| Id: | AVR:Arbitrary 553.6dc |
| Description: | Access violation while reading memory at 0x5BDF4F139E |
| Location: | microsoftedgecp.exe!edgehtml.dll!CTextExtractor::GetBlockText |
| Security impact: | Potentially exploitable security issue |
EDGEHTML.dll!CTextExtractor::GetBlockText + 0x3A8 (553 in id)
EDGEHTML.dll!CTextExtractor::FillOutElementPackage + 0x217 (6dc in id)
EDGEHTML.dll!CTextExtractor::RunTextExtractionInternal + 0x25C
EDGEHTML.dll!CView::EnsureView + 0x6D3
EDGEHTML.dll!CPaintController::EnsureView + 0x53
EDGEHTML.dll!CPaintBeat::OnBeat + 0x163
EDGEHTML.dll!CPaintBeat::OnPaintTimer + 0x5A
EDGEHTML.dll!CContainedTimerSink<CPaintBeat>::OnTimerMethodCall + 0xA0
EDGEHTML.dll!GlobalWndOnPaintPriorityMethodCall + 0x38B
EDGEHTML.dll!GlobalWndProc + 0x101
USER32.dll!UserCallWinProcCheckWow + 0x1FC
USER32.dll!DispatchClientMessage + 0xA2
USER32.dll!_fnDWORD + 0x3E
ntdll.dll!KiUserCallbackDispatcherContinue
USER32.dll!NtUserDispatchMessage + 0xA
USER32.dll!DispatchMessageWorker + 0x247
EMODEL.dll!CTabWindow::_TabWindowThreadProc + 0x5B8
EMODEL.dll!LCIETab_ThreadProc + 0x2BB
iertutil.dll!_IsoThreadProc_WrapperToReleaseScope + 0x1F
KERNEL32.DLL!BaseThreadInitThunk + 0x22
ntdll.dll!RtlUserThreadStart + 0x34
rax=00000000ffffffff rbx=0000000000000001 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000002 rdi=0000000000000001
rip=00007ffc8bb2aec8 rsp=00000059d664d2f0 rbp=00000059d5870400
r8=00000059df4f03a0 r9=00000059db9a6ffc r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=00000059d5870400
r14=00000059d664d4a0 r15=00000059df4f7f50
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=4.59121e-041 -1.90234e-025 4.59121e-041 -2.77992e-033
xmm1=4.59121e-041 -6.71793e-020 4.59121e-041 -4.40834e-020
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000005b`df4f139e=????
0000005b`df4f131e ????????`????????
0000005b`df4f1326 ????????`????????
0000005b`df4f132e ????????`????????
0000005b`df4f1336 ????????`????????
0000005b`df4f133e ????????`????????
0000005b`df4f1346 ????????`????????
0000005b`df4f134e ????????`????????
0000005b`df4f1356 ????????`????????
0000005b`df4f135e ????????`????????
0000005b`df4f1366 ????????`????????
0000005b`df4f136e ????????`????????
0000005b`df4f1376 ????????`????????
0000005b`df4f137e ????????`????????
0000005b`df4f1386 ????????`????????
0000005b`df4f138e ????????`????????
0000005b`df4f1396 ????????`????????
0000005b`df4f139e ????????`????????
0000005b`df4f13a6 ????????`????????
0000005b`df4f13ae ????????`????????
0000005b`df4f13b6 ????????`????????
0000005b`df4f13be ????????`????????
0000005b`df4f13c6 ????????`????????
0000005b`df4f13ce ????????`????????
0000005b`df4f13d6 ????????`????????
0000005b`df4f13de ????????`????????
0000005b`df4f13e6 ????????`????????
0000005b`df4f13ee ????????`????????
0000005b`df4f13f6 ????????`????????
0000005b`df4f13fe ????????`????????
0000005b`df4f1406 ????????`????????
0000005b`df4f140e ????????`????????
0000005b`df4f1416 ????????`????????
