Details

Id:  AVR:OOB+4*N 917.577
Description:  Access violation while reading memory at 0x1F55E205000; 0/0x0 bytes beyond a 512/0x200 byte memory block at 0x1F55E204E00
Location:  microsoftedgecp.exe!wininet.dll!CHttpHeaderParser::ParseStatusLine
Security impact:  Potentially exploitable security issue

Stack

Page heap

Page heap report for address 0x1F55E205000:

address 000001f55e205000 found in
_DPH_HEAP_ROOT @ 1f57b2a1000
in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)
1f55ec49ea0: 1f55e204e00 200 - 1f55e204000 2000
00007ffb7d674375 verifier!AVrfDebugPageHeapReAllocate+0x0000000000000175
00007ffb8c36f5c9 ntdll!RtlDebugReAllocateHeap+0x0000000000000055
00007ffb8c333941 ntdll!RtlpReAllocateHeapInternal+0x000000000008fc01
00007ffb8c2a3d21 ntdll!RtlReAllocateHeap+0x0000000000000031
00007ffb7d3ba72d WININET!ResizeBuffer+0x0000000000000059
00007ffb7d414b4d WININET!CFtpSocket::SetPort+0x000000000004d3fd
00007ffb7d3b3094 WININET!CSocket::Receive_Start+0x0000000000000148
00007ffb7d3b106d WININET!CFsm_SocketReceive::RunSM+0x000000000000002d
00007ffb7d3b08c5 WININET!CFsm::Run+0x00000000000004e5
00007ffb7d3b3469 WININET!CSocket::Receive+0x0000000000000309
00007ffb7d39a912 WININET!HTTP_REQUEST_HANDLE_OBJECT::ReceiveResponse_Fsm+0x00000000000001d2
00007ffb7d33feeb WININET!CFsm_ReceiveResponse::RunSM+0x000000000000003b
00007ffb7d3b0a5a WININET!CFsm::Run+0x000000000000067a
00007ffb7d3aff1c WININET!CFsm::RunWorkItem+0x00000000000004bc
00007ffb7d3bae68 WININET!CSocket::ReceiveCompletion+0x0000000000000098
00007ffb7d3bac52 WININET!CWxSocket::IoCompletionCallback+0x0000000000000092
00007ffb892e8d34 KERNELBASE!BasepTpIoCallback+0x0000000000000064
00007ffb8c289c6f ntdll!TppIopExecuteCallback+0x000000000000017f
00007ffb8c2abccb ntdll!TppWorkerThread+0x000000000000097b
00007ffb8c178102 KERNEL32!BaseThreadInitThunk+0x0000000000000022
00007ffb8c2dc5b4 ntdll!RtlUserThreadStart+0x0000000000000034

Disassembly

00007ffb`7d350f58 44896530 mov dword ptr [rbp+30h],r12d
00007ffb`7d350f5c 03f9 add edi,ecx
00007ffb`7d350f5e 75df jne WININET!CHttpHeaderParser::ParseStatusLine+0x14f (00007ffb`7d350f3f)
00007ffb`7d350f60 eb17 jmp WININET!CHttpHeaderParser::ParseStatusLine+0x189 (00007ffb`7d350f79)
00007ffb`7d350f62 85ff test edi,edi
00007ffb`7d350f64 7413 je WININET!CHttpHeaderParser::ParseStatusLine+0x189 (00007ffb`7d350f79)
00007ffb`7d350f66 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350f69 3c20 cmp al,20h
00007ffb`7d350f6b 0f843b040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5bc (00007ffb`7d3513ac)
00007ffb`7d350f71 3c09 cmp al,9
00007ffb`7d350f73 0f8433040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5bc (00007ffb`7d3513ac)
00007ffb`7d350f79 4c8bd1 mov r10,rcx
00007ffb`7d350f7c 85ff test edi,edi
00007ffb`7d350f7e 0f84e4af0900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350f84 48895c2470 mov qword ptr [rsp+70h],rbx
WININET!CHttpHeaderParser::ParseStatusLine+0x199:
00007ffb`7d350f89 0fb603 movzx eax,byte ptr [rbx] ⇐ instruction pointer
00007ffb`7d350f8c 3c0d cmp al,0Dh
00007ffb`7d350f8e 740f je WININET!CHttpHeaderParser::ParseStatusLine+0x1af (00007ffb`7d350f9f)
00007ffb`7d350f90 3c0a cmp al,0Ah
00007ffb`7d350f92 740b je WININET!CHttpHeaderParser::ParseStatusLine+0x1af (00007ffb`7d350f9f)
00007ffb`7d350f94 41ffc5 inc r13d
00007ffb`7d350f97 48ffc3 inc rbx
00007ffb`7d350f9a 4103fa add edi,r10d
00007ffb`7d350f9d 75ea jne WININET!CHttpHeaderParser::ParseStatusLine+0x199 (00007ffb`7d350f89)
00007ffb`7d350f9f 44896c2434 mov dword ptr [rsp+34h],r13d
00007ffb`7d350fa4 85ff test edi,edi
00007ffb`7d350fa6 0f84bcaf0900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350fac 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350faf 33c9 xor ecx,ecx
00007ffb`7d350fb1 894d4c mov dword ptr [rbp+4Ch],ecx
00007ffb`7d350fb4 4c8bc3 mov r8,rbx
00007ffb`7d350fb7 894c2430 mov dword ptr [rsp+30h],ecx
00007ffb`7d350fbb 448bc9 mov r9d,ecx

Registers

rax=0000000000000058 rbx=000001f55e205000 rcx=00000000ffffffff
rdx=000000000000002f rsi=000001f55e204ff2 rdi=00000000000001f2
rip=00007ffb7d350f89 rsp=000000e5b81ff250 rbp=000000e5b81ff350
r8=0000000000000000 r9=00000000ffffffee r10=00000000ffffffff
r11=000001f55e204ffb r12=0000000000000003 r13=0000000000000001
r14=000000e5b81ff408 r15=0000000000000008
iopl=0 nv up ei pl nz ac pe cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010213
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=3.25436e-034 2.02021e-028 1.96182e-044 1.87345e-038
xmm1=0 0 0 0
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
WININET!CHttpHeaderParser::ParseStatusLine+0x199:
00007ffb`7d350f89 0fb603 movzx eax,byte ptr [rbx] ds:000001f5`5e205000=??

Referenced memory

Memory around address 0x1F55E205000:

000001f5`5e204f80 58585858`58585858
000001f5`5e204f88 58585858`58585858
000001f5`5e204f90 58585858`58585858
000001f5`5e204f98 58585858`58585858
000001f5`5e204fa0 58585858`58585858
000001f5`5e204fa8 58585858`58585858
000001f5`5e204fb0 58585858`58585858
000001f5`5e204fb8 58585858`58585858
000001f5`5e204fc0 58585858`58585858
000001f5`5e204fc8 58585858`58585858
000001f5`5e204fd0 58585858`58585858
000001f5`5e204fd8 58585858`58585858
000001f5`5e204fe0 58585858`58585858
000001f5`5e204fe8 0a0d5858`58585858
000001f5`5e204ff0 312f5054`54480a0d
000001f5`5e204ff8 58203030`3220312e
000001f5`5e205000 ????????`???????? ⇐ referenced
000001f5`5e205008 ????????`????????
000001f5`5e205010 ????????`????????
000001f5`5e205018 ????????`????????
000001f5`5e205020 ????????`????????
000001f5`5e205028 ????????`????????
000001f5`5e205030 ????????`????????
000001f5`5e205038 ????????`????????
000001f5`5e205040 ????????`????????
000001f5`5e205048 ????????`????????
000001f5`5e205050 ????????`????????
000001f5`5e205058 ????????`????????
000001f5`5e205060 ????????`????????
000001f5`5e205068 ????????`????????
000001f5`5e205070 ????????`????????
000001f5`5e205078 ????????`????????

