http://www.ragestorm.net/blogs/?p=255
Result of execution - BSOD in win32k.sys
Greats to author of this wonderful buggy code:
Result of execution - BSOD in win32k.sys
kd> !analyze -vFriend of mine also successfully crashed Windows 2003 SP2 x64.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e113af57, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf91cbb5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details
READ_ADDRESS: e113af57 Paged pool
FAULTING_IP:
win32k!CreateDIBPalette+71
bf91cbb5 8a5802 mov bl,byte ptr [eax+2]
MM_INTERNAL_CODE: 1
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48025f2a
MODULE_NAME: win32k
FAULTING_MODULE: bf800000 win32k
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: Project1.exe
TRAP_FRAME: f816ac50 -- (.trap 0xfffffffff816ac50)
ErrCode = 00000000
eax=e113af55 ebx=00000200 ecx=e10ffbfd edx=00000000 esi=e10ffbf8 edi=00000000
eip=bf91cbb5 esp=f816acc4 ebp=f816acd0 iopl=0 vif nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00090246
win32k!CreateDIBPalette+0x71:
bf91cbb5 8a5802 mov bl,byte ptr [eax+2] ds:0023:e113af57=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 805241a0 to 8053380e
STACK_TEXT:
f816abec 805241a0 00000050 e113af57 00000000 nt!KeBugCheckEx+0x1b
f816ac38 804e1718 00000000 e113af57 00000000 nt!MmAccessFault+0x6f5
f816ac38 bf91cbb5 00000000 e113af57 00000000 nt!KiTrap0E+0xcc
f816acd0 bf91d2e4 e112e00c 00000000 f816ad30 win32k!CreateDIBPalette+0x71
f816ace8 bf8f989d 81e4abb8 f816ad30 81e4abb8 win32k!xxxGetDummyPalette+0x67
f816ad04 bf8f9767 81e4abb8 00000009 f816ad30 win32k!xxxGetClipboardData+0xa2
f816ad54 804de7ec 00000009 0012fd24 0012fd50 win32k!NtUserGetClipboardData+0x72
f816ad54 7c90e4f4 00000009 0012fd24 0012fd50 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fd50 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!CreateDIBPalette+71
bf91cbb5 8a5802 mov bl,byte ptr [eax+2]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k!CreateDIBPalette+71
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x50_win32k!CreateDIBPalette+71
BUCKET_ID: 0x50_win32k!CreateDIBPalette+71
Followup: MachineOwner
---------
Greats to author of this wonderful buggy code:
31-Jan-1992 MikeKe From win31
Attachments
bsod1.JPG (61.19 KiB) Viewed 400 times
Ring0 - the source of inspiration