| Id: | AVR:Free 484.a53 |
| Description: | Access violation while reading freed memory at 0xE8990B3F50 |
| Location: | microsoftedgecp.exe!edgehtml.dll!CTreePosGap::PartitionPointers |
| Security impact: | Potentially exploitable security issue |
- EDGEHTML.dll!CTreePosGap::PartitionPointers + 0x68 (484 in id)
- EDGEHTML.dll!CSpliceTreeEngine::Init + 0x290 (a53 in id)
- EDGEHTML.dll!Tree::TreeWriter::SpliceTreeInternal + 0xCF
- EDGEHTML.dll!Tree::TreeWriter::CutCopyMoveLegacy + 0x4E0
- EDGEHTML.dll!Tree::TreeWriter::MoveNodeLegacy + 0x193
- EDGEHTML.dll!Tree::TreeWriter::InsertBefore + 0x7D
- EDGEHTML.dll!CElement::InsertBeforeHelper + 0x129
- EDGEHTML.dll!CElement::InsertBeforeHelper + 0x10D
- EDGEHTML.dll!CElement::Var_insertBefore + 0x68
- EDGEHTML.dll!CFastDOM::CNode::Trampoline_insertBefore + 0x93
- chakra.dll!amd64_CallFunction + 0x93
- chakra.dll!Js::JavascriptExternalFunction::ExternalFunctionThunk + 0x172
- chakra.dll!amd64_CallFunction + 0x93
- chakra.dll!Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > > > + 0xC8
- chakra.dll!Js::InterpreterStackFrame::OP_ProfiledCallIWithICIndex<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > > + 0xA2
- chakra.dll!Js::InterpreterStackFrame::ProcessProfiled + 0x21F
- chakra.dll!Js::InterpreterStackFrame::Process + 0xD2
- chakra.dll!Js::InterpreterStackFrame::InterpreterHelper + 0x368
- chakra.dll!Js::InterpreterStackFrame::InterpreterThunk + 0x55
- 0xE8A1410FC2
- chakra.dll!amd64_CallFunction + 0x93
- chakra.dll!Js::JavascriptFunction::CallFunction<1> + 0x83
- chakra.dll!Js::JavascriptFunction::CallRootFunctionInternal + 0x11A
- chakra.dll!Js::JavascriptFunction::CallRootFunction + 0x33
- chakra.dll!ScriptSite::CallRootFunction + 0xAA
- chakra.dll!ScriptSite::Execute + 0x134
- chakra.dll!ScriptEngineBase::Execute + 0xCC
- EDGEHTML.dll!CListenerDispatch::InvokeVar + 0x264
- EDGEHTML.dll!CListenerDispatch::Invoke + 0x92
- EDGEHTML.dll!CEventMgr::_InvokeListeners + 0x39C
- EDGEHTML.dll!CEventMgr::_InvokeListenersOnWindow + 0x5D
- EDGEHTML.dll!CEventMgr::Dispatch + 0x357
- EDGEHTML.dll!CEventMgr::DispatchEvent + 0x6A
- EDGEHTML.dll!COmWindowProxy::Fire_onload + 0x13C
- EDGEHTML.dll!CMarkup::OnLoadStatusDone + 0x3BA
- EDGEHTML.dll!CMarkup::OnLoadStatus + 0xE5
- EDGEHTML.dll!CProgSink::DoUpdate + 0x380
- EDGEHTML.dll!GlobalWndOnMethodCall + 0x2BD
- EDGEHTML.dll!GlobalWndProc + 0x108
- USER32.dll!UserCallWinProcCheckWow + 0x1FC
- USER32.dll!DispatchMessageWorker + 0x1A7
- EMODEL.dll!CTabWindow::_TabWindowThreadProc + 0x5B8
- EMODEL.dll!LCIETab_ThreadProc + 0x2BB
- iertutil.dll!_IsoThreadProc_WrapperToReleaseScope + 0x1F
- KERNEL32.DLL!BaseThreadInitThunk + 0x22
- ntdll.dll!RtlUserThreadStart + 0x34
address 000000e8990b3f50 found in
_DPH_HEAP_ROOT @ e899001000
in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)
e899002208: e8990b3000 2000
00007ffa23bacc13 ntdll!RtlDebugFreeHeap+0x0000000000000047
00007ffa23b653d9 ntdll!RtlpFreeHeap+0x0000000000079519
00007ffa23aeaa16 ntdll!RtlFreeHeap+0x0000000000000106
00007ffa1089366c EDGEHTML!MemoryProtection::HeapFree+0x00000000003736dc
00007ffa105e5807 EDGEHTML!CTreeNode::NodeRelease+0x0000000000000057
00007ffa10ec66d6 EDGEHTML!Tree::TreeWriter::UnwrapInternal+0x000000000000002e
00007ffa1064939f EDGEHTML!Tree::TreeWriter::Unwrap+0x0000000000000133
00007ffa105e38ea EDGEHTML!CTreePosGap::PartitionPointers+0x000000000000040a
00007ffa105e320a EDGEHTML!CSpliceTreeEngine::Init+0x000000000000017a
00007ffa105e5c0f EDGEHTML!Tree::TreeWriter::SpliceTreeInternal+0x00000000000000cf
00007ffa105e03b0 EDGEHTML!Tree::TreeWriter::CutCopyMoveLegacy+0x00000000000004e0
00007ffa105dd7a3 EDGEHTML!Tree::TreeWriter::MoveNodeLegacy+0x0000000000000193
00007ffa1075b899 EDGEHTML!Tree::TreeWriter::InsertBefore+0x000000000000007d
00007ffa10680c69 EDGEHTML!CElement::InsertBeforeHelper+0x0000000000000129
00007ffa1068053d EDGEHTML!CElement::InsertBeforeHelper+0x000000000000010d
00007ffa1074c6b8 EDGEHTML!CElement::Var_insertBefore+0x0000000000000068
00007ffa1074c623 EDGEHTML!CFastDOM::CNode::Trampoline_insertBefore+0x0000000000000093
00007ffa0fe3c703 chakra!amd64_CallFunction+0x0000000000000093
00007ffa0fc68e72 chakra!Js::JavascriptExternalFunction::ExternalFunctionThunk+0x0000000000000172
00007ffa0fe3c703 chakra!amd64_CallFunction+0x0000000000000093
00007ffa0fc6d208 chakra!Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > > >+0x00000000000000c8
00007ffa0fc71632 chakra!Js::InterpreterStackFrame::OP_ProfiledCallIWithICIndex<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > >+0x00000000000000a2
00007ffa0fc74f9f chakra!Js::InterpreterStackFrame::ProcessProfiled+0x000000000000021f
00007ffa0fc72fc2 chakra!Js::InterpreterStackFrame::Process+0x00000000000000d2
00007ffa0fdb7be8 chakra!Js::InterpreterStackFrame::InterpreterHelper+0x0000000000000368
00007ffa0fdb7875 chakra!Js::InterpreterStackFrame::InterpreterThunk+0x0000000000000055
000000e8a1410fc2 +0x000000e8a1410fc2
00007ffa`105e3513 8b40c0 mov eax,dword ptr [rax-40h]
00007ffa`105e3516 2502ffffff and eax,0FFFFFF02h
00007ffa`105e351b c6411001 mov byte ptr [rcx+10h],1
00007ffa`105e351f 0fb64911 movzx ecx,byte ptr [rcx+11h]
00007ffa`105e3523 83c802 or eax,2
00007ffa`105e3526 44896c2420 mov dword ptr [rsp+20h],r13d
00007ffa`105e352b 89442438 mov dword ptr [rsp+38h],eax
00007ffa`105e352f 80f901 cmp cl,1
00007ffa`105e3532 7429 je EDGEHTML!CTreePosGap::PartitionPointers+0x7d (00007ffa`105e355d)
00007ffa`105e3534 488b4308 mov rax,qword ptr [rbx+8]
00007ffa`105e3538 4885c0 test rax,rax
00007ffa`105e353b 7420 je EDGEHTML!CTreePosGap::PartitionPointers+0x7d (00007ffa`105e355d)
00007ffa`105e353d 84c9 test cl,cl
00007ffa`105e353f 0f85cfc33500 jne EDGEHTML!CTreePosGap::PartitionPointers+0x35c434 (00007ffa`1093f914)
00007ffa`105e3545 488b13 mov rdx,qword ptr [rbx]
EDGEHTML!CTreePosGap::PartitionPointers+0x68:
00007ffa`105e3548 4c8b4818 mov r9,qword ptr [rax+18h] ⇐ instruction pointer
00007ffa`105e354c 4885d2 test rdx,rdx