00007ffc`8bb2ae8a 0000 add byte ptr [rax],al
00007ffc`8bb2ae8c 7523 jne EDGEHTML!CTextExtractor::GetBlockText+0x391 (00007ffc`8bb2aeb1)
00007ffc`8bb2ae8e 2b8f88000000 sub ecx,dword ptr [rdi+88h]
00007ffc`8bb2ae94 4c8bc6 mov r8,rsi
00007ffc`8bb2ae97 440fb64c2431 movzx r9d,byte ptr [rsp+31h]
00007ffc`8bb2ae9d 488b542460 mov rdx,qword ptr [rsp+60h]
00007ffc`8bb2aea2 894c2420 mov dword ptr [rsp+20h],ecx
00007ffc`8bb2aea6 488bcd mov rcx,rbp
00007ffc`8bb2aea9 e892050000 call EDGEHTML!CTextExtractor::AddElementToCache (00007ffc`8bb2b440)
00007ffc`8bb2aeae 4533c0 xor r8d,r8d
00007ffc`8bb2aeb1 44898798000000 mov dword ptr [rdi+98h],r8d
00007ffc`8bb2aeb8 e96bfdffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x108 (00007ffc`8bb2ac28)
00007ffc`8bb2aebd 85db test ebx,ebx
00007ffc`8bb2aebf 0f84a5010000 je EDGEHTML!CTextExtractor::GetBlockText+0x54a (00007ffc`8bb2b06a)
00007ffc`8bb2aec5 8d42ff lea eax,[rdx-1]
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ⇐ instruction pointer
00007ffc`8bb2aed1 664189845000100000 mov word ptr [r8+rdx*2+1000h],ax
00007ffc`8bb2aeda e9b2feffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x271 (00007ffc`8bb2ad91)
00007ffc`8bb2aedf 66ffc0 inc ax
00007ffc`8bb2aee2 89442434 mov dword ptr [rsp+34h],eax
00007ffc`8bb2aee6 e95dffffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x328 (00007ffc`8bb2ae48)
00007ffc`8bb2aeeb 3d02200000 cmp eax,2002h
00007ffc`8bb2aef0 0f8f82010000 jg EDGEHTML!CTextExtractor::GetBlockText+0x558 (00007ffc`8bb2b078)
00007ffc`8bb2aef6 0f8472020000 je EDGEHTML!CTextExtractor::GetBlockText+0x64e (00007ffc`8bb2b16e)
00007ffc`8bb2aefc 3da0000000 cmp eax,0A0h
00007ffc`8bb2af01 0f8f07020000 jg EDGEHTML!CTextExtractor::GetBlockText+0x5ee (00007ffc`8bb2b10e)
Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
Image name: EDGEHTML.dll
Timestamp: Sun Jan 31 06:38:01 2016 (56AD9DB9)
CheckSum: 014E961D
ImageSize: 014F3000
File version: 11.0.10240.16683
Product version: 11.0.10240.16683
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10240.16683
FileVersion: 11.00.10240.16683 (th1.160130-1842)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Wed Nov 25 05:17:08 2015 (56553644)
CheckSum: 0004DF0B
ImageSize: 0004D000
File version: 11.0.10240.16603
Product version: 11.0.10240.16603
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10240.16603
FileVersion: 11.00.10240.16603 (th1_st1.151124-1750)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff7`2b760000 00007ff7`2b776000 C:\Windows\System32\RuntimeBroker.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9dae0000 00007ffc`9db85000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000 C:\Windows\System32\CRYPTBASE.dll
ModLoad: 00007ffc`942d0000 00007ffc`942f5000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000 C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000 C:\Windows\System32\USERENV.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000 C:\Windows\system32\SspiCli.dll
ModLoad: 00007ffc`8ff20000 00007ffc`8ff36000 C:\Windows\SYSTEM32\capauthz.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000 C:\Windows\system32\apphelp.dll
(31c.268): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffc`9fa753e0 cc int 3
Create process 796 breakpoint.
0:008> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff6`ab540000 00007ff6`ab54a000 C:\Windows\system32\browser_broker.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000 C:\Windows\system32\user32.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000 C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`94c10000 00007ffc`94c28000 C:\Windows\SYSTEM32\browserbroker.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9c800000 00007ffc`9c9c1000 C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffc`9c430000 00007ffc`9c441000 C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000 C:\Windows\system32\advapi32.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000 C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffc`9b650000 00007ffc`9b66c000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9b830000 00007ffc`9b83a000 C:\Windows\SYSTEM32\DPAPI.DLL
ModLoad: 00007ffc`9dae0000 00007ffc`9db85000 C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000 C:\Windows\system32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000 C:\Windows\system32\profapi.dll
(128.a30): Break instruction exception - code 80000003 (first chance)
Create process 296 breakpoint.