Binary information

WININET.dll

Loaded symbol image file: C:\Windows\SYSTEM32\WININET.dll
Image path: C:\Windows\SYSTEM32\WININET.dll
Image name: WININET.dll
Timestamp: Fri Jul 01 05:26:09 2016 (5775E2D1)
CheckSum: 002E43B9
ImageSize: 002EB000
File version: 11.0.10586.494
Product version: 11.0.10586.494
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: wininet.dll
OriginalFilename: wininet.dll
ProductVersion: 11.00.10586.494
FileVersion: 11.00.10586.494 (th2_release_sec.160630-1736)
FileDescription: Internet Extensions for Win32
LegalCopyright: � Microsoft Corporation. All rights reserved.

microsoftedgecp.exe

Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Tue Nov 24 08:05:25 2015 (56540C35)
CheckSum: 0005C253
ImageSize: 00051000
File version: 11.0.10586.20
Product version: 11.0.10586.20
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10586.20
FileVersion: 11.00.10586.20 (th2_release_sec.151123-1940)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.

Debugger IO


Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00007ff7`2e860000 00007ff7`2e877000 C:\Windows\System32\RuntimeBroker.exe
ModLoad: 00007ffb`8c280000 00007ffb`8c441000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`7d670000 00007ffb`7d6dd000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffb`8c160000 00007ffb`8c20d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffb`89290000 00007ffb`89478000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffb`8c0c0000 00007ffb`8c15d000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffb`8bfa0000 00007ffb`8c0bc000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffb`89a20000 00007ffb`89c9d000 C:\Windows\system32\combase.dll
ModLoad: 00007ffb`891b0000 00007ffb`8921a000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffb`888a0000 00007ffb`888eb000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffb`88920000 00007ffb`8892f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffb`8a650000 00007ffb`8a793000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffb`89680000 00007ffb`896db000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffb`89890000 00007ffb`89a16000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffb`8be40000 00007ffb`8bf96000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffb`8a820000 00007ffb`8a85b000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffb`8a490000 00007ffb`8a537000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffb`829e0000 00007ffb`82b9d000 C:\Windows\System32\Windows.UI.Immersive.dll
ModLoad: 00007ffb`89480000 00007ffb`89535000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffb`85f70000 00007ffb`86403000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffb`81f20000 00007ffb`82056000 C:\Windows\System32\WinTypes.dll
ModLoad: 00007ffb`873c0000 00007ffb`874c0000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffb`88730000 00007ffb`88759000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffb`71300000 00007ffb`7132b000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffb`888f0000 00007ffb`88904000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffb`87d90000 00007ffb`87dc1000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffb`88000000 00007ffb`8801f000 C:\Windows\System32\USERENV.dll
ModLoad: 00007ffb`80cb0000 00007ffb`80cc5000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffb`88520000 00007ffb`8854d000 C:\Windows\system32\SspiCli.dll
ModLoad: 00007ffb`7b130000 00007ffb`7b14b000 C:\Windows\SYSTEM32\capauthz.dll
ModLoad: 00007ffb`87180000 00007ffb`871f9000 C:\Windows\system32\apphelp.dll
(ad4.1378): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffb`8c328870 cc int 3

Create process 2772 breakpoint.

0:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00007ff7`28d50000 00007ff7`28d5a000 C:\Windows\system32\browser_broker.exe
ModLoad: 00007ffb`8c280000 00007ffb`8c441000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`7d670000 00007ffb`7d6dd000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffb`8c160000 00007ffb`8c20d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffb`89290000 00007ffb`89478000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffb`8c0c0000 00007ffb`8c15d000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffb`89a20000 00007ffb`89c9d000 C:\Windows\system32\combase.dll
ModLoad: 00007ffb`8bfa0000 00007ffb`8c0bc000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffb`891b0000 00007ffb`8921a000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffb`89680000 00007ffb`896db000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffb`8be40000 00007ffb`8bf96000 C:\Windows\system32\user32.dll
ModLoad: 00007ffb`89890000 00007ffb`89a16000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffb`8a820000 00007ffb`8a85b000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffb`88920000 00007ffb`8892f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffb`87220000 00007ffb`872b6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffb`7e830000 00007ffb`7e84c000 C:\Windows\SYSTEM32\browserbroker.dll
ModLoad: 00007ffb`89480000 00007ffb`89535000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffb`8a2a0000 00007ffb`8a361000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffb`88fe0000 00007ffb`891a8000 C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffb`88910000 00007ffb`88920000 C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffb`81b90000 00007ffb`81f14000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffb`88990000 00007ffb`88fd5000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffb`89220000 00007ffb`89263000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffb`8a3e0000 00007ffb`8a487000 C:\Windows\system32\advapi32.dll
ModLoad: 00007ffb`8a370000 00007ffb`8a3c2000 C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffb`888a0000 00007ffb`888eb000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffb`888f0000 00007ffb`88904000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffb`7c940000 00007ffb`7caf7000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffb`85970000 00007ffb`8598b000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffb`7d2f0000 00007ffb`7d5db000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffb`85850000 00007ffb`85886000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffb`87ef0000 00007ffb`87efa000 C:\Windows\SYSTEM32\DPAPI.DLL
ModLoad: 00007ffb`8a490000 00007ffb`8a537000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffb`7ab50000 00007ffb`7abfd000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffb`8a650000 00007ffb`8a793000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffb`873c0000 00007ffb`874c0000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffb`88730000 00007ffb`88759000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffb`88520000 00007ffb`8854d000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffb`8a860000 00007ffb`8bdbc000 C:\Windows\system32\SHELL32.dll
(a70.1170): Break instruction exception - code 80000003 (first chance)

Create process 2672 breakpoint.

1:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00007ff7`e5580000 00007ff7`e5c87000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
ModLoad: 00007ffb`8c280000 00007ffb`8c441000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`7d670000 00007ffb`7d6dd000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffb`8c160000 00007ffb`8c20d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffb`89290000 00007ffb`89478000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffb`87180000 00007ffb`871f9000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffb`8a3e0000 00007ffb`8a487000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffb`8c0c0000 00007ffb`8c15d000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffb`89680000 00007ffb`896db000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffb`8bfa0000 00007ffb`8c0bc000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffb`8a650000 00007ffb`8a793000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffb`89a20000 00007ffb`89c9d000 C:\Windows\system32\combase.dll
ModLoad: 00007ffb`891b0000 00007ffb`8921a000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffb`89890000 00007ffb`89a16000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffb`8be40000 00007ffb`8bf96000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffb`85330000 00007ffb`8539a000 C:\Windows\SYSTEM32\wincorlib.DLL
ModLoad: 00007ffb`8a2a0000 00007ffb`8a361000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffb`8a820000 00007ffb`8a85b000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffb`88920000 00007ffb`8892f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffb`7e980000 00007ffb`7f9b9000 C:\Windows\System32\Windows.UI.Xaml.dll
ModLoad: 00007ffb`81f20000 00007ffb`82056000 C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffb`86970000 00007ffb`86a2c000 C:\Windows\SYSTEM32\CoreMessaging.dll
ModLoad: 00007ffb`86410000 00007ffb`86477000 C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffb`81b90000 00007ffb`81f14000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffb`89480000 00007ffb`89535000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffb`88990000 00007ffb`88fd5000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffb`89220000 00007ffb`89263000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffb`8a370000 00007ffb`8a3c2000 C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffb`888a0000 00007ffb`888eb000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffb`888f0000 00007ffb`88904000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffb`873c0000 00007ffb`874c0000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffb`88730000 00007ffb`88759000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffb`7e8e0000 00007ffb`7e8fa000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffb`88000000 00007ffb`8801f000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffb`85970000 00007ffb`8598b000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffb`6b2b0000 00007ffb`6b844000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ModLoad: 00007ffb`8a860000 00007ffb`8bdbc000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffb`895f0000 00007ffb`89676000 C:\Windows\system32\firewallapi.dll
ModLoad: 00007ffb`87720000 00007ffb`87752000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffb`85f70000 00007ffb`86403000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffb`87220000 00007ffb`872b6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffb`86aa0000 00007ffb`86ac2000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffb`85d20000 00007ffb`85dc2000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffb`865d0000 00007ffb`86878000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffb`82e30000 00007ffb`8309f000 C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffb`84d50000 00007ffb`85295000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffb`86880000 00007ffb`86963000 C:\Windows\System32\dcomp.dll
ModLoad: 00007ffb`7ffe0000 00007ffb`80014000 C:\Windows\System32\Windows.ApplicationModel.dll
ModLoad: 00007ffb`676f0000 00007ffb`67bb6000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll
ModLoad: 00007ffb`7c940000 00007ffb`7caf7000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffb`83150000 00007ffb`8325e000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffb`830a0000 00007ffb`83148000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffb`802b0000 00007ffb`80539000 C:\Windows\system32\CoreUIComponents.dll
ModLoad: 00007ffb`8a140000 00007ffb`8a29a000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffb`80cb0000 00007ffb`80cc5000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffb`87d90000 00007ffb`87dc1000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffb`7d2f0000 00007ffb`7d5db000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffb`88520000 00007ffb`8854d000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffb`7d090000 00007ffb`7d09e000 C:\Windows\SYSTEM32\tokenbinding.dll
ModLoad: 00007ffb`8a0d0000 00007ffb`8a13b000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffb`7d000000 00007ffb`7d015000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffb`859b0000 00007ffb`859e8000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffb`84720000 00007ffb`847e8000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffb`88170000 00007ffb`881cc000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffb`837b0000 00007ffb`837bb000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffb`8a3d0000 00007ffb`8a3d8000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffb`81420000 00007ffb`81432000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
ModLoad: 00007ffb`7fb10000 00007ffb`7fb25000 C:\Windows\system32\execmodelproxy.dll
ModLoad: 00007ffb`701a0000 00007ffb`70352000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffb`88220000 00007ffb`88237000 C:\Windows\SYSTEM32\CRYPTSP.dll
ModLoad: 00007ffb`7f9c0000 00007ffb`7fa15000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffb`800a0000 00007ffb`80132000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffb`825f0000 00007ffb`82775000 C:\Windows\System32\Windows.Globalization.dll
ModLoad: 00007ffb`7a250000 00007ffb`7a290000 C:\Windows\System32\netprofm.dll
ModLoad: 00007ffb`7cf60000 00007ffb`7cf6e000 C:\Windows\System32\npmproxy.dll
ModLoad: 00007ffb`85990000 00007ffb`859a6000 C:\Windows\SYSTEM32\wkscli.dll
ModLoad: 00007ffb`84c60000 00007ffb`84c8e000 C:\Windows\SYSTEM32\netjoin.dll
ModLoad: 00007ffb`88380000 00007ffb`883a1000 C:\Windows\SYSTEM32\JoinUtil.dll
ModLoad: 00007ffb`8a7b0000 00007ffb`8a81f000 C:\Windows\system32\coml2.dll
ModLoad: 00007ffb`87cb0000 00007ffb`87cbc000 C:\Windows\SYSTEM32\netutils.dll
ModLoad: 00007ffb`74cb0000 00007ffb`74ce0000 C:\Windows\SYSTEM32\MDMRegistration.DLL
ModLoad: 00007ffb`88fe0000 00007ffb`891a8000 C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffb`88910000 00007ffb`88920000 C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffb`82350000 00007ffb`82368000 C:\Windows\SYSTEM32\DMCmnUtils.dll
ModLoad: 00007ffb`872c0000 00007ffb`872e7000 C:\Windows\SYSTEM32\DEVOBJ.dll
ModLoad: 00007ffb`88410000 00007ffb`88437000 C:\Windows\SYSTEM32\ncrypt.dll
ModLoad: 00007ffb`883d0000 00007ffb`8840a000 C:\Windows\SYSTEM32\NTASN1.dll
ModLoad: 00007ffb`87310000 00007ffb`873ba000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffb`87120000 00007ffb`87145000 C:\Windows\SYSTEM32\SLC.dll
ModLoad: 00007ffb`86df0000 00007ffb`86e15000 C:\Windows\SYSTEM32\sppc.dll
ModLoad: 00007ffb`7ff80000 00007ffb`7ffc4000 C:\Windows\System32\execmodelclient.dll
ModLoad: 00007ffb`7d720000 00007ffb`7d76a000 C:\Windows\system32\DataExchange.dll
ModLoad: 00007ffb`88340000 00007ffb`8834b000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffb`87620000 00007ffb`8764a000 C:\Windows\System32\rmclient.dll
ModLoad: 00007ffb`86e20000 00007ffb`86fa6000 C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffb`7c200000 00007ffb`7c20a000 C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffb`83630000 00007ffb`83697000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffb`71300000 00007ffb`7132b000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffb`82780000 00007ffb`829e0000 C:\Windows\SYSTEM32\dwrite.dll
ModLoad: 00007ffb`76d50000 00007ffb`76daf000 C:\Windows\System32\Windows.Graphics.dll
ModLoad: 00007ffb`814e0000 00007ffb`81819000 C:\Windows\SYSTEM32\msftedit.dll
ModLoad: 00007ffb`85ed0000 00007ffb`85f00000 C:\Windows\SYSTEM32\globinputhost.dll
ModLoad: 00007ffb`81a40000 00007ffb`81a9c000 C:\Windows\SYSTEM32\NInput.dll
ModLoad: 00007ffb`7a230000 00007ffb`7a248000 C:\Windows\System32\Windows.Globalization.Fontgroups.dll
ModLoad: 00007ffb`7d2b0000 00007ffb`7d2ba000 C:\Windows\SYSTEM32\fontgroupsoverride.dll
ModLoad: 00007ffb`712d0000 00007ffb`712fa000 C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
ModLoad: 00007ffb`80140000 00007ffb`801f1000 C:\Windows\system32\twinapi.dll
ModLoad: 00007ffb`82560000 00007ffb`825eb000 C:\Windows\system32\directmanipulation.dll
ModLoad: 00007ffb`85f10000 00007ffb`85f25000 C:\Windows\System32\threadpoolwinrt.dll
(be0.dc0): Break instruction exception - code 80000003 (first chance)

Create process 3040 breakpoint.

