KeBugCheck2的第6个参数
大家知道,DDK公开了两个内核API用于产生BSOD,分别是KeBugCheck()和KeBugCheckEx()。其原型分别如下:
VOID
KeBugCheck(
IN ULONG BugCheckCode
);
VOID
KeBugCheckEx(
IN ULONG BugCheckCode,
IN ULONG_PTR BugCheckParameter1,
IN ULONG_PTR BugCheckParameter2,
IN ULONG_PTR BugCheckParameter3,
IN ULONG_PTR BugCheckParameter4
);
在内部,KebugCheck只是简单的调用KebugCheckEx,将BugCheckCode传递给后者,其它参数都传为空。
在Windows XP之前,KeBugCheckEx()是真正的BSOD发射地,根据BugCheckCode作了一系列准备工作后,便提高IRQL,禁止中断,然后调用Boot Video驱动绘制蓝屏了!
nt!InbvAcquireDisplayOwnership (8052d5db)
nt!InbvResetDisplay (8052d40d)
nt!InbvSolidColorFill (8052d491)
nt!InbvSetTextColor (8052d51f)
但从Windows XP开始,KeBugCheckEx也“升职加薪”不作具体事务了。它只是简单的调用KebugCheck2。
nt!KeBugCheckEx:
8052b578 55 push ebp
8052b579 8bec mov ebp,esp
8052b57b 6a00 push 0x0
8052b57d ff7518 push dword ptr [ebp+0x18]
8052b580 ff7514 push dword ptr [ebp+0x14]
8052b583 ff7510 push dword ptr [ebp+0x10]
8052b586 ff750c push dword ptr [ebp+0xc]
8052b589 ff7508 push dword ptr [ebp+0x8]
8052b58c e864f5ffff call nt!KeBugCheck2 (8052aaf5)
8052b591 5d pop ebp
8052b592 c21400 ret 0x14
微软至今尚未公开KebugCheck2的原型,但是有一点可以肯定,KebugCheck2比KeBugCheckEx多了一个参数。因此其原型大致如下(猜测):
VOID
KeBugCheck2(
IN ULONG BugCheckCode,
IN ULONG_PTR BugCheckParameter1,
IN ULONG_PTR BugCheckParameter2,
IN ULONG_PTR BugCheckParameter3,
IN ULONG_PTR BugCheckParameter4,
IN ULONG_PTR BugCheckParameterNew
);
那么这个新的参数BugCheckParameterNew的作用是什么呢?看以下的汇编代码,指导其先被赋给了一个局部变量ebp-0x3b8。
kd> uf nt!KeBugCheck2
nt!KeBugCheck2:
80532e4a 8bff mov edi,edi
80532e4c 55 push ebp
80532e4d 8bec mov ebp,esp
80532e4f 81ecc8030000 sub esp,0x3c8
80532e55 a1201a5580 mov eax,[nt!__security_cookie (80551a20)]
80532e5a 8945fc mov [ebp-0x4],eax
80532e5d 8b450c mov eax,[ebp+0xc]
80532e60 898544fcffff mov [ebp-0x3bc],eax
80532e66 8b4514 mov eax,[ebp+0x14]
80532e69 89855cfcffff mov [ebp-0x3a4],eax
80532e6f 8b4518 mov eax,[ebp+0x18]
80532e72 53 push ebx
80532e73 8b5d10 mov ebx,[ebp+0x10]
80532e76 33c9 xor ecx,ecx
80532e78 89853cfcffff mov [ebp-0x3c4],eax
80532e7e 8b451c mov eax,[ebp+0x1c]
80532e81 56 push esi
80532e82 57 push edi
80532e83 899d38fcffff mov [ebp-0x3c8],ebx
80532e89 898558fcffff mov [ebp-0x3a8],eax
80532e8f 898d48fcffff mov [ebp-0x3b8],ecx
80532e95 898d4cfcffff mov [ebp-0x3b4],ecx
80532e9b 898d54fcffff mov [ebp-0x3ac],ecx
80532ea1 64a124010000 mov eax,fs:[00000124]
80532ea7 817d08e5000000 cmp dword ptr [ebp+0x8],0xe5
80532eae 898540fcffff mov [ebp-0x3c0],eax
80532eb4 888d61fcffff mov [ebp-0x39f],cl
80532eba 888d63fcffff mov [ebp-0x39d],cl
80532ec0 890d00a55580 mov [nt!KiBugCheckDriver (8055a500)],ecx
80532ec6 750d jnz nt!KeBugCheck2+0x8b (80532ed5)
nt!KeBugCheck2+0x7e:
80532ec8 e85efdffff call nt!KiScanBugCheckCallbackList (80532c2b)
80532ecd 6a03 push 0x3
80532ecf ff15ac754d80 call dword ptr [nt!_imp__HalReturnToFirmware (804d75ac)]
nt!KeBugCheck2+0x8b:
80532ed5 e808fafaff call nt!KiSetHardwareTrigger (804e28e2)
80532eda 3ea120f0dfff mov eax,ds:[ffdff020]
80532ee0 83c01c add eax,0x1c
80532ee3 50 push eax
80532ee4 e89a8bfaff call nt!RtlCaptureContext (804dba83)
80532ee9 3ea120f0dfff mov eax,ds:[ffdff020]
80532eef 83c01c add eax,0x1c
80532ef2 50 push eax
80532ef3 e89931fbff call nt!KiSaveProcessorControlState (804e6091)
80532ef8 3ea120f0dfff mov eax,ds:[ffdff020]
80532efe 837d087f cmp dword ptr [ebp+0x8],0x7f
80532f02 8d701c lea esi,[eax+0x1c]
80532f05 b9b3000000 mov ecx,0xb3
80532f0a 8dbd64fcffff lea edi,[ebp-0x39c]
80532f10 6a1e push 0x1e
80532f12 f3a5 rep movsd
80532f14 b8c5000000 mov eax,0xc5
80532f19 59 pop ecx
80532f1a 0f87fa000000 jnbe nt!KeBugCheck2+0x1d0 (8053301a)
nt!KeBugCheck2+0xd6:
80532f20 8b4508 mov eax,[ebp+0x8]
80532f23 83f87f cmp eax,0x7f
80532f26 0f844b010000 je nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0xe2:
80532f2c 2bc1 sub eax,ecx
80532f2e 7434 jz nt!KeBugCheck2+0x11a (80532f64)
nt!KeBugCheck2+0xe6:
80532f30 83e805 sub eax,0x5
80532f33 0f843e010000 je nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0xef:
80532f39 48 dec eax
80532f3a 0f84cb000000 je nt!KeBugCheck2+0x1c1 (8053300b)
nt!KeBugCheck2+0xf6:
80532f40 83e80a sub eax,0xa
80532f43 0f842e010000 je nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0xff:
80532f49 83e811 sub eax,0x11