1:018> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff7`beb50000 00007ff7`bf14e000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`96220000 00007ffc`9628a000 C:\Windows\SYSTEM32\wincorlib.DLL
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000 C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffc`94ff0000 00007ffc`95fe6000 C:\Windows\System32\Windows.UI.Xaml.dll
ModLoad: 00007ffc`98920000 00007ffc`98a51000 C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffc`9a4a0000 00007ffc`9a568000 C:\Windows\SYSTEM32\CoreMessaging.dll
ModLoad: 00007ffc`9aa10000 00007ffc`9aa76000 C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9a440000 00007ffc`9a49c000 C:\Windows\SYSTEM32\NInput.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9a9f0000 00007ffc`9aa08000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffc`895d0000 00007ffc`89b26000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c7b0000 00007ffc`9c7f4000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffc`9b080000 00007ffc`9b102000 C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffc`9af70000 00007ffc`9afa2000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffc`931e0000 00007ffc`9364a000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`9a0a0000 00007ffc`9a0c2000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffc`936a0000 00007ffc`93901000 C:\Windows\system32\CoreUIComponents.dll
ModLoad: 00007ffc`99d50000 00007ffc`99dec000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`99df0000 00007ffc`9a093000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`8e7e0000 00007ffc`8e814000 C:\Windows\System32\Windows.ApplicationModel.dll
ModLoad: 00007ffc`99aa0000 00007ffc`99d0e000 C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffc`88580000 00007ffc`88903000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`96ff0000 00007ffc`97535000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`9a170000 00007ffc`9a241000 C:\Windows\System32\dcomp.dll
ModLoad: 00007ffc`96110000 00007ffc`9621f000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffc`96060000 00007ffc`960fe000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`92450000 00007ffc`92496000 C:\Windows\system32\DataExchange.dll
ModLoad: 00007ffc`9a800000 00007ffc`9a983000 C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffc`9d0b0000 00007ffc`9d119000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffc`9f680000 00007ffc`9f688000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffc`94730000 00007ffc`94745000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffc`9a110000 00007ffc`9a148000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`9a100000 00007ffc`9a10b000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffc`991d0000 00007ffc`992a6000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffc`9bc20000 00007ffc`9bc7d000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffc`977a0000 00007ffc`977d9000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffc`97700000 00007ffc`97792000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`93660000 00007ffc`93672000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
ModLoad: 00007ffc`92c70000 00007ffc`92c85000 C:\Windows\system32\execmodelproxy.dll
ModLoad: 00007ffc`8afb0000 00007ffc`8b152000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffc`94810000 00007ffc`94996000 C:\Windows\System32\Windows.Globalization.dll
ModLoad: 00007ffc`92ee0000 00007ffc`92f1f000 C:\Windows\System32\netprofm.dll
ModLoad: 00007ffc`92bd0000 00007ffc`92bde000 C:\Windows\System32\npmproxy.dll
ModLoad: 00007ffc`9df30000 00007ffc`9df9f000 C:\Windows\system32\coml2.dll
ModLoad: 00007ffc`949a0000 00007ffc`94bf9000 C:\Windows\SYSTEM32\dwrite.dll
ModLoad: 00007ffc`9ba20000 00007ffc`9bac8000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffc`9ab10000 00007ffc`9ab36000 C:\Windows\SYSTEM32\SLC.dll
ModLoad: 00007ffc`9aa80000 00007ffc`9aaa5000 C:\Windows\SYSTEM32\sppc.dll
ModLoad: 00007ffc`92e90000 00007ffc`92ed3000 C:\Windows\System32\execmodelclient.dll
ModLoad: 00007ffc`98660000 00007ffc`986d2000 C:\Windows\SYSTEM32\MMDevAPI.DLL
ModLoad: 00007ffc`9ad80000 00007ffc`9ada7000 C:\Windows\SYSTEM32\DEVOBJ.dll
ModLoad: 00007ffc`96100000 00007ffc`9610a000 C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffc`97f70000 00007ffc`97fd8000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffc`8f3d0000 00007ffc`8f42a000 C:\Windows\System32\Windows.Graphics.dll
ModLoad: 00007ffc`9b110000 00007ffc`9b138000 C:\Windows\System32\rmclient.dll
ModLoad: 00007ffc`942d0000 00007ffc`942f5000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffc`8d6b0000 00007ffc`8d9d0000 C:\Windows\SYSTEM32\msftedit.dll
ModLoad: 00007ffc`8e050000 00007ffc`8e07e000 C:\Windows\SYSTEM32\globinputhost.dll
ModLoad: 00007ffc`947f0000 00007ffc`94808000 C:\Windows\System32\Windows.Globalization.Fontgroups.dll
ModLoad: 00007ffc`947e0000 00007ffc`947ea000 C:\Windows\SYSTEM32\fontgroupsoverride.dll
ModLoad: 00007ffc`94160000 00007ffc`94186000 C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
ModLoad: 00007ffc`92870000 00007ffc`9292a000 C:\Windows\system32\twinapi.dll
ModLoad: 00007ffc`94750000 00007ffc`947d9000 C:\Windows\system32\directmanipulation.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000 C:\Windows\System32\ieproxy.dll
(3ac.1128): Break instruction exception - code 80000003 (first chance)
Create process 940 breakpoint.