2:055> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00007ff7`936c0000 00007ff7`93711000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
ModLoad: 00007ffb`8c280000 00007ffb`8c441000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`7d670000 00007ffb`7d6dd000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffb`8c160000 00007ffb`8c20d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffb`89290000 00007ffb`89478000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffb`87180000 00007ffb`871f9000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffb`8a3e0000 00007ffb`8a487000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffb`8c0c0000 00007ffb`8c15d000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffb`89680000 00007ffb`896db000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffb`8bfa0000 00007ffb`8c0bc000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffb`8be40000 00007ffb`8bf96000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffb`89890000 00007ffb`89a16000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffb`89480000 00007ffb`89535000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffb`89a20000 00007ffb`89c9d000 C:\Windows\system32\combase.dll
ModLoad: 00007ffb`891b0000 00007ffb`8921a000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffb`88930000 00007ffb`88985000 C:\Windows\system32\WINTRUST.dll
ModLoad: 00007ffb`88910000 00007ffb`88920000 C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffb`88fe0000 00007ffb`891a8000 C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffb`81b90000 00007ffb`81f14000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffb`88990000 00007ffb`88fd5000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffb`89220000 00007ffb`89263000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffb`8a370000 00007ffb`8a3c2000 C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffb`88920000 00007ffb`8892f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffb`888a0000 00007ffb`888eb000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffb`888f0000 00007ffb`88904000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffb`8a820000 00007ffb`8a85b000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffb`6b2b0000 00007ffb`6b844000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ModLoad: 00007ffb`8a860000 00007ffb`8bdbc000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffb`8a2a0000 00007ffb`8a361000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffb`895f0000 00007ffb`89676000 C:\Windows\system32\firewallapi.dll
ModLoad: 00007ffb`88000000 00007ffb`8801f000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffb`87720000 00007ffb`87752000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffb`7e8e0000 00007ffb`7e8fa000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffb`85970000 00007ffb`8598b000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffb`8a650000 00007ffb`8a793000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffb`87220000 00007ffb`872b6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffb`80cb0000 00007ffb`80cc5000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffb`87d90000 00007ffb`87dc1000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffb`873c0000 00007ffb`874c0000 C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffb`88730000 00007ffb`88759000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffb`72e70000 00007ffb`743e6000 C:\Windows\SYSTEM32\edgehtml.dll
ModLoad: 00007ffb`88220000 00007ffb`88237000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffb`726e0000 00007ffb`72e64000 C:\Windows\SYSTEM32\chakra.dll
ModLoad: 00007ffb`76a30000 00007ffb`76a6e000 C:\Windows\SYSTEM32\MLANG.dll
ModLoad: 00007ffb`81f20000 00007ffb`82056000 C:\Windows\System32\WinTypes.dll
ModLoad: 00007ffb`7d2f0000 00007ffb`7d5db000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffb`88520000 00007ffb`8854d000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffb`7d090000 00007ffb`7d09e000 C:\Windows\SYSTEM32\tokenbinding.dll
ModLoad: 00007ffb`8a0d0000 00007ffb`8a13b000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffb`7d000000 00007ffb`7d015000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffb`859b0000 00007ffb`859e8000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffb`84720000 00007ffb`847e8000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffb`88170000 00007ffb`881cc000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffb`837b0000 00007ffb`837bb000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffb`8a3d0000 00007ffb`8a3d8000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffb`7c940000 00007ffb`7caf7000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffb`86aa0000 00007ffb`86ac2000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffb`8a140000 00007ffb`8a29a000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffb`701a0000 00007ffb`70352000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffb`7f9c0000 00007ffb`7fa15000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffb`800a0000 00007ffb`80132000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffb`87620000 00007ffb`8764a000 C:\Windows\System32\rmclient.dll
(bbc.131c): Break instruction exception - code 80000003 (first chance)

Create process 3004 breakpoint.

3:055> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00007ff6`072c0000 00007ff6`072ce000 C:\Windows\system32\ApplicationFrameHost.exe
ModLoad: 00007ffb`8c280000 00007ffb`8c441000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`7d670000 00007ffb`7d6dd000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffb`8c160000 00007ffb`8c20d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffb`89290000 00007ffb`89478000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffb`8c0c0000 00007ffb`8c15d000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffb`89a20000 00007ffb`89c9d000 C:\Windows\system32\combase.dll
ModLoad: 00007ffb`8bfa0000 00007ffb`8c0bc000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffb`891b0000 00007ffb`8921a000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffb`88920000 00007ffb`8892f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffb`8a490000 00007ffb`8a537000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffb`796e0000 00007ffb`79800000 C:\Windows\System32\ApplicationFrame.dll
ModLoad: 00007ffb`89480000 00007ffb`89535000 C:\Windows\system32\SHCORE.dll
ModLoad: 00007ffb`8a370000 00007ffb`8a3c2000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffb`89890000 00007ffb`89a16000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffb`8be40000 00007ffb`8bf96000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffb`8a2a0000 00007ffb`8a361000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffb`86e20000 00007ffb`86fa6000 C:\Windows\System32\PROPSYS.dll
ModLoad: 00007ffb`89680000 00007ffb`896db000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffb`873c0000 00007ffb`874c0000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffb`87220000 00007ffb`872b6000 C:\Windows\System32\UxTheme.dll
ModLoad: 00007ffb`872c0000 00007ffb`872e7000 C:\Windows\System32\DEVOBJ.dll
ModLoad: 00007ffb`89220000 00007ffb`89263000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffb`80140000 00007ffb`801f1000 C:\Windows\System32\TWINAPI.dll
ModLoad: 00007ffb`84d50000 00007ffb`85295000 C:\Windows\System32\d2d1.dll
ModLoad: 00007ffb`865d0000 00007ffb`86878000 C:\Windows\System32\d3d11.dll
ModLoad: 00007ffb`86880000 00007ffb`86963000 C:\Windows\System32\dcomp.dll
ModLoad: 00007ffb`86aa0000 00007ffb`86ac2000 C:\Windows\System32\dwmapi.dll
ModLoad: 00007ffb`88730000 00007ffb`88759000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffb`85d20000 00007ffb`85dc2000 C:\Windows\System32\dxgi.dll
ModLoad: 00007ffb`8a820000 00007ffb`8a85b000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffb`85f70000 00007ffb`86403000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffb`8a140000 00007ffb`8a29a000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffb`82e30000 00007ffb`8309f000 C:\Windows\system32\D3D10Warp.dll
ModLoad: 00007ffb`70040000 00007ffb`7019c000 C:\Windows\system32\UIAutomationCore.DLL
ModLoad: 00007ffb`88000000 00007ffb`8801f000 C:\Windows\system32\USERENV.dll
ModLoad: 00007ffb`888f0000 00007ffb`88904000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffb`8a860000 00007ffb`8bdbc000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffb`88990000 00007ffb`88fd5000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffb`8a3e0000 00007ffb`8a487000 C:\Windows\system32\advapi32.dll
ModLoad: 00007ffb`888a0000 00007ffb`888eb000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffb`86410000 00007ffb`86477000 C:\Windows\system32\Bcp47Langs.dll
ModLoad: 00007ffb`853e0000 00007ffb`85591000 C:\Windows\system32\windowscodecs.dll
ModLoad: 00007ffb`83150000 00007ffb`8325e000 C:\Windows\SYSTEM32\mrmcorer.dll
ModLoad: 00007ffb`81b90000 00007ffb`81f14000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffb`830a0000 00007ffb`83148000 C:\Windows\System32\Windows.UI.dll
(4c8.c64): Break instruction exception - code 80000003 (first chance)

Create process 1224 breakpoint.

4:078> g
(ad4.e28): Break instruction exception - code 80000003 (first chance)

Exception 0x80000003 in process 2772 ignored.

0:055> g
(ad4.828): Break instruction exception - code 80000003 (first chance)

Exception 0x80000003 in process 2772 ignored.

4:064> g
(be0.108c): Windows Runtime Originate Error - code 40080201 (first chance)
(be0.108c): Windows Runtime Originate Error - code 40080201 (first chance)
(be0.108c): Windows Runtime Originate Error - code 40080201 (first chance)
(bbc.1168): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.