80532f4c 0f8425010000 je nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x108:
80532f52 83e83c sub eax,0x3c
80532f55 0f841c010000 je nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x111:
80532f5b 83e803 sub eax,0x3
80532f5e 0f85f5000000 jne nt!KeBugCheck2+0x20f (80533059)
nt!KeBugCheck2+0x11a:
80532f64 898d50fcffff mov [ebp-0x3b0],ecx
nt!KeBugCheck2+0x120:
80532f6a 8b4508 mov eax,[ebp+0x8]
nt!KeBugCheck2+0x120:
80532f6a 8b4508 mov eax,[ebp+0x8]
nt!KeBugCheck2+0x123:
80532f6d 8bb544fcffff mov esi,[ebp-0x3bc]
80532f73 8b955cfcffff mov edx,[ebp-0x3a4]
80532f79 8b8d3cfcffff mov ecx,[ebp-0x3c4]
80532f7f a320a55580 mov [nt!KiBugCheckData (8055a520)],eax
80532f84 b8be000000 mov eax,0xbe
80532f89 394508 cmp [ebp+0x8],eax
80532f8c 893524a55580 mov [nt!KiBugCheckData+0x4 (8055a524)],esi
80532f92 891d28a55580 mov [nt!KiBugCheckData+0x8 (8055a528)],ebx
80532f98 89152ca55580 mov [nt!KiBugCheckData+0xc (8055a52c)],edx
80532f9e 890d30a55580 mov [nt!KiBugCheckData+0x10 (8055a530)],ecx
80532fa4 0f87f5020000 jnbe nt!KeBugCheck2+0x455 (8053329f)
nt!KeBugCheck2+0x160:
80532faa 7427 jz nt!KeBugCheck2+0x189 (80532fd3)
nt!KeBugCheck2+0x162:
80532fac 8b4508 mov eax,[ebp+0x8]
80532faf 83e80a sub eax,0xa
80532fb2 0f840c020000 je nt!KeBugCheck2+0x37a (805331c4)
nt!KeBugCheck2+0x16e:
80532fb8 83e842 sub eax,0x42
80532fbb 0f84c6010000 je nt!KeBugCheck2+0x33d (80533187)
nt!KeBugCheck2+0x177:
80532fc1 83e804 sub eax,0x4
80532fc4 0f84bb000000 je nt!KeBugCheck2+0x23b (80533085)
nt!KeBugCheck2+0x180:
80532fca 83e83e sub eax,0x3e
80532fcd 0f85f9020000 jne nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x189:
80532fd3 83bd58fcffff00 cmp dword ptr [ebp-0x3a8],0x0
80532fda 750e jnz nt!KeBugCheck2+0x1a0 (80532fea)
nt!KeBugCheck2+0x192:
80532fdc 85d2 test edx,edx
80532fde 0f84e8020000 je nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x19a:
80532fe4 899558fcffff mov [ebp-0x3a8],edx
nt!KeBugCheck2+0x1a0:
80532fea 817d088e000000 cmp dword ptr [ebp+0x8],0x8e
80532ff1 0f84d5020000 je nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x1ad:
80532ff7 8b8558fcffff mov eax,[ebp-0x3a8]
80532ffd 8b4068 mov eax,[eax+0x68]
80533000 898554fcffff mov [ebp-0x3ac],eax
80533006 e9c1020000 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x1c1:
8053300b c78550fcffff23000000 mov dword ptr [ebp-0x3b0],0x23
80533015 e950ffffff jmp nt!KeBugCheck2+0x120 (80532f6a)
nt!KeBugCheck2+0x1d0:
8053301a 817d088e000000 cmp dword ptr [ebp+0x8],0x8e
80533021 0f843dffffff je nt!KeBugCheck2+0x11a (80532f64)
nt!KeBugCheck2+0x1dd:
80533027 817d08a5000000 cmp dword ptr [ebp+0x8],0xa5
8053302e 7447 jz nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x1e6:
80533030 394508 cmp [ebp+0x8],eax
80533033 7442 jz nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x1eb:
80533035 817d08d0000000 cmp dword ptr [ebp+0x8],0xd0
8053303c 743c jz nt!KeBugCheck2+0x230 (8053307a)
nt!KeBugCheck2+0x1f4:
8053303e 817d08e0000000 cmp dword ptr [ebp+0x8],0xe0
80533045 7430 jz nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x1fd:
80533047 817d08ea000000 cmp dword ptr [ebp+0x8],0xea
8053304e 7427 jz nt!KeBugCheck2+0x22d (80533077)
nt!KeBugCheck2+0x206:
80533050 817d08d10200c0 cmp dword ptr [ebp+0x8],0xc00002d1
80533057 740f jz nt!KeBugCheck2+0x21e (80533068)
nt!KeBugCheck2+0x20f:
80533059 c78550fcffff82000040 mov dword ptr [ebp-0x3b0],0x40000082
80533063 e902ffffff jmp nt!KeBugCheck2+0x120 (80532f6a)
nt!KeBugCheck2+0x21e:
80533068 c78550fcffffc3000000 mov dword ptr [ebp-0x3b0],0xc3
80533072 e9f3feffff jmp nt!KeBugCheck2+0x120 (80532f6a)
nt!KeBugCheck2+0x22d:
80533077 8b4508 mov eax,[ebp+0x8]
nt!KeBugCheck2+0x230:
8053307a 898550fcffff mov [ebp-0x3b0],eax
80533080 e9e5feffff jmp nt!KeBugCheck2+0x120 (80532f6a)
nt!KeBugCheck2+0x23b:
80533085 83a55cfcffff00 and dword ptr [ebp-0x3a4],0x0
8053308c 83bd58fcffff00 cmp dword ptr [ebp-0x3a8],0x0
80533093 750a jnz nt!KeBugCheck2+0x255 (8053309f)
nt!KeBugCheck2+0x24b:
80533095 85d2 test edx,edx
80533097 743f jz nt!KeBugCheck2+0x28e (805330d8)
nt!KeBugCheck2+0x24f:
80533099 899558fcffff mov [ebp-0x3a8],edx
nt!KeBugCheck2+0x255:
8053309f 8b8558fcffff mov eax,[ebp-0x3a8]
805330a5 8b7068 mov esi,[eax+0x68]