00007ffa`105e354f 0f85d7c33500 jne EDGEHTML!CTreePosGap::PartitionPointers+0x35c44c (00007ffa`1093f92c)
00007ffa`105e3555 4c894b08 mov qword ptr [rbx+8],r9
00007ffa`105e3559 c6431101 mov byte ptr [rbx+11h],1
00007ffa`105e355d 488b4b08 mov rcx,qword ptr [rbx+8]
00007ffa`105e3561 8b01 mov eax,dword ptr [rcx]
00007ffa`105e3563 a808 test al,8
00007ffa`105e3565 0f8528020000 jne EDGEHTML!CTreePosGap::PartitionPointers+0x2b3 (00007ffa`105e3793)
00007ffa`105e356b 0fbae008 bt eax,8
00007ffa`105e356f 0f821e020000 jb EDGEHTML!CTreePosGap::PartitionPointers+0x2b3 (00007ffa`105e3793)
00007ffa`105e3575 a804 test al,4
00007ffa`105e3577 0f85fb010000 jne EDGEHTML!CTreePosGap::PartitionPointers+0x298 (00007ffa`105e3778)
00007ffa`105e357d 807b1100 cmp byte ptr [rbx+11h],0
00007ffa`105e3581 c6431002 mov byte ptr [rbx+10h],2
rax=000000e8990b3f38 rbx=000000e89adbb960 rcx=0000000000000000
rdx=0000000000000000 rsi=00007ffa10620a50 rdi=000000e89adbb948
rip=00007ffa105e3548 rsp=000000e89adbb550 rbp=0000000000000001
r8=0000000000000001 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=00007ffa10620a50 r13=0000000000000000
r14=000000e89adbb960 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=0 0 0 0
xmm1=4.59093e-041 1.96413e-029 4.59093e-041 1.96536e-029
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTreePosGap::PartitionPointers+0x68:
00007ffa`105e3548 4c8b4818 mov r9,qword ptr [rax+18h] ds:000000e8`990b3f50=????????????????
000000e8`990b3ed0 ????????`????????
000000e8`990b3ed8 ????????`????????
000000e8`990b3ee0 ????????`????????
000000e8`990b3ee8 ????????`????????
000000e8`990b3ef0 ????????`????????
000000e8`990b3ef8 ????????`????????
000000e8`990b3f00 ????????`????????
000000e8`990b3f08 ????????`????????
000000e8`990b3f10 ????????`????????
000000e8`990b3f18 ????????`????????
000000e8`990b3f20 ????????`????????
000000e8`990b3f28 ????????`????????
000000e8`990b3f30 ????????`????????
000000e8`990b3f38 ????????`????????
000000e8`990b3f40 ????????`????????
000000e8`990b3f48 ????????`????????
000000e8`990b3f50 ????????`????????
000000e8`990b3f58 ????????`????????
000000e8`990b3f60 ????????`????????
000000e8`990b3f68 ????????`????????
000000e8`990b3f70 ????????`????????
000000e8`990b3f78 ????????`????????
000000e8`990b3f80 ????????`????????
000000e8`990b3f88 ????????`????????
000000e8`990b3f90 ????????`????????
000000e8`990b3f98 ????????`????????
000000e8`990b3fa0 ????????`????????
000000e8`990b3fa8 ????????`????????
000000e8`990b3fb0 ????????`????????
000000e8`990b3fb8 ????????`????????
000000e8`990b3fc0 ????????`????????
000000e8`990b3fc8 ????????`????????
Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
Image name: EDGEHTML.dll
Timestamp: Tue Feb 23 11:48:08 2016 (56CC38E8)
CheckSum: 014DD388
ImageSize: 014EF000
File version: 11.0.10240.16724
Product version: 11.0.10240.16724
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10240.16724
FileVersion: 11.00.10240.16724 (th1_st1.160222-1812)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Wed Nov 25 05:17:08 2015 (56553644)
CheckSum: 0004DF0B
ImageSize: 0004D000
File version: 11.0.10240.16603
Product version: 11.0.10240.16603
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10240.16603
FileVersion: 11.00.10240.16603 (th1_st1.151124-1750)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff6`1f320000 00007ff6`1f336000 C:\Windows\System32\RuntimeBroker.exe
ModLoad: 00007ffa`23ac0000 00007ffa`23c82000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffa`18ff0000 00007ffa`1905d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffa`213e0000 00007ffa`2148d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffa`205f0000 00007ffa`207cd000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffa`23a20000 00007ffa`23abd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffa`223c0000 00007ffa`224e6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffa`22140000 00007ffa`223bc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffa`20540000 00007ffa`2058a000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffa`20530000 00007ffa`2053f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffa`20310000 00007ffa`2037b000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffa`21ff0000 00007ffa`22131000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffa`21c60000 00007ffa`21cbb000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffa`21190000 00007ffa`21316000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffa`219f0000 00007ffa`21b3e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffa`21c20000 00007ffa`21c56000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffa`21cc0000 00007ffa`21e1c000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffa`21630000 00007ffa`216d5000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffa`1fd60000 00007ffa`1fd77000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffa`20420000 00007ffa`20448000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffa`1f9b0000 00007ffa`1f9e3000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffa`1fed0000 00007ffa`1fedb000 C:\Windows\System32\CRYPTBASE.dll
ModLoad: 00007ffa`18fc0000 00007ffa`18fe5000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffa`204f0000 00007ffa`20503000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffa`1eeb0000 00007ffa`1ef9e000 C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffa`1faa0000 00007ffa`1fabf000 C:\Windows\System32\USERENV.dll
ModLoad: 00007ffa`15580000 00007ffa`15595000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffa`1f830000 00007ffa`1f862000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffa`200b0000 00007ffa`200dc000 C:\Windows\system32\SspiCli.dll
ModLoad: 00007ffa`14060000 00007ffa`14076000 C:\Windows\SYSTEM32\capauthz.dll
ModLoad: 00007ffa`1ec40000 00007ffa`1ecb8000 C:\Windows\system32\apphelp.dll
(1058.6b8): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffa`23b553e0 cc int 3
Create process 4184 breakpoint.
