception record @ 0000000000000000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

STACK_TEXT: 
ffff9d81`77d8f168 fffff801`5f206fab     : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffff9d81`77d8f170 fffff801`5f207462     : fffff801`5f206f90 00000000`00000000 00000000`00000000 00000000`00000000 : nt!guard_icall_handler+0x1b
ffff9d81`77d8f1a0 fffff801`5f0ca3c7     : ffff9d81`77d8f710 00000000`00000000 ffff9d81`77d8f920 fffff801`5f207081 : nt!RtlpExecuteHandlerForException+0x12
ffff9d81`77d8f1d0 fffff801`5f0c94e6     : fffff007`f32a73b8 ffff9d81`77d8fe20 fffff007`f32a73b8 fffff801`5fa318a0 : nt!RtlDispatchException+0x297
ffff9d81`77d8f8f0 fffff801`5f1fde82     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9d81`77d8ffb0 fffff801`5f1fde50     : fffff801`5f210f65 00000000`00000000 00000000`00000000 ffff99b2`35434efb : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff007`f32a7278 fffff801`5f210f65     : 00000000`00000000 00000000`00000000 ffff99b2`35434efb 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff007`f32a7280 fffff801`5f20c55a     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x125
fffff007`f32a7460 fffff801`5f207081     : fffff801`5f156eb1 00000000`00000000 fffff801`5f13e95d 00000000`39790e04 : nt!KiGeneralProtectionFault+0x31a
fffff007`f32a75f8 fffff801`5f156eb1     : 00000000`00000000 fffff801`5f13e95d 00000000`39790e04 fffff801`5ee00000 : nt!guard_dispatch_icall+0x71
fffff007`f32a7600 fffff801`5f0466d6     : ffff9d81`77d36180 ffff9d81`00000000 fffff007`f32a7689 00000000`00000000 : nt!HalpTimerClockInitialize+0x21
fffff007`f32a7640 fffff801`5f0453c6     : 00000000`0000001d 00000000`00000001 00000000`399abbb7 ffff9d81`77d36180 : nt!KeResumeClockTimerFromIdle+0x366
fffff007`f32a76f0 fffff801`5f043af4     : 00000000`00000000 00001f80`00000000 00000000`00000003 00000000`00000002 : nt!PpmIdleExecuteTransition+0x1756
fffff007`f32a7af0 fffff801`5f201624     : ffffffff`00000000 00000000`00000000 ffff9d81`77d41340 00000000`000005d8 : nt!PoIdle+0x374
fffff007`f32a7c60 00000000`00000000     : fffff007`f32a8000 fffff007`f32a2000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x54


SYMBOL_NAME:  nt!guard_icall_handler+1b

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.19041.3448

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  1b

FAILURE_BUCKET_ID:  0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_handler

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {9ac18088-8c91-40fd-01fb-5255bc467cba}

Followup:     MachineOwner
---------
 
Wenn Du diese Anzeige nicht sehen willst, registriere Dich und/oder logge Dich ein.
Ich habe noch einen neuen Dump bekommen. Und ich hänge euch den Minidump mal an.

Ich hoffe immer noch, dass mir jemand helfen kann. :cautious:

Grüße Flo

Code: 
************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.219 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\cyber\Downloads\101223-20296-01\101223-20296-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff806`75c00000 PsLoadedModuleList = 0xfffff806`7682a360
Debug session time: Thu Oct 12 20:21:34.218 2023 (UTC + 2:00)
System Uptime: 0 days 3:37:39.892
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00304018).  Type ".hh dbgerr001" for details
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`75ffd640 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff858c`65c84350=0000000000000050
8: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffa0b840830998, memory referenced.
Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE.
    bit 1 is set if the fault was due to a write, clear if a read.
    bit 3 is set if the processor decided the fault was due to a corrupted PTE.
    bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
    - ARM64: bit 1 is set if the fault was due to a write, clear if a read.
    bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: ffffe28bd2d1e6ea, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : AV.Type
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 984

    Key  : Analysis.Elapsed.mSec
    Value: 11519

    Key  : Analysis.IO.Other.Mb
    Value: 16

    Key  : Analysis.IO.Read.Mb
    Value: 13

    Key  : Analysis.IO.Write.Mb
    Value: 39

    Key  : Analysis.Init.CPU.mSec
    Value: 109

    Key  : Analysis.Init.Elapsed.mSec
    Value: 11549

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 91

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x50

    Key  : Failure.Bucket
    Value: AV_R_(null)_win32kfull!IsWindowHolographicForHitTest

    Key  : Failure.Hash
    Value: {77dcf5c8-387d-cbbb-b0bd-bdd60fda2f74}

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1


BUGCHECK_CODE:  50

BUGCHECK_P1: ffffa0b840830998

BUGCHECK_P2: 0

BUGCHECK_P3: ffffe28bd2d1e6ea

BUGCHECK_P4: 2

FILE_IN_CAB:  101223-20296-01.dmp

READ_ADDRESS: fffff806768fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 ffffa0b840830998