805330a8 8d8562fcffff lea eax,[ebp-0x39e]
805330ae 50 push eax
805330af 6a00 push 0x0
805330b1 8d855cfcffff lea eax,[ebp-0x3a4]
805330b7 50 push eax
805330b8 56 push esi
805330b9 89b554fcffff mov [ebp-0x3ac],esi
805330bf 89352ca55580 mov [nt!KiBugCheckData+0xc (8055a52c)],esi
805330c5 e8d8f8ffff call nt!KiPcToFileHeader (805329a2)
805330ca 8a9d62fcffff mov bl,[ebp-0x39e]
805330d0 89855cfcffff mov [ebp-0x3a4],eax
805330d6 eb08 jmp nt!KeBugCheck2+0x296 (805330e0)
nt!KeBugCheck2+0x28e:
805330d8 8bb554fcffff mov esi,[ebp-0x3ac]
805330de b301 mov bl,0x1
nt!KeBugCheck2+0x296:
805330e0 8bbd44fcffff mov edi,[ebp-0x3bc]
805330e6 57 push edi
805330e7 e88f720000 call nt!MmIsSpecialPoolAddress (8053a37b)
805330ec 83f801 cmp eax,0x1
805330ef 7534 jnz nt!KeBugCheck2+0x2db (80533125)
nt!KeBugCheck2+0x2a7:
805330f1 57 push edi
805330f2 e8b1720000 call nt!MmIsSpecialPoolAddressFree (8053a3a8)
805330f7 fecb dec bl
805330f9 83f801 cmp eax,0x1
805330fc 750f jnz nt!KeBugCheck2+0x2c3 (8053310d)
nt!KeBugCheck2+0x2b4:
805330fe f6db neg bl
80533100 1bdb sbb ebx,ebx
80533102 83e309 and ebx,0x9
80533105 81c3cc000000 add ebx,0xcc
8053310b eb0d jmp nt!KeBugCheck2+0x2d0 (8053311a)
nt!KeBugCheck2+0x2c3:
8053310d f6db neg bl
8053310f 1bdb sbb ebx,ebx
80533111 83e309 and ebx,0x9
80533114 81c3cd000000 add ebx,0xcd
nt!KeBugCheck2+0x2d0:
8053311a 891d20a55580 mov [nt!KiBugCheckData (8055a520)],ebx
80533120 e9a7010000 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x2db:
80533125 3bf7 cmp esi,edi
80533127 752f jnz nt!KeBugCheck2+0x30e (80533158)
nt!KeBugCheck2+0x2df:
80533129 57 push edi
8053312a e83a91fdff call nt!MmIsSessionAddress (8050c269)
8053312f 83f801 cmp eax,0x1
80533132 7524 jnz nt!KeBugCheck2+0x30e (80533158)
nt!KeBugCheck2+0x2ea:
80533134 8b8540fcffff mov eax,[ebp-0x3c0]
8053313a 8b4020 mov eax,[eax+0x20]
8053313d 85c0 test eax,eax
8053313f 7408 jz nt!KeBugCheck2+0x2ff (80533149)
nt!KeBugCheck2+0x2f7:
80533141 3b0538f55580 cmp eax,[nt!MmSystemRangeStart (8055f538)]
80533147 720f jb nt!KeBugCheck2+0x30e (80533158)
nt!KeBugCheck2+0x2ff:
80533149 c70520a55580cf000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xcf
80533153 e974010000 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x30e:
80533158 83bd5cfcffff00 cmp dword ptr [ebp-0x3a4],0x0
8053315f 0f8567010000 jne nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x31b:
80533165 57 push edi
80533166 e8454c0000 call nt!MmLocateUnloadedDriver (80537db0)
8053316b 85c0 test eax,eax
8053316d a300a55580 mov [nt!KiBugCheckDriver (8055a500)],eax
80533172 0f846d010000 je nt!KeBugCheck2+0x49b (805332e5)
nt!KeBugCheck2+0x32e:
80533178 c70520a55580ce000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xce
80533182 e945010000 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x33d:
80533187 893520a55580 mov [nt!KiBugCheckData (8055a520)],esi
8053318d 8b03 mov eax,[ebx]
8053318f a324a55580 mov [nt!KiBugCheckData+0x4 (8055a524)],eax
80533194 8b4304 mov eax,[ebx+0x4]
80533197 a328a55580 mov [nt!KiBugCheckData+0x8 (8055a528)],eax
8053319c 8b4308 mov eax,[ebx+0x8]
8053319f a32ca55580 mov [nt!KiBugCheckData+0xc (8055a52c)],eax
805331a4 8b430c mov eax,[ebx+0xc]
805331a7 c68561fcffff01 mov byte ptr [ebp-0x39f],0x1
805331ae 899548fcffff mov [ebp-0x3b8],edx
805331b4 898d4cfcffff mov [ebp-0x3b4],ecx
805331ba a330a55580 mov [nt!KiBugCheckData+0x10 (8055a530)],eax
805331bf e908010000 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x37a:
805331c4 3b0d8cab5580 cmp ecx,[nt!ExPoolCodeStart (8055ab8c)]
805331ca 7217 jb nt!KeBugCheck2+0x399 (805331e3)
nt!KeBugCheck2+0x382:
805331cc 3b0d88ab5580 cmp ecx,[nt!ExPoolCodeEnd (8055ab88)]
805331d2 730f jnb nt!KeBugCheck2+0x399 (805331e3)
nt!KeBugCheck2+0x38a:
805331d4 c70520a55580c5000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xc5
805331de e9b3000000 jmp nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x399:
805331e3 3b0d84ab5580 cmp ecx,[nt!MmPoolCodeStart (8055ab84)]
805331e9 7217 jb nt!KeBugCheck2+0x3b8 (80533202)
nt!KeBugCheck2+0x3a1:
805331eb 3b0d80ab5580 cmp ecx,[nt!MmPoolCodeEnd (8055ab80)]
805331f1 730f jnb nt!KeBugCheck2+0x3b8 (80533202)
nt!KeBugCheck2+0x3a9:
805331f3 c70520a55580d0000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xd0
805331fd e994000000 jmp nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x3b8:
80533202 3b0d7cab5580 cmp ecx,[nt!MmPteCodeStart (8055ab7c)]
80533208 7214 jb nt!KeBugCheck2+0x3d4 (8053321e)
nt!KeBugCheck2+0x3c0:
8053320a 3b0d78ab5580 cmp ecx,[nt!MmPteCodeEnd (8055ab78)]
80533210 730c jnb nt!KeBugCheck2+0x3d4 (8053321e)
nt!KeBugCheck2+0x3c8:
80533212 c70520a55580db000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xdb
8053321c eb78 jmp nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x3d4:
8053321e 8d8562fcffff lea eax,[ebp-0x39e]
80533224 50 push eax
80533225 6a00 push 0x0
80533227 8d855cfcffff lea eax,[ebp-0x3a4]
8053322d 50 push eax
8053322e 51 push ecx
8053322f e86ef7ffff call nt!KiPcToFileHeader (805329a2)
80533234 80bd62fcffff01 cmp byte ptr [ebp-0x39e],0x1
8053323b 754f jnz nt!KeBugCheck2+0x442 (8053328c)
nt!KeBugCheck2+0x3f3:
8053323d 8d8562fcffff lea eax,[ebp-0x39e]
80533243 50 push eax
80533244 6a01 push 0x1
80533246 8d855cfcffff lea eax,[ebp-0x3a4]
8053324c 50 push eax
8053324d 56 push esi
8053324e e84ff7ffff call nt!KiPcToFileHeader (805329a2)
80533253 85c0 test eax,eax
80533255 741a jz nt!KeBugCheck2+0x427 (80533271)
nt!KeBugCheck2+0x40d:
80533257 8b855cfcffff mov eax,[ebp-0x3a4]
8053325d 83c02c add eax,0x2c
80533260 a300a55580 mov [nt!KiBugCheckDriver (8055a500)],eax
80533265 c70520a55580d3000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xd3
8053326f eb25 jmp nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x427:
80533271 56 push esi
80533272 e8394b0000 call nt!MmLocateUnloadedDriver (80537db0)
80533277 85c0 test eax,eax
80533279 a300a55580 mov [nt!KiBugCheckDriver (8055a500)],eax
8053327e 7416 jz nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x436:
80533280 c70520a55580d4000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xd4
8053328a eb0a jmp nt!KeBugCheck2+0x44c (80533296)
nt!KeBugCheck2+0x442:
8053328c c70520a55580d1000000 mov dword ptr [nt!KiBugCheckData (8055a520)],0xd1
nt!KeBugCheck2+0x44c:
80533296 83a554fcffff00 and dword ptr [ebp-0x3ac],0x0
8053329d eb2d jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x455:
8053329f 8b4508 mov eax,[ebp+0x8]
805332a2 2dcb000000 sub eax,0xcb
805332a7 741d jz nt!KeBugCheck2+0x47c (805332c6)
nt!KeBugCheck2+0x45f:
805332a9 83e80d sub eax,0xd
805332ac 740d jz nt!KeBugCheck2+0x471 (805332bb)
nt!KeBugCheck2+0x464:
805332ae 83e812 sub eax,0x12
805332b1 7519 jnz nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x469:
805332b3 891500a55580 mov [nt!KiBugCheckDriver (8055a500)],edx
805332b9 eb11 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x471:
805332bb 83c62c add esi,0x2c
805332be 893500a55580 mov [nt!KiBugCheckDriver (8055a500)],esi
805332c4 eb06 jmp nt!KeBugCheck2+0x482 (805332cc)
nt!KeBugCheck2+0x47c:
805332c6 89b554fcffff mov [ebp-0x3ac],esi
nt!KeBugCheck2+0x482:
805332cc a100a55580 mov eax,[nt!KiBugCheckDriver (8055a500)]
805332d1 85c0 test eax,eax
805332d3 7410 jz nt!KeBugCheck2+0x49b (805332e5)
nt!KeBugCheck2+0x48b:
805332d5 6a64 push 0x64
805332d7 8d4d98 lea ecx,[ebp-0x68]
805332da 51 push ecx
805332db 50 push eax
805332dc e8aef5ffff call nt!KeBugCheckUnicodeToAnsi (8053288f)
805332e1 33f6 xor esi,esi
805332e3 eb21 jmp nt!KeBugCheck2+0x4bc (80533306)
nt!KeBugCheck2+0x49b:
805332e5 33f6 xor esi,esi
805332e7 39b554fcffff cmp [ebp-0x3ac],esi
805332ed 7417 jz nt!KeBugCheck2+0x4bc (80533306)
nt!KeBugCheck2+0x4a5:
805332ef 688f285380 push 0x8053288f
805332f4 6a01 push 0x1
805332f6 8d8554fcffff lea eax,[ebp-0x3ac]
805332fc 50 push eax
805332fd 8d4598 lea eax,[ebp-0x68]
80533300 50 push eax
80533301 e823f7ffff call nt!KiDumpParameterImages (80532a29)
nt!KeBugCheck2+0x4bc:
80533306 803d7ccb548000 cmp byte ptr [nt!KdPitchDebugger (8054cb7c)],0x0
8053330d 7511 jnz nt!KeBugCheck2+0x4d6 (80533320)
nt!KeBugCheck2+0x4c5:
8053330f 8d8564fcffff lea eax,[ebp-0x39c]
80533315 a388c75480 mov [nt!KdDebuggerDataBlock+0x28 (8054c788)],eax
8053331a 89358cc75480 mov [nt!KdDebuggerDataBlock+0x2c (8054c78c)],esi
nt!KeBugCheck2+0x4d6:
80533320 817d08e2000000 cmp dword ptr [ebp+0x8],0xe2
80533327 0f8491000000 je nt!KeBugCheck2+0x574 (805333be)
nt!KeBugCheck2+0x4e3:
8053332d 803dc130558000 cmp byte ptr [nt!KdDebuggerEnabled (805530c1)],0x0
80533334 0f8484000000 je nt!KeBugCheck2+0x574 (805333be)
nt!KeBugCheck2+0x4f0:
8053333a ff3530a55580 push dword ptr [nt!KiBugCheckData+0x10 (8055a530)]
80533340 ff352ca55580 push dword ptr [nt!KiBugCheckData+0xc (8055a52c)]
80533346 ff3528a55580 push dword ptr [nt!KiBugCheckData+0x8 (8055a528)]
8053334c ff3524a55580 push dword ptr [nt!KiBugCheckData+0x4 (8055a524)]
80533352 ff3520a55580 push dword ptr [nt!KiBugCheckData (8055a520)]
80533358 68aa385380 push 0x805338aa
8053335d e84f25fdff call nt!DbgPrint (805058b1)
80533362 83c418 add esp,0x18
80533365 803dc030558000 cmp byte ptr [nt!KdDebuggerNotPresent (805530c0)],0x0
8053336c 7550 jnz nt!KeBugCheck2+0x574 (805333be)
nt!KeBugCheck2+0x524:
8053336e 393500a55580 cmp [nt!KiBugCheckDriver (8055a500)],esi
80533374 7410 jz nt!KeBugCheck2+0x53c (80533386)
nt!KeBugCheck2+0x52c:
80533376 8d4598 lea eax,[ebp-0x68]
80533379 50 push eax
8053337a 68fa385380 push 0x805338fa
8053337f e82d25fdff call nt!DbgPrint (805058b1)
80533384 59 pop ecx
80533385 59 pop ecx
nt!KeBugCheck2+0x53c:
80533386 80bd61fcffff00 cmp byte ptr [ebp-0x39f],0x0
8053338d 7428 jz nt!KeBugCheck2+0x56d (805333b7)
nt!KeBugCheck2+0x545:
8053338f 39b548fcffff cmp [ebp-0x3b8],esi
80533395 740c jz nt!KeBugCheck2+0x559 (805333a3)
nt!KeBugCheck2+0x54d:
80533397 ffb548fcffff push dword ptr [ebp-0x3b8]
8053339d e80f25fdff call nt!DbgPrint (805058b1)
805333a2 59 pop ecx
nt!KeBugCheck2+0x559:
805333a3 39b54cfcffff cmp [ebp-0x3b4],esi
805333a9 740c jz nt!KeBugCheck2+0x56d (805333b7)
nt!KeBugCheck2+0x561:
805333ab ffb54cfcffff push dword ptr [ebp-0x3b4]
805333b1 e8fb24fdff call nt!DbgPrint (805058b1)
805333b6 59 pop ecx
nt!KeBugCheck2+0x56d:
805333b7 6a03 push 0x3
805333b9 e810f5ffff call nt!KiBugCheckDebugBreak (805328ce)
nt!KeBugCheck2+0x574:
805333be e88c18feff call nt!KeDisableInterrupts (80514c4f)
805333c3 b11f mov cl,0x1f
805333c5 ff1548764d80 call dword ptr [nt!_imp_KfRaiseIrql (804d7648)]
805333cb b8ffffffff mov eax,0xffffffff
805333d0 b97c0c5580 mov ecx,0x80550c7c
805333d5 0fc101 xadd [ecx],eax
805333d8 48 dec eax
805333d9 0f8596040000 jne nt!KeBugCheck2+0xa2b (80533875)
nt!KeBugCheck2+0x595:
805333df a120a55580 mov eax,[nt!KiBugCheckData (8055a520)]
805333e4 56 push esi
805333e5 56 push esi
805333e6 56 push esi
805333e7 56 push esi
805333e8 6a0e push 0xe
805333ea 89855cfcffff mov [ebp-0x3a4],eax
805333f0 c68562fcffff01 mov byte ptr [ebp-0x39e],0x1
805333f7 e894c9fdff call nt!HeadlessDispatch (8050fd90)
805333fc 56 push esi
805333fd 56 push esi
805333fe 6a01 push 0x1
80533400 8d8562fcffff lea eax,[ebp-0x39e]
80533406 50 push eax
80533407 6a01 push 0x1
80533409 e882c9fdff call nt!HeadlessDispatch (8050fd90)
8053340e 56 push esi
8053340f 56 push esi
80533410 6a04 push 0x4
80533412 8d855cfcffff lea eax,[ebp-0x3a4]
80533418 50 push eax
80533419 6a14 push 0x14
8053341b e870c9fdff call nt!HeadlessDispatch (8050fd90)
80533420 e8d69fffff call nt!InbvIsBootDriverInstalled (8052d3fb)
80533425 84c0 test al,al
80533427 743f jz nt!KeBugCheck2+0x61e (80533468)
nt!KeBugCheck2+0x5df:
80533429 e8ada1ffff call nt!InbvAcquireDisplayOwnership (8052d5db)
8053342e e8da9fffff call nt!InbvResetDisplay (8052d40d)
80533433 6a04 push 0x4
80533435 68df010000 push 0x1df
8053343a bb7f020000 mov ebx,0x27f
8053343f 53 push ebx
80533440 56 push esi
80533441 56 push esi
80533442 e84aa0ffff call nt!InbvSolidColorFill (8052d491)
80533447 6a0f push 0xf
80533449 e8d1a0ffff call nt!InbvSetTextColor (8052d51f)
8053344e 56 push esi
8053344f e84a12feff call nt!InbvInstallDisplayStringFilter (8051469e)
80533454 6a01 push 0x1
80533456 e84ec7fdff call nt!InbvEnableDisplayString (8050fba9)
8053345b 68db010000 push 0x1db
80533460 53 push ebx
80533461 56 push esi
80533462 56 push esi
80533463 e8d3a1ffff call nt!InbvSetScrollRegion (8052d63b)
nt!KeBugCheck2+0x61e:
80533468 80bd61fcffff00 cmp byte ptr [ebp-0x39f],0x0
8053346f 0f852c010000 jne nt!KeBugCheck2+0x757 (805335a1)
nt!KeBugCheck2+0x62b:
80533475 6812395380 push 0x80533912
8053347a e869c9fdff call nt!InbvDisplayString (8050fde8)
8053347f 56 push esi
80533480 687f000040 push 0x4000007f