0:008> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff7`c7280000 00007ff7`c728a000 C:\Windows\system32\browser_broker.exe
ModLoad: 00007ffa`23ac0000 00007ffa`23c82000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffa`18ff0000 00007ffa`1905d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffa`213e0000 00007ffa`2148d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffa`205f0000 00007ffa`207cd000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffa`23a20000 00007ffa`23abd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffa`22140000 00007ffa`223bc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffa`223c0000 00007ffa`224e6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffa`21c60000 00007ffa`21cbb000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffa`219f0000 00007ffa`21b3e000 C:\Windows\system32\user32.dll
ModLoad: 00007ffa`21190000 00007ffa`21316000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffa`21c20000 00007ffa`21c56000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffa`21cc0000 00007ffa`21e1c000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffa`20530000 00007ffa`2053f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffa`20310000 00007ffa`2037b000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffa`1edc0000 00007ffa`1ee56000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffa`1eaa0000 00007ffa`1eab8000 C:\Windows\SYSTEM32\browserbroker.dll
ModLoad: 00007ffa`20f00000 00007ffa`20fb3000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffa`21320000 00007ffa`213de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffa`20fc0000 00007ffa`21181000 C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffa`20510000 00007ffa`20521000 C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffa`1c030000 00007ffa`1c3a6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffa`21580000 00007ffa`21626000 C:\Windows\system32\advapi32.dll
ModLoad: 00007ffa`186b0000 00007ffa`18846000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffa`21740000 00007ffa`21791000 C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffa`1f730000 00007ffa`1f74c000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffa`17a90000 00007ffa`17d51000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffa`1ae30000 00007ffa`1ae66000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffa`1fed0000 00007ffa`1fedb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffa`1f910000 00007ffa`1f91a000 C:\Windows\SYSTEM32\DPAPI.DLL
ModLoad: 00007ffa`21630000 00007ffa`216d5000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffa`1fd60000 00007ffa`1fd77000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffa`20420000 00007ffa`20448000 C:\Windows\system32\bcrypt.dll
ModLoad: 00007ffa`1f9b0000 00007ffa`1f9e3000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffa`0e200000 00007ffa`0e2a8000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffa`21ff0000 00007ffa`22131000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffa`200b0000 00007ffa`200dc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffa`224f0000 00007ffa`23a12000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffa`207d0000 00007ffa`20df8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffa`20540000 00007ffa`2058a000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffa`204f0000 00007ffa`20503000 C:\Windows\system32\profapi.dll
(e44.d2c): Break instruction exception - code 80000003 (first chance)
Create process 3652 breakpoint.
1:018> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff6`6fbb0000 00007ff6`701ae000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
ModLoad: 00007ffa`23ac0000 00007ffa`23c82000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffa`18ff0000 00007ffa`1905d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffa`213e0000 00007ffa`2148d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffa`205f0000 00007ffa`207cd000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffa`1ec40000 00007ffa`1ecb8000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffa`21580000 00007ffa`21626000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffa`23a20000 00007ffa`23abd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffa`21c60000 00007ffa`21cbb000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffa`223c0000 00007ffa`224e6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffa`21ff0000 00007ffa`22131000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffa`22140000 00007ffa`223bc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffa`21190000 00007ffa`21316000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffa`219f0000 00007ffa`21b3e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffa`1d6b0000 00007ffa`1d71a000 C:\Windows\SYSTEM32\wincorlib.DLL
ModLoad: 00007ffa`21320000 00007ffa`213de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffa`21c20000 00007ffa`21c56000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffa`21cc0000 00007ffa`21e1c000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffa`20530000 00007ffa`2053f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffa`20310000 00007ffa`2037b000 C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffa`1fd60000 00007ffa`1fd77000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffa`20420000 00007ffa`20448000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffa`1c500000 00007ffa`1d4f6000 C:\Windows\System32\Windows.UI.Xaml.dll
ModLoad: 00007ffa`1c3b0000 00007ffa`1c4e1000 C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffa`1e3c0000 00007ffa`1e488000 C:\Windows\SYSTEM32\CoreMessaging.dll
ModLoad: 00007ffa`1c030000 00007ffa`1c3a6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffa`1ea10000 00007ffa`1ea76000 C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffa`20f00000 00007ffa`20fb3000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffa`1e360000 00007ffa`1e3bc000 C:\Windows\SYSTEM32\NInput.dll
