none
BSOD ndis.sys RRS feed

  • Pregunta

  • Hola,

    Tengo un PC que continuamente está teniendo BSOD con IRQL_NOT_LESS_OR_EQUAL ndis.sys. Como indica, actualicé controladores de red y el antivirus "Kaspersky" a su última versión. Parecia ir bien pero a los dias volvió otra vez a aparecer.

    Obtuve el minidump y lo analicé con dbgview pero no me queda claro. Muestra lo siguiente:

    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 18362 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 18362.1.amd64fre.19h1_release.190318-1202
    Machine Name:
    Kernel base = 0xfffff804`42800000 PsLoadedModuleList = 0xfffff804`42c432b0
    Debug session time: Mon Dec  2 08:40:30.581 2019 (UTC + 1:00)
    System Uptime: 3 days 14:14:15.501
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................................................................
    ........................................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {0, 2, 1, fffff804486b4f4f}
    
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : memory_corruption
    
    Followup: memory_corruption
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff804486b4f4f, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPagedPoolEnd
    unable to get nt!MmNonPagedPoolStart
    unable to get nt!MmSizeOfNonPagedPoolInBytes
     0000000000000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    ndis!ndisNblTrackerUpdateOwnershipCount+4b
    fffff804`486b4f4f 4c0112          add     qword ptr [rdx],r10
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  CODE_CORRUPTION
    
    BUGCHECK_STR:  AV
    
    PROCESS_NAME:  System
    
    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
    
    DPC_STACK_BASE:  FFFFF80449277FB0
    
    TRAP_FRAME:  fffff8044926f1c0 -- (.trap 0xfffff8044926f1c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffd20311eb3e30
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff804486b4f4f rsp=fffff8044926f358 rbp=ffffd2030e946201
     r8=0000000000000002  r9=fffff8044926f3e8 r10=ffffffffffffffff
    r11=ffffd20311f25d60 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    ndis!ndisNblTrackerUpdateOwnershipCount+0x4b:
    fffff804`486b4f4f 4c0112          add     qword ptr [rdx],r10 ds:00000000`00000000=0000000000000000
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff804429ce569 to fffff804429bc8a0
    
    STACK_TEXT:  
    fffff804`4926f078 fffff804`429ce569 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff804`4926f080 fffff804`429ca8a5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff804`4926f1c0 fffff804`486b4f4f : fffff804`486b25b9 ffffd203`11f25d60 fffff804`4882137f ffffd203`1c4ea670 : nt!KiPageFault+0x465
    fffff804`4926f358 fffff804`486b25b9 : ffffd203`11f25d60 fffff804`4882137f ffffd203`1c4ea670 fffff804`42b6a0a9 : ndis!ndisNblTrackerUpdateOwnershipCount+0x4b
    fffff804`4926f360 fffff804`48c04bfb : 00000000`00000001 ffffd203`1c4ea601 00000000`00000000 00000000`00000000 : ndis!NdisFreeCloneNetBufferList+0x339
    fffff804`4926f3e0 fffff804`526a2a86 : badbadfa`badbadfa ffffd203`28db8b40 ffffd203`0e946210 00000000`00000000 : fwpkclnt!FwpsFreeCloneNetBufferList0+0x20b
    fffff804`4926f420 badbadfa`badbadfa : ffffd203`28db8b40 ffffd203`0e946210 00000000`00000000 00000000`00000000 : klwfp+0x2a86
    fffff804`4926f428 ffffd203`28db8b40 : ffffd203`0e946210 00000000`00000000 00000000`00000000 fffff804`48c06e71 : 0xbadbadfa`badbadfa
    fffff804`4926f430 ffffd203`0e946210 : 00000000`00000000 00000000`00000000 fffff804`48c06e71 ffffd203`28db8b40 : 0xffffd203`28db8b40
    fffff804`4926f438 00000000`00000000 : 00000000`00000000 fffff804`48c06e71 ffffd203`28db8b40 00000000`00000000 : 0xffffd203`0e946210
    
    
    STACK_COMMAND:  kb
    
    CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
        fffff804478fef25-fffff804478fef26  2 bytes - FLTMGR!DeleteStreamListCtrlCallback+35
    	[ 48 ff:4c 8b ]
        fffff804478fef2c-fffff804478fef30  5 bytes - FLTMGR!DeleteStreamListCtrlCallback+3c (+0x07)
    	[ 0f 1f 44 00 00:e8 df f1 f6 fa ]
        fffff804478fef3a-fffff804478fef3b  2 bytes - FLTMGR!DeleteStreamListCtrlCallback+4a (+0x0e)
    	[ 48 ff:4c 8b ]
        fffff804478fef41-fffff804478fef45  5 bytes - FLTMGR!DeleteStreamListCtrlCallback+51 (+0x07)
    	[ 0f 1f 44 00 00:e8 fa 79 f3 fa ]
        fffff804478fef8a-fffff804478fef8b  2 bytes - FLTMGR!DeleteStreamListCtrlCallback+9a (+0x49)
    	[ 48 ff:4c 8b ]
        fffff804478fef91-fffff804478fef97  7 bytes - FLTMGR!DeleteStreamListCtrlCallback+a1 (+0x07)
    	[ 0f 1f 44 00 00 48 ff:e8 2a 72 f3 fa 4c 8b ]
        fffff804478fef9d-fffff804478fefa1  5 bytes - FLTMGR!DeleteStreamListCtrlCallback+ad (+0x0c)
    	[ 0f 1f 44 00 00:e8 2e f1 f6 fa ]
    28 errors : !FLTMGR (fffff804478fef25-fffff804478fefa1)
    
    MODULE_NAME: memory_corruption
    
    IMAGE_NAME:  memory_corruption
    
    FOLLOWUP_NAME:  memory_corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MEMORY_CORRUPTOR:  LARGE
    
    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:memory_corruption_large
    
    FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
    
    Followup: memory_corruption
    ---------
    
    

    A ver si podéis echarme una mano... Gracias!

    miércoles, 4 de diciembre de 2019 7:56

Todas las respuestas

  • Le recomiendo que analice el MEMORY.DMP (Debe estar ubicado en C:\Windows) en lugar del minidump, contiene mayor información y mas de3tallada, los resultados son mas fiables.

    Probably caused by : memory_corruption

    Ahora, con la herramienta que posee realice de nuevo el análisis, Es posible que obtenga un resultado similar, con una diferencia, donde lee Arguments: puede encontrar una línea que informe "Address of the IRP".
    En este caso ingresara este comando:

    !IRP (Mas la direccion señalada en Arguments)

    Pongo esto como ejemplo de un viejo análisis que tengo por aquí:

    \Driver\usbehci ax88172

    Alli tendra en la mira al resposable.