3:086> .lastevent
Last event: bbc.1168: Access violation - code c0000005 (first chance)
debugger time: Mon Jul 25 19:57:56.751 2016 (UTC + 2:00)

3:086> lm on
start end module name
00007ff7`936c0000 00007ff7`93711000 microsoftedgecp microsoftedgecp.exe
00007ffb`6b2b0000 00007ffb`6b844000 EMODEL EMODEL.dll
00007ffb`701a0000 00007ffb`70352000 ieapfltr ieapfltr.dll
00007ffb`726e0000 00007ffb`72e64000 chakra chakra.dll
00007ffb`72e70000 00007ffb`743e6000 edgehtml edgehtml.dll
00007ffb`76a00000 00007ffb`76a21000 srpapi srpapi.dll
00007ffb`76a30000 00007ffb`76a6e000 MLANG MLANG.dll
00007ffb`7ab50000 00007ffb`7abfd000 ieproxy ieproxy.dll
00007ffb`7c050000 00007ffb`7c060000 msimtf msimtf.dll
00007ffb`7c200000 00007ffb`7c20a000 rasadhlp rasadhlp.dll
00007ffb`7c940000 00007ffb`7caf7000 urlmon urlmon.dll
00007ffb`7d000000 00007ffb`7d015000 ondemandconnroutehelper ondemandconnroutehelper.dll
00007ffb`7d090000 00007ffb`7d09e000 tokenbinding tokenbinding.dll
00007ffb`7d2f0000 00007ffb`7d5db000 WININET WININET.dll
00007ffb`7d670000 00007ffb`7d6dd000 verifier verifier.dll
00007ffb`7d720000 00007ffb`7d76a000 dataexchange dataexchange.dll
00007ffb`7e8e0000 00007ffb`7e8fa000 EShims EShims.dll
00007ffb`7f9c0000 00007ffb`7fa15000 policymanager policymanager.dll
00007ffb`800a0000 00007ffb`80132000 msvcp110_win msvcp110_win.dll
00007ffb`80140000 00007ffb`801f1000 twinapi twinapi.dll
00007ffb`80cb0000 00007ffb`80cc5000 profext profext.dll
00007ffb`81a40000 00007ffb`81a9c000 ninput ninput.dll
00007ffb`81b90000 00007ffb`81f14000 iertutil iertutil.dll
00007ffb`81f20000 00007ffb`82056000 WinTypes WinTypes.dll
00007ffb`82560000 00007ffb`825eb000 directmanipulation directmanipulation.dll
00007ffb`825f0000 00007ffb`82775000 windows_globalization windows.globalization.dll
00007ffb`82780000 00007ffb`829e0000 DWrite DWrite.dll
00007ffb`82e30000 00007ffb`8309f000 d3d10warp d3d10warp.dll
00007ffb`830a0000 00007ffb`83148000 Windows_UI Windows.UI.dll
00007ffb`83150000 00007ffb`8325e000 MrmCoreR MrmCoreR.dll
00007ffb`83630000 00007ffb`83697000 fwpuclnt fwpuclnt.dll
00007ffb`837b0000 00007ffb`837bb000 WINNSI WINNSI.DLL
00007ffb`84720000 00007ffb`847e8000 winhttp winhttp.dll
00007ffb`84d50000 00007ffb`85295000 d2d1 d2d1.dll
00007ffb`85970000 00007ffb`8598b000 MPR MPR.dll
00007ffb`859b0000 00007ffb`859e8000 IPHLPAPI IPHLPAPI.DLL
00007ffb`85d20000 00007ffb`85dc2000 dxgi dxgi.dll
00007ffb`85f70000 00007ffb`86403000 ActXPrxy ActXPrxy.dll
00007ffb`86410000 00007ffb`86477000 Bcp47Langs Bcp47Langs.dll
00007ffb`865d0000 00007ffb`86878000 d3d11 d3d11.dll
00007ffb`86880000 00007ffb`86963000 dcomp dcomp.dll
00007ffb`86aa0000 00007ffb`86ac2000 dwmapi dwmapi.dll
00007ffb`86e20000 00007ffb`86fa6000 PROPSYS PROPSYS.dll
00007ffb`87180000 00007ffb`871f9000 apphelp apphelp.dll
00007ffb`87220000 00007ffb`872b6000 uxtheme uxtheme.dll
00007ffb`87310000 00007ffb`873ba000 DNSAPI DNSAPI.dll
00007ffb`873c0000 00007ffb`874c0000 twinapi_appcore twinapi.appcore.dll
00007ffb`87620000 00007ffb`8764a000 rmclient rmclient.dll
00007ffb`87720000 00007ffb`87752000 fwbase fwbase.dll
00007ffb`87d90000 00007ffb`87dc1000 ntmarta ntmarta.dll
00007ffb`88000000 00007ffb`8801f000 USERENV USERENV.dll
00007ffb`88170000 00007ffb`881cc000 mswsock mswsock.dll
00007ffb`88220000 00007ffb`88237000 cryptsp cryptsp.dll
00007ffb`88520000 00007ffb`8854d000 SspiCli SspiCli.dll
00007ffb`88730000 00007ffb`88759000 bcrypt bcrypt.dll
00007ffb`888a0000 00007ffb`888eb000 powrprof powrprof.dll
00007ffb`888f0000 00007ffb`88904000 profapi profapi.dll
00007ffb`88910000 00007ffb`88920000 MSASN1 MSASN1.dll
00007ffb`88920000 00007ffb`8892f000 kernel_appcore kernel.appcore.dll
00007ffb`88930000 00007ffb`88985000 WINTRUST WINTRUST.dll
00007ffb`88990000 00007ffb`88fd5000 windows_storage windows.storage.dll
00007ffb`88fe0000 00007ffb`891a8000 CRYPT32 CRYPT32.dll
00007ffb`891b0000 00007ffb`8921a000 bcryptPrimitives bcryptPrimitives.dll
00007ffb`89220000 00007ffb`89263000 cfgmgr32 cfgmgr32.dll
00007ffb`89290000 00007ffb`89478000 KERNELBASE KERNELBASE.dll
00007ffb`89480000 00007ffb`89535000 shcore shcore.dll
00007ffb`895f0000 00007ffb`89676000 firewallapi firewallapi.dll
00007ffb`89680000 00007ffb`896db000 sechost sechost.dll
00007ffb`89890000 00007ffb`89a16000 GDI32 GDI32.dll
00007ffb`89a20000 00007ffb`89c9d000 combase combase.dll
00007ffb`8a0d0000 00007ffb`8a13b000 WS2_32 WS2_32.dll
00007ffb`8a140000 00007ffb`8a29a000 MSCTF MSCTF.dll
00007ffb`8a2a0000 00007ffb`8a361000 OLEAUT32 OLEAUT32.dll
00007ffb`8a370000 00007ffb`8a3c2000 shlwapi shlwapi.dll
00007ffb`8a3d0000 00007ffb`8a3d8000 NSI NSI.dll
00007ffb`8a3e0000 00007ffb`8a487000 ADVAPI32 ADVAPI32.dll
00007ffb`8a650000 00007ffb`8a793000 ole32 ole32.dll
00007ffb`8a820000 00007ffb`8a85b000 IMM32 IMM32.DLL
00007ffb`8a860000 00007ffb`8bdbc000 SHELL32 SHELL32.dll
00007ffb`8be40000 00007ffb`8bf96000 USER32 USER32.dll
00007ffb`8bfa0000 00007ffb`8c0bc000 RPCRT4 RPCRT4.dll
00007ffb`8c0c0000 00007ffb`8c15d000 msvcrt msvcrt.dll
00007ffb`8c160000 00007ffb`8c20d000 KERNEL32 KERNEL32.DLL
00007ffb`8c280000 00007ffb`8c441000 ntdll ntdll.dll