MM_INTERNAL_CODE:  2

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  explorer.exe

TRAP_FRAME:  ffff858c65c845f0 -- (.trap 0xffff858c65c845f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffa0b840830930 rbx=0000000000000000 rcx=ffffbc82fc2e03b0
rdx=ffffe2b840830930 rsi=0000000000000000 rdi=0000000000000000
rip=ffffe28bd2d1e6ea rsp=ffff858c65c84780 rbp=ffff858c65c84899
 r8=ffffe2b840673bf0  r9=0000000000000001 r10=ffffe28bd1a77920
r11=ffff858c65c84a80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
win32kfull!IsWindowHolographicForHitTest+0x1a:
ffffe28b`d2d1e6ea 488b4368        mov     rax,qword ptr [rbx+68h] ds:00000000`00000068=????????????????
Resetting default scope

STACK_TEXT: 
ffff858c`65c84348 fffff806`76038cbf     : 00000000`00000050 ffffa0b8`40830998 00000000`00000000 ffff858c`65c845f0 : nt!KeBugCheckEx
ffff858c`65c84350 fffff806`75e30730     : ffff0dac`67e5dc91 00000000`00000000 ffff858c`65c84670 00000000`00000000 : nt!MiSystemFault+0x1de34f
ffff858c`65c84450 fffff806`7600d1d8     : ffffe28b`d1c0fa60 00000000`00000001 00000000`00000003 ffffe28b`d1a6c044 : nt!MmAccessFault+0x400
ffff858c`65c845f0 ffffe28b`d2d1e6ea     : ffff0b4e`66a4c2d9 00000000`00989680 00000316`00000200 00000000`00000000 : nt!KiPageFault+0x358
ffff858c`65c84780 ffffe28b`d2d1e658     : 00000000`00000000 00000000`00000000 00000316`00000200 ffffe2b8`40839bd0 : win32kfull!IsWindowHolographicForHitTest+0x1a
ffff858c`65c847e0 ffffe28b`d2e5168b     : 00000316`00000200 00000000`00000003 ffffbc82`00b76124 ffff88fd`ef200000 : win32kfull!IsCompositionInputWindowForHitTest+0x1c
ffff858c`65c84810 ffffe28b`d2df015e     : 00000000`00000000 00000316`00000200 ffffbc82`fc6c1d00 fffff806`75e224a8 : win32kfull!xxxDCEWindowHitTestIndirect_Iterative+0x3a7
ffff858c`65c84900 ffffe28b`d2df00c3     : 00000316`00000200 ffff858c`65c84a70 00000000`00000000 ffffe2b8`406be010 : win32kfull!xxxDCEWindowHitTest+0x4a
ffff858c`65c84970 ffffe28b`d2deffb4     : 00000316`00000200 00000316`00000200 00000000`00000000 00000000`00000020 : win32kfull!xxxWindowFromPoint+0xe7
ffff858c`65c84aa0 ffffe28b`d1e18cfd     : ffffbc82`fe2aa080 ffff858c`65c84b80 ffff858c`65c84b80 00000000`00d7ef80 : win32kfull!NtUserWindowFromPhysicalPoint+0x24
ffff858c`65c84ad0 fffff806`76010ef8     : 00000000`ffffffff ffffbc83`010aba60 00000000`00000000 ffff858c`65c84b80 : win32k!NtUserWindowFromPoint+0x15
ffff858c`65c84b00 00007ffd`d7a712c4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`0047e9b8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`d7a712c4


SYMBOL_NAME:  win32kfull!IsWindowHolographicForHitTest+1a

MODULE_NAME: win32kfull

IMAGE_NAME:  win32kfull.sys

IMAGE_VERSION:  10.0.19041.3570

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  1a

FAILURE_BUCKET_ID:  AV_R_(null)_win32kfull!IsWindowHolographicForHitTest

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {77dcf5c8-387d-cbbb-b0bd-bdd60fda2f74}

Followup:     MachineOwner
---------
 
Anmelden, um zu antworten.
Hardwareluxx setzt keine externen Werbe- und Tracking-Cookies ein. Auf unserer Webseite finden Sie nur noch Cookies nach berechtigtem Interesse (Art. 6 Abs. 1 Satz 1 lit. f DSGVO) oder eigene funktionelle Cookies. Durch die Nutzung unserer Webseite erklären Sie sich damit einverstanden, dass wir diese Cookies setzen. Mehr Informationen und Möglichkeiten zur Einstellung unserer Cookies finden Sie in unserer Datenschutzerklärung.


Zurück
Oben Unten refresh