libelevate icon indicating copy to clipboard operation
libelevate copied to clipboard

Published 20 hours ago verified publisher icon notscimmy

BSOD nt!KeBuckCheckEx FAILURE_BUCKET_ID: AV_nt!KiDispatchException

Open Flerov opened this issue 3 years ago • 0 comments

I've compiled the testlibelevate and passed it a handle to a driver. When trying to restrip handle rights I get BSOD. Any ideas what went wrong ? What AV mech. could have caused this BSOD? Thanks a lot. I'm trying my best to learn but I'm still new to this

WinDbg gives me the following:

PROCESS_NAME: testlibelevate.exe

TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000) Unable to read trap frame at ffff8000`00000000

STACK_TEXT:
ffffea0b3b936c08 fffff8005b459dcb : 000000000000001e ffffffffc0000005 00007ff6dfe918fd 0000000000000000 : nt!KeBugCheckEx ffffea0b3b936c10 fffff8005b4091ac : 0000000000001000 ffffea0b3b9374b0 ffff800000000000 0000000000000000 : nt!KiDispatchException+0x17449b ffffea0b3b9372d0 fffff8005b405343 : ffffa78887800100 fffff8005b289392 ffffa78887800340 00000000000000ff : nt!KiExceptionDispatch+0x12c ffffea0b3b9374b0 00007ff6dfe918fd : 0000000000000000 ffffd8837f802000 000000000000020c ffffd8837f802340 : nt!KiPageFault+0x443 ffffea0b3b937640 0000000000000000 : ffffd8837f802000 000000000000020c ffffd8837f802340 0000000000000060 : 0x00007ff6`dfe918fd

SYMBOL_NAME: nt!KiDispatchException+17449b

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 17449b

FAILURE_BUCKET_ID: AV_nt!KiDispatchException

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

Followup: MachineOwner

Flerov avatar Feb 16 '22 12:02 Flerov