     


    Saludos cordiales. Ivan

    miércoles, 4 de diciembre de 2019 16:11
  • Hola Oscaarxx

     

    Gracias por levantar tu consulta en los foros de TechNet. Con respecto a la misma, te comparto a continuación los siguientes enlaces que contienen documentación oficial y casos similares al que nos estas reportando

     

    https://answers.microsoft.com/en-us/windows/forum/all/bsod-in-windows-10/c9b5659f-3ad0-498b-8325-e29a2b4dff3f

     

    https://social.technet.microsoft.com/Forums/windows/it-IT/16ec3f00-6978-4ba2-af3f-2118330e16ee/blue-screen-of-death-occurs-due-to-ndissys?forum=w7itpronetworking

     

    https://social.technet.microsoft.com/Forums/Lync/en-US/1f5b74b2-4e30-4ef9-8944-e23585acca2f/windows-10-bsod-microsoftwindowskernelpower?forum=win10itprohardware

     

    https://answers.microsoft.com/en-us/windows/forum/all/bsod-in-windows-10/c9b5659f-3ad0-498b-8325-e29a2b4dff3f

     

     

    Por favor indícame si puedo ofrecerte una mejor respuesta.

    Gacias por usar los foros de TechNet.

     

    Diana Acuña

     

     ____

     

    Por favor recuerde "Marcar como respuesta" las respuestas que hayan resuelto su problema, es una forma común de reconocer a aquellos que han ayudado, y hace que sea más fácil para los otros visitantes encontrar la solución más tarde. 

     

    Microsoft ofrece este servicio de forma gratuita, con la finalidad de ayudar a los usuarios y la ampliación de la base de datos de conocimientos relacionados con los productos y tecnologías de Microsoft.  

     

    Este contenido es proporcionado "tal cual" y no implica ninguna responsabilidad de parte de Microsoft.

    miércoles, 4 de diciembre de 2019 16:57
  • Le recomiendo que analice el MEMORY.DMP (Debe estar ubicado en C:\Windows) en lugar del minidump, contiene mayor información y mas de3tallada, los resultados son mas fiables.

    Probably caused by : memory_corruption

    Ahora, con la herramienta que posee realice de nuevo el análisis, Es posible que obtenga un resultado similar, con una diferencia, donde lee Arguments: puede encontrar una línea que informe "Address of the IRP".
    En este caso ingresara este comando:

    !IRP (Mas la direccion señalada en Arguments)

    Pongo esto como ejemplo de un viejo análisis que tengo por aquí:

    \Driver\usbehci ax88172

    Alli tendra en la mira al resposable.

     


    Saludos cordiales. Ivan

    Hola Ivan,

    Gracias por tu respuesta, he analizado el MEMORY.dmp y muestra lo siguiente:

    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {0, 2, 1, fffff804486b4f4f}
    
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : memory_corruption
    
    Followup: memory_corruption
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff804486b4f4f, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPagedPoolEnd
    unable to get nt!MmNonPagedPoolStart
    unable to get nt!MmSizeOfNonPagedPoolInBytes
     0000000000000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    ndis!ndisNblTrackerUpdateOwnershipCount+4b
    fffff804`486b4f4f 4c0112          add     qword ptr [rdx],r10
    
    DEFAULT_BUCKET_ID:  CODE_CORRUPTION
    
    BUGCHECK_STR:  AV
    
    PROCESS_NAME:  System
    
    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
    
    DPC_STACK_BASE:  FFFFF80449277FB0
    
    TRAP_FRAME:  fffff8044926f1c0 -- (.trap 0xfffff8044926f1c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffd20311eb3e30
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff804486b4f4f rsp=fffff8044926f358 rbp=ffffd2030e946201
     r8=0000000000000002  r9=fffff8044926f3e8 r10=ffffffffffffffff
    r11=ffffd20311f25d60 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    ndis!ndisNblTrackerUpdateOwnershipCount+0x4b:
    fffff804`486b4f4f 4c0112          add     qword ptr [rdx],r10 ds:00000000`00000000=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff804429ce569 to fffff804429bc8a0
    
    STACK_TEXT:  
    fffff804`4926f078 fffff804`429ce569 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff804`4926f080 fffff804`429ca8a5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff804`4926f1c0 fffff804`486b4f4f : fffff804`486b25b9 ffffd203`11f25d60 fffff804`4882137f ffffd203`1c4ea670 : nt!KiPageFault+0x465
    fffff804`4926f358 fffff804`486b25b9 : ffffd203`11f25d60 fffff804`4882137f ffffd203`1c4ea670 fffff804`42b6a0a9 : ndis!ndisNblTrackerUpdateOwnershipCount+0x4b
    fffff804`4926f360 fffff804`48c04bfb : 00000000`00000001 ffffd203`1c4ea601 00000000`00000000 00000000`00000000 : ndis!NdisFreeCloneNetBufferList+0x339
    fffff804`4926f3e0 fffff804`526a2a86 : badbadfa`badbadfa ffffd203`28db8b40 ffffd203`0e946210 00000000`00000000 : fwpkclnt!FwpsFreeCloneNetBufferList0+0x20b
    fffff804`4926f420 fffff804`48c06e71 : ffffd203`28db8b40 00000000`00000000 ffffd203`133c2000 00000000`00000000 : klwfp+0x2a86
    fffff804`4926f450 fffff804`488251e7 : ffffd203`133c2030 ffffd203`11f25d61 ffffd203`2e68f9c0 00000000`ffffffff : fwpkclnt!FwppInjectComplete+0xb1
    fffff804`4926f490 fffff804`48822f5b : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd203`18bd3da0 : NETIO!NetioDereferenceNetBufferList+0xb7
    fffff804`4926f4d0 fffff804`48949224 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff804`4926f630 : NETIO!NetioDereferenceNetBufferListChain+0x21b
    fffff804`4926f550 fffff804`48a9406a : ffffd203`18bd3da0 ffffd203`14718360 ffffd203`147183c0 00000000`00000000 : tcpip!IppCompleteAndFreePacketList+0x5c
    fffff804`4926f580 fffff804`48a9494c : 00000000`00000000 fffff804`4926f660 ffffd203`0cc42010 00000000`0009796f : tcpip!IppCleanupMfe+0x7e
    fffff804`4926f5b0 fffff804`489f790b : ffffd203`14718360 fffff804`4926f660 00000000`00000000 ffffd203`0cc42010 : tcpip!IppDereferenceMfe+0x30
    fffff804`4926f5e0 fffff804`4894c4de : ffffd203`0cc32370 00000000`00000001 fffff804`48b09160 00000000`0009796f : tcpip!IppMfeSetTimeOut+0xaaf4b
    fffff804`4926f680 fffff804`42873689 : 00000000`00000002 fffff804`48b09160 fffff804`40609180 ffffd203`00000002 : tcpip!IppTimeout+0x81e
    fffff804`4926f840 fffff804`428723e9 : 00000000`00000002 00000000`00989680 00000000`00b4b579 00000000`00000091 : nt!KiProcessExpiredTimerList+0x169
    fffff804`4926f930 fffff804`429c0364 : 00000000`00000000 fffff804`40609180 fffff804`42d8c400 ffffd203`1183a080 : nt!KiRetireDpcList+0x4e9
    fffff804`4926fb60 00000000`00000000 : fffff804`49270000 fffff804`49269000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x84
    