2:050> g
*** wait with pending attach
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*C:\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://symbols.mozilla.org/firefox
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is:
ModLoad: 00007ff7`6f740000 00007ff7`6f78d000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000 C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000 C:\Windows\system32\apphelp.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000 C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000 C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000 C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000 C:\Windows\system32\combase.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000 C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`92580000 00007ffc`927f4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\Comctl32.dll
ModLoad: 00007ffc`895d0000 00007ffc`89b26000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000 C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000 C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000 C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000 C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000 C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9c7b0000 00007ffc`9c7f4000 C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffc`9b080000 00007ffc`9b102000 C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffc`9af70000 00007ffc`9afa2000 C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffc`9a9f0000 00007ffc`9aa08000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000 C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000 C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000 C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000 C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffc`8ba60000 00007ffc`8cf53000 C:\Windows\SYSTEM32\EDGEHTML.dll
ModLoad: 00007ffc`8b320000 00007ffc`8ba58000 C:\Windows\SYSTEM32\chakra.dll
ModLoad: 00007ffc`94640000 00007ffc`9467d000 C:\Windows\SYSTEM32\MLANG.dll
ModLoad: 00007ffc`98920000 00007ffc`98a51000 C:\Windows\System32\WinTypes.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`9d0b0000 00007ffc`9d119000 C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffc`9f680000 00007ffc`9f688000 C:\Windows\system32\NSI.dll
ModLoad: 00007ffc`94730000 00007ffc`94745000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffc`9a110000 00007ffc`9a148000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`9a100000 00007ffc`9a10b000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffc`991d0000 00007ffc`992a6000 C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000 C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`9bc20000 00007ffc`9bc7d000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffc`9a0a0000 00007ffc`9a0c2000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`8afb0000 00007ffc`8b152000 C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffc`977a0000 00007ffc`977d9000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffc`97700000 00007ffc`97792000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000 C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`9ba20000 00007ffc`9bac8000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffc`92450000 00007ffc`92496000 C:\Windows\system32\dataexchange.dll
ModLoad: 00007ffc`96ff0000 00007ffc`97535000 C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`99df0000 00007ffc`9a093000 C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`9a170000 00007ffc`9a241000 C:\Windows\SYSTEM32\dcomp.dll
ModLoad: 00007ffc`99d50000 00007ffc`99dec000 C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`92870000 00007ffc`9292a000 C:\Windows\system32\twinapi.dll
ModLoad: 00007ffc`9a440000 00007ffc`9a49c000 C:\Windows\SYSTEM32\ninput.dll
ModLoad: 00007ffc`949a0000 00007ffc`94bf9000 C:\Windows\SYSTEM32\DWrite.dll
ModLoad: 00007ffc`99aa0000 00007ffc`99d0e000 C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffc`96060000 00007ffc`960fe000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffc`94320000 00007ffc`94330000 C:\Windows\system32\msimtf.dll
ModLoad: 00007ffc`94750000 00007ffc`947d9000 C:\Windows\system32\directmanipulation.dll
ModLoad: 00007ffc`96110000 00007ffc`9621f000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffc`9aa10000 00007ffc`9aa76000 C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffc`94810000 00007ffc`94996000 C:\Windows\SYSTEM32\windows.globalization.dll
ModLoad: 00007ffc`97f70000 00007ffc`97fd8000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000 C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffc`96100000 00007ffc`9610a000 C:\Windows\System32\rasadhlp.dll
(1308.12f8): Break instruction exception - code 80000003 (first chance)
Create process 4872 breakpoint.
3:072> g
(3ac.90c): Windows Runtime Originate Error - code 40080201 (first chance)
(3ac.90c): Windows Runtime Originate Error - code 40080201 (first chance)
(3ac.90c): Windows Runtime Originate Error - code 40080201 (first chance)
(1308.2e8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
3:060> .lastevent
Last event: 1308.2e8: Access violation - code c0000005 (first chance)
debugger time: Sun Mar 6 00:33:41.136 2016 (UTC + 1:00)
3:060> |.