80533485 e853eafdff call nt!KeGetBugMessageText (80511edd)
8053348a 6816395380 push 0x80533916
8053348f e854c9fdff call nt!InbvDisplayString (8050fde8)
80533494 393500a55580 cmp [nt!KiBugCheckDriver (8055a500)],esi
8053349a 743f jz nt!KeBugCheck2+0x691 (805334db)
nt!KeBugCheck2+0x652:
8053349c 56 push esi
8053349d 6880000040 push 0x40000080
805334a2 e836eafdff call nt!KeGetBugMessageText (80511edd)
805334a7 6a67 push 0x67
805334a9 8d8530ffffff lea eax,[ebp-0xd0]
805334af 50 push eax
805334b0 ff3500a55580 push dword ptr [nt!KiBugCheckDriver (8055a500)]
805334b6 e8d4f3ffff call nt!KeBugCheckUnicodeToAnsi (8053288f)
805334bb 681a395380 push 0x8053391a
805334c0 e823c9fdff call nt!InbvDisplayString (8050fde8)
805334c5 8d8530ffffff lea eax,[ebp-0xd0]
805334cb 50 push eax
805334cc e817c9fdff call nt!InbvDisplayString (8050fde8)
805334d1 681e395380 push 0x8053391e
805334d6 e80dc9fdff call nt!InbvDisplayString (8050fde8)
nt!KeBugCheck2+0x691:
805334db 81bd50fcffff82000040 cmp dword ptr [ebp-0x3b0],0x40000082
805334e5 7516 jnz nt!KeBugCheck2+0x6b3 (805334fd)
nt!KeBugCheck2+0x69d:
805334e7 56 push esi
805334e8 ff3520a55580 push dword ptr [nt!KiBugCheckData (8055a520)]
805334ee e8eae9fdff call nt!KeGetBugMessageText (80511edd)
805334f3 6822395380 push 0x80533922
805334f8 e8ebc8fdff call nt!InbvDisplayString (8050fde8)
nt!KeBugCheck2+0x6b3:
805334fd 56 push esi
805334fe 6881000040 push 0x40000081
80533503 e8d5e9fdff call nt!KeGetBugMessageText (80511edd)
80533508 6826395380 push 0x80533926
8053350d e8d6c8fdff call nt!InbvDisplayString (8050fde8)
80533512 56 push esi
80533513 ffb550fcffff push dword ptr [ebp-0x3b0]
80533519 e8bfe9fdff call nt!KeGetBugMessageText (80511edd)
8053351e 682a395380 push 0x8053392a
80533523 e8c0c8fdff call nt!InbvDisplayString (8050fde8)
80533528 56 push esi
80533529 6883000040 push 0x40000083
8053352e e8aae9fdff call nt!KeGetBugMessageText (80511edd)
80533533 ff3530a55580 push dword ptr [nt!KiBugCheckData+0x10 (8055a530)]
80533539 8d8530ffffff lea eax,[ebp-0xd0]
8053353f ff352ca55580 push dword ptr [nt!KiBugCheckData+0xc (8055a52c)]
80533545 ff3528a55580 push dword ptr [nt!KiBugCheckData+0x8 (8055a528)]
8053354b ff3524a55580 push dword ptr [nt!KiBugCheckData+0x4 (8055a524)]
80533551 ff3520a55580 push dword ptr [nt!KiBugCheckData (8055a520)]
80533557 682e395380 push 0x8053392e
8053355c 50 push eax
8053355d e8cb80fdff call nt!sprintf (8050b62d)
80533562 83c41c add esp,0x1c
80533565 8d8530ffffff lea eax,[ebp-0xd0]
8053356b 50 push eax
8053356c e877c8fdff call nt!InbvDisplayString (8050fde8)
80533571 393500a55580 cmp [nt!KiBugCheckDriver (8055a500)],esi
80533577 7411 jz nt!KeBugCheck2+0x740 (8053358a)
nt!KeBugCheck2+0x72f:
80533579 8d4598 lea eax,[ebp-0x68]
8053357c 50 push eax
8053357d e866c8fdff call nt!InbvDisplayString (8050fde8)
80533582 393500a55580 cmp [nt!KiBugCheckDriver (8055a500)],esi
80533588 753d jnz nt!KeBugCheck2+0x77d (805335c7)
nt!KeBugCheck2+0x740:
8053358a 688f285380 push 0x8053288f
8053358f 6a04 push 0x4
80533591 6824a55580 push 0x8055a524
80533596 8d4598 lea eax,[ebp-0x68]
80533599 50 push eax
8053359a e88af4ffff call nt!KiDumpParameterImages (80532a29)
8053359f eb26 jmp nt!KeBugCheck2+0x77d (805335c7)
nt!KeBugCheck2+0x757:
805335a1 39b548fcffff cmp [ebp-0x3b8],esi
805335a7 740b jz nt!KeBugCheck2+0x76a (805335b4)
nt!KeBugCheck2+0x75f:
805335a9 ffb548fcffff push dword ptr [ebp-0x3b8]
805335af e834c8fdff call nt!InbvDisplayString (8050fde8)
nt!KeBugCheck2+0x76a:
805335b4 39b54cfcffff cmp [ebp-0x3b4],esi
805335ba 740b jz nt!KeBugCheck2+0x77d (805335c7)
nt!KeBugCheck2+0x772:
805335bc ffb54cfcffff push dword ptr [ebp-0x3b4]
805335c2 e821c8fdff call nt!InbvDisplayString (8050fde8)
nt!KeBugCheck2+0x77d:
805335c7 e88bf7ffff call nt!KiInvokeBugCheckEntryCallbacks (80532d57)
805335cc 803dc130558000 cmp byte ptr [nt!KdDebuggerEnabled (805530c1)],0x0
805335d3 7512 jnz nt!KeBugCheck2+0x79d (805335e7)
nt!KeBugCheck2+0x78b:
805335d5 803d7ccb548000 cmp byte ptr [nt!KdPitchDebugger (8054cb7c)],0x0
805335dc 7509 jnz nt!KeBugCheck2+0x79d (805335e7)
nt!KeBugCheck2+0x794:
805335de 56 push esi
805335df 56 push esi
805335e0 e8a3761400 call nt!KdInitSystem (8067ac88)