    
    STACK_COMMAND:  kb
    
    CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
        fffff80442803079-fffff8044280307a  2 bytes - nt!KiIntRedirectQueueRequestOnProcessor+65
    	[ 48 ff:4c 8b ]
        fffff80442803080-fffff80442803083  4 bytes - nt!KiIntRedirectQueueRequestOnProcessor+6c (+0x07)
    	[ 0f 1f 44 00:e8 ab 0c ab ]
        fffff8044280722b - nt!MiEmptyDecayClusterTimers+cb (+0x41ab)
    	[ fa:9f ]
        fffff8044280cb40-fffff8044280cb41  2 bytes - nt!MmMapViewInSystemCache+110 (+0x5915)
    	[ 80 f6:00 cd ]
        fffff8044280d044-fffff8044280d045  2 bytes - nt!MiSystemFault+54 (+0x504)
    	[ 80 f6:00 cd ]
        fffff8044280d051-fffff8044280d052  2 bytes - nt!MiSystemFault+61 (+0x0d)
    	[ ff f6:7f cd ]
        fffff8044280d249-fffff8044280d24d  5 bytes - nt!MiSystemFault+259 (+0x1f8)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff8044280d258-fffff8044280d25c  5 bytes - nt!MiSystemFault+268 (+0x0f)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280d27a-fffff8044280d27b  2 bytes - nt!MiSystemFault+28a (+0x22)
    	[ 80 f6:00 cd ]
        fffff8044280d28c-fffff8044280d28d  2 bytes - nt!MiSystemFault+29c (+0x12)
    	[ ff f6:7f cd ]
        fffff8044280d77b-fffff8044280d77c  2 bytes - nt!MiSystemFault+78b (+0x4ef)
    	[ 80 f6:00 cd ]
        fffff8044280d7b0-fffff8044280d7b4  5 bytes - nt!MiCheckSystemPageTables+10 (+0x35)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff8044280d7bf-fffff8044280d7c3  5 bytes - nt!MiCheckSystemPageTables+1f (+0x0f)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280d947-fffff8044280d948  2 bytes - nt!MiSynchronizeSystemVa+127 (+0x188)
    	[ 80 f6:00 cd ]
        fffff8044280dbba-fffff8044280dbbc  3 bytes - nt!MiGetSystemCacheReverseMap+1a (+0x273)
    	[ 40 fb f6:80 66 cd ]
        fffff8044280dbc8-fffff8044280dbcc  5 bytes - nt!MiGetSystemCacheReverseMap+28 (+0x0e)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff8044280dbd7-fffff8044280dbdb  5 bytes - nt!MiGetSystemCacheReverseMap+37 (+0x0f)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280dc15 - nt!MiGetSystemCacheReverseMap+75 (+0x3e)
    	[ fa:9f ]
        fffff8044280dd61-fffff8044280dd62  2 bytes - nt!InsertTailListPte+21 (+0x14c)
    	[ 80 f6:00 cd ]
        fffff8044280df13-fffff8044280df14  2 bytes - nt!RemoveListHeadPte+8b (+0x1b2)
    	[ 80 f6:00 cd ]
        fffff8044280e06c-fffff8044280e06d  2 bytes - nt!MiObtainSystemCacheView+fc (+0x159)
    	[ 80 f6:00 cd ]
        fffff8044280e0b7-fffff8044280e0b8  2 bytes - nt!MiObtainSystemCacheView+147 (+0x4b)
    	[ 80 f6:00 cd ]
        fffff8044280e0ea-fffff8044280e0ec  3 bytes - nt!MiObtainSystemCacheView+17a (+0x33)
    	[ 40 fb f6:80 66 cd ]
        fffff8044280e123 - nt!MiObtainSystemCacheView+1b3 (+0x39)
    	[ fa:9f ]
        fffff8044280e8f9-fffff8044280e8fa  2 bytes - nt!MiReleaseSystemCacheView+4d (+0x7d6)
    	[ 80 f6:00 cd ]
        fffff8044280e952-fffff8044280e954  3 bytes - nt!MiReleaseSystemCacheView+a6 (+0x59)
    	[ 40 fb f6:80 66 cd ]
        fffff8044280e98f - nt!MiReleaseSystemCacheView+e3 (+0x3d)
    	[ fa:9f ]
        fffff8044280eb5e-fffff8044280eb5f  2 bytes - nt!MmUnmapViewInSystemCache+3e (+0x1cf)
    	[ 80 f6:00 cd ]
        fffff8044280eb92 - nt!MmUnmapViewInSystemCache+72 (+0x34)
    	[ fa:9f ]
        fffff8044280ecc9-fffff8044280ecca  2 bytes - nt!MmUnmapViewInSystemCache+1a9 (+0x137)
    	[ ff f6:7f cd ]
        fffff8044280ecd0-fffff8044280ecd4  5 bytes - nt!MmUnmapViewInSystemCache+1b0 (+0x07)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280ece8-fffff8044280ecec  5 bytes - nt!MmUnmapViewInSystemCache+1c8 (+0x18)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff8044280ed0f-fffff8044280ed10  2 bytes - nt!MmUnmapViewInSystemCache+1ef (+0x27)
    	[ 80 f6:00 cd ]
        fffff8044280edad-fffff8044280edb1  5 bytes - nt!MmUnmapViewInSystemCache+28d (+0x9e)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280edba-fffff8044280edbb  2 bytes - nt!MmUnmapViewInSystemCache+29a (+0x0d)
    	[ ff f6:7f cd ]
        fffff8044280eea1-fffff8044280eea2  2 bytes - nt!MmUnmapViewInSystemCache+381 (+0xe7)
    	[ 80 f6:00 cd ]
        fffff8044280f1b6 - nt!MmUnmapViewInSystemCache+696 (+0x315)
    	[ fa:9f ]
        fffff8044280f271 - nt!MmUnmapViewInSystemCache+751 (+0xbb)
    	[ fa:9f ]
        fffff8044280f284-fffff8044280f285  2 bytes - nt!MmUnmapViewInSystemCache+764 (+0x13)
    	[ 80 f6:00 cd ]
        fffff8044280f2cb-fffff8044280f2cf  5 bytes - nt!MmUnmapViewInSystemCache+7ab (+0x47)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280f31a-fffff8044280f31e  5 bytes - nt!MmUnmapViewInSystemCache+7fa (+0x4f)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280f3ac-fffff8044280f3b0  5 bytes - nt!MmUnmapViewInSystemCache+88c (+0x92)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280f3b9-fffff8044280f3ba  2 bytes - nt!MmUnmapViewInSystemCache+899 (+0x0d)