ModLoad: 00007ffa`1eeb0000 00007ffa`1ef9e000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffa`1faa0000 00007ffa`1fabf000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffa`204f0000 00007ffa`20503000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffa`1f9b0000 00007ffa`1f9e3000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffa`1fed0000 00007ffa`1fedb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffa`1eac0000 00007ffa`1ead8000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffa`0db50000 00007ffa`0e0a6000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ModLoad: 00007ffa`21740000 00007ffa`21791000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffa`224f0000 00007ffa`23a12000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffa`207d0000 00007ffa`20df8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffa`20540000 00007ffa`2058a000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffa`20eb0000 00007ffa`20ef4000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffa`1f160000 00007ffa`1f1e2000 C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffa`1f120000 00007ffa`1f152000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffa`17250000 00007ffa`176ba000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffa`1edc0000 00007ffa`1ee56000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffa`1e310000 00007ffa`1e332000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffa`17790000 00007ffa`179f1000 C:\Windows\system32\CoreUIComponents.dll
ModLoad: 00007ffa`1dfc0000 00007ffa`1e05c000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffa`1e060000 00007ffa`1e303000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffa`129a0000 00007ffa`129d4000 C:\Windows\System32\Windows.ApplicationModel.dll
ModLoad: 00007ffa`1dd50000 00007ffa`1dfbe000 C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffa`0d7c0000 00007ffa`0db43000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll
ModLoad: 00007ffa`186b0000 00007ffa`18846000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffa`1b8d0000 00007ffa`1be15000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffa`1e490000 00007ffa`1e561000 C:\Windows\System32\dcomp.dll
ModLoad: 00007ffa`1d5a0000 00007ffa`1d6af000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffa`1d500000 00007ffa`1d59e000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffa`15580000 00007ffa`15595000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffa`1f830000 00007ffa`1f862000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffa`17a90000 00007ffa`17d51000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffa`200b0000 00007ffa`200dc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffa`16640000 00007ffa`16686000 C:\Windows\system32\DataExchange.dll
ModLoad: 00007ffa`1e860000 00007ffa`1e9e3000 C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffa`217a0000 00007ffa`21809000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffa`21500000 00007ffa`21508000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffa`18180000 00007ffa`18195000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffa`1d9d0000 00007ffa`1da08000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffa`1d9b0000 00007ffa`1d9bb000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffa`1b330000 00007ffa`1b406000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffa`19870000 00007ffa`198a9000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffa`197d0000 00007ffa`19862000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffa`1ae30000 00007ffa`1ae66000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffa`1fd00000 00007ffa`1fd5d000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffa`17750000 00007ffa`17762000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
ModLoad: 00007ffa`16d10000 00007ffa`16d25000 C:\Windows\system32\execmodelproxy.dll
ModLoad: 00007ffa`0f7d0000 00007ffa`0f972000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffa`19340000 00007ffa`194c6000 C:\Windows\System32\Windows.Globalization.dll
ModLoad: 00007ffa`16600000 00007ffa`1663f000 C:\Windows\System32\netprofm.dll
ModLoad: 00007ffa`16160000 00007ffa`1616e000 C:\Windows\System32\npmproxy.dll
ModLoad: 00007ffa`21490000 00007ffa`214ff000 C:\Windows\system32\coml2.dll
ModLoad: 00007ffa`1fb00000 00007ffa`1fba8000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffa`19500000 00007ffa`19759000 C:\Windows\SYSTEM32\dwrite.dll
ModLoad: 00007ffa`1eb70000 00007ffa`1eb96000 C:\Windows\SYSTEM32\SLC.dll
ModLoad: 00007ffa`1eb10000 00007ffa`1eb35000 C:\Windows\SYSTEM32\sppc.dll
ModLoad: 00007ffa`19ae0000 00007ffa`19aea000 C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffa`1a220000 00007ffa`1a288000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffa`16f30000 00007ffa`16f73000 C:\Windows\System32\execmodelclient.dll
ModLoad: 00007ffa`1a720000 00007ffa`1a792000 C:\Windows\SYSTEM32\MMDevAPI.DLL
ModLoad: 00007ffa`1ee60000 00007ffa`1ee87000 C:\Windows\SYSTEM32\DEVOBJ.dll
ModLoad: 00007ffa`13470000 00007ffa`134ca000 C:\Windows\System32\Windows.Graphics.dll
ModLoad: 00007ffa`1f1f0000 00007ffa`1f218000 C:\Windows\System32\rmclient.dll
ModLoad: 00007ffa`18fc0000 00007ffa`18fe5000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffa`11e20000 00007ffa`12140000 C:\Windows\SYSTEM32\msftedit.dll
ModLoad: 00007ffa`11df0000 00007ffa`11e1e000 C:\Windows\SYSTEM32\globinputhost.dll
ModLoad: 00007ffa`19320000 00007ffa`19338000 C:\Windows\System32\Windows.Globalization.Fontgroups.dll
ModLoad: 00007ffa`19310000 00007ffa`1931a000 C:\Windows\SYSTEM32\fontgroupsoverride.dll
ModLoad: 00007ffa`18e20000 00007ffa`18e46000 C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
ModLoad: 00007ffa`0e200000 00007ffa`0e2a8000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffa`16c40000 00007ffa`16cfa000 C:\Windows\system32\twinapi.dll
ModLoad: 00007ffa`134d0000 00007ffa`13523000 C:\Windows\System32\Windows.Storage.ApplicationData.dll
(10a0.e24): Break instruction exception - code 80000003 (first chance)
Create process 4256 breakpoint.
