kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800012c4422, The address that the exception occurred at
Arg3: fffffadfc8e24a70, Exception Record Address
Arg4: fffffadfc8e24480, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422)+0
fffff800`012c4422 498b85f0000000 mov rax,[r13+0xf0]
EXCEPTION_RECORD: fffffadfc8e24a70 -- (.exr fffffadfc8e24a70)
ExceptionAddress: fffff800012c4422 (nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422))
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000000000f0
Attempt to read from address 00000000000000f0
CONTEXT: fffffadfc8e24480 -- (.cxr fffffadfc8e24480)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000514000 rsi=0000000000000000 rdi=fffffadfcdd52a20
rip=fffff800012c4422 rsp=fffffadfc8e24c90 rbp=fffffadfcdd52a28
r8=fffffadfceadbc20 r9=fffffadfceada760 r10=fffff80001174180
r11=fffffadfcddd27a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422):
fffff800`012c4422 498b85f0000000 mov rax,[r13+0xf0] ds:002b:00000000`000000f0=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 3
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 0000000000000002
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800012c4422
STACK_TEXT:
fffffadf`c8e24c90 00000000`00000000 : fffffa80`02494040 00000000`00000000 fffffa80`02494040 fffffadf`ce403ed0 : nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422)
fffffadf`c8e24c98 fffffa80`02494040 : 00000000`00000000 fffffa80`02494040 fffffadf`ce403ed0 00000000`00000000 : 0x0
fffffadf`c8e24ca0 00000000`00000000 : fffffa80`02494040 fffffadf`ce403ed0 00000000`00000000 00000000`00000000 : 0xfffffa80`02494040
fffffadf`c8e24ca8 fffffa80`02494040 : fffffadf`ce403ed0 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`c8e24cb0 fffffadf`ce403ed0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : 0xfffffa80`02494040
fffffadf`c8e24cb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : 0xfffffadf`ce403ed0fffffadf`c8e24cf8 fffff800`01038f43 : fffffadf`0000000c fffff800`01196ae0 fffff800`012c4390 fffffadf`ceada760 : nt!ObpReleaseLookupContextObject+0x49
fffffadf`c8e24d00 fffffadf`0000000c : fffff800`01196ae0 fffff800`012c4390 fffffadf`ceada760 00000000`00000000 : nt!RtlUnwind+0x10b
fffffadf`c8e24d08 fffff800`01196ae0 : fffff800`012c4390 fffffadf`ceada760 00000000`00000000 00000000`00000000 : 0xfffffadf`0000000c
fffffadf`c8e24d10 fffff800`012c4390 : fffffadf`ceada760 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtGetContextThread+0x59
fffffadf`c8e24d18 fffffadf`ceada760 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4390)
fffffadf`c8e24d20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`ceada760
fffffadf`c8e24d28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`004e3070 : 0x0
fffffadf`c8e24d30 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff800`004e3070 fffffadf`ceadbc20 : 0x0
fffffadf`c8e24d38 00000000`00000000 : 00000000`00000000 fffff800`004e3070 fffffadf`ceadbc20 00000000`00000000 : 0x0
fffffadf`c8e24d40 00000000`00000000 : fffff800`004e3070 fffffadf`ceadbc20 00000000`00000000 fffffadf`ceadb848 : 0x0
fffffadf`c8e24d48 fffff800`004e3070 : fffffadf`ceadbc20 00000000`00000000 fffffadf`ceadb848 fffff800`012b226e : 0x0
fffffadf`c8e24d50 fffffadf`ceadbc20 : 00000000`00000000 fffffadf`ceadb848 fffff800`012b226e fffffadf`ceada760 : 0xfffff800`004e3070
fffffadf`c8e24d58 00000000`00000000 : fffffadf`ceadb848 fffff800`012b226e fffffadf`ceada760 00000000`00000080 : 0xfffffadf`ceadbc20
fffffadf`c8e24d60 fffffadf`ceadb848 : fffff800`012b226e fffffadf`ceada760 00000000`00000080 fffffadf`ceada760 : 0x0
fffffadf`c8e24d68 fffff800`012b226e : fffffadf`ceada760 00000000`00000080 fffffadf`ceada760 fffffadf`ceacc040 : 0xfffffadf`ceadb848
fffffadf`c8e24d70 fffffadf`ceada760 : 00000000`00000080 fffffadf`ceada760 fffffadf`ceacc040 00000000`00000000 : nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2b226e)
fffffadf`c8e24d78 00000000`00000080 : fffffadf`ceada760 fffffadf`ceacc040 00000000`00000000 00000000`00000000 : 0xfffffadf`ceada760
fffffadf`c8e24d80 fffffadf`ceada760 : fffffadf`ceacc040 00000000`00000000 00000000`00000000 00000000`00000000 : 0x80
fffffadf`c8e24d88 fffffadf`ceacc040 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`ceada760
fffffadf`c8e24d90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`ceacc040
fffffadf`c8e24d98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffadf`c8e23c30 : 0x0
fffffadf`c8e24da0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffadf`c8e23c30 fffffadf`ceacc138 : 0x0
fffffadf`c8e24da8 00000000`00000000 : 00000000`00000000 fffffadf`ceadb848 00000000`00000000 : nt!RtlAppendUnicodeToString+0x64
fffffadf`c8e24dd8 fffffadf`ceada760 : fffffadf`ceacc040 fffffadf`ceadb848 00000000`00000000 00000000`00000000 : nt!CmpRebuildSecurityCache+0x13
fffffadf`c8e24de0 fffffadf`ceacc040 : fffffadf`ceadb848 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`ceada760
fffffadf`c8e24ee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422)+0
fffff800`012c4422 498b85f0000000 mov rax,[r13+0xf0]
FAULTING_SOURCE_CODE:
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!_NULL_IMPORT_DESCRIPTOR <PERF> (nt+0x2c4422)+0
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 42436096
FAILURE_BUCKET_ID: X64_0x7E_nt!_NULL_IMPORT_DESCRIPTOR__PERF__(nt+0x2c4422)+0
BUCKET_ID: X64_0x7E_nt!_NULL_IMPORT_DESCRIPTOR__PERF__(nt+0x2c4422)+0
Followup: MachineOwner
---------