. 3 id: 1308 attach name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
3:060> .exr -1
ExceptionAddress: 00007ffc8bb2aec8 (EDGEHTML!CTextExtractor::GetBlockText+0x00000000000003a8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000005bdf4f139e
Attempt to read from address 0000005bdf4f139e
3:060> lm on
start end module name
00007ff7`6f740000 00007ff7`6f78d000 microsoftedgecp microsoftedgecp.exe
00007ffc`895d0000 00007ffc`89b26000 EMODEL EMODEL.dll
00007ffc`8a330000 00007ffc`8a3d8000 ieproxy ieproxy.dll
00007ffc`8afb0000 00007ffc`8b152000 ieapfltr ieapfltr.dll
00007ffc`8b320000 00007ffc`8ba58000 chakra chakra.dll
00007ffc`8ba60000 00007ffc`8cf53000 EDGEHTML EDGEHTML.dll
00007ffc`92450000 00007ffc`92496000 dataexchange dataexchange.dll
00007ffc`92580000 00007ffc`927f4000 Comctl32 Comctl32.dll
00007ffc`92870000 00007ffc`9292a000 twinapi twinapi.dll
00007ffc`92960000 00007ffc`92975000 profext profext.dll
00007ffc`931e0000 00007ffc`9364a000 ActXPrxy ActXPrxy.dll
00007ffc`93910000 00007ffc`93bd1000 WININET WININET.dll
00007ffc`93e10000 00007ffc`93e7d000 verifier verifier.dll
00007ffc`94320000 00007ffc`94330000 msimtf msimtf.dll
00007ffc`94640000 00007ffc`9467d000 MLANG MLANG.dll
00007ffc`94730000 00007ffc`94745000 ondemandconnroutehelper ondemandconnroutehelper.dll
00007ffc`94750000 00007ffc`947d9000 directmanipulation directmanipulation.dll
00007ffc`94810000 00007ffc`94996000 windows_globalization windows.globalization.dll
00007ffc`949a0000 00007ffc`94bf9000 DWrite DWrite.dll
00007ffc`96060000 00007ffc`960fe000 Windows_UI Windows.UI.dll
00007ffc`96100000 00007ffc`9610a000 rasadhlp rasadhlp.dll
00007ffc`96110000 00007ffc`9621f000 MrmCoreR MrmCoreR.dll
00007ffc`96680000 00007ffc`969f6000 iertutil iertutil.dll
00007ffc`96a00000 00007ffc`96b96000 urlmon urlmon.dll
00007ffc`96ff0000 00007ffc`97535000 d2d1 d2d1.dll
00007ffc`97700000 00007ffc`97792000 msvcp110_win msvcp110_win.dll
00007ffc`977a0000 00007ffc`977d9000 policymanager policymanager.dll
00007ffc`97f70000 00007ffc`97fd8000 fwpuclnt fwpuclnt.dll
00007ffc`98920000 00007ffc`98a51000 WinTypes WinTypes.dll
00007ffc`98fd0000 00007ffc`99006000 XmlLite XmlLite.dll
00007ffc`991d0000 00007ffc`992a6000 winhttp winhttp.dll
00007ffc`99aa0000 00007ffc`99d0e000 d3d10warp d3d10warp.dll
00007ffc`99d50000 00007ffc`99dec000 dxgi dxgi.dll
00007ffc`99df0000 00007ffc`9a093000 d3d11 d3d11.dll
00007ffc`9a0a0000 00007ffc`9a0c2000 dwmapi dwmapi.dll
00007ffc`9a100000 00007ffc`9a10b000 WINNSI WINNSI.DLL
00007ffc`9a110000 00007ffc`9a148000 IPHLPAPI IPHLPAPI.DLL
00007ffc`9a170000 00007ffc`9a241000 dcomp dcomp.dll
00007ffc`9a440000 00007ffc`9a49c000 ninput ninput.dll
00007ffc`9a780000 00007ffc`9a7f8000 apphelp apphelp.dll
00007ffc`9a800000 00007ffc`9a983000 PROPSYS PROPSYS.dll
00007ffc`9a9f0000 00007ffc`9aa08000 EShims EShims.dll
00007ffc`9aa10000 00007ffc`9aa76000 Bcp47Langs Bcp47Langs.dll
00007ffc`9ac30000 00007ffc`9acc6000 uxtheme uxtheme.dll
00007ffc`9add0000 00007ffc`9aebe000 twinapi_appcore twinapi.appcore.dll
00007ffc`9af70000 00007ffc`9afa2000 fwbase fwbase.dll
00007ffc`9b080000 00007ffc`9b102000 firewallapi firewallapi.dll
00007ffc`9b110000 00007ffc`9b138000 rmclient rmclient.dll
