I know anyone on here beyond ‘new user with windbg’ will probably scoff at this message, but please bare with me : )
Im trying to find out who the source caller is into these methods. If Im reading it correctly, there’s no valid return address for the first frame listed, not to mention it can’t seem to find who 0x7c90eb94 belongs to. Is there a way to determine who the caller was at this point?
A tried a u 0x7c90eb94 but I get a “Memory access error in ‘u 0x7c90eb94’”. Any thoughts?
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
+69686374
69686374 ?? ???
TRAP_FRAME: f5897c68 – (.trap fffffffff5897c68)
ErrCode = 00000000
eax=85984680 ebx=86406860 ecx=deadbeef edx=85c86ff0 esi=85c86fd8 edi=e50961b0
eip=69686374 esp=f5897cdc ebp=f5897cfc iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
69686374 ?? ???
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 805897e2 to 69686374
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f5897cd8 805897e2 86406860 85c86ff0 000010d8 0x69686374
f5897cfc 8056e9bc e1a2b810 85c86ff0 000010d8 nt!ObpCloseHandleTableEntry+0x3b
f5897d44 8056ea06 000010d8 00000001 00000000 nt!ObpCloseHandle+0x87
f5897d58 804dd99f 000010d8 01ccfc38 7c90eb94 nt!NtClose+0x1d
f5897d58 7c90eb94 000010d8 01ccfc38 7c90eb94 nt!KiFastCallEntry+0xfc
01ccfc28 00000000 00000000 00000000 00000000 0x7c90eb94