3:086> kn 0x14
# Child-SP RetAddr Call Site
00 000000e5`b81ff250 00007ffb`7d3a0daf WININET!CHttpHeaderParser::ParseStatusLine+0x199
01 000000e5`b81ff370 00007ffb`7d3a0a37 WININET!HTTP_REQUEST_HANDLE_OBJECT::_ParseResponseLine+0x97
02 000000e5`b81ff400 00007ffb`7d39a9d6 WININET!HTTP_REQUEST_HANDLE_OBJECT::UpdateResponseHeaders+0x67
03 000000e5`b81ff4c0 00007ffb`7d33feeb WININET!HTTP_REQUEST_HANDLE_OBJECT::ReceiveResponse_Fsm+0x296
04 000000e5`b81ff5b0 00007ffb`7d3b0a5a WININET!CFsm_ReceiveResponse::RunSM+0x3b
05 000000e5`b81ff5e0 00007ffb`7d3aff1c WININET!CFsm::Run+0x67a
06 000000e5`b81ff700 00007ffb`7d3bae68 WININET!CFsm::RunWorkItem+0x4bc
07 000000e5`b81ff8a0 00007ffb`7d3bac52 WININET!CSocket::ReceiveCompletion+0x98
08 000000e5`b81ff8d0 00007ffb`892e8d34 WININET!CWxSocket::IoCompletionCallback+0x92
09 000000e5`b81ff940 00007ffb`8c289c6f KERNELBASE!BasepTpIoCallback+0x64
0a 000000e5`b81ff990 00007ffb`8c2abccb ntdll!TppIopExecuteCallback+0x17f
0b 000000e5`b81ffa10 00007ffb`8c178102 ntdll!TppWorkerThread+0x97b
0c 000000e5`b81ffe20 00007ffb`8c2dc5b4 KERNEL32!BaseThreadInitThunk+0x22
0d 000000e5`b81ffe50 00000000`00000000 ntdll!RtlUserThreadStart+0x34

3:086> .exr -1
ExceptionAddress: 00007ffb7d350f89 (WININET!CHttpHeaderParser::ParseStatusLine+0x0000000000000199)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000001f55e205000
Attempt to read from address 000001f55e205000

3:086> |.
. 3 id: bbc attach name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe

3:086> !heap -p -a 0x1F55E205000
address 000001f55e205000 found in
_DPH_HEAP_ROOT @ 1f57b2a1000
in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)
1f55ec49ea0: 1f55e204e00 200 - 1f55e204000 2000
00007ffb7d674375 verifier!AVrfDebugPageHeapReAllocate+0x0000000000000175
00007ffb8c36f5c9 ntdll!RtlDebugReAllocateHeap+0x0000000000000055
00007ffb8c333941 ntdll!RtlpReAllocateHeapInternal+0x000000000008fc01
00007ffb8c2a3d21 ntdll!RtlReAllocateHeap+0x0000000000000031
00007ffb7d3ba72d WININET!ResizeBuffer+0x0000000000000059
00007ffb7d414b4d WININET!CFtpSocket::SetPort+0x000000000004d3fd
00007ffb7d3b3094 WININET!CSocket::Receive_Start+0x0000000000000148
00007ffb7d3b106d WININET!CFsm_SocketReceive::RunSM+0x000000000000002d
00007ffb7d3b08c5 WININET!CFsm::Run+0x00000000000004e5
00007ffb7d3b3469 WININET!CSocket::Receive+0x0000000000000309
00007ffb7d39a912 WININET!HTTP_REQUEST_HANDLE_OBJECT::ReceiveResponse_Fsm+0x00000000000001d2
00007ffb7d33feeb WININET!CFsm_ReceiveResponse::RunSM+0x000000000000003b
00007ffb7d3b0a5a WININET!CFsm::Run+0x000000000000067a
00007ffb7d3aff1c WININET!CFsm::RunWorkItem+0x00000000000004bc
00007ffb7d3bae68 WININET!CSocket::ReceiveCompletion+0x0000000000000098
00007ffb7d3bac52 WININET!CWxSocket::IoCompletionCallback+0x0000000000000092
00007ffb892e8d34 KERNELBASE!BasepTpIoCallback+0x0000000000000064
00007ffb8c289c6f ntdll!TppIopExecuteCallback+0x000000000000017f
00007ffb8c2abccb ntdll!TppWorkerThread+0x000000000000097b
00007ffb8c178102 KERNEL32!BaseThreadInitThunk+0x0000000000000022
00007ffb8c2dc5b4 ntdll!RtlUserThreadStart+0x0000000000000034