00007ffc`9b750000 00007ffc`9b782000 ntmarta ntmarta.dll
00007ffc`9b8d0000 00007ffc`9b903000 rsaenh rsaenh.dll
00007ffc`9b9c0000 00007ffc`9b9df000 USERENV USERENV.dll
00007ffc`9ba20000 00007ffc`9bac8000 DNSAPI DNSAPI.dll
00007ffc`9bc20000 00007ffc`9bc7d000 mswsock mswsock.dll
00007ffc`9bc80000 00007ffc`9bc97000 cryptsp cryptsp.dll
00007ffc`9bdd0000 00007ffc`9bddb000 CRYPTBASE CRYPTBASE.dll
00007ffc`9bfd0000 00007ffc`9bffc000 SspiCli SspiCli.dll
00007ffc`9c1c0000 00007ffc`9c22b000 bcryptPrimitives bcryptPrimitives.dll
00007ffc`9c340000 00007ffc`9c368000 bcrypt bcrypt.dll
00007ffc`9c410000 00007ffc`9c423000 profapi profapi.dll
00007ffc`9c450000 00007ffc`9c45f000 kernel_appcore kernel.appcore.dll
00007ffc`9c460000 00007ffc`9c4aa000 powrprof powrprof.dll
00007ffc`9c4b0000 00007ffc`9c563000 shcore shcore.dll
00007ffc`9c5d0000 00007ffc`9c7ad000 KERNELBASE KERNELBASE.dll
00007ffc`9c7b0000 00007ffc`9c7f4000 cfgmgr32 cfgmgr32.dll
00007ffc`9ca80000 00007ffc`9d0a8000 windows_storage windows.storage.dll
00007ffc`9d0b0000 00007ffc`9d119000 WS2_32 WS2_32.dll
00007ffc`9d120000 00007ffc`9d1de000 OLEAUT32 OLEAUT32.dll
00007ffc`9d1e0000 00007ffc`9d23b000 sechost sechost.dll
00007ffc`9d240000 00007ffc`9d381000 ole32 ole32.dll
00007ffc`9d390000 00007ffc`9d3e1000 SHLWAPI SHLWAPI.dll
00007ffc`9d3f0000 00007ffc`9d53e000 USER32 USER32.dll
00007ffc`9d540000 00007ffc`9d5dd000 msvcrt msvcrt.dll
00007ffc`9d650000 00007ffc`9d8cc000 combase combase.dll
00007ffc`9d8d0000 00007ffc`9d976000 ADVAPI32 ADVAPI32.dll
00007ffc`9d980000 00007ffc`9dadc000 MSCTF MSCTF.dll
00007ffc`9dda0000 00007ffc`9df26000 GDI32 GDI32.dll
00007ffc`9dfa0000 00007ffc`9f4c2000 SHELL32 SHELL32.dll
00007ffc`9f4f0000 00007ffc`9f59d000 KERNEL32 KERNEL32.DLL
00007ffc`9f680000 00007ffc`9f688000 NSI NSI.dll
00007ffc`9f6a0000 00007ffc`9f7c6000 RPCRT4 RPCRT4.dll
00007ffc`9f9a0000 00007ffc`9f9d6000 IMM32 IMM32.DLL
00007ffc`9f9e0000 00007ffc`9fba2000 ntdll ntdll.dll
3:060> kn 0x64
# Child-SP RetAddr Call Site
00 00000059`d664d2f0 00007ffc`8bb2a557 EDGEHTML!CTextExtractor::GetBlockText+0x3a8
01 00000059`d664d3b0 00007ffc`8bb29ea0 EDGEHTML!CTextExtractor::FillOutElementPackage+0x217
02 00000059`d664d470 00007ffc`8bcbc863 EDGEHTML!CTextExtractor::RunTextExtractionInternal+0x25c
03 00000059`d664d520 00007ffc`8bcb8943 EDGEHTML!CView::EnsureView+0x6d3
04 00000059`d664d600 00007ffc`8bcbac73 EDGEHTML!CPaintController::EnsureView+0x53
05 00000059`d664d630 00007ffc`8bd8deca EDGEHTML!CPaintBeat::OnBeat+0x163
06 00000059`d664d690 00007ffc`8bd8ddc0 EDGEHTML!CPaintBeat::OnPaintTimer+0x5a
07 00000059`d664d6c0 00007ffc`8bb9dd9b EDGEHTML!CContainedTimerSink<CPaintBeat>::OnTimerMethodCall+0xa0
08 00000059`d664d6f0 00007ffc`8bc9fd51 EDGEHTML!GlobalWndOnPaintPriorityMethodCall+0x38b
09 00000059`d664d7e0 00007ffc`9d4000dc EDGEHTML!GlobalWndProc+0x101
0a 00000059`d664d860 00007ffc`9d3ffe52 USER32!UserCallWinProcCheckWow+0x1fc
0b 00000059`d664d950 00007ffc`9d40d3fe USER32!DispatchClientMessage+0xa2
0c 00000059`d664d9b0 00007ffc`9fa75714 USER32!_fnDWORD+0x3e
0d 00000059`d664da10 00007ffc`9d41ffba ntdll!KiUserCallbackDispatcherContinue
0e 00000059`d664da98 00007ffc`9d3ffca7 USER32!NtUserDispatchMessage+0xa
0f 00000059`d664daa0 00007ffc`89610988 USER32!DispatchMessageWorker+0x247