2:054> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff6`dfe80000 00007ff6`dfecd000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
ModLoad: 00007ffa`23ac0000 00007ffa`23c82000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffa`18ff0000 00007ffa`1905d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffa`213e0000 00007ffa`2148d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffa`205f0000 00007ffa`207cd000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffa`1ec40000 00007ffa`1ecb8000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffa`21580000 00007ffa`21626000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffa`23a20000 00007ffa`23abd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffa`21c60000 00007ffa`21cbb000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffa`223c0000 00007ffa`224e6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffa`219f0000 00007ffa`21b3e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffa`21190000 00007ffa`21316000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffa`20f00000 00007ffa`20fb3000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffa`22140000 00007ffa`223bc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffa`1c030000 00007ffa`1c3a6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffa`21c20000 00007ffa`21c56000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffa`21cc0000 00007ffa`21e1c000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffa`167e0000 00007ffa`16a54000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\Comctl32.dll
ModLoad: 00007ffa`0db50000 00007ffa`0e0a6000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ModLoad: 00007ffa`21740000 00007ffa`21791000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffa`224f0000 00007ffa`23a12000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffa`207d0000 00007ffa`20df8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffa`20530000 00007ffa`2053f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffa`20540000 00007ffa`2058a000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffa`204f0000 00007ffa`20503000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffa`21ff0000 00007ffa`22131000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffa`21320000 00007ffa`213de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffa`20eb0000 00007ffa`20ef4000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffa`1f160000 00007ffa`1f1e2000 C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffa`1f120000 00007ffa`1f152000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffa`1eac0000 00007ffa`1ead8000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffa`20310000 00007ffa`2037b000 C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffa`1edc0000 00007ffa`1ee56000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffa`1fd60000 00007ffa`1fd77000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffa`20420000 00007ffa`20448000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffa`1f9b0000 00007ffa`1f9e3000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffa`1fed0000 00007ffa`1fedb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffa`1eeb0000 00007ffa`1ef9e000 C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffa`1faa0000 00007ffa`1fabf000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffa`10330000 00007ffa`1181f000 C:\Windows\SYSTEM32\EDGEHTML.dll
ModLoad: 00007ffa`0fbf0000 00007ffa`10328000 C:\Windows\SYSTEM32\chakra.dll
ModLoad: 00007ffa`0fbb0000 00007ffa`0fbed000 C:\Windows\SYSTEM32\MLANG.dll
ModLoad: 00007ffa`1c3b0000 00007ffa`1c4e1000 C:\Windows\System32\WinTypes.dll
ModLoad: 00007ffa`17a90000 00007ffa`17d51000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffa`200b0000 00007ffa`200dc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffa`217a0000 00007ffa`21809000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffa`21500000 00007ffa`21508000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffa`18180000 00007ffa`18195000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffa`1d9d0000 00007ffa`1da08000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffa`1d9b0000 00007ffa`1d9bb000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffa`1b330000 00007ffa`1b406000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffa`15580000 00007ffa`15595000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffa`1f830000 00007ffa`1f862000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffa`1fd00000 00007ffa`1fd5d000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffa`1e310000 00007ffa`1e332000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffa`186b0000 00007ffa`18846000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffa`0f7d0000 00007ffa`0f972000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffa`19870000 00007ffa`198a9000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffa`197d0000 00007ffa`19862000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffa`1ae30000 00007ffa`1ae66000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffa`1fb00000 00007ffa`1fba8000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffa`16640000 00007ffa`16686000 C:\Windows\system32\dataexchange.dll
ModLoad: 00007ffa`1b8d0000 00007ffa`1be15000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffa`1e060000 00007ffa`1e303000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffa`1e490000 00007ffa`1e561000 C:\Windows\SYSTEM32\dcomp.dll
ModLoad: 00007ffa`1dfc0000 00007ffa`1e05c000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffa`16c40000 00007ffa`16cfa000 C:\Windows\system32\twinapi.dll
ModLoad: 00007ffa`1e360000 00007ffa`1e3bc000 C:\Windows\SYSTEM32\ninput.dll
ModLoad: 00007ffa`19500000 00007ffa`19759000 C:\Windows\SYSTEM32\DWrite.dll
ModLoad: 00007ffa`1dd50000 00007ffa`1dfbe000 C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffa`1d500000 00007ffa`1d59e000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffa`0fb90000 00007ffa`0fba0000 C:\Windows\system32\msimtf.dll
ModLoad: 00007ffa`19280000 00007ffa`19309000 C:\Windows\system32\directmanipulation.dll
