Wilkinson, Alex wrote:
Hi all,
I have a core dump that appears to have been caused by a process
called radixgui.exe.
That’s an anti-rootkit app. Were you running that intentionally?
Here is the backtrace (trimmed):
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
…
STACK_TEXT:
f21157ac e105bba7 0000008e c0000005 fc72b929 nt!KeBugCheckEx+0x1b
f2115b70 e10346cc f2115b8c 00000000 f2115be0 nt!KiDispatchException +0x3a2
f2115bd8 e1034680 f2116c3c fc72b929 badb0d00 nt!CommonDispatchException +0x4a
f2115c60 dd8ad3cd 00000000 e7520c60 e720b0d0 nt!Kei386EoiHelper+0x186
f2116c3c e1040153 faaaea40 faf4e578 fa9311d0 win32k!EXLATEOBJ::bInitXlateObj+0xbb
f2116c50 e112b57f faf4e5e8 fa9311d0 faf4e578 nt!IofCallDriver+0x45
f2116c64 e112b4b4 faaaea40 faf4e578 fa9311d0 nt!IopSynchronousServiceTail+0x10b
f2116d00 e112b5d4 0000012c 00000000 00000000 nt!IopXxxControlFile+0x60f
f2116d34 e1033bef 0000012c 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
f2116d34 7c82860c 0000012c 00000000 00000000 nt!KiFastCallEntry+0xfc
That’s interesting, if the symbols are right. You shouldn’t be able to
make an ioctl call directly into win32k.sys.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
