*** Fatal System Error: 0x000000d6 (0xFEEBD010,0x00000000,0x97E59D41,0x00000000) Driver at fault: *** win32k.sys - Address 97E59D41 base at 97D40000, DateStamp 56422bfd . Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows 7 7601 x86 compatible target at (Fri Dec 11 10:21:11.190 2015 (UTC - 8:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... .................................. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................. ....... Loading User Symbols .................................... Loading unloaded module list ................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D6, {feebd010, 0, 97e59d41, 0} Probably caused by : win32k.sys ( win32k!EPOINTQF::operator+=+8 ) Followup: MachineOwner --------- nt!RtlpBreakWithStatusInstruction: 82cbb308 cc int 3 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6) N bytes of memory was allocated and more than N bytes are being referenced. This cannot be protected by try-except. When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: feebd010, memory referenced Arg2: 00000000, value 0 = read operation, 1 = write operation Arg3: 97e59d41, if non-zero, the address which referenced memory. Arg4: 00000000, (reserved) Debugging Details: ------------------ READ_ADDRESS: feebd010 Special pool FAULTING_IP: win32k!EPOINTQF::operator+=+8 97e59d41 8b10 mov edx,dword ptr [eax] MM_INTERNAL_CODE: 0 IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 56422bfd MODULE_NAME: win32k FAULTING_MODULE: 97d40000 win32k DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD6 PROCESS_NAME: c3.exe CURRENT_IRQL: 2 TRAP_FRAME: 823438f4 -- (.trap 0xffffffff823438f4) ErrCode = 00000000 eax=feebd010 ebx=82343c3c ecx=823439a0 edx=00000090 esi=82343b04 edi=ff7bf000 eip=97e59d41 esp=82343968 ebp=82343968 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 win32k!EPOINTQF::operator+=+0x8: 97e59d41 8b10 mov edx,dword ptr [eax] ds:0023:feebd010=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 82d1fce7 to 82cbb308 STACK_TEXT: 82343444 82d1fce7 00000003 c87c81e7 00000065 nt!RtlpBreakWithStatusInstruction 82343494 82d207e5 00000003 00000000 00000002 nt!KiBugCheckDebugBreak+0x1c 82343858 82cce3c1 00000050 feebd010 00000000 nt!KeBugCheck2+0x68b 823438dc 82c80be8 00000000 feebd010 00000000 nt!MmAccessFault+0x104 823438dc 97e59d41 00000000 feebd010 00000000 nt!KiTrap0E+0xdc 82343968 97e59eb0 feebd010 00000000 82343b04 win32k!EPOINTQF::operator+=+0x8 823439d0 97e1c0d1 00000090 00000090 00000000 win32k!ESTROBJ::vCharPos_G2+0x150 82343a0c 97d956f2 82343cd0 00000004 82343c1c win32k!ESTROBJ::vInit+0x3cb 82343c2c 97d958b5 00000000 82343cd0 fefa8cf0 win32k!GreGetTextExtentExW+0x12a 82343d0c 82c7da06 310107b4 00860b48 00000004 win32k!NtGdiGetTextExtentExW+0x141 82343d0c 775571b4 310107b4 00860b48 00000004 nt!KiSystemServicePostCall 0016ef10 75aec5fe 75aec5e9 310107b4 00860b48 ntdll!KiFastSystemCallRet 0016ef14 75aec5e9 310107b4 00860b48 00000004 GDI32!NtGdiGetTextExtentExW+0xc 0016ef3c 76078e97 310107b4 00860b48 00000004 GDI32!GetTextExtentExPointWPri+0x21 