ModLoad: 00007ffa`1d5a0000 00007ffa`1d6af000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffa`1ea10000 00007ffa`1ea76000 C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffa`19340000 00007ffa`194c6000 C:\Windows\SYSTEM32\windows.globalization.dll
ModLoad: 00007ffa`0e200000 00007ffa`0e2a8000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffa`1a220000 00007ffa`1a288000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffa`19ae0000 00007ffa`19aea000 C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffa`1f1f0000 00007ffa`1f218000 C:\Windows\System32\rmclient.dll
(1374.ba8): Break instruction exception - code 80000003 (first chance)
Create process 4980 breakpoint.
3:054> g
(1374.1164): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
3:064> .lastevent
Last event: 1374.1164: Access violation - code c0000005 (first chance)
debugger time: Wed Mar 16 00:49:17.041 2016 (UTC + 1:00)
3:064> |.
. 3 id: 1374 attach name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
3:064> .exr -1
ExceptionAddress: 00007ffa105e3548 (EDGEHTML!CTreePosGap::PartitionPointers+0x0000000000000068)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000e8990b3f50
Attempt to read from address 000000e8990b3f50
3:064> lm on
start end module name
00007ff6`dfe80000 00007ff6`dfecd000 microsoftedgecp microsoftedgecp.exe
00007ffa`0db50000 00007ffa`0e0a6000 EMODEL EMODEL.dll
00007ffa`0e200000 00007ffa`0e2a8000 ieproxy ieproxy.dll
00007ffa`0f7d0000 00007ffa`0f972000 ieapfltr ieapfltr.dll
00007ffa`0fb90000 00007ffa`0fba0000 msimtf msimtf.dll
00007ffa`0fbb0000 00007ffa`0fbed000 MLANG MLANG.dll
00007ffa`0fbf0000 00007ffa`10328000 chakra chakra.dll
00007ffa`10330000 00007ffa`1181f000 EDGEHTML EDGEHTML.dll
00007ffa`15580000 00007ffa`15595000 profext profext.dll
00007ffa`16640000 00007ffa`16686000 dataexchange dataexchange.dll
00007ffa`167e0000 00007ffa`16a54000 Comctl32 Comctl32.dll
00007ffa`16c40000 00007ffa`16cfa000 twinapi twinapi.dll
00007ffa`17250000 00007ffa`176ba000 ActXPrxy ActXPrxy.dll
00007ffa`17a90000 00007ffa`17d51000 WININET WININET.dll
00007ffa`18180000 00007ffa`18195000 ondemandconnroutehelper ondemandconnroutehelper.dll
00007ffa`186b0000 00007ffa`18846000 urlmon urlmon.dll
00007ffa`18ff0000 00007ffa`1905d000 verifier verifier.dll
00007ffa`19280000 00007ffa`19309000 directmanipulation directmanipulation.dll
00007ffa`19340000 00007ffa`194c6000 windows_globalization windows.globalization.dll
00007ffa`19500000 00007ffa`19759000 DWrite DWrite.dll
00007ffa`197d0000 00007ffa`19862000 msvcp110_win msvcp110_win.dll
00007ffa`19870000 00007ffa`198a9000 policymanager policymanager.dll
00007ffa`19ae0000 00007ffa`19aea000 rasadhlp rasadhlp.dll
00007ffa`1a220000 00007ffa`1a288000 fwpuclnt fwpuclnt.dll
00007ffa`1ae30000 00007ffa`1ae66000 XmlLite XmlLite.dll
00007ffa`1b330000 00007ffa`1b406000 winhttp winhttp.dll
00007ffa`1b8d0000 00007ffa`1be15000 d2d1 d2d1.dll
00007ffa`1c030000 00007ffa`1c3a6000 iertutil iertutil.dll
00007ffa`1c3b0000 00007ffa`1c4e1000 WinTypes WinTypes.dll
00007ffa`1d500000 00007ffa`1d59e000 Windows_UI Windows.UI.dll
00007ffa`1d5a0000 00007ffa`1d6af000 MrmCoreR MrmCoreR.dll
00007ffa`1d9b0000 00007ffa`1d9bb000 WINNSI WINNSI.DLL
00007ffa`1d9d0000 00007ffa`1da08000 IPHLPAPI IPHLPAPI.DLL
00007ffa`1dd50000 00007ffa`1dfbe000 d3d10warp d3d10warp.dll
00007ffa`1dfc0000 00007ffa`1e05c000 dxgi dxgi.dll
00007ffa`1e060000 00007ffa`1e303000 d3d11 d3d11.dll
00007ffa`1e310000 00007ffa`1e332000 dwmapi dwmapi.dll
00007ffa`1e360000 00007ffa`1e3bc000 ninput ninput.dll
00007ffa`1e490000 00007ffa`1e561000 dcomp dcomp.dll
00007ffa`1e860000 00007ffa`1e9e3000 PROPSYS PROPSYS.dll
00007ffa`1ea10000 00007ffa`1ea76000 Bcp47Langs Bcp47Langs.dll
00007ffa`1eac0000 00007ffa`1ead8000 EShims EShims.dll
00007ffa`1ec40000 00007ffa`1ecb8000 apphelp apphelp.dll
00007ffa`1edc0000 00007ffa`1ee56000 uxtheme uxtheme.dll
00007ffa`1eeb0000 00007ffa`1ef9e000 twinapi_appcore twinapi.appcore.dll
00007ffa`1f120000 00007ffa`1f152000 fwbase fwbase.dll
00007ffa`1f160000 00007ffa`1f1e2000 firewallapi firewallapi.dll
00007ffa`1f1f0000 00007ffa`1f218000 rmclient rmclient.dll
00007ffa`1f830000 00007ffa`1f862000 ntmarta ntmarta.dll
00007ffa`1f9b0000 00007ffa`1f9e3000 rsaenh rsaenh.dll
00007ffa`1faa0000 00007ffa`1fabf000 USERENV USERENV.dll
00007ffa`1fb00000 00007ffa`1fba8000 DNSAPI DNSAPI.dll
00007ffa`1fd00000 00007ffa`1fd5d000 mswsock mswsock.dll
00007ffa`1fd60000 00007ffa`1fd77000 cryptsp cryptsp.dll
00007ffa`1fed0000 00007ffa`1fedb000 CRYPTBASE CRYPTBASE.dll
00007ffa`200b0000 00007ffa`200dc000 SspiCli SspiCli.dll
00007ffa`20310000 00007ffa`2037b000 bcryptPrimitives bcryptPrimitives.dll
00007ffa`20420000 00007ffa`20448000 bcrypt bcrypt.dll
00007ffa`204f0000 00007ffa`20503000 profapi profapi.dll
00007ffa`20530000 00007ffa`2053f000 kernel_appcore kernel.appcore.dll
00007ffa`20540000 00007ffa`2058a000 powrprof powrprof.dll
00007ffa`205f0000 00007ffa`207cd000 KERNELBASE KERNELBASE.dll
00007ffa`207d0000 00007ffa`20df8000 windows_storage windows.storage.dll
00007ffa`20eb0000 00007ffa`20ef4000 cfgmgr32 cfgmgr32.dll
00007ffa`20f00000 00007ffa`20fb3000 shcore shcore.dll
00007ffa`21190000 00007ffa`21316000 GDI32 GDI32.dll
00007ffa`21320000 00007ffa`213de000 OLEAUT32 OLEAUT32.dll
00007ffa`213e0000 00007ffa`2148d000 KERNEL32 KERNEL32.DLL
00007ffa`21500000 00007ffa`21508000 NSI NSI.dll
00007ffa`21580000 00007ffa`21626000 ADVAPI32 ADVAPI32.dll
00007ffa`21740000 00007ffa`21791000 SHLWAPI SHLWAPI.dll
00007ffa`217a0000 00007ffa`21809000 WS2_32 WS2_32.dll
00007ffa`219f0000 00007ffa`21b3e000 USER32 USER32.dll
00007ffa`21c20000 00007ffa`21c56000 IMM32 IMM32.DLL
00007ffa`21c60000 00007ffa`21cbb000 sechost sechost.dll
00007ffa`21cc0000 00007ffa`21e1c000 MSCTF MSCTF.dll
00007ffa`21ff0000 00007ffa`22131000 ole32 ole32.dll
00007ffa`22140000 00007ffa`223bc000 combase combase.dll
00007ffa`223c0000 00007ffa`224e6000 RPCRT4 RPCRT4.dll
00007ffa`224f0000 00007ffa`23a12000 SHELL32 SHELL32.dll
00007ffa`23a20000 00007ffa`23abd000 msvcrt msvcrt.dll
00007ffa`23ac0000 00007ffa`23c82000 ntdll ntdll.dll