3:086> .if ($vvalid(@$scopeip - 138, 138)) { u @$scopeip - 138 @$scopeip - 1; };
WININET!CHttpHeaderParser::ParseStatusLine+0x61:
00007ffb`7d350e51 85c0 test eax,eax
00007ffb`7d350e53 7403 je WININET!CHttpHeaderParser::ParseStatusLine+0x68 (00007ffb`7d350e58)
00007ffb`7d350e55 448900 mov dword ptr [rax],r8d
00007ffb`7d350e58 4c8b7548 mov r14,qword ptr [rbp+48h]
00007ffb`7d350e5c 4d85f6 test r14,r14
00007ffb`7d350e5f 7403 je WININET!CHttpHeaderParser::ParseStatusLine+0x74 (00007ffb`7d350e64)
00007ffb`7d350e61 458906 mov dword ptr [r14],r8d
00007ffb`7d350e64 418b19 mov ebx,dword ptr [r9]
00007ffb`7d350e67 b9ffffffff mov ecx,0FFFFFFFFh
00007ffb`7d350e6c 4803da add rbx,rdx
00007ffb`7d350e6f 85ff test edi,edi
00007ffb`7d350e71 7417 je WININET!CHttpHeaderParser::ParseStatusLine+0x9a (00007ffb`7d350e8a)
00007ffb`7d350e73 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350e76 3c20 cmp al,20h
00007ffb`7d350e78 0f8482b00900 je WININET!CFtpSocket::SetPort+0x247b0 (00007ffb`7d3ebf00)
00007ffb`7d350e7e 3c09 cmp al,9
00007ffb`7d350e80 0f847ab00900 je WININET!CFtpSocket::SetPort+0x247b0 (00007ffb`7d3ebf00)
00007ffb`7d350e86 488b4540 mov rax,qword ptr [rbp+40h]
00007ffb`7d350e8a 4889b424f8000000 mov qword ptr [rsp+0F8h],rsi
00007ffb`7d350e92 ba3d010000 mov edx,13Dh
00007ffb`7d350e97 85ff test edi,edi
00007ffb`7d350e99 0f8471b00900 je WININET!CFtpSocket::SetPort+0x247c0 (00007ffb`7d3ebf10)
00007ffb`7d350e9f 48895c2468 mov qword ptr [rsp+68h],rbx
00007ffb`7d350ea4 488bf3 mov rsi,rbx
00007ffb`7d350ea7 85ff test edi,edi
00007ffb`7d350ea9 0f8480b00900 je WININET!CFtpSocket::SetPort+0x247df (00007ffb`7d3ebf2f)
00007ffb`7d350eaf 90 nop
00007ffb`7d350eb0 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350eb3 3c20 cmp al,20h
00007ffb`7d350eb5 741e je WININET!CHttpHeaderParser::ParseStatusLine+0xe5 (00007ffb`7d350ed5)
00007ffb`7d350eb7 3c09 cmp al,9
00007ffb`7d350eb9 741a je WININET!CHttpHeaderParser::ParseStatusLine+0xe5 (00007ffb`7d350ed5)
00007ffb`7d350ebb 3c0d cmp al,0Dh
00007ffb`7d350ebd 0f845cb00900 je WININET!CFtpSocket::SetPort+0x247cf (00007ffb`7d3ebf1f)
00007ffb`7d350ec3 3c0a cmp al,0Ah
00007ffb`7d350ec5 0f8454b00900 je WININET!CFtpSocket::SetPort+0x247cf (00007ffb`7d3ebf1f)
00007ffb`7d350ecb 41ffc7 inc r15d
00007ffb`7d350ece 48ffc3 inc rbx
00007ffb`7d350ed1 03f9 add edi,ecx
00007ffb`7d350ed3 75db jne WININET!CHttpHeaderParser::ParseStatusLine+0xc0 (00007ffb`7d350eb0)
00007ffb`7d350ed5 488b4540 mov rax,qword ptr [rbp+40h]
00007ffb`7d350ed9 85ff test edi,edi
00007ffb`7d350edb 0f844eb00900 je WININET!CFtpSocket::SetPort+0x247df (00007ffb`7d3ebf2f)
00007ffb`7d350ee1 4183ff05 cmp r15d,5
00007ffb`7d350ee5 0f8253b00900 jb WININET!CFtpSocket::SetPort+0x247ee (00007ffb`7d3ebf3e)
00007ffb`7d350eeb 41b805000000 mov r8d,5
00007ffb`7d350ef1 488d1534fe1f00 lea rdx,[WININET!`string' (00007ffb`7d550d2c)]
00007ffb`7d350ef8 488bce mov rcx,rsi
00007ffb`7d350efb ff1537171800 call qword ptr [WININET!_imp_StrCmpNICA (00007ffb`7d4d2638)]
00007ffb`7d350f01 85c0 test eax,eax
00007ffb`7d350f03 0f8535b00900 jne WININET!CFtpSocket::SetPort+0x247ee (00007ffb`7d3ebf3e)
00007ffb`7d350f09 41baffffffff mov r10d,0FFFFFFFFh
00007ffb`7d350f0f 85ff test edi,edi
00007ffb`7d350f11 0f8451b00900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350f17 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350f1a 3c20 cmp al,20h
00007ffb`7d350f1c 0f8479040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5ab (00007ffb`7d35139b)
00007ffb`7d350f22 3c09 cmp al,9
00007ffb`7d350f24 0f8471040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5ab (00007ffb`7d35139b)
00007ffb`7d350f2a 85ff test edi,edi
00007ffb`7d350f2c 0f8436b00900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350f32 4c8bdb mov r11,rbx
00007ffb`7d350f35 48895c2428 mov qword ptr [rsp+28h],rbx
00007ffb`7d350f3a b9ffffffff mov ecx,0FFFFFFFFh
00007ffb`7d350f3f 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350f42 3c20 cmp al,20h
00007ffb`7d350f44 741c je WININET!CHttpHeaderParser::ParseStatusLine+0x172 (00007ffb`7d350f62)
00007ffb`7d350f46 3c09 cmp al,9
00007ffb`7d350f48 7418 je WININET!CHttpHeaderParser::ParseStatusLine+0x172 (00007ffb`7d350f62)
00007ffb`7d350f4a 3c0d cmp al,0Dh
00007ffb`7d350f4c 7414 je WININET!CHttpHeaderParser::ParseStatusLine+0x172 (00007ffb`7d350f62)
00007ffb`7d350f4e 3c0a cmp al,0Ah
00007ffb`7d350f50 7410 je WININET!CHttpHeaderParser::ParseStatusLine+0x172 (00007ffb`7d350f62)
00007ffb`7d350f52 41ffc4 inc r12d
00007ffb`7d350f55 48ffc3 inc rbx
00007ffb`7d350f58 44896530 mov dword ptr [rbp+30h],r12d
00007ffb`7d350f5c 03f9 add edi,ecx
00007ffb`7d350f5e 75df jne WININET!CHttpHeaderParser::ParseStatusLine+0x14f (00007ffb`7d350f3f)
00007ffb`7d350f60 eb17 jmp WININET!CHttpHeaderParser::ParseStatusLine+0x189 (00007ffb`7d350f79)
00007ffb`7d350f62 85ff test edi,edi
00007ffb`7d350f64 7413 je WININET!CHttpHeaderParser::ParseStatusLine+0x189 (00007ffb`7d350f79)
00007ffb`7d350f66 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350f69 3c20 cmp al,20h
00007ffb`7d350f6b 0f843b040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5bc (00007ffb`7d3513ac)
00007ffb`7d350f71 3c09 cmp al,9
00007ffb`7d350f73 0f8433040000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5bc (00007ffb`7d3513ac)
00007ffb`7d350f79 4c8bd1 mov r10,rcx
00007ffb`7d350f7c 85ff test edi,edi
00007ffb`7d350f7e 0f84e4af0900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350f84 48895c2470 mov qword ptr [rsp+70h],rbx

3:086> .if ($vvalid(@$scopeip, 138)) { u @$scopeip @$scopeip + 137; };
WININET!CHttpHeaderParser::ParseStatusLine+0x199:
00007ffb`7d350f89 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350f8c 3c0d cmp al,0Dh
00007ffb`7d350f8e 740f je WININET!CHttpHeaderParser::ParseStatusLine+0x1af (00007ffb`7d350f9f)
00007ffb`7d350f90 3c0a cmp al,0Ah
00007ffb`7d350f92 740b je WININET!CHttpHeaderParser::ParseStatusLine+0x1af (00007ffb`7d350f9f)
00007ffb`7d350f94 41ffc5 inc r13d
00007ffb`7d350f97 48ffc3 inc rbx
00007ffb`7d350f9a 4103fa add edi,r10d
00007ffb`7d350f9d 75ea jne WININET!CHttpHeaderParser::ParseStatusLine+0x199 (00007ffb`7d350f89)
00007ffb`7d350f9f 44896c2434 mov dword ptr [rsp+34h],r13d
00007ffb`7d350fa4 85ff test edi,edi
00007ffb`7d350fa6 0f84bcaf0900 je WININET!CFtpSocket::SetPort+0x24818 (00007ffb`7d3ebf68)
00007ffb`7d350fac 0fb603 movzx eax,byte ptr [rbx]
00007ffb`7d350faf 33c9 xor ecx,ecx
00007ffb`7d350fb1 894d4c mov dword ptr [rbp+4Ch],ecx
00007ffb`7d350fb4 4c8bc3 mov r8,rbx
00007ffb`7d350fb7 894c2430 mov dword ptr [rsp+30h],ecx
00007ffb`7d350fbb 448bc9 mov r9d,ecx
00007ffb`7d350fbe 894c2450 mov dword ptr [rsp+50h],ecx
00007ffb`7d350fc2 8bd1 mov edx,ecx
00007ffb`7d350fc4 8d7101 lea esi,[rcx+1]
00007ffb`7d350fc7 3c0d cmp al,0Dh
00007ffb`7d350fc9 0f85fa030000 jne WININET!CHttpHeaderParser::ParseStatusLine+0x5d9 (00007ffb`7d3513c9)
00007ffb`7d350fcf 448bf1 mov r14d,ecx
00007ffb`7d350fd2 84c0 test al,al
00007ffb`7d350fd4 0f84ceaf0900 je WININET!CFtpSocket::SetPort+0x24858 (00007ffb`7d3ebfa8)
00007ffb`7d350fda 410fb608 movzx ecx,byte ptr [r8]
00007ffb`7d350fde 80f90a cmp cl,0Ah
00007ffb`7d350fe1 740c je WININET!CHttpHeaderParser::ParseStatusLine+0x1ff (00007ffb`7d350fef)
00007ffb`7d350fe3 80f90d cmp cl,0Dh
00007ffb`7d350fe6 0f8500b00900 jne WININET!CFtpSocket::SetPort+0x2489c (00007ffb`7d3ebfec)
00007ffb`7d350fec 80f90a cmp cl,0Ah
00007ffb`7d350fef 0f44d6 cmove edx,esi
00007ffb`7d350ff2 49ffc0 inc r8
00007ffb`7d350ff5 4103fa add edi,r10d
00007ffb`7d350ff8 41ffc1 inc r9d
00007ffb`7d350ffb 85d2 test edx,edx
00007ffb`7d350ffd 0f84b9030000 je WININET!CHttpHeaderParser::ParseStatusLine+0x5cc (00007ffb`7d3513bc)
00007ffb`7d351003 4533c0 xor r8d,r8d
00007ffb`7d351006 418bc9 mov ecx,r9d
00007ffb`7d351009 89542450 mov dword ptr [rsp+50h],edx
00007ffb`7d35100d 894c2420 mov dword ptr [rsp+20h],ecx
00007ffb`7d351011 418bc6 mov eax,r14d
00007ffb`7d351014 c1f810 sar eax,10h
00007ffb`7d351017 25ff1f0000 and eax,1FFFh
00007ffb`7d35101c 83f80c cmp eax,0Ch
00007ffb`7d35101f 0f84ebaf0900 je WININET!CFtpSocket::SetPort+0x248c0 (00007ffb`7d3ec010)
00007ffb`7d351025 4585f6 test r14d,r14d
00007ffb`7d351028 0f8801b00900 js WININET!CFtpSocket::SetPort+0x248df (00007ffb`7d3ec02f)
00007ffb`7d35102e 418bf8 mov edi,r8d
00007ffb`7d351031 ba3d010000 mov edx,13Dh
00007ffb`7d351036 85ff test edi,edi
00007ffb`7d351038 0f8845b00900 js WININET!CFtpSocket::SetPort+0x24933 (00007ffb`7d3ec083)
00007ffb`7d35103e 837c243000 cmp dword ptr [rsp+30h],0
00007ffb`7d351043 0f8547b00900 jne WININET!CFtpSocket::SetPort+0x24940 (00007ffb`7d3ec090)
00007ffb`7d351049 8bc1 mov eax,ecx
00007ffb`7d35104b 4803d8 add rbx,rax
00007ffb`7d35104e 4585ff test r15d,r15d
00007ffb`7d351051 0f84ebb20900 je WININET!CFtpSocket::SetPort+0x24bf2 (00007ffb`7d3ec342)
00007ffb`7d351057 4585e4 test r12d,r12d
00007ffb`7d35105a 0f84e2b20900 je WININET!CFtpSocket::SetPort+0x24bf2 (00007ffb`7d3ec342)
00007ffb`7d351060 4c8b4d20 mov r9,qword ptr [rbp+20h]
00007ffb`7d351064 438d042c lea eax,[r12+r13]
00007ffb`7d351068 44894544 mov dword ptr [rbp+44h],r8d
00007ffb`7d35106c 458d5702 lea r10d,[r15+2]
00007ffb`7d351070 4489442438 mov dword ptr [rsp+38h],r8d
00007ffb`7d351075 4403d0 add r10d,eax
00007ffb`7d351078 4489442448 mov dword ptr [rsp+48h],r8d
00007ffb`7d35107d 498bf8 mov rdi,r8
00007ffb`7d351080 4d8b8910060000 mov r9,qword ptr [r9+610h]
00007ffb`7d351087 418bd0 mov edx,r8d
00007ffb`7d35108a 448944244c mov dword ptr [rsp+4Ch],r8d
00007ffb`7d35108f 4489442424 mov dword ptr [rsp+24h],r8d
00007ffb`7d351094 4c89442440 mov qword ptr [rsp+40h],r8
00007ffb`7d351099 4489442424 mov dword ptr [rsp+24h],r8d
00007ffb`7d35109e 4489442444 mov dword ptr [rsp+44h],r8d
00007ffb`7d3510a3 44894548 mov dword ptr [rbp+48h],r8d
00007ffb`7d3510a7 4c89442460 mov qword ptr [rsp+60h],r8
00007ffb`7d3510ac 44895540 mov dword ptr [rbp+40h],r10d
00007ffb`7d3510b0 4c89442440 mov qword ptr [rsp+40h],r8
00007ffb`7d3510b5 453b5104 cmp r10d,dword ptr [r9+4]
00007ffb`7d3510b9 0f87edaf0900 ja WININET!CFtpSocket::SetPort+0x2495c (00007ffb`7d3ec0ac)
00007ffb`7d3510bf 498b4908 mov rcx,qword ptr [r9+8]