0016ef6c 76055dce 310107b4 00860b48 0016f06c USP10!GDIPlace+0x37 0016ef90 7606186d 310107b4 008608f4 00860b48 USP10!ScriptPlace+0xee 0016efec 76062af6 00000000 00000000 0016f06c USP10!RenderItemNoFallback+0x2ed 0016f018 76062da2 00000000 00000000 0016f06c USP10!RenderItemWithFallback+0xe6 0016f03c 76064339 00000000 0016f06c 008608f4 USP10!RenderItem+0x22 0016f080 76057a04 000020a0 00002000 310107b4 USP10!ScriptStringAnalyzeGlyphs+0x1e9 0016f098 76101736 310107b4 00860810 00000005 USP10!ScriptStringAnalyse+0x284 0016f0e4 761018c1 310107b4 0016f78c 00000005 LPK!LpkStringAnalyse+0xe5 0016f1e0 761017b4 310107b4 a0c369de 00000000 LPK!LpkCharsetDraw+0x332 0016f214 75b456e9 310107b4 a0c369de 000000c7 LPK!LpkDrawTextEx+0x40 0016f254 75b45e48 310107b4 00000038 000000c7 USER32!DT_DrawStr+0x13c 0016f288 75b42209 310107b4 000000c7 0016f78c USER32!DT_DrawJustifiedLine+0x5f 0016f3c8 75b42d01 310107b4 000000c7 0016f78c USER32!AddEllipsisAndDrawLine+0x187 0016f474 75b458c2 310107b4 ffffffff 00000005 USER32!DrawTextExWorker+0x1b0 0016f498 73e04e27 310107b4 0016f78c 00000005 USER32!DrawTextExW+0x1e 0016f648 73e04f27 00476338 310107b4 0000000e uxtheme!CTextDraw::DrawTextW+0x817 0016f688 73e1f4ba 006928d0 310107b4 0000000e uxtheme!DrawThemeText+0x69 0016f998 73e11ede 000a0116 0016fc64 0016fa54 uxtheme!CThemeMenuPopup::DrawItem+0x30d 0016f9b0 73e11eae 000a0116 00000000 0016fc64 uxtheme!CThemeMenu::OnDrawItem+0x26 0016f9f4 73e01d8c 004776f8 00000092 00000000 uxtheme!CThemeWnd::_PreDefWindowProc+0x164 0016fa58 73e05dda 00000000 00000000 00000000 uxtheme!_ThemeDefWindowProc+0x8d 0016fa74 75b3c6bf 000a0116 00000092 00000000 uxtheme!ThemeDefWindowProcA+0x18 0016fabc 00d7157c 000a0116 00000092 00000000 USER32!DefWindowProcA+0x68 WARNING: Stack unwind information not available. Following frames may be wrong. 0016fb10 75b4c4f7 000a0116 00000092 00000000 c3+0x157c 0016fb3c 75b4c5f7 00d71430 000a0116 00000092 USER32!InternalCallWinProc+0x23 0016fbb4 75b44f1b 00000000 00d71430 000a0116 USER32!UserCallWinProcCheckWow+0x14b 0016fc14 75b6707e 00dc7e60 00000092 00000000 USER32!DispatchClientMessage+0xe6 0016fc40 775570ee 0016fc58 00000088 0016fd88 USER32!__fnINLPUAHDRAWMENUITEM+0x3e 0016fcdc 75b94b87 00d71737 000a0116 310107b4 ntdll!KiUserCallbackDispatcher+0x2e 0016fce0 00d71737 000a0116 310107b4 0016fd38 USER32!NtUserDrawMenuBarTemp+0xc 0016fd4c 00d71a31 00000001 0019d028 0019b808 c3+0x1737 0016fd98 75ccee6c 7ffd6000 0016fde4 77573ab3 c3+0x1a31 0016fda4 77573ab3 7ffd6000 774bbc8c 00000000 kernel32!BaseThreadInitThunk+0xe 0016fde4 77573a86 00d71aae 7ffd6000 00000000 ntdll!__RtlUserThreadStart+0x70 0016fdfc 00000000 00d71aae 7ffd6000 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: kb FOLLOWUP_IP: win32k!EPOINTQF::operator+=+8 97e59d41 8b10 mov edx,dword ptr [eax] SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: win32k!EPOINTQF::operator+=+8 FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: 0xD6_VRF_win32k!EPOINTQF::operator+=+8 BUCKET_ID: 0xD6_VRF_win32k!EPOINTQF::operator+=+8 Followup: MachineOwner ---------