3:064> kn 0x64
# Child-SP RetAddr Call Site
00 000000e8`9adbb550 00007ffa`105e3320 EDGEHTML!CTreePosGap::PartitionPointers+0x68
01 000000e8`9adbb5d0 00007ffa`105e5c0f EDGEHTML!CSpliceTreeEngine::Init+0x290
02 000000e8`9adbb640 00007ffa`105e03b0 EDGEHTML!Tree::TreeWriter::SpliceTreeInternal+0xcf
03 000000e8`9adbb880 00007ffa`105dd7a3 EDGEHTML!Tree::TreeWriter::CutCopyMoveLegacy+0x4e0
04 000000e8`9adbba70 00007ffa`1075b899 EDGEHTML!Tree::TreeWriter::MoveNodeLegacy+0x193
05 000000e8`9adbbd00 00007ffa`10680c69 EDGEHTML!Tree::TreeWriter::InsertBefore+0x7d
06 000000e8`9adbbd50 00007ffa`1068053d EDGEHTML!CElement::InsertBeforeHelper+0x129
07 000000e8`9adbbea0 00007ffa`1074c6b8 EDGEHTML!CElement::InsertBeforeHelper+0x10d
08 000000e8`9adbbf60 00007ffa`1074c623 EDGEHTML!CElement::Var_insertBefore+0x68
09 000000e8`9adbbfa0 00007ffa`0fe3c703 EDGEHTML!CFastDOM::CNode::Trampoline_insertBefore+0x93
0a 000000e8`9adbc010 00007ffa`0fc68e72 chakra!amd64_CallFunction+0x93
0b 000000e8`9adbc070 00007ffa`0fe3c703 chakra!Js::JavascriptExternalFunction::ExternalFunctionThunk+0x172
0c 000000e8`9adbc110 00007ffa`0fc6d208 chakra!amd64_CallFunction+0x93
0d 000000e8`9adbc170 00007ffa`0fc71632 chakra!Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > > >+0xc8
0e 000000e8`9adbc210 00007ffa`0fc74f9f chakra!Js::InterpreterStackFrame::OP_ProfiledCallIWithICIndex<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > >+0xa2
0f 000000e8`9adbc280 00007ffa`0fc72fc2 chakra!Js::InterpreterStackFrame::ProcessProfiled+0x21f
10 000000e8`9adbc300 00007ffa`0fdb7be8 chakra!Js::InterpreterStackFrame::Process+0xd2
11 000000e8`9adbc360 00007ffa`0fdb7875 chakra!Js::InterpreterStackFrame::InterpreterHelper+0x368
12 000000e8`9adbc6b0 000000e8`a1410fc2 chakra!Js::InterpreterStackFrame::InterpreterThunk+0x55
13 000000e8`9adbc700 00007ffa`0fe3c703 0x000000e8`a1410fc2
14 000000e8`9adbc730 00007ffa`0fd6bfb3 chakra!amd64_CallFunction+0x93
15 000000e8`9adbc780 00007ffa`0fd6b6ea chakra!Js::JavascriptFunction::CallFunction<1>+0x83
16 000000e8`9adbc7e0 00007ffa`0fd6b28b chakra!Js::JavascriptFunction::CallRootFunctionInternal+0x11a
17 000000e8`9adbc8e0 00007ffa`0fd8c72a chakra!Js::JavascriptFunction::CallRootFunction+0x33
18 000000e8`9adbca80 00007ffa`0fd653c4 chakra!ScriptSite::CallRootFunction+0xaa
19 000000e8`9adbcb20 00007ffa`0fd694fc chakra!ScriptSite::Execute+0x134
1a 000000e8`9adbcbb0 00007ffa`104c6194 chakra!ScriptEngineBase::Execute+0xcc
1b 000000e8`9adbcc50 00007ffa`104c5f12 EDGEHTML!CListenerDispatch::InvokeVar+0x264
1c 000000e8`9adbcdd0 00007ffa`105ac80c EDGEHTML!CListenerDispatch::Invoke+0x92
1d 000000e8`9adbce20 00007ffa`105afbcd EDGEHTML!CEventMgr::_InvokeListeners+0x39c
1e 000000e8`9adbcf60 00007ffa`105ab7d7 EDGEHTML!CEventMgr::_InvokeListenersOnWindow+0x5d
1f 000000e8`9adbcf90 00007ffa`105af342 EDGEHTML!CEventMgr::Dispatch+0x357
20 000000e8`9adbd240 00007ffa`106cce9c EDGEHTML!CEventMgr::DispatchEvent+0x6a
21 000000e8`9adbd280 00007ffa`106bdc1e EDGEHTML!COmWindowProxy::Fire_onload+0x13c
22 000000e8`9adbd380 00007ffa`106b6d01 EDGEHTML!CMarkup::OnLoadStatusDone+0x3ba
23 000000e8`9adbd440 00007ffa`106b6620 EDGEHTML!CMarkup::OnLoadStatus+0xe5
24 000000e8`9adbd470 00007ffa`10597cdd EDGEHTML!CProgSink::DoUpdate+0x380
25 000000e8`9adbd900 00007ffa`10483fa8 EDGEHTML!GlobalWndOnMethodCall+0x2bd
26 000000e8`9adbd9b0 00007ffa`21a000dc EDGEHTML!GlobalWndProc+0x108
27 000000e8`9adbda30 00007ffa`219ffc07 USER32!UserCallWinProcCheckWow+0x1fc
28 000000e8`9adbdb20 00007ffa`0db90988 USER32!DispatchMessageWorker+0x1a7
29 000000e8`9adbdba0 00007ffa`0dbef25b EMODEL!CTabWindow::_TabWindowThreadProc+0x5b8
2a 000000e8`9adbfe00 00007ffa`1c067faf EMODEL!LCIETab_ThreadProc+0x2bb
2b 000000e8`9adbff30 00007ffa`213f2d92 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f
2c 000000e8`9adbff60 00007ffa`23ac9f64 KERNEL32!BaseThreadInitThunk+0x22
2d 000000e8`9adbff90 00000000`00000000 ntdll!RtlUserThreadStart+0x34
3:064> ~s
00007ffa`105e3548 4c8b4818 mov r9,qword ptr [rax+18h] ds:000000e8`990b3f50=????????????????
3:064> !heap -p -a 0xE8990B3F50
ReadMemory error for address 000000e093cbffe8
Use `!address 000000e093cbffe8' to check validity of the address.
ReadMemory error for address 000000e093bbffe8
Use `!address 000000e093bbffe8' to check validity of the address.
ReadMemory error for address 000000e093c6ffe8
Use `!address 000000e093c6ffe8' to check validity of the address.
ReadMemory error for address 000000e097beffe8
Use `!address 000000e097beffe8' to check validity of the address.
address 000000e8990b3f50 found in
_DPH_HEAP_ROOT @ e899001000
in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)
e899002208: e8990b3000 2000
00007ffa23bacc13 ntdll!RtlDebugFreeHeap+0x0000000000000047
00007ffa23b653d9 ntdll!RtlpFreeHeap+0x0000000000079519
00007ffa23aeaa16 ntdll!RtlFreeHeap+0x0000000000000106
00007ffa1089366c EDGEHTML!MemoryProtection::HeapFree+0x00000000003736dc
00007ffa105e5807 EDGEHTML!CTreeNode::NodeRelease+0x0000000000000057
00007ffa10ec66d6 EDGEHTML!Tree::TreeWriter::UnwrapInternal+0x000000000000002e
00007ffa1064939f EDGEHTML!Tree::TreeWriter::Unwrap+0x0000000000000133
00007ffa105e38ea EDGEHTML!CTreePosGap::PartitionPointers+0x000000000000040a
00007ffa105e320a EDGEHTML!CSpliceTreeEngine::Init+0x000000000000017a
00007ffa105e5c0f EDGEHTML!Tree::TreeWriter::SpliceTreeInternal+0x00000000000000cf
00007ffa105e03b0 EDGEHTML!Tree::TreeWriter::CutCopyMoveLegacy+0x00000000000004e0
00007ffa105dd7a3 EDGEHTML!Tree::TreeWriter::MoveNodeLegacy+0x0000000000000193
00007ffa1075b899 EDGEHTML!Tree::TreeWriter::InsertBefore+0x000000000000007d
00007ffa10680c69 EDGEHTML!CElement::InsertBeforeHelper+0x0000000000000129
00007ffa1068053d EDGEHTML!CElement::InsertBeforeHelper+0x000000000000010d
00007ffa1074c6b8 EDGEHTML!CElement::Var_insertBefore+0x0000000000000068
00007ffa1074c623 EDGEHTML!CFastDOM::CNode::Trampoline_insertBefore+0x0000000000000093
00007ffa0fe3c703 chakra!amd64_CallFunction+0x0000000000000093
00007ffa0fc68e72 chakra!Js::JavascriptExternalFunction::ExternalFunctionThunk+0x0000000000000172
