R
RabbitRadiation
Guest
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: ffffbc830a211f70, name of the driver having the issue.
Arg3: ffffbc830b5f4e10, verifier internal structure with driver information.
Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
Type !verifier 3 drivername.sys for info on the allocations
that were leaked that caused the bugcheck.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 2
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-2TI65N1
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 2
Key : Analysis.Memory.CommitPeak.Mb
Value: 62
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: c4
BUGCHECK_P1: 62
BUGCHECK_P2: ffffbc830a211f70
BUGCHECK_P3: ffffbc830b5f4e10
BUGCHECK_P4: 1
IMAGE_NAME: vgk.sys
MODULE_NAME: vgk
FAULTING_MODULE: fffff807bf480000 vgk
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffbc830b5f4e10
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
BLACKBOXNTFS: 1 (!blackboxntfs)
PROCESS_NAME: System
STACK_TEXT:
ffffb687`dd006518 fffff806`29fe7e14 : 00000000`000000c4 00000000`00000062 ffffbc83`0a211f70 ffffbc83`0b5f4e10 : nt!KeBugCheckEx
ffffb687`dd006520 fffff806`29ff70f9 : ffffbc83`0b5f4e10 ffffb687`dd006610 ffffbc83`0a211d80 ffffbc83`0983d5c0 : nt!VerifierBugCheckIfAppropriate+0xe0
ffffb687`dd006560 fffff806`29a92036 : ffffbc83`0b5f4e10 ffffbc83`0a211e20 00000000`00000001 ffffbc83`0983d5a0 : nt!VfPoolCheckForLeaks+0x49
ffffb687`dd0065a0 fffff806`29fd94e2 : 00000000`0057c000 ffffbc83`0a211d80 fffff806`2a236de0 fffff806`2a236de0 : nt!VfTargetDriversRemove+0x10885a
ffffb687`dd006620 fffff806`29d09c63 : ffffbc83`0a211d80 ffffb687`dd006750 00000000`00000001 00000000`ffffffff : nt!VfDriverUnloadImage+0x3e
ffffb687`dd006650 fffff806`29d776b1 : 00000000`00000000 00000000`ffffffff ffff33ce`00000001 ffff9486`533f4840 : nt!MiUnloadSystemImage+0x2eb
ffffb687`dd0067f0 fffff806`29d775de : ffffbc83`099c2cd0 ffffb687`dd006a40 00000000`00000000 00000000`00000000 : nt!MmUnloadSystemImage+0x41
ffffb687`dd006820 fffff806`29c15300 : ffffbc83`099c2cd0 ffffb687`dd006a40 ffffbc83`099c2cd0 fffff806`29ca4def : nt!IopDeleteDriver+0x4e
ffffb687`dd006870 fffff806`2987b277 : 00000000`00000000 00000000`00000000 ffffb687`dd006a40 ffffbc83`099c2d00 : nt!ObpRemoveObjectRoutine+0x80
ffffb687`dd0068d0 fffff806`2987b19e : 00000000`00000008 00000000`00000000 ffffbc83`099c2cd0 00000000`c0000365 : nt!ObfDereferenceObjectWithTag+0xc7
ffffb687`dd006910 fffff806`29d40662 : 00000000`00000008 00000000`00000008 00000000`c0000365 00000000`00001000 : nt!HalPutDmaAdapter+0xe
ffffb687`dd006940 fffff806`2a07093f : ffffbc83`030c2050 ffffbc83`030c2050 ffffb687`dd006b80 00000000`00000000 : nt!IopLoadDriver+0x76a
ffffb687`dd006b10 fffff806`2a07949a : ffffffff`c0000365 ffff9486`538d4fc0 00000000`00000000 fffff806`28074400 : nt!IopInitializeSystemDrivers+0x157
ffffb687`dd006bb0 fffff806`29db57bb : fffff806`28074400 fffff806`2a2610e8 fffff806`29db5780 fffff806`28074400 : nt!IoInitSystem+0x2e
ffffb687`dd006be0 fffff806`29931e85 : ffffbc83`03093040 fffff806`29db5780 fffff806`28074400 00000000`00000000 : nt!Phase1Initialization+0x3b
ffffb687`dd006c10 fffff806`29a17498 : fffff806`283de180 ffffbc83`03093040 fffff806`29931e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffb687`dd006c60 00000000`00000000 : ffffb687`dd007000 ffffb687`dd001000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
IMAGE_VERSION: 1.2.0.2
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xc4_62_VRF_LEAKED_POOL_IMAGE_vgk.sys
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6b48ad5e-de65-9e28-3555-0011c454018a}
Followup: MachineOwner
Continue reading...
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: ffffbc830a211f70, name of the driver having the issue.
Arg3: ffffbc830b5f4e10, verifier internal structure with driver information.
Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't freed.
Type !verifier 3 drivername.sys for info on the allocations
that were leaked that caused the bugcheck.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 2
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-2TI65N1
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 2
Key : Analysis.Memory.CommitPeak.Mb
Value: 62
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: c4
BUGCHECK_P1: 62
BUGCHECK_P2: ffffbc830a211f70
BUGCHECK_P3: ffffbc830b5f4e10
BUGCHECK_P4: 1
IMAGE_NAME: vgk.sys
MODULE_NAME: vgk
FAULTING_MODULE: fffff807bf480000 vgk
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffbc830b5f4e10
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
BLACKBOXNTFS: 1 (!blackboxntfs)
PROCESS_NAME: System
STACK_TEXT:
ffffb687`dd006518 fffff806`29fe7e14 : 00000000`000000c4 00000000`00000062 ffffbc83`0a211f70 ffffbc83`0b5f4e10 : nt!KeBugCheckEx
ffffb687`dd006520 fffff806`29ff70f9 : ffffbc83`0b5f4e10 ffffb687`dd006610 ffffbc83`0a211d80 ffffbc83`0983d5c0 : nt!VerifierBugCheckIfAppropriate+0xe0
ffffb687`dd006560 fffff806`29a92036 : ffffbc83`0b5f4e10 ffffbc83`0a211e20 00000000`00000001 ffffbc83`0983d5a0 : nt!VfPoolCheckForLeaks+0x49
ffffb687`dd0065a0 fffff806`29fd94e2 : 00000000`0057c000 ffffbc83`0a211d80 fffff806`2a236de0 fffff806`2a236de0 : nt!VfTargetDriversRemove+0x10885a
ffffb687`dd006620 fffff806`29d09c63 : ffffbc83`0a211d80 ffffb687`dd006750 00000000`00000001 00000000`ffffffff : nt!VfDriverUnloadImage+0x3e
ffffb687`dd006650 fffff806`29d776b1 : 00000000`00000000 00000000`ffffffff ffff33ce`00000001 ffff9486`533f4840 : nt!MiUnloadSystemImage+0x2eb
ffffb687`dd0067f0 fffff806`29d775de : ffffbc83`099c2cd0 ffffb687`dd006a40 00000000`00000000 00000000`00000000 : nt!MmUnloadSystemImage+0x41
ffffb687`dd006820 fffff806`29c15300 : ffffbc83`099c2cd0 ffffb687`dd006a40 ffffbc83`099c2cd0 fffff806`29ca4def : nt!IopDeleteDriver+0x4e
ffffb687`dd006870 fffff806`2987b277 : 00000000`00000000 00000000`00000000 ffffb687`dd006a40 ffffbc83`099c2d00 : nt!ObpRemoveObjectRoutine+0x80
ffffb687`dd0068d0 fffff806`2987b19e : 00000000`00000008 00000000`00000000 ffffbc83`099c2cd0 00000000`c0000365 : nt!ObfDereferenceObjectWithTag+0xc7
ffffb687`dd006910 fffff806`29d40662 : 00000000`00000008 00000000`00000008 00000000`c0000365 00000000`00001000 : nt!HalPutDmaAdapter+0xe
ffffb687`dd006940 fffff806`2a07093f : ffffbc83`030c2050 ffffbc83`030c2050 ffffb687`dd006b80 00000000`00000000 : nt!IopLoadDriver+0x76a
ffffb687`dd006b10 fffff806`2a07949a : ffffffff`c0000365 ffff9486`538d4fc0 00000000`00000000 fffff806`28074400 : nt!IopInitializeSystemDrivers+0x157
ffffb687`dd006bb0 fffff806`29db57bb : fffff806`28074400 fffff806`2a2610e8 fffff806`29db5780 fffff806`28074400 : nt!IoInitSystem+0x2e
ffffb687`dd006be0 fffff806`29931e85 : ffffbc83`03093040 fffff806`29db5780 fffff806`28074400 00000000`00000000 : nt!Phase1Initialization+0x3b
ffffb687`dd006c10 fffff806`29a17498 : fffff806`283de180 ffffbc83`03093040 fffff806`29931e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffb687`dd006c60 00000000`00000000 : ffffb687`dd007000 ffffb687`dd001000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
IMAGE_VERSION: 1.2.0.2
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xc4_62_VRF_LEAKED_POOL_IMAGE_vgk.sys
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6b48ad5e-de65-9e28-3555-0011c454018a}
Followup: MachineOwner
Continue reading...