805335e5 eb0a jmp nt!KeBugCheck2+0x7a7 (805335f1)
nt!KeBugCheck2+0x79d:
805335e7 685a395380 push 0x8053395a
805335ec e8f7c7fdff call nt!InbvDisplayString (8050fde8)
nt!KeBugCheck2+0x7a7:
805335f1 3ea120f0dfff mov eax,ds:[ffdff020]
805335f7 bbb3000000 mov ebx,0xb3
805335fc 8d781c lea edi,[eax+0x1c]
805335ff 8bcb mov ecx,ebx
80533601 8db564fcffff lea esi,[ebp-0x39c]
80533607 f3a5 rep movsd
80533609 e88eb4ffff call nt!IoIsTriageDumpEnabled (8052ea9c)
8053360e 84c0 test al,al
80533610 0f8426020000 je nt!KeBugCheck2+0x9f2 (8053383c)
nt!KeBugCheck2+0x7cc:
80533616 83bd58fcffff00 cmp dword ptr [ebp-0x3a8],0x0
8053361d 7423 jz nt!KeBugCheck2+0x7f8 (80533642)
nt!KeBugCheck2+0x7d5:
8053361f 8d8564fcffff lea eax,[ebp-0x39c]
80533625 50 push eax
80533626 6a00 push 0x0
80533628 ffb558fcffff push dword ptr [ebp-0x3a8]
8053362e c78564fcffff07000100 mov dword ptr [ebp-0x39c],0x10007
80533638 e8d22efbff call nt!KeContextFromKframes (804e650f)
8053363d e94c010000 jmp nt!KeBugCheck2+0x944 (8053378e)
nt!KeBugCheck2+0x7f8:
80533642 8b4508 mov eax,[ebp+0x8]
80533645 83e87e sub eax,0x7e
80533648 0f842c010000 je nt!KeBugCheck2+0x930 (8053377a)
nt!KeBugCheck2+0x804:
8053364e 48 dec eax
8053364f 7453 jz nt!KeBugCheck2+0x85a (805336a4)
nt!KeBugCheck2+0x807:
80533651 83e86b sub eax,0x6b
80533654 0f853b010000 jne nt!KeBugCheck2+0x94b (80533795)
nt!KeBugCheck2+0x810:
8053365a 8b8544fcffff mov eax,[ebp-0x3bc]
80533660 80782d02 cmp byte ptr [eax+0x2d],0x2
80533664 898540fcffff mov [ebp-0x3c0],eax
8053366a 7516 jnz nt!KeBugCheck2+0x838 (80533682)
nt!KeBugCheck2+0x822:
8053366c 0fb6802b010000 movzx eax,byte ptr [eax+0x12b]
80533673 8b3485209a5580 mov esi,[nt!KiProcessorBlock (80559a20)+eax*4]
8053367a 83c61c add esi,0x1c
8053367d e902010000 jmp nt!KeBugCheck2+0x93a (80533784)
nt!KeBugCheck2+0x838:
80533682 8b4028 mov eax,[eax+0x28]
80533685 8d480c lea ecx,[eax+0xc]
80533688 898d28fdffff mov [ebp-0x2d8],ecx
8053368e 8b09 mov ecx,[ecx]
80533690 898d18fdffff mov [ebp-0x2e8],ecx
80533696 8b4008 mov eax,[eax+0x8]
80533699 89851cfdffff mov [ebp-0x2e4],eax
8053369f e9ea000000 jmp nt!KeBugCheck2+0x944 (8053378e)
nt!KeBugCheck2+0x85a:
805336a4 83bd44fcffff08 cmp dword ptr [ebp-0x3bc],0x8
805336ab 0f85e4000000 jne nt!KeBugCheck2+0x94b (80533795)
nt!KeBugCheck2+0x867:
805336b1 8b8538fcffff mov eax,[ebp-0x3c8]
805336b7 85c0 test eax,eax
805336b9 0f84cf000000 je nt!KeBugCheck2+0x944 (8053378e)
nt!KeBugCheck2+0x875:
805336bf 8b4824 mov ecx,[eax+0x24]
805336c2 f7c100000200 test ecx,0x20000
805336c8 740c jz nt!KeBugCheck2+0x88c (805336d6)
nt!KeBugCheck2+0x880:
805336ca 0fb75050 movzx edx,word ptr [eax+0x50]
nt!KeBugCheck2+0x884:
805336ce 89952cfdffff mov [ebp-0x2d4],edx
805336d4 eb19 jmp nt!KeBugCheck2+0x8a5 (805336ef)
nt!KeBugCheck2+0x88c:
805336d6 f6404c01 test byte ptr [eax+0x4c],0x1
805336da 7409 jz nt!KeBugCheck2+0x89b (805336e5)
nt!KeBugCheck2+0x892:
805336dc 0fb75050 movzx edx,word ptr [eax+0x50]
805336e0 83ca03 or edx,0x3
805336e3 ebe9 jmp nt!KeBugCheck2+0x884 (805336ce)
nt!KeBugCheck2+0x89b:
805336e5 c7852cfdffff10000000 mov dword ptr [ebp-0x2d4],0x10
nt!KeBugCheck2+0x8a5:
805336ef 0fb7505c movzx edx,word ptr [eax+0x5c]
805336f3 8995f0fcffff mov [ebp-0x310],edx
805336f9 0fb75058 movzx edx,word ptr [eax+0x58]
805336fd 8995f4fcffff mov [ebp-0x30c],edx
80533703 0fb75048 movzx edx,word ptr [eax+0x48]
80533707 8995f8fcffff mov [ebp-0x308],edx
8053370d 0fb75054 movzx edx,word ptr [eax+0x54]
80533711 8995fcfcffff mov [ebp-0x304],edx
80533717 0fb7504c movzx edx,word ptr [eax+0x4c]
8053371b 899520fdffff mov [ebp-0x2e0],edx
80533721 8b5038 mov edx,[eax+0x38]
80533724 899528fdffff mov [ebp-0x2d8],edx
8053372a 8b5020 mov edx,[eax+0x20]
8053372d 89951cfdffff mov [ebp-0x2e4],edx
80533733 8b503c mov edx,[eax+0x3c]
80533736 899518fdffff mov [ebp-0x2e8],edx
8053373c 8b5028 mov edx,[eax+0x28]
8053373f 899514fdffff mov [ebp-0x2ec],edx
80533745 8b5034 mov edx,[eax+0x34]
80533748 899508fdffff mov [ebp-0x2f8],edx
8053374e 8b502c mov edx,[eax+0x2c]
80533751 899510fdffff mov [ebp-0x2f0],edx
80533757 8b5030 mov edx,[eax+0x30]
8053375a 89950cfdffff mov [ebp-0x2f4],edx
80533760 8b5044 mov edx,[eax+0x44]
80533763 8b4040 mov eax,[eax+0x40]
80533766 899500fdffff mov [ebp-0x300],edx