3:086> rM 0x7D
rax=0000000000000058 rbx=000001f55e205000 rcx=00000000ffffffff
rdx=000000000000002f rsi=000001f55e204ff2 rdi=00000000000001f2
rip=00007ffb7d350f89 rsp=000000e5b81ff250 rbp=000000e5b81ff350
r8=0000000000000000 r9=00000000ffffffee r10=00000000ffffffff
r11=000001f55e204ffb r12=0000000000000003 r13=0000000000000001
r14=000000e5b81ff408 r15=0000000000000008
iopl=0 nv up ei pl nz ac pe cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010213
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=3.25436e-034 2.02021e-028 1.96182e-044 1.87345e-038
xmm1=0 0 0 0
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
WININET!CHttpHeaderParser::ParseStatusLine+0x199:
00007ffb`7d350f89 0fb603 movzx eax,byte ptr [rbx] ds:000001f5`5e205000=??

3:086> dpp @$ea - 10*$ptrsize L10;
000001f5`5e204f80 58585858`58585858
000001f5`5e204f88 58585858`58585858
000001f5`5e204f90 58585858`58585858
000001f5`5e204f98 58585858`58585858
000001f5`5e204fa0 58585858`58585858
000001f5`5e204fa8 58585858`58585858
000001f5`5e204fb0 58585858`58585858
000001f5`5e204fb8 58585858`58585858
000001f5`5e204fc0 58585858`58585858
000001f5`5e204fc8 58585858`58585858
000001f5`5e204fd0 58585858`58585858
000001f5`5e204fd8 58585858`58585858
000001f5`5e204fe0 58585858`58585858
000001f5`5e204fe8 0a0d5858`58585858
000001f5`5e204ff0 312f5054`54480a0d
000001f5`5e204ff8 58203030`3220312e

3:086> dpp @$ea L10;
000001f5`5e205000 ????????`????????
000001f5`5e205008 ????????`????????
000001f5`5e205010 ????????`????????
000001f5`5e205018 ????????`????????
000001f5`5e205020 ????????`????????
000001f5`5e205028 ????????`????????
000001f5`5e205030 ????????`????????
000001f5`5e205038 ????????`????????
000001f5`5e205040 ????????`????????
000001f5`5e205048 ????????`????????
000001f5`5e205050 ????????`????????
000001f5`5e205058 ????????`????????
000001f5`5e205060 ????????`????????
000001f5`5e205068 ????????`????????
000001f5`5e205070 ????????`????????
000001f5`5e205078 ????????`????????

3:086> dpp @$ea2 - 10*$ptrsize L10;
Bad register error at '@$ea2 - 10*$ptrsize '

3:086> lm M *microsoftedgecp.exe
start end module name
00007ff7`936c0000 00007ff7`93711000 microsoftedgecp (deferred)

3:086> lmv m *WININET
start end module name
00007ffb`7d2f0000 00007ffb`7d5db000 WININET (pdb symbols) \\j3\symbols\wininet.pdb\D17172CA218F47808104D909CBF4CFFC1\wininet.pdb
Loaded symbol image file: C:\Windows\SYSTEM32\WININET.dll
Image path: C:\Windows\SYSTEM32\WININET.dll
Image name: WININET.dll
Timestamp: Fri Jul 01 05:26:09 2016 (5775E2D1)
CheckSum: 002E43B9
ImageSize: 002EB000
File version: 11.0.10586.494
Product version: 11.0.10586.494
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: wininet.dll
OriginalFilename: wininet.dll
ProductVersion: 11.00.10586.494
FileVersion: 11.00.10586.494 (th2_release_sec.160630-1736)
FileDescription: Internet Extensions for Win32
LegalCopyright: � Microsoft Corporation. All rights reserved.

3:086> lmv m *microsoftedgecp
start end module name
00007ff7`936c0000 00007ff7`93711000 microsoftedgecp (deferred)
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Tue Nov 24 08:05:25 2015 (56540C35)
CheckSum: 0005C253
ImageSize: 00051000
File version: 11.0.10586.20
Product version: 11.0.10586.20
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10586.20
FileVersion: 11.00.10586.20 (th2_release_sec.151123-1940)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.

3:086>