0:000> g
ModLoad: 000007fe`fee00000 000007fe`fee2e000 C:\Windows\system32\IMM32.DLL
ModLoad: 000007fe`f5d70000 000007fe`f5d7f000 C:\Windows\system32\CSCAPI.dll
ModLoad: 000007fe`f4650000 000007fe`f46d0000 C:\Windows\system32\ntshrui.dll
ModLoad: 000007fe`fced0000 000007fe`fcef3000 C:\Windows\system32\srvcli.dll
ModLoad: 000007fe`faf60000 000007fe`faf6b000 C:\Windows\system32\slc.dll
ModLoad: 000007fe`fce40000 000007fe`fce57000 C:\Windows\system32\CRYPTSP.dll
ModLoad: 000007fe`fc950000 000007fe`fc997000 C:\Windows\system32\rsaenh.dll
ModLoad: 000007fe`fcd80000 000007fe`fcda2000 C:\Windows\system32\bcrypt.dll
ModLoad: 000007fe`fc890000 000007fe`fc8dc000 C:\Windows\system32\bcryptprimitives.dll
(10f4.aa4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
00000000`0008000a f0410fba6a7400 lock bts dword ptr [r10+74h],0 ds:00000000`00082030=? ? ? ? ? ? ? ?
*** ERROR: Module load completed but symbols could not be loaded for procexp.exe
0:042> g
(10f4.aa4): Access violation - code c0000005 (!!! second chance !!!)
00000000`0008000a f0410fba6a7400 lock bts dword ptr [r10+74h],0 ds:00000000`00082030=? ? ? ? ? ? ? ?
0:042> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/procexp_exe/15_13_0_0/4f39b794/unknown/0_0_0_0/bbbbbbb4/c0000005/0008000a.htm?Retriage=1
FAULTING_IP:
+41
00000000`0008000a f0410fba6a7400 lock bts dword ptr [r10+74h],0
EXCEPTION_RECORD: ffffffffffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 000000000008000a
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000082030
Attempt to write to address 0000000000082030
FAULTING_THREAD: 0000000000000aa4
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
PROCESS_NAME: procexp.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000082030
WRITE_ADDRESS: 0000000000082030
FOLLOWUP_IP:
sechost!LsaLookupOpenLocalPolicy+41
000007fe`fdb3429d 89442440 mov dword ptr [rsp+40h],eax
FAILED_INSTRUCTION_ADDRESS:
+41
00000000`0008000a f0410fba6a7400 lock bts dword ptr [r10+74h],0
MOD_LIST:
NTGLOBALFLAG: 70
APPLICATION_VERIFIER_FLAGS: 0
IP_ON_HEAP: 000000000008000a
The fault address in not in any loaded module, please check your build’s rebase
log at \bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_BAD_INSTRUCTION_PTR_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 000007feff04a776 to 000000000008000a
STACK_TEXT:
00000000083ce2e8 000007fe
ff04a776 : 0000000000000000 00000000
083ce5e0 00000000083cea18 000007fe
ff0598b1 : 0x8000a
00000000083ce2f0 000007fe
ff0ecc74 : 00000000083ce6a0 00000000
00000000 00000000083ce6a0 00000000
083ce6a0 : RPCRT4!LRPC_CCALL::SendReceive+0x156
00000000083ce3b0 000007fe
ff0ecf25 : 000007fefdb230a0 00000000
00000000 0000000000000000 00000000
0ab84ae0 : RPCRT4!NdrpClientCall3+0x244
00000000083ce670 000007fe
fdb3429d : 0000000000000001 00000000
0000000c 0000000000000000 00000000
00000000 : RPCRT4!NdrClientCall3+0xf2
00000000083cea00 000007fe
fdb33e17 : 0000000000000000 00000000
083ceb90 00000000083ceac8 00000000
00000000 : sechost!LsaLookupOpenLocalPolicy+0x41
00000000083cea60 000007fe
fdb3422d : 000000000ab84bc0 00000000
083cec40 0000000000000000 00000000
0ab84bc0 : sechost!LookupAccountSidInternal+0x7f
00000000083ceb30 000007fe
ff16b8ef : 0000000000000000 00000000
00000000 0000000000000000 000007fe
00000000 : sechost!LookupAccountSidLocalW+0x25
00000000083ceb80 000007fe
fd717ba2 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000158 : ADVAPI32!LookupAccountSidW+0x53
00000000083cebd0 000007fe
fd71b74f : 0000000000000000 00000000
083cf368 00000000083cf0cc 00000000
00000000 : Wintrust!_SSCatDBSetupRPCConnection+0x26f
00000000083cef20 000007fe
fd71b921 : 0000000000000000 00000000
083cf0cc 00000000083cf778 00000000
00000014 : Wintrust!Client_SSCatDBEnumCatalogs+0x3f
00000000083cefc0 000007fe
fd71cecc : 0000000000000000 00000000
003d51b0 000000000040f470 00000000
00000000 : Wintrust!_CatAdminAddCatalogsToCache+0x8c
00000000083cf070 000007fe
fd71b251 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : Wintrust!CryptCATAdminRemoveCatalog+0x37d
00000000083cf330 00000001
3fcd4b30 : 00000000003f2c70 00000000
0344efb0 0000000000000000 00000000
00000000 : Wintrust!CryptCATAdminEnumCatalogFromHash+0x157
00000000083cf3e0 00000001
3fcc1a1e : 000000000344ee20 00000000
00000000 0000000000000000 00000000
00000000 : procexp+0x84b30
00000000083cf7d0 00000001
3fcc1bd5 : 000000000344e530 00000000
00000001 0000000000000000 00000000
00000000 : procexp+0x71a1e
00000000083cf990 00000001
3fce77ef : 000000000344e530 00000000
00000000 0000000000000000 00000000
00000000 : procexp+0x71bd5
00000000083cf9c0 00000001
3fce7899 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : procexp+0x977ef
00000000083cf9f0 00000000
76b6652d : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : procexp+0x97899
00000000083cfa20 00000000
76f4c521 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : kernel32!BaseThreadInitThunk+0xd
00000000083cfa50 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: sechost!LsaLookupOpenLocalPolicy+41
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sechost
IMAGE_NAME: sechost.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5be05e
STACK_COMMAND: ~42s ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_sechost.dll!LsaLookupOpenLocalPolicy
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_READ_BAD_INSTRUCTION_PTR_INVALID_POINTER_WRITE_BAD_IP_sechost!LsaLookupOpenLocalPolicy+41
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/procexp_exe/15_13_0_0/4f39b794/unknown/0_0_0_0/bbbbbbb4/c0000005/0008000a.htm?Retriage=1
Followup: MachineOwner
---------