Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
A lot of "GetContextState failed, 0x80070005" in a BSOD dump, does this mean its corrupted?
So I have this dump that I have a feeling its corrupted or something, I just wanted to check with the experts here to make sure.
Some sample output when I load it with windbg:
GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 0: kd> k GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error 0n5 Unable to get initial context information GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 0: kd> lm start end module name GetContextState failed, 0x80070005 GetContextState failed, 0x80070005
Output of analyze -v :
!analyze -v GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error 0n5 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 Unable to get program counter GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error 0n5 GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error 0n5 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: ffffaa81130deea0, Address of the trap frame for the exception that caused the bugcheck Arg3: ffffaa81130dedf8, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error 0n5 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 GetContextState failed, 0x80070005 Unable to get current machine context, Win32 error
Is this happening because the dump file is corrupted, or...?
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 13-17 May 2024 | Live, Online |
| Developing Minifilters | 1-5 Apr 2024 | Live, Online |
| Internals & Software Drivers | 11-15 Mar 2024 | Live, Online |
| Writing WDF Drivers | 26 Feb - 1 Mar 2024 | Live, Online |
Comments
Is this a minidump or a full kernel dump?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
It's a full kernel dump
Probably corrupted in some way. How was the crash dump generated?
Not much you can do but you can try:
-scott
OSR