    	[ ff f6:7f cd ]
        fffff8044280f648-fffff8044280f649  2 bytes - nt!MiComputePageCommitment+38 (+0x28f)
    	[ 80 f6:00 cd ]
        fffff8044280f736-fffff8044280f73a  5 bytes - nt!MiComputePageCommitment+126 (+0xee)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff8044280f769-fffff8044280f76d  5 bytes - nt!MiComputePageCommitment+159 (+0x33)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff8044280f821-fffff8044280f822  2 bytes - nt!MiComputePageCommitment+211 (+0xb8)
    	[ 80 f6:00 cd ]
        fffff8044280f919-fffff8044280f91a  2 bytes - nt!MiProtectPrivateMemory+a9 (+0xf8)
    	[ 80 f6:00 cd ]
        fffff8044280fa1b-fffff8044280fa1c  2 bytes - nt!MiProtectPrivateMemory+1ab (+0x102)
    	[ 80 f6:00 cd ]
        fffff8044280facb-fffff8044280facf  5 bytes - nt!MiProtectPrivateMemory+25b (+0xb0)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
        fffff80442d6b798-fffff80442d6b79a  3 bytes - nt!_guard_check_icall_fptr
    	[ e0 23 97:50 52 9c ]
        fffff80442d6b7a0-fffff80442d6b7a2  3 bytes - nt!_guard_dispatch_icall_fptr (+0x08)
    	[ 70 8b 9b:a0 52 9c ]
        fffff80442d938a1-fffff80442d938a2  2 bytes - nt!ExUpdateSystemTimeFromCmos+4d
    	[ 48 ff:4c 8b ]
        fffff80442d938a8-fffff80442d938ab  4 bytes - nt!ExUpdateSystemTimeFromCmos+54 (+0x07)
    	[ 0f 1f 44 00:e8 e3 ac 52 ]
        fffff80442d93cf2-fffff80442d93cf3  2 bytes - nt!PopDecompressHiberBlocks+112 (+0x44a)
    	[ 48 ff:4c 8b ]
        fffff80442d93cf9-fffff80442d93cfc  4 bytes - nt!PopDecompressHiberBlocks+119 (+0x07)
    	[ 0f 1f 44 00:e8 c2 fa 51 ]
        fffff80442d94521-fffff80442d94522  2 bytes - nt!PopTransitionSystemPowerStateEx+6b5 (+0x828)
    	[ 48 ff:4c 8b ]
        fffff80442d94528-fffff80442d9452b  4 bytes - nt!PopTransitionSystemPowerStateEx+6bc (+0x07)
    	[ 0f 1f 44 00:e8 93 f2 51 ]
        fffff80442d94677-fffff80442d94678  2 bytes - nt!PopTransitionSystemPowerStateEx+80b (+0x14f)
    	[ 48 ff:4c 8b ]
        fffff80442d9467e-fffff80442d94681  4 bytes - nt!PopTransitionSystemPowerStateEx+812 (+0x07)
    	[ 0f 1f 44 00:e8 3d f1 51 ]
        fffff80442d946da-fffff80442d946db  2 bytes - nt!PopTransitionSystemPowerStateEx+86e (+0x5c)
    	[ 48 ff:4c 8b ]
        fffff80442d946e1-fffff80442d946e4  4 bytes - nt!PopTransitionSystemPowerStateEx+875 (+0x07)
    	[ 0f 1f 44 00:e8 da f0 51 ]
        fffff80442d94c6b-fffff80442d94c6c  2 bytes - nt!PoBroadcastSystemState+327 (+0x58a)
    	[ 48 ff:4c 8b ]
        fffff80442d94c72-fffff80442d94c75  4 bytes - nt!PoBroadcastSystemState+32e (+0x07)
    	[ 0f 1f 44 00:e8 49 eb 51 ]
        fffff80442d94d06-fffff80442d94d07  2 bytes - nt!PoBroadcastSystemState+3c2 (+0x94)
    	[ 48 ff:4c 8b ]
        fffff80442d94d0d-fffff80442d94d10  4 bytes - nt!PoBroadcastSystemState+3c9 (+0x07)
    	[ 0f 1f 44 00:e8 ae ea 51 ]
        fffff80442d94d76-fffff80442d94d77  2 bytes - nt!PoBroadcastSystemState+432 (+0x69)
    	[ 48 ff:4c 8b ]
        fffff80442d94d7d-fffff80442d94d80  4 bytes - nt!PoBroadcastSystemState+439 (+0x07)
    	[ 0f 1f 44 00:e8 3e ea 51 ]
        fffff80442d9528d-fffff80442d9528e  2 bytes - nt!PopInvokeSystemStateHandler+1f9 (+0x510)
    	[ 48 ff:4c 8b ]
        fffff80442d95294-fffff80442d95297  4 bytes - nt!PopInvokeSystemStateHandler+200 (+0x07)
    	[ 0f 1f 44 00:e8 27 e5 51 ]
        fffff80442d95577-fffff80442d95578  2 bytes - nt!PopInvokeSystemStateHandler+4e3 (+0x2e3)
    	[ 48 ff:4c 8b ]
        fffff80442d9557e-fffff80442d95581  4 bytes - nt!PopInvokeSystemStateHandler+4ea (+0x07)
    	[ 0f 1f 44 00:e8 3d e2 51 ]
        fffff80442d960b2-fffff80442d960b3  2 bytes - nt!PopSaveHiberContext+122 (+0xb34)
    	[ 48 ff:4c 8b ]
        fffff80442d960b9-fffff80442d960bd  5 bytes - nt!PopSaveHiberContext+129 (+0x07)
    	[ 0f 1f 44 00 00:e8 a2 be 9e 04 ]
        fffff80442d96ef9-fffff80442d96efa  2 bytes - nt!PopHiberCheckForDebugBreak+31 (+0xe40)
    	[ 48 ff:4c 8b ]
        fffff80442d96f00-fffff80442d96f03  4 bytes - nt!PopHiberCheckForDebugBreak+38 (+0x07)
    	[ 0f 1f 44 00:e8 bb c8 51 ]
        fffff80442d97681-fffff80442d97682  2 bytes - nt!KiCalibrateTimeAdjustment+a1 (+0x781)
    	[ 48 ff:4c 8b ]
        fffff80442d97688-fffff80442d9768b  4 bytes - nt!KiCalibrateTimeAdjustment+a8 (+0x07)
    	[ 0f 1f 44 00:e8 03 04 52 ]
        fffff80442d97708-fffff80442d97709  2 bytes - nt!KiCalibrateTimeAdjustment+128 (+0x80)
    	[ 48 ff:4c 8b ]
        fffff80442d9770f-fffff80442d97712  4 bytes - nt!KiCalibrateTimeAdjustment+12f (+0x07)
    	[ 0f 1f 44 00:e8 ac c0 51 ]
        fffff80442d97e09-fffff80442d97e0a  2 bytes - nt!PopHiberCheckResume+109 (+0x6fa)
    	[ 48 ff:4c 8b ]
        fffff80442d97e10-fffff80442d97e13  4 bytes - nt!PopHiberCheckResume+110 (+0x07)
    	[ 0f 1f 44 00:e8 4b 06 52 ]
        fffff80442d98270-fffff80442d98271  2 bytes - nt!PopGetHwConfigurationSignature+d8 (+0x460)