00007ffa0fe3c703 chakra!amd64_CallFunction+0x0000000000000093
00007ffa0fc6d208 chakra!Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > > >+0x00000000000000c8
00007ffa0fc71632 chakra!Js::InterpreterStackFrame::OP_ProfiledCallIWithICIndex<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<0> > >+0x00000000000000a2
00007ffa0fc74f9f chakra!Js::InterpreterStackFrame::ProcessProfiled+0x000000000000021f
00007ffa0fc72fc2 chakra!Js::InterpreterStackFrame::Process+0x00000000000000d2
00007ffa0fdb7be8 chakra!Js::InterpreterStackFrame::InterpreterHelper+0x0000000000000368
00007ffa0fdb7875 chakra!Js::InterpreterStackFrame::InterpreterThunk+0x0000000000000055
000000e8a1410fc2 +0x000000e8a1410fc2
3:064> .if ($vvalid(@$scopeip - 40, 40)) { u @$scopeip - 40 @$scopeip - 1; };
EDGEHTML!CTreePosGap::PartitionPointers+0x28:
00007ffa`105e3508 78e0 js EDGEHTML!CTreePosGap::PartitionPointers+0xa (00007ffa`105e34ea)
00007ffa`105e350a f30f7f40b0 movdqu xmmword ptr [rax-50h],xmm0
00007ffa`105e350f 4c8978c8 mov qword ptr [rax-38h],r15
00007ffa`105e3513 8b40c0 mov eax,dword ptr [rax-40h]
00007ffa`105e3516 2502ffffff and eax,0FFFFFF02h
00007ffa`105e351b c6411001 mov byte ptr [rcx+10h],1
00007ffa`105e351f 0fb64911 movzx ecx,byte ptr [rcx+11h]
00007ffa`105e3523 83c802 or eax,2
00007ffa`105e3526 44896c2420 mov dword ptr [rsp+20h],r13d
00007ffa`105e352b 89442438 mov dword ptr [rsp+38h],eax
00007ffa`105e352f 80f901 cmp cl,1
00007ffa`105e3532 7429 je EDGEHTML!CTreePosGap::PartitionPointers+0x7d (00007ffa`105e355d)
00007ffa`105e3534 488b4308 mov rax,qword ptr [rbx+8]
00007ffa`105e3538 4885c0 test rax,rax
00007ffa`105e353b 7420 je EDGEHTML!CTreePosGap::PartitionPointers+0x7d (00007ffa`105e355d)
00007ffa`105e353d 84c9 test cl,cl
00007ffa`105e353f 0f85cfc33500 jne EDGEHTML!CTreePosGap::PartitionPointers+0x35c434 (00007ffa`1093f914)
00007ffa`105e3545 488b13 mov rdx,qword ptr [rbx]
3:064> .if ($vvalid(@$scopeip, 40)) { u @$scopeip @$scopeip + 39; };
EDGEHTML!CTreePosGap::PartitionPointers+0x68:
00007ffa`105e3548 4c8b4818 mov r9,qword ptr [rax+18h]
00007ffa`105e354c 4885d2 test rdx,rdx
00007ffa`105e354f 0f85d7c33500 jne EDGEHTML!CTreePosGap::PartitionPointers+0x35c44c (00007ffa`1093f92c)
00007ffa`105e3555 4c894b08 mov qword ptr [rbx+8],r9
00007ffa`105e3559 c6431101 mov byte ptr [rbx+11h],1
00007ffa`105e355d 488b4b08 mov rcx,qword ptr [rbx+8]
00007ffa`105e3561 8b01 mov eax,dword ptr [rcx]
00007ffa`105e3563 a808 test al,8
00007ffa`105e3565 0f8528020000 jne EDGEHTML!CTreePosGap::PartitionPointers+0x2b3 (00007ffa`105e3793)
00007ffa`105e356b 0fbae008 bt eax,8
00007ffa`105e356f 0f821e020000 jb EDGEHTML!CTreePosGap::PartitionPointers+0x2b3 (00007ffa`105e3793)
00007ffa`105e3575 a804 test al,4
00007ffa`105e3577 0f85fb010000 jne EDGEHTML!CTreePosGap::PartitionPointers+0x298 (00007ffa`105e3778)
00007ffa`105e357d 807b1100 cmp byte ptr [rbx+11h],0
00007ffa`105e3581 c6431002 mov byte ptr [rbx+10h],2
3:064> rM 0x7D
rax=000000e8990b3f38 rbx=000000e89adbb960 rcx=0000000000000000
rdx=0000000000000000 rsi=00007ffa10620a50 rdi=000000e89adbb948
rip=00007ffa105e3548 rsp=000000e89adbb550 rbp=0000000000000001
r8=0000000000000001 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=00007ffa10620a50 r13=0000000000000000
r14=000000e89adbb960 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=0 0 0 0
xmm1=4.59093e-041 1.96413e-029 4.59093e-041 1.96536e-029
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTreePosGap::PartitionPointers+0x68:
00007ffa`105e3548 4c8b4818 mov r9,qword ptr [rax+18h] ds:000000e8`990b3f50=????????????????
3:064> dpp @$ea - 10*$ptrsize L10;
000000e8`990b3ed0 ????????`????????
000000e8`990b3ed8 ????????`????????
000000e8`990b3ee0 ????????`????????
000000e8`990b3ee8 ????????`????????
000000e8`990b3ef0 ????????`????????
000000e8`990b3ef8 ????????`????????
000000e8`990b3f00 ????????`????????
000000e8`990b3f08 ????????`????????
000000e8`990b3f10 ????????`????????
000000e8`990b3f18 ????????`????????
000000e8`990b3f20 ????????`????????
000000e8`990b3f28 ????????`????????
000000e8`990b3f30 ????????`????????
000000e8`990b3f38 ????????`????????
000000e8`990b3f40 ????????`????????
000000e8`990b3f48 ????????`????????
3:064> dpp @$ea L10;
000000e8`990b3f50 ????????`????????
000000e8`990b3f58 ????????`????????
000000e8`990b3f60 ????????`????????
000000e8`990b3f68 ????????`????????
000000e8`990b3f70 ????????`????????
000000e8`990b3f78 ????????`????????
000000e8`990b3f80 ????????`????????
000000e8`990b3f88 ????????`????????
000000e8`990b3f90 ????????`????????
000000e8`990b3f98 ????????`????????
000000e8`990b3fa0 ????????`????????
000000e8`990b3fa8 ????????`????????
000000e8`990b3fb0 ????????`????????
000000e8`990b3fb8 ????????`????????
000000e8`990b3fc0 ????????`????????
000000e8`990b3fc8 ????????`????????
3:064> dpp @$ea2 - 10*$ptrsize L10;
Bad register error at '@$ea2 - 10*$ptrsize '
3:064> lm M *microsoftedgecp.exe
start end module name
00007ff6`dfe80000 00007ff6`dfecd000 microsoftedgecp (deferred)
3:064> lmv m *EDGEHTML
start end module name
00007ffa`10330000 00007ffa`1181f000 EDGEHTML (pdb symbols) c:\symbols\edgehtml.pdb\F9526BA119114822A01B413255AFCF0F1\edgehtml.pdb
Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
Image name: EDGEHTML.dll
Timestamp: Tue Feb 23 11:48:08 2016 (56CC38E8)
CheckSum: 014DD388
ImageSize: 014EF000
File version: 11.0.10240.16724
Product version: 11.0.10240.16724
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10240.16724
FileVersion: 11.00.10240.16724 (th1_st1.160222-1812)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.
3:064> lmv m *microsoftedgecp
start end module name
00007ff6`dfe80000 00007ff6`dfecd000 microsoftedgecp (deferred)
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Wed Nov 25 05:17:08 2015 (56553644)
CheckSum: 0004DF0B
ImageSize: 0004D000
File version: 11.0.10240.16603
Product version: 11.0.10240.16603
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10240.16603
FileVersion: 11.00.10240.16603 (th1_st1.151124-1750)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.
3:064>