10 00000059`d664db20 00007ffc`8966f24b EMODEL!CTabWindow::_TabWindowThreadProc+0x5b8
11 00000059`d664fd80 00007ffc`966b7f8f EMODEL!LCIETab_ThreadProc+0x2bb
12 00000059`d664feb0 00007ffc`9f502d92 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f
13 00000059`d664fee0 00007ffc`9f9e9f64 KERNEL32!BaseThreadInitThunk+0x22
14 00000059`d664ff10 00000000`00000000 ntdll!RtlUserThreadStart+0x34
3:060> ~s
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000005b`df4f139e=????
3:060> !heap -p -a 0x5BDF4F139E
ReadMemory error for address 00000051cf41ffe8
Use `!address 00000051cf41ffe8' to check validity of the address.
ReadMemory error for address 00000051cf3bffe8
Use `!address 00000051cf3bffe8' to check validity of the address.
ReadMemory error for address 00000051cf47ffe8
Use `!address 00000051cf47ffe8' to check validity of the address.
ReadMemory error for address 00000051d35effe8
Use `!address 00000051d35effe8' to check validity of the address.
ReadMemory error for address 00000059d593ffe8
Use `!address 00000059d593ffe8' to check validity of the address.
ReadMemory error for address 00000059d591ffe8
Use `!address 00000059d591ffe8' to check validity of the address.
3:060> rM 0x7D
rax=00000000ffffffff rbx=0000000000000001 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000002 rdi=0000000000000001
rip=00007ffc8bb2aec8 rsp=00000059d664d2f0 rbp=00000059d5870400
r8=00000059df4f03a0 r9=00000059db9a6ffc r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=00000059d5870400
r14=00000059d664d4a0 r15=00000059df4f7f50
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
fpcw=027F fpsw=0000 fptw=0000
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
mm0=0000000000000000 mm1=0000000000000000
mm2=0000000000000000 mm3=0000000000000000
mm4=0000000000000000 mm5=0000000000000000
mm6=0000000000000000 mm7=0000000000000000
xmm0=4.59121e-041 -1.90234e-025 4.59121e-041 -2.77992e-033
xmm1=4.59121e-041 -6.71793e-020 4.59121e-041 -4.40834e-020
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000005b`df4f139e=????
3:060> dpp @$ea - 10*$ptrsize L10;
0000005b`df4f131e ????????`????????
0000005b`df4f1326 ????????`????????
0000005b`df4f132e ????????`????????
0000005b`df4f1336 ????????`????????
0000005b`df4f133e ????????`????????
0000005b`df4f1346 ????????`????????
0000005b`df4f134e ????????`????????
0000005b`df4f1356 ????????`????????
0000005b`df4f135e ????????`????????
0000005b`df4f1366 ????????`????????
0000005b`df4f136e ????????`????????
0000005b`df4f1376 ????????`????????
0000005b`df4f137e ????????`????????
0000005b`df4f1386 ????????`????????
0000005b`df4f138e ????????`????????
0000005b`df4f1396 ????????`????????
3:060> dpp @$ea L10;
0000005b`df4f139e ????????`????????
0000005b`df4f13a6 ????????`????????
0000005b`df4f13ae ????????`????????
0000005b`df4f13b6 ????????`????????
0000005b`df4f13be ????????`????????
0000005b`df4f13c6 ????????`????????
0000005b`df4f13ce ????????`????????
0000005b`df4f13d6 ????????`????????
0000005b`df4f13de ????????`????????
0000005b`df4f13e6 ????????`????????
0000005b`df4f13ee ????????`????????
0000005b`df4f13f6 ????????`????????
0000005b`df4f13fe ????????`????????
0000005b`df4f1406 ????????`????????
