************* Preparing the environment for Debugger Extensions Gallery repositories ************** ExtensionRepository : Implicit UseExperimentalFeatureForNugetShare : false AllowNugetExeUpdate : false AllowNugetMSCredentialProviderInstall : false AllowParallelInitializationOfLocalRepositories : true -- Configuring repositories ----> Repository : LocalInstalled, Enabled: true ----> Repository : UserExtensions, Enabled: true >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds ************* Waiting for Debugger Extensions Gallery to Initialize ************** >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds ----> Repository : UserExtensions, Enabled: true, Packages count: 0 ----> Repository : LocalInstalled, Enabled: true, Packages count: 36 Microsoft (R) Windows Debugger Version 10.0.25877.1004 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\user\Desktop\111523-22546-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv* Executable search path is: ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_EPROCESS *** *** *** ************************************************************************* Windows 10 Kernel Version 19041 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Kernel base = 0xfffff807`1ca00000 PsLoadedModuleList = 0xfffff807`1d62a6d0 Debug session time: Wed Nov 15 14:01:19.189 2023 (UTC + 8:00) System Uptime: 0 days 0:04:21.026 ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_EPROCESS *** *** *** ************************************************************************* Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ................................................................ ................................................................ ................................................................ ............ Loading User Symbols PEB is paged out (Peb.Ldr = 000000df`04c4a018). Type ".hh dbgerr001" for details Loading unloaded module list ........... ************* Symbol Loading Error Summary ************** Module name Error ntkrnlmp The system cannot find the file specified You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded. You should also verify that your symbol search path (.sympath) is correct. For analysis of this file, run !analyze -vnt!KeBugCheckEx: fffff807`1cdfd730 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff68b`57b6dd00=000000000000003b 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the BugCheck Arg2: fffff8071d0479ab, Address of the instruction which caused the BugCheck Arg3: fffff68b57b6e600, Address of the context record for the exception that caused the BugCheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for 360Hvm64.sys ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_IMAGE_DOS_HEADER *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KTHREAD *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 140 Key : Analysis.Elapsed.mSec Value: 1402 Key : Analysis.IO.Other.Mb Value: 2 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 10 Key : Analysis.Init.CPU.mSec Value: 577 Key : Analysis.Init.Elapsed.mSec Value: 937088 Key : Analysis.Memory.CommitPeak.Mb Value: 65 Key : Bugcheck.Code.LegacyAPI Value: 0x3b Key : Dump.Attributes.AsUlong Value: 8 Key : Dump.Attributes.KernelGeneratedTriageDump Value: 1 Key : Failure.Bucket Value: WRONG_SYMBOLS_X64_10.0.19041.3693_(WinBuild.160101.0800)_TIMESTAMP_620413-145137_AD941E79_nt_wrong_symbols!AD941E791046000 Key : Failure.Hash Value: {a91ce3e6-4504-d8d7-1e79-a2a4f71ba2da} BUGCHECK_CODE: 3b BUGCHECK_P1: c0000005 BUGCHECK_P2: fffff8071d0479ab BUGCHECK_P3: fffff68b57b6e600 BUGCHECK_P4: 0 FILE_IN_CAB: 111523-22546-01.dmp ADDITIONAL_DEBUG_TEXT: You can run '.symfix; .reload' to try to fix the symbol path and load symbols. WRONG_SYMBOLS_TIMESTAMP: ad941e79 WRONG_SYMBOLS_SIZE: 1046000 FAULTING_MODULE: fffff8071ca00000 nt DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump CONTEXT: fffff68b57b6e600 -- (.cxr 0xfffff68b57b6e600)rax=0000000000000000 rbx=fffff68b57b6f1c0 rcx=0000000000000011 rdx=fffff8071d648358 rsi=fffff8071d648360 rdi=0000000000000000 rip=fffff8071d0479ab rsp=fffff68b57b6f000 rbp=fffff68b57b6f210 r8=fffff68b57b6f010 r9=0000000000000001 r10=fffff8071d04d0a0 r11=fffff68b57b6f108 r12=0000000000100000 r13=fffff68b57b6f190 r14=0000000000000001 r15=000000000000001c iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286 nt!ObReferenceObjectByHandle+0x295b: fffff807`1d0479ab 4d8b2424 mov r12,qword ptr [r12] ds:002b:00000000`00100000=???????????????? Resetting default scope BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 STACK_TEXT: fffff68b`57b6f000 fffff807`1d04d2ec : ffffde0d`0000001c fffff68b`57b6f1c0 fffff68b`57b6f178 00000000`ffffff01 : nt!ObReferenceObjectByHandle+0x295b fffff68b`57b6f110 fffff807`1d0494c7 : fffff807`1d04d000 ffffa389`00000000 ffffde0d`40dd44d0 00000000`00000001 : nt!SeUnlockSubjectContext+0x2fcc fffff68b`57b6f2b0 fffff807`1d051c6a : ffffde0d`40dd4401 fffff68b`57b6f518 ffffde0d`00000040 ffffde0d`2872ff00 : nt!ObReferenceObjectByHandle+0x4477 fffff68b`57b6f480 fffff807`1d051a4c : 00000000`00000000 00000000`00000000 00000000`00000000 ffffde0d`2872ff00 : nt!ObOpenObjectByNameEx+0x1fa fffff68b`57b6f5b0 fffff807`1d051391 : 000000df`0577df98 fffff68b`57b6fa80 00000000`00000001 fffff807`1d04231c : nt!ObOpenObjectByName+0x5c fffff68b`57b6f600 fffff807`1d0f77e2 : 000000df`0577e1b8 00000000`00020019 000001e9`f1150c70 00000000`00000000 : nt!SeUnlockSubjectContext+0x7071 fffff68b`57b6f860 fffff807`364bc288 : ffffde0d`447c50c0 00000000`00000032 fffff68b`57b6f8d0 00000000`00000000 : nt!NtFsControlFile+0x582 fffff68b`57b6f8a0 ffffde0d`447c50c0 : 00000000`00000032 fffff68b`57b6f8d0 00000000`00000000 fffff68b`57b6f8f0 : 360Hvm64+0x1c288 fffff68b`57b6f8a8 00000000`00000032 : fffff68b`57b6f8d0 00000000`00000000 fffff68b`57b6f8f0 fffff68b`57b6fa00 : 0xffffde0d`447c50c0 fffff68b`57b6f8b0 fffff68b`57b6f8d0 : 00000000`00000000 fffff68b`57b6f8f0 fffff68b`57b6fa00 000001e9`f1150c88 : 0x32 fffff68b`57b6f8b8 00000000`00000000 : fffff68b`57b6f8f0 fffff68b`57b6fa00 000001e9`f1150c88 00000000`00020019 : 0xfffff68b`57b6f8d0 STACK_COMMAND: .cxr 0xfffff68b57b6e600 ; kb EXCEPTION_CODE_STR: AD941E79 EXCEPTION_STR: WRONG_SYMBOLS PROCESS_NAME: ntoskrnl.wrong.symbols.exe IMAGE_NAME: ntoskrnl.wrong.symbols.exe MODULE_NAME: nt_wrong_symbols SYMBOL_NAME: nt_wrong_symbols!AD941E791046000 FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_10.0.19041.3693_(WinBuild.160101.0800)_TIMESTAMP_620413-145137_AD941E79_nt_wrong_symbols!AD941E791046000 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {a91ce3e6-4504-d8d7-1e79-a2a4f71ba2da} Followup: MachineOwner ---------