    	[ 48 ff:4c 8b ]
        fffff80442d98277-fffff80442d9827a  4 bytes - nt!PopGetHwConfigurationSignature+df (+0x07)
    	[ 0f 1f 44 00:e8 b4 24 52 ]
        fffff80442d988f5-fffff80442d988f9  5 bytes - nt!MiConvertHiberPhasePte+15 (+0x67e)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442d98904-fffff80442d98908  5 bytes - nt!MiConvertHiberPhasePte+24 (+0x0f)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442d99581-fffff80442d99585  5 bytes - nt!MiUpdateUserMappings+9 (+0xc7d)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442d995ac-fffff80442d995b0  5 bytes - nt!MiUpdateUserMappings+34 (+0x2b)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442d9bbca-fffff80442d9bbcb  2 bytes - nt!KiInitializeBootStructures+17a (+0x261e)
    	[ 48 ff:4c 8b ]
        fffff80442d9bbd1-fffff80442d9bbd4  4 bytes - nt!KiInitializeBootStructures+181 (+0x07)
    	[ 0f 1f 44 00:e8 4a bc 52 ]
        fffff80442d9bd8c-fffff80442d9bd8d  2 bytes - nt!KiInitializeBootStructures+33c (+0x1bb)
    	[ 48 ff:4c 8b ]
        fffff80442d9bd93-fffff80442d9bd96  4 bytes - nt!KiInitializeBootStructures+343 (+0x07)
    	[ 0f 1f 44 00:e8 f8 c4 52 ]
        fffff80442d9c72a-fffff80442d9c72b  2 bytes - nt!KiSetFeatureBits+30a (+0x997)
    	[ 48 ff:4c 8b ]
        fffff80442d9c731-fffff80442d9c734  4 bytes - nt!KiSetFeatureBits+311 (+0x07)
    	[ 0f 1f 44 00:e8 9a dd 52 ]
        fffff80442d9d1da-fffff80442d9d1db  2 bytes - nt!KiInitializeKernel+52a (+0xaa9)
    	[ 48 ff:4c 8b ]
        fffff80442d9d1e1-fffff80442d9d1e4  4 bytes - nt!KiInitializeKernel+531 (+0x07)
    	[ 0f 1f 44 00:e8 da ca 59 ]
        fffff80442d9e747-fffff80442d9e748  2 bytes - nt!MmInitializeProcessor+47 (+0x1566)
    	[ 80 f6:00 cd ]
        fffff80442da025b-fffff80442da025c  2 bytes - nt!ExpSetSystemTime+ce53 (+0x1b14)
    	[ 48 ff:4c 8b ]
        fffff80442da0262-fffff80442da0265  4 bytes - nt!ExpSetSystemTime+ce5a (+0x07)
    	[ 0f 1f 44 00:e8 29 e9 51 ]
        fffff80442da14d4-fffff80442da14d5  2 bytes - nt!PopInvokeSystemStateHandler+c440 (+0x1272)
    	[ 48 ff:4c 8b ]
        fffff80442da14db-fffff80442da14de  4 bytes - nt!PopInvokeSystemStateHandler+c447 (+0x07)
    	[ 0f 1f 44 00:e8 00 2e 54 ]
        fffff80442da25bd-fffff80442da25be  2 bytes - nt!KiCalibrateTimeAdjustment+afdd (+0x10e2)
    	[ 48 ff:4c 8b ]
    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
        fffff80442db985a-fffff80442db985b  2 bytes - nt!PiDqQueryRelease+4a
    	[ 48 ff:4c 8b ]
        fffff80442db9861-fffff80442db9865  5 bytes - nt!PiDqQueryRelease+51 (+0x07)
    	[ 0f 1f 44 00 00:e8 ca 33 8e 04 ]
        fffff80442dba395-fffff80442dba396  2 bytes - nt!PiDqIrpQueryCreate+11d (+0xb34)
    	[ 48 ff:4c 8b ]
        fffff80442dba39c - nt!PiDqIrpQueryCreate+124 (+0x07)
    	[ 0f:e8 ]
        fffff80442dba39e-fffff80442dba3a0  3 bytes - nt!PiDqIrpQueryCreate+126 (+0x02)
    	[ 44 00 00:1f 8e 04 ]
        fffff80442dba3d0-fffff80442dba3d1  2 bytes - nt!PiDqIrpQueryCreate+158 (+0x32)
    	[ 48 ff:4c 8b ]
        fffff80442dba3d7-fffff80442dba3db  5 bytes - nt!PiDqIrpQueryCreate+15f (+0x07)
    	[ 0f 1f 44 00 00:e8 24 2e 8d 04 ]
        fffff80442dba688-fffff80442dba689  2 bytes - nt!PiDqQuerySerializeActionQueue+c0 (+0x2b1)
    	[ 48 ff:4c 8b ]
        fffff80442dba68f-fffff80442dba693  5 bytes - nt!PiDqQuerySerializeActionQueue+c7 (+0x07)
    	[ 0f 1f 44 00 00:e8 ac 19 8e 04 ]
        fffff80442dba6c1-fffff80442dba6c2  2 bytes - nt!PiDqQuerySerializeActionQueue+f9 (+0x32)
    	[ 48 ff:4c 8b ]
        fffff80442dba6c8-fffff80442dba6cc  5 bytes - nt!PiDqQuerySerializeActionQueue+100 (+0x07)
    	[ 0f 1f 44 00 00:e8 b3 1a 8e 04 ]
        fffff80442dba76e-fffff80442dba76f  2 bytes - nt!PiDqQuerySerializeActionQueue+1a6 (+0xa6)
    	[ 48 ff:4c 8b ]
        fffff80442dba775-fffff80442dba779  5 bytes - nt!PiDqQuerySerializeActionQueue+1ad (+0x07)
    	[ 0f 1f 44 00 00:e8 66 1d 8e 04 ]
        fffff80442dba8ba-fffff80442dba8bb  2 bytes - nt!PiDqQuerySerializeActionQueue+2f2 (+0x145)
    	[ 48 ff:4c 8b ]
        fffff80442dba8c1-fffff80442dba8c5  5 bytes - nt!PiDqQuerySerializeActionQueue+2f9 (+0x07)
    	[ 0f 1f 44 00 00:e8 6a 23 8e 04 ]
        fffff80442de5f59 - nt!PfpPfnPrioRequest+a9 (+0x2b698)
    	[ fa:9f ]
        fffff80442de5f98 - nt!PfpPfnPrioRequest+e8 (+0x3f)
    	[ fa:9f ]
        fffff80442dfc8fb - nt!MiCreateNewSection+647 (+0x16963)
    	[ fa:9f ]
        fffff80442dfe065-fffff80442dfe066  2 bytes - nt!MiPrefetchDriverPages+45 (+0x176a)
    	[ 80 f6:00 cd ]
        fffff80442dfe06c-fffff80442dfe070  5 bytes - nt!MiPrefetchDriverPages+4c (+0x07)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442dfe076-fffff80442dfe07a  5 bytes - nt!MiPrefetchDriverPages+56 (+0x0a)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442dfeff6 - nt!MmChangeImageProtection+166 (+0xf80)
    	[ fa:9f ]