0000005b`df4f140e ????????`????????
0000005b`df4f1416 ????????`????????
3:060> dpp @$ea2 - 10*$ptrsize L10;
Bad register error at '@$ea2 - 10*$ptrsize '
3:060> .if ($vvalid(@$scopeip - 40, 40)) { u @$scopeip - 40 @$scopeip - 1; };
EDGEHTML!CTextExtractor::GetBlockText+0x368:
00007ffc`8bb2ae88 0000 add byte ptr [rax],al
00007ffc`8bb2ae8a 0000 add byte ptr [rax],al
00007ffc`8bb2ae8c 7523 jne EDGEHTML!CTextExtractor::GetBlockText+0x391 (00007ffc`8bb2aeb1)
00007ffc`8bb2ae8e 2b8f88000000 sub ecx,dword ptr [rdi+88h]
00007ffc`8bb2ae94 4c8bc6 mov r8,rsi
00007ffc`8bb2ae97 440fb64c2431 movzx r9d,byte ptr [rsp+31h]
00007ffc`8bb2ae9d 488b542460 mov rdx,qword ptr [rsp+60h]
00007ffc`8bb2aea2 894c2420 mov dword ptr [rsp+20h],ecx
00007ffc`8bb2aea6 488bcd mov rcx,rbp
00007ffc`8bb2aea9 e892050000 call EDGEHTML!CTextExtractor::AddElementToCache (00007ffc`8bb2b440)
00007ffc`8bb2aeae 4533c0 xor r8d,r8d
00007ffc`8bb2aeb1 44898798000000 mov dword ptr [rdi+98h],r8d
00007ffc`8bb2aeb8 e96bfdffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x108 (00007ffc`8bb2ac28)
00007ffc`8bb2aebd 85db test ebx,ebx
00007ffc`8bb2aebf 0f84a5010000 je EDGEHTML!CTextExtractor::GetBlockText+0x54a (00007ffc`8bb2b06a)
00007ffc`8bb2aec5 8d42ff lea eax,[rdx-1]
3:060> .if ($vvalid(@$scopeip, 40)) { u @$scopeip @$scopeip + 39; };
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h]
00007ffc`8bb2aed1 664189845000100000 mov word ptr [r8+rdx*2+1000h],ax
00007ffc`8bb2aeda e9b2feffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x271 (00007ffc`8bb2ad91)
00007ffc`8bb2aedf 66ffc0 inc ax
00007ffc`8bb2aee2 89442434 mov dword ptr [rsp+34h],eax
00007ffc`8bb2aee6 e95dffffff jmp EDGEHTML!CTextExtractor::GetBlockText+0x328 (00007ffc`8bb2ae48)
00007ffc`8bb2aeeb 3d02200000 cmp eax,2002h
00007ffc`8bb2aef0 0f8f82010000 jg EDGEHTML!CTextExtractor::GetBlockText+0x558 (00007ffc`8bb2b078)
00007ffc`8bb2aef6 0f8472020000 je EDGEHTML!CTextExtractor::GetBlockText+0x64e (00007ffc`8bb2b16e)
00007ffc`8bb2aefc 3da0000000 cmp eax,0A0h
00007ffc`8bb2af01 0f8f07020000 jg EDGEHTML!CTextExtractor::GetBlockText+0x5ee (00007ffc`8bb2b10e)
3:060> lm M *microsoftedgecp.exe
start end module name
00007ff7`6f740000 00007ff7`6f78d000 microsoftedgecp (deferred)
3:060> lmv m *EDGEHTML
start end module name
00007ffc`8ba60000 00007ffc`8cf53000 EDGEHTML (pdb symbols) c:\symbols\edgehtml.pdb\9B2B1A5DE82E4DE086518429F196DD931\edgehtml.pdb
Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
Image name: EDGEHTML.dll
Timestamp: Sun Jan 31 06:38:01 2016 (56AD9DB9)
CheckSum: 014E961D
ImageSize: 014F3000
File version: 11.0.10240.16683
Product version: 11.0.10240.16683
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10240.16683
FileVersion: 11.00.10240.16683 (th1.160130-1842)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.
3:060> lmv m *microsoftedgecp
start end module name
00007ff7`6f740000 00007ff7`6f78d000 microsoftedgecp (deferred)
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Wed Nov 25 05:17:08 2015 (56553644)
CheckSum: 0004DF0B
ImageSize: 0004D000
File version: 11.0.10240.16603
Product version: 11.0.10240.16603
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10240.16603
FileVersion: 11.00.10240.16603 (th1_st1.151124-1750)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.
3:060> q
quit: