jls28 / syserdebugger Goto Github PK

There were many bugs solved from 1.99.1900.xxxx to 1.99.1900.1220, and even the latest does not work on windows 7 sp1.

Crash dump file: C:\Windows\Minidump\052724-13650-01.dmp (Minidump)
Uptime: 00:00:37 (hh:mm:ss)
Bugcheck code: 0x1000007E(0xFFFFFFFFC0000005, 0xFFFFFFFF9f42a59d, 0xFFFFFFFF80de1870, 0xFFFFFFFF80de1450)
Bugcheck name: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Driver or module in which error occurred: Syser.sys (Syser+0x959D)
File path: C:\Windows\system32\drivers\Syser.sys
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
Analysis: This is likely a software problem which means that it was probably caused by a bug in a driver.
There is a possibility that this is caused by memory corruption. Memory corruption can be caused by a faulty driver, faulty RAM, overheating and more. Read this article on memory corruption. Read this article on thermal issues
Google query: syser SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M

Unfortunately the source code is not for the latest version so is difficult to pinpoint the cause of this BSOD.

examin the bug check parameters:
kd> .bugcheck
Bugcheck code 0000007E
Arguments c0000005 9f42a59d 80de1870 80de1450

examine the exception record:
kd> .exr 0xffffffff80de1870
ExceptionAddress: 9f42a59d (Syser+0x0000959d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000001c
Attempt to read from address 0000001c

examine the context record:
kd> .cxr 0xffffffff80de1450
eax=00000000 ebx=00000008 ecx=00000000 edx=00000000 esi=862ec1bc edi=00000000
eip=9f42a59d esp=80de1938 ebp=80de1944 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
Syser+0x959d:
9f42a59d 8b581c mov ebx,dword ptr [eax+1Ch] ds:0023:0000001c=????????

locate the faulting instruction:
kd> u 0xffffffff9f42a59d
Syser+0x959d:
9f42a59d 8b581c mov ebx,dword ptr [eax+1Ch]
9f42a5a0 56 push esi
9f42a5a1 57 push edi
9f42a5a2 50 push eax
9f42a5a3 0f20e0 mov eax,cr4
9f42a5a6 8945f8 mov dword ptr [ebp-8],eax
9f42a5a9 58 pop eax
9f42a5aa f645f820 test byte ptr [ebp-8],20h

the decompiled call is:

char __stdcall sub_19592(unsigned int a1, int *a2)
{
int v2; // ebx
char v3; // al
int *v4; // esi
int v6; // ecx
int *v7; // eax
int v8; // edx
int v9; // edx
unsigned int *v10; // esi
unsigned int v11; // edx
int v12; // ecx
_DWORD *v13; // esi
char v14; // [esp+Ch] [ebp-8h]
char v15[4]; // [esp+10h] [ebp-4h] BYREF

v2 = *(_DWORD *)(dword_160204 + 28); ====> syser+0x959D
v3 = __readcr4();
v14 = v3;
if ( (v3 & 0x20) == 0 )
{
v10 = (unsigned int *)(4 * (a1 >> 22) - 1070596096);
if ( (unsigned __int8)sub_4498A(4 * (a1 >> 22), v15) )
{
v11 = *v10;
if ( (*v10 & 0x80u) == 0 )
{
v13 = (_DWORD *)(4 * (a1 >> 12) - 0x40000000);
if ( (unsigned __int8)sub_4498A(4 * (a1 >> 12), v15) && (*v13 & 1) != 0 )
{
v7 = a2;
if ( a2 )
{
v9 = *v13 ^ ((unsigned __int16)a1 ^ (unsigned __int16)*v13) & 0xFFF;
a2[1] = 0;
goto LABEL_26;
}
return 1;
}
}
else if ( (v14 & 0x10) != 0 && (v2 & 8) != 0 )
{
if ( (((unsigned int)&loc_1FFFE + 2) & v2) != 0 )
v12 = (v11 >> 13) & 0xF;
else
v12 = 0;
if ( a2 )
{
*a2 = v11 ^ (a1 ^ v11) & 0x3FFFFF;
a2[1] = v12;
}
return 1;
}
}
return 0;
}
v4 = (int *)(((a1 >> 18) & 0x3FF8) - 1067450368);
if ( !(unsigned __int8)sub_4498A((a1 >> 18) & 0x3FF8, v15) )
return 0;
v6 = *v4;
if ( (*v4 & 1) == 0 )
return 0;
if ( (v6 & 0x80u) != 0 )
{
v7 = a2;
if ( a2 )
{
v8 = (a1 ^ v6) & 0x1FFFFF;
LABEL_12:
v9 = v6 ^ v8;
v7[1] = v4[1] & 0xF;
LABEL_26:
*v7 = v9;
return 1;
}
return 1;
}
v4 = (int *)(((a1 >> 9) & 0x7FFFF8) - 0x40000000);
if ( !(unsigned __int8)sub_4498A((a1 >> 9) & 0xFFF8, v15) )
return 0;
v6 = *v4;
if ( (*v4 & 1) == 0 )
return 0;
v7 = a2;
if ( a2 )
{
v8 = ((unsigned __int16)a1 ^ (unsigned __int16)v6) & 0xFFF;
goto LABEL_12;
}
return 1;
}