Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Opened \\.\pipe\kd_exploit32 Waiting to reconnect... Connected to Windows 7 7601 x86 compatible target at (Fri Mar 27 13:54:29.299 2015 (UTC + 1:00)), ptr64 FALSE Kernel Debugger connection established. Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.comSRV*c:\symbols\*http://symbols.mozilla.org/firefox;srv*c:\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com Executable search path is: Windows 7 Kernel Version 7601 MP (1 procs) Free x86 compatible Built by: 7601.18741.x86fre.win7sp1_gdr.150202-1526 Machine Name: Kernel base = 0x82a3b000 PsLoadedModuleList = 0x82b855b0 System Uptime: not available nt!DbgLoadImageSymbols+0x47: 82a53578 cc int 3 kd> g nt!DbgLoadImageSymbols+0x47: 82a53578 cc int 3 1: kd> g *** Fatal System Error: 0x00000019 (0x00000003,0x8CFAEFC8,0x8CFAEFC7,0x8CFAEFC8) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows 7 7601 x86 compatible target at (Fri Mar 27 14:10:12.004 2015 (UTC + 1:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols ........... Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {3, 8cfaefc8, 8cfaefc7, 8cfaefc8} *** WARNING: Unable to verify checksum for prime.exe *** ERROR: Module load completed but symbols could not be loaded for prime.exe Probably caused by : win32k.sys ( win32k!Win32AllocPool+13 ) Followup: MachineOwner --------- Assertion: *** DPC watchdog timeout This is NOT a break in update time This is most likely a BUG in an ISR Perform a stack trace to find the culprit The period will be doubled on continuation Use gh to continue!! nt!KeAccumulateTicks+0x3c5: 82ab638c cd2c int 2Ch 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 00000003, the pool freelist is corrupt. Arg2: 8cfaefc8, the pool entry being checked. Arg3: 8cfaefc7, the read back flink freelist value (should be the same as 2). Arg4: 8cfaefc8, the read back blink freelist value (should be the same as 2). Debugging Details: ------------------ BUGCHECK_STR: 0x19_3 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: prime.exe CURRENT_IRQL: 1c LAST_CONTROL_TRANSFER: from 82ab5853 to 82ab638c STACK_TEXT: 9ff6c598 82ab5853 0002625a 00000000 0000aa00 nt!KeAccumulateTicks+0x3c5 9ff6c5d8 82ab5700 82a1d0a8 26ea587c 00000000 nt!KeUpdateRunTime+0x145 9ff6c630 82ab4f03 ffae0002 ffae0002 000000d1 nt!KeUpdateSystemTime+0x613 9ff6c630 82a1d0a8 ffae0002 ffae0002 000000d1 nt!KeUpdateSystemTimeAssist+0x13 9ff6c6b4 82a0bb8c 00001000 00000000 9ff6c714 hal!READ_PORT_USHORT+0x8 9ff6c6c4 82a0bcf5 82b19f92 4aadd2e2 00000065 hal!HalpCheckPowerButton+0x2e 9ff6c6c8 82b19f92 4aadd2e2 00000065 00000000 hal!HaliHaltSystem+0x7 9ff6c714 82b1aa39 00000003 8cfaee04 8cfaefc8 nt!KiBugCheckDebugBreak+0x73 9ff6cad8 82b5c68c 00000019 00000003 8cfaefc8 nt!KeBugCheck2+0x68b 9ff6cb40 9675c9ef 00000021 00000084 40616c47 nt!ExAllocatePoolWithTag+0x682 9ff6cb54 96753b36 00000084 40616c47 9ff6cb7c win32k!Win32AllocPool+0x13 9ff6cb64 96754e29 00000021 00000084 40616c47 win32k!StubGdiAlloc+0x10 9ff6cb7c 9675418f 858b92f8 00000001 00000000 win32k!ExAllocateFromPagedLookasideList+0x27 9ff6cb94 96762918 00000084 00000010 00000001 win32k!AllocateObject+0x23 9ff6cbac 96762977 00000004 097c8fc4 00000001 win32k!BRUSHMEMOBJ::pbrAllocBrush+0x21 9ff6cbf8 9684b956 deadbeef 00000001 00000004 win32k!BRUSHMEMOBJ::BRUSHMEMOBJ+0x29 9ff6cc20 82a78896 00000001 deadbeef 00000004 win32k!hCreateHatchBrushInternal+0x23 9ff6cc20 76ea70f4 00000001 deadbeef 00000004 nt!KiSystemServicePostCall 0020f770 0129105a 00000000 00000001 deadbeef ntdll!KiFastSystemCallRet WARNING: Stack unwind information not available. Following frames may be wrong. 0020f788 012910e9 00000001 deadbeef 00000004 prime+0x105a 0020f7b4 0129131b 00000001 002ca4c0 002ca4e0 prime+0x10e9 0020f7fc 760fee1c 7ffd4000 0020f848 76ec37eb prime+0x131b 0020f808 76ec37eb 7ffd4000 76d987f7 00000000 kernel32!BaseThreadInitThunk+0xe 0020f848 76ec37be 01291398 7ffd4000 00000000 ntdll!__RtlUserThreadStart+0x70 0020f860 00000000 01291398 7ffd4000 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: kb FOLLOWUP_IP: win32k!Win32AllocPool+13 9675c9ef 5d pop ebp SYMBOL_STACK_INDEX: a SYMBOL_NAME: win32k!Win32AllocPool+13 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54ee8ecd FAILURE_BUCKET_ID: 0x19_3_win32k!Win32AllocPool+13 BUCKET_ID: 0x19_3_win32k!Win32AllocPool+13 Followup: MachineOwner ---------