8053376c 898504fdffff mov [ebp-0x2fc],eax
80533772 898d24fdffff mov [ebp-0x2dc],ecx
80533778 eb14 jmp nt!KeBugCheck2+0x944 (8053378e)
nt!KeBugCheck2+0x930:
8053377a 8bb53cfcffff mov esi,[ebp-0x3c4]
80533780 85f6 test esi,esi
80533782 7411 jz nt!KeBugCheck2+0x94b (80533795)
nt!KeBugCheck2+0x93a:
80533784 8dbd64fcffff lea edi,[ebp-0x39c]
8053378a 8bcb mov ecx,ebx
8053378c f3a5 rep movsd
nt!KeBugCheck2+0x944:
8053378e 800d23a5558010 or byte ptr [nt!KiBugCheckData+0x3 (8055a523)],0x10
nt!KeBugCheck2+0x94b:
80533795 a124a55580 mov eax,[nt!KiBugCheckData+0x4 (8055a524)]
8053379a bf00100000 mov edi,0x1000
8053379f be00f0ffff mov esi,0xfffff000
805337a4 57 push edi
805337a5 23c6 and eax,esi
805337a7 50 push eax
805337a8 e806b2ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
805337ad a128a55580 mov eax,[nt!KiBugCheckData+0x8 (8055a528)]
805337b2 57 push edi
805337b3 23c6 and eax,esi
805337b5 50 push eax
805337b6 e8f8b1ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
805337bb a12ca55580 mov eax,[nt!KiBugCheckData+0xc (8055a52c)]
805337c0 57 push edi
805337c1 23c6 and eax,esi
805337c3 50 push eax
805337c4 e8eab1ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
805337c9 a130a55580 mov eax,[nt!KiBugCheckData+0x10 (8055a530)]
805337ce 57 push edi
805337cf 23c6 and eax,esi
805337d1 50 push eax
805337d2 e8dcb1ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
805337d7 a120a55580 mov eax,[nt!KiBugCheckData (8055a520)]
805337dc 25ffffffef and eax,0xefffffff
805337e1 3dcd000000 cmp eax,0xcd
805337e6 741d jz nt!KeBugCheck2+0x9bb (80533805)
nt!KeBugCheck2+0x99e:
805337e8 3dd6000000 cmp eax,0xd6
805337ed 7416 jz nt!KeBugCheck2+0x9bb (80533805)
nt!KeBugCheck2+0x9a5:
805337ef 3dd1000000 cmp eax,0xd1
805337f4 7522 jnz nt!KeBugCheck2+0x9ce (80533818)
nt!KeBugCheck2+0x9ac:
805337f6 ff3524a55580 push dword ptr [nt!KiBugCheckData+0x4 (8055a524)]
805337fc e87a6b0000 call nt!MmIsSpecialPoolAddress (8053a37b)
80533801 85c0 test eax,eax
80533803 7413 jz nt!KeBugCheck2+0x9ce (80533818)
nt!KeBugCheck2+0x9bb:
80533805 a124a55580 mov eax,[nt!KiBugCheckData+0x4 (8055a524)]
8053380a 0500f0ffff add eax,0xfffff000
8053380f 23c6 and eax,esi
80533811 57 push edi
80533812 50 push eax
80533813 e89bb1ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
nt!KeBugCheck2+0x9ce:
80533818 3ea120f0dfff mov eax,ds:[ffdff020]
8053381e 83b87408000000 cmp dword ptr [eax+0x874],0x0
80533825 7415 jz nt!KeBugCheck2+0x9f2 (8053383c)
nt!KeBugCheck2+0x9dd:
80533827 3ea120f0dfff mov eax,ds:[ffdff020]
8053382d 8b8074080000 mov eax,[eax+0x874]
80533833 57 push edi
80533834 23c6 and eax,esi
80533836 50 push eax
80533837 e877b1ffff call nt!IoAddTriageDumpDataBlock (8052e9b3)
nt!KeBugCheck2+0x9f2:
8053383c 8d8563fcffff lea eax,[ebp-0x39d]
80533842 50 push eax
80533843 ffb540fcffff push dword ptr [ebp-0x3c0]
80533849 8d8564fcffff lea eax,[ebp-0x39c]
8053384f 50 push eax
80533850 ff3530a55580 push dword ptr [nt!KiBugCheckData+0x10 (8055a530)]
80533856 ff352ca55580 push dword ptr [nt!KiBugCheckData+0xc (8055a52c)]
8053385c ff3528a55580 push dword ptr [nt!KiBugCheckData+0x8 (8055a528)]
80533862 ff3524a55580 push dword ptr [nt!KiBugCheckData+0x4 (8055a524)]
80533868 ff3520a55580 push dword ptr [nt!KiBugCheckData (8055a520)]
8053386e e813cbffff call nt!IoWriteCrashDump (80530386)
80533873 33f6 xor esi,esi
80533875 e8b1f3ffff call nt!KiScanBugCheckCallbackList (80532c2b)
nt!KeBugCheck2+0xa2b:
80533875 e8b1f3ffff call nt!KiScanBugCheckCallbackList (80532c2b)
nt!KeBugCheck2+0xa30:
8053387a 80bd63fcffff00 cmp byte ptr [ebp-0x39d],0x0
80533881 7411 jz nt!KeBugCheck2+0xa4a (80533894)
nt!KeBugCheck2+0xa39:
80533883 56 push esi
80533884 6aff push 0xff
80533886 56 push esi
80533887 e83cb8fdff call nt!DbgUnLoadImageSymbols (8050f0c8)
8053388c 6a03 push 0x3
8053388e ff15ac754d80 call dword ptr [nt!_imp__HalReturnToFirmware (804d75ac)]
nt!KeBugCheck2+0xa4a:
80533894 6a04 push 0x4
80533896 e833f0ffff call nt!KiBugCheckDebugBreak (805328ce)
8053389b 8b4dfc mov ecx,[ebp-0x4]
8053389e 5f pop edi
8053389f 5e pop esi
805338a0 5b pop ebx
805338a1 e84b10fbff call nt!xKdCheckPowerButton (804e48f1)
805338a6 c9 leave
805338a7 c21800 ret 0x18