        fffff80442e00071 - nt!MiAllocateDriverPage+cd (+0x107b)
    	[ fa:9f ]
        fffff80442e181d4-fffff80442e181d5  2 bytes - nt!NtQueryInformationProcess+f44 (+0x18163)
    	[ 48 ff:4c 8b ]
        fffff80442e181db-fffff80442e181de  4 bytes - nt!NtQueryInformationProcess+f4b (+0x07)
    	[ 0f 1f 44 00:e8 e0 b5 49 ]
        fffff80442e1c165-fffff80442e1c169  5 bytes - nt!MmHardFaultBytesRequired+55 (+0x3f8a)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442e1c16f-fffff80442e1c173  5 bytes - nt!MmHardFaultBytesRequired+5f (+0x0a)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442e1c4da-fffff80442e1c4de  5 bytes - nt!MiPfPrepareReadList+1fa (+0x36b)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442e1c4e4-fffff80442e1c4e8  5 bytes - nt!MiPfPrepareReadList+204 (+0x0a)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442e1c69d - nt!MiPfPrepareReadList+3bd (+0x1b9)
    	[ fa:9f ]
        fffff80442e1c797-fffff80442e1c79b  5 bytes - nt!MiPfPrepareReadList+4b7 (+0xfa)
    	[ d0 be 7d fb f6:a0 59 b3 66 cd ]
        fffff80442e1c7a1-fffff80442e1c7a5  5 bytes - nt!MiPfPrepareReadList+4c1 (+0x0a)
    	[ d7 be 7d fb f6:a7 59 b3 66 cd ]
        fffff80442e2c924-fffff80442e2c925  2 bytes - nt!NtCreateUserProcess+644 (+0x10183)
    	[ 48 ff:4c 8b ]
        fffff80442e2c92b-fffff80442e2c92f  5 bytes - nt!NtCreateUserProcess+64b (+0x07)
    	[ 0f 1f 44 00 00:e8 b0 5a b4 ff ]
        fffff80442e2e78d-fffff80442e2e78e  2 bytes - nt!SeQuerySigningPolicy+9d (+0x1e62)
    	[ 48 ff:4c 8b ]
        fffff80442e2e794-fffff80442e2e798  5 bytes - nt!SeQuerySigningPolicy+a4 (+0x07)
    	[ 0f 1f 44 00 00:e8 c7 b0 b0 ff ]
        fffff80442e3aa25-fffff80442e3aa26  2 bytes - nt!CmCheckNoTxContext+9 (+0xc291)
    	[ 48 ff:4c 8b ]
        fffff80442e3aa2c-fffff80442e3aa30  5 bytes - nt!CmCheckNoTxContext+10 (+0x07)
    	[ 0f 1f 44 00 00:e8 df 05 8b 04 ]
        fffff80442e4fa06-fffff80442e4fa07  2 bytes - nt!CmAddLogForAction+2d6 (+0x14fda)
    	[ 48 ff:4c 8b ]
        fffff80442e4fa0d-fffff80442e4fa11  5 bytes - nt!CmAddLogForAction+2dd (+0x07)
    	[ 0f 1f 44 00 00:e8 1e 27 8c 04 ]
        fffff80442e4fa45-fffff80442e4fa46  2 bytes - nt!CmAddLogForAction+315 (+0x38)
    	[ 48 ff:4c 8b ]
        fffff80442e4fa4c-fffff80442e4fa50  5 bytes - nt!CmAddLogForAction+31c (+0x07)
    	[ 0f 1f 44 00 00:e8 df 26 8c 04 ]
        fffff80442e4fa82-fffff80442e4fa83  2 bytes - nt!CmAddLogForAction+352 (+0x36)
    	[ 48 ff:4c 8b ]
        fffff80442e4fa89-fffff80442e4fa8d  5 bytes - nt!CmAddLogForAction+359 (+0x07)
    	[ 0f 1f 44 00 00:e8 62 4e 8f 04 ]
        fffff80442e4fd6d-fffff80442e4fd6e  2 bytes - nt!CmpComputeLogFillLevel+69 (+0x2e4)
    	[ 48 ff:4c 8b ]
        fffff80442e4fd74-fffff80442e4fd78  5 bytes - nt!CmpComputeLogFillLevel+70 (+0x07)
    	[ 0f 1f 44 00 00:e8 b7 23 8c 04 ]
        fffff80442e4fd80-fffff80442e4fd81  2 bytes - nt!CmpComputeLogFillLevel+7c (+0x0c)
    	[ 48 ff:4c 8b ]
        fffff80442e4fd87-fffff80442e4fd8b  5 bytes - nt!CmpComputeLogFillLevel+83 (+0x07)
    	[ 0f 1f 44 00 00:e8 a4 23 8c 04 ]
        fffff80442e4fd96-fffff80442e4fd97  2 bytes - nt!CmpComputeLogFillLevel+92 (+0x0f)
    	[ 48 ff:4c 8b ]
        fffff80442e4fd9d-fffff80442e4fda1  5 bytes - nt!CmpComputeLogFillLevel+99 (+0x07)
    	[ 0f 1f 44 00 00:e8 de 84 8c 04 ]
    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
        fffff8044315019d-fffff8044315019e  2 bytes - nt!KdInitSystem+4d
    	[ 48 ff:4c 8b ]
        fffff804431501a4-fffff804431501a7  4 bytes - nt!KdInitSystem+54 (+0x07)
    	[ 0f 1f 44 00:e8 17 36 16 ]
        fffff80443150a44-fffff80443150a45  2 bytes - nt!KdInitSystem+8f4 (+0x8a0)
    	[ 48 ff:4c 8b ]
        fffff80443150a4b-fffff80443150a4f  5 bytes - nt!KdInitSystem+8fb (+0x07)
    	[ 0f 1f 44 00 00:e8 d0 05 2b 04 ]
        fffff8044315104b-fffff8044315104c  2 bytes - nt!KdpCloseRemoteFile+bb (+0x600)
    	[ 48 ff:4c 8b ]
        fffff80443151052-fffff80443151056  5 bytes - nt!KdpCloseRemoteFile+c2 (+0x07)
    	[ 0f 1f 44 00 00:e8 19 00 2b 04 ]
        fffff8044315109b-fffff8044315109c  2 bytes - nt!KdpCloseRemoteFile+10b (+0x49)
    	[ 48 ff:4c 8b ]
        fffff804431510a2-fffff804431510a6  5 bytes - nt!KdpCloseRemoteFile+112 (+0x07)
    	[ 0f 1f 44 00 00:e8 b9 ff 2a 04 ]
        fffff80443151356-fffff80443151357  2 bytes - nt!KdpCreateRemoteFile+152 (+0x2b4)
    	[ 48 ff:4c 8b ]
        fffff8044315135d-fffff80443151361  5 bytes - nt!KdpCreateRemoteFile+159 (+0x07)
    	[ 0f 1f 44 00 00:e8 fe fc 2a 04 ]
        fffff80443151398-fffff80443151399  2 bytes - nt!KdpCreateRemoteFile+194 (+0x3b)
    	[ 48 ff:4c 8b ]
        fffff8044315139f-fffff804431513a3  5 bytes - nt!KdpCreateRemoteFile+19b (+0x07)
    	[ 0f 1f 44 00 00:e8 cc fc 2a 04 ]
        fffff80443151511-fffff80443151512  2 bytes - nt!KdpReadRemoteFile+e5 (+0x172)
    	[ 48 ff:4c 8b ]
        fffff80443151518-fffff8044315151c  5 bytes - nt!KdpReadRemoteFile+ec (+0x07)
    	[ 0f 1f 44 00 00:e8 43 fb 2a 04 ]
        fffff8044315154f-fffff80443151550  2 bytes - nt!KdpReadRemoteFile+123 (+0x37)
    	[ 48 ff:4c 8b ]
        fffff80443151556-fffff8044315155a  5 bytes - nt!KdpReadRemoteFile+12a (+0x07)
    	[ 0f 1f 44 00 00:e8 15 fb 2a 04 ]
        fffff804431519d3-fffff804431519d4  2 bytes - nt!KdSendTraceData+107 (+0x47d)
    	[ 48 ff:4c 8b ]
        fffff804431519da-fffff804431519de  5 bytes - nt!KdSendTraceData+10e (+0x07)
    	[ 0f 1f 44 00 00:e8 81 f6 2a 04 ]
        fffff80443151b32-fffff80443151b33  2 bytes - nt!KdpFillMemory+102 (+0x158)
    	[ 48 ff:4c 8b ]
        fffff80443151b39-fffff80443151b3d  5 bytes - nt!KdpFillMemory+109 (+0x07)
    	[ 0f 1f 44 00 00:e8 22 f5 2a 04 ]
        fffff80443151bfe-fffff80443151bff  2 bytes - nt!KdpGetBusData+a2 (+0xc5)
    	[ 48 ff:4c 8b ]
        fffff80443151c05-fffff80443151c09  5 bytes - nt!KdpGetBusData+a9 (+0x07)
    	[ 0f 1f 44 00 00:e8 56 f4 2a 04 ]
        fffff80443151d92-fffff80443151d93  2 bytes - nt!KdpQueryMemory+7e (+0x18d)
    	[ 48 ff:4c 8b ]
        fffff80443151d99-fffff80443151d9d  5 bytes - nt!KdpQueryMemory+85 (+0x07)
    	[ 0f 1f 44 00 00:e8 c2 f2 2a 04 ]
        fffff80443151e47-fffff80443151e48  2 bytes - nt!KdpReadControlSpace+97 (+0xae)
    	[ 48 ff:4c 8b ]
        fffff80443151e4e-fffff80443151e52  5 bytes - nt!KdpReadControlSpace+9e (+0x07)
    	[ 0f 1f 44 00 00:e8 0d f2 2a 04 ]
        fffff80443151f91-fffff80443151f92  2 bytes - nt!KdpReadPhysicalMemory+125 (+0x143)
    	[ 48 ff:4c 8b ]
        fffff80443151f98-fffff80443151f9c  5 bytes - nt!KdpReadPhysicalMemory+12c (+0x07)
    	[ 0f 1f 44 00 00:e8 c3 f0 2a 04 ]
        fffff8044315211d-fffff8044315211e  2 bytes - nt!KdpReadVirtualMemory+a1 (+0x185)
    	[ 48 ff:4c 8b ]
        fffff80443152124-fffff80443152128  5 bytes - nt!KdpReadVirtualMemory+a8 (+0x07)
    	[ 0f 1f 44 00 00:e8 37 ef 2a 04 ]
        fffff804431525e3-fffff804431525e4  2 bytes - nt!KdpRestoreBreakPointEx+d3 (+0x4bf)
    	[ 48 ff:4c 8b ]
        fffff804431525ea-fffff804431525ee  5 bytes - nt!KdpRestoreBreakPointEx+da (+0x07)
    	[ 0f 1f 44 00 00:e8 71 ea 2a 04 ]
        fffff804431527f1-fffff804431527f2  2 bytes - nt!KdpSearchMemory+1d9 (+0x207)
    	[ 48 ff:4c 8b ]
        fffff804431527f8-fffff804431527fc  5 bytes - nt!KdpSearchMemory+1e0 (+0x07)
    	[ 0f 1f 44 00 00:e8 63 e8 2a 04 ]
        fffff80443152b8c-fffff80443152b8d  2 bytes - nt!KdpSendWaitContinue+a0 (+0x394)
    	[ 48 ff:4c 8b ]
        fffff80443152b93-fffff80443152b97  5 bytes - nt!KdpSendWaitContinue+a7 (+0x07)
    	[ 0f 1f 44 00 00:e8 c8 e4 2a 04 ]
        fffff80443152bb6-fffff80443152bb7  2 bytes - nt!KdpSendWaitContinue+ca (+0x23)
    	[ 48 ff:4c 8b ]
        fffff80443152bbd-fffff80443152bc0  4 bytes - nt!KdpSendWaitContinue+d1 (+0x07)
    	[ 0f 1f 44 00:e8 fe 0b 16 ]
        fffff80443152bd8-fffff80443152bd9  2 bytes - nt!KdpSendWaitContinue+ec (+0x1b)
    	[ 48 ff:4c 8b ]
        fffff80443152bdf-fffff80443152be3  5 bytes - nt!KdpSendWaitContinue+f3 (+0x07)
    	[ 0f 1f 44 00 00:e8 8c e4 2a 04 ]
        fffff80443153181-fffff80443153182  2 bytes - nt!KdpSendWaitContinue+695 (+0x5a2)
    	[ 48 ff:4c 8b ]
        fffff80443153188-fffff8044315318b  4 bytes - nt!KdpSendWaitContinue+69c (+0x07)
    	[ 0f 1f 44 00:e8 53 11 19 ]
        fffff804431532b0-fffff804431532b1  2 bytes - nt!KdpSendWaitContinue+7c4 (+0x128)
    	[ 48 ff:4c 8b ]
        fffff804431532b7-fffff804431532bb  5 bytes - nt!KdpSendWaitContinue+7cb (+0x07)
    	[ 0f 1f 44 00 00:e8 a4 dd 2a 04 ]
        fffff804431532cf-fffff804431532d0  2 bytes - nt!KdpSendWaitContinue+7e3 (+0x18)
    	[ 48 ff:4c 8b ]
        fffff804431532d6-fffff804431532da  5 bytes - nt!KdpSendWaitContinue+7ea (+0x07)
    	[ 0f 1f 44 00 00:e8 85 dd 2a 04 ]
        fffff804431534f1-fffff804431534f2  2 bytes - nt!KdpSetContext+a9 (+0x21b)
    	[ 48 ff:4c 8b ]
        fffff804431534f8-fffff804431534fc  5 bytes - nt!KdpSetContext+b0 (+0x07)
    	[ 0f 1f 44 00 00:e8 63 db 2a 04 ]
        fffff8044315359c-fffff8044315359d  2 bytes - nt!KdpSysReadBusData+40 (+0xa4)
    	[ 48 ff:4c 8b ]
        fffff804431535a3-fffff804431535a6  4 bytes - nt!KdpSysReadBusData+47 (+0x07)
    	[ 0f 1f 44 00:e8 e8 5a 16 ]
    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
        fffff80443188dbf-fffff80443188dc0  2 bytes - nt!HdlspBugCheckProcessing+97
    	[ 48 ff:4c 8b ]
        fffff80443188dc6-fffff80443188dc9  4 bytes - nt!HdlspBugCheckProcessing+9e (+0x07)
    	[ 0f 1f 44 00:e8 35 a8 12 ]
        fffff80443188dd4-fffff80443188dd5  2 bytes - nt!HdlspBugCheckProcessing+ac (+0x0e)
    	[ 48 ff:4c 8b ]
        fffff80443188ddb-fffff80443188dde  4 bytes - nt!HdlspBugCheckProcessing+b3 (+0x07)
    	[ 0f 1f 44 00:e8 00 b5 15 ]
    10124 errors : !nt (fffff80442803079-fffff80443188dde)
    
    MODULE_NAME: memory_corruption
    
    IMAGE_NAME:  memory_corruption
    
    FOLLOWUP_NAME:  memory_corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MEMORY_CORRUPTOR:  LARGE
    
    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:memory_corruption_large
    
    FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
    
    Followup: memory_corruption
    ---------
    

    No me llego a aclarar entre ndis y memory_corruption.

    Gracias de antemano,

    lunes, 9 de diciembre de 2019 16:05
  • Hola Diana,

    He seguido los temas mostrados pero no he conseguido el resultado. El controlador ndis.sys está actualizado tanto el de PC como el de dock. Está intalado kaspersky como antivirus por "klwfp.sys" contacté y lo actualicé también. Pero de vez en cuando sigue haciéndolo. 

    miércoles, 11 de diciembre de 2019 11:43
  • Hola Diana,

    He seguido los temas mostrados pero no he conseguido el resultado. El controlador ndis.sys está actualizado tanto el de PC como el de dock. Está intalado kaspersky como antivirus por "klwfp.sys" contacté y lo actualicé también. Pero de vez en cuando sigue haciéndolo. 

    La aconsejaría sustituir Kaspersky por cualquier otro antivirus, al menos por un tiempo, veo una alarmante cantidad de mensajes en sus foros respecto al mismo archivo en Windows 10 precisamente, como estos por ej.:

    https://www.google.com/search?q=klwfp.sys+site:forum.kaspersky.com&rls=com.microsoft:es-VE:IE-SearchBox&sa=X&ved=2ahUKEwiNrN_QmK7mAhWs1FkKHbXhBREQrQIoBDABegQIBxAP&biw=1248&bih=598#spf=1576088820622

    ndis.sys como debe saber ya es un componente integrado del sistema, si este fuese capaz de provocar pantallas azules seria una catástrofe mundial. Diríjase a los foros de este software y plantee su problema, deberá remitirle los datos que le soliciten y espere, cargado de paciencia, a que le ofrezcan una solución.


    Saludos cordiales. Ivan

    miércoles, 11 de diciembre de 2019 18:32