Details

Id:  AVR:Arbitrary 553.553
Description:  Access violation while reading memory at 0x3D945C439E
Location:  microsoftedgecp.exe!edgehtml.dll!CTextExtractor::GetBlockText
Security impact:  Potentially exploitable security issue

Stack

EDGEHTML.dll!CTextExtractor::GetBlockText + 0x3A8 (553 in id)
EDGEHTML.dll!CTextExtractor::GetBlockText + 0x516 (553 in id)
EDGEHTML.dll!CTextExtractor::FillOutElementPackage + 0x217
EDGEHTML.dll!CTextExtractor::RunTextExtractionInternal + 0x25C
EDGEHTML.dll!CView::EnsureView + 0x6D3
EDGEHTML.dll!CPaintController::EnsureView + 0x53
EDGEHTML.dll!CPaintBeat::OnBeat + 0x163
EDGEHTML.dll!CPaintBeat::OnPaintTimer + 0x5A
EDGEHTML.dll!CContainedTimerSink<CPaintBeat>::OnTimerMethodCall + 0xA0
EDGEHTML.dll!GlobalWndOnPaintPriorityMethodCall + 0x38B
EDGEHTML.dll!GlobalWndProc + 0x101
USER32.dll!UserCallWinProcCheckWow + 0x1FC
USER32.dll!DispatchClientMessage + 0xA2
USER32.dll!_fnDWORD + 0x3E
ntdll.dll!KiUserCallbackDispatcherContinue
USER32.dll!NtUserDispatchMessage + 0xA
USER32.dll!DispatchMessageWorker + 0x247
EMODEL.dll!CTabWindow::_TabWindowThreadProc + 0x5B8
EMODEL.dll!LCIETab_ThreadProc + 0x2BB
iertutil.dll!_IsoThreadProc_WrapperToReleaseScope + 0x1F
KERNEL32.DLL!BaseThreadInitThunk + 0x22
ntdll.dll!RtlUserThreadStart + 0x34

Registers

rax=00000000ffffffff rbx=0000000000000001 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000002 rdi=0000000000000001
rip=00007ffc8bb2aec8 rsp=0000003b9d9fcdc0 rbp=0000003b86577800
 r8=0000003b945c33a0  r9=0000003b88ba1ffc r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000003b86577800
r14=0000003b9d9fd030 r15=0000003b995e1f50
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
fpcw=027F    fpsw=0000    fptw=0000
st0= 0.000000000000000000000e+0000  st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000  st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000  st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000  st7= 0.000000000000000000000e+0000
mm0=0000000000000000  mm1=0000000000000000
mm2=0000000000000000  mm3=0000000000000000
mm4=0000000000000000  mm5=0000000000000000
mm6=0000000000000000  mm7=0000000000000000
xmm0=5.05103e-039 5.14286e-039 5.32653e-039 4.95919e-039
xmm1=4.50001e-039 4.40817e-039 1.09285e-038 4.31635e-039
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000003d`945c439e=????

Memory

0000003d`945c431e  ????????`????????
0000003d`945c4326  ????????`????????
0000003d`945c432e  ????????`????????
0000003d`945c4336  ????????`????????
0000003d`945c433e  ????????`????????
0000003d`945c4346  ????????`????????
0000003d`945c434e  ????????`????????
0000003d`945c4356  ????????`????????
0000003d`945c435e  ????????`????????
0000003d`945c4366  ????????`????????
0000003d`945c436e  ????????`????????
0000003d`945c4376  ????????`????????
0000003d`945c437e  ????????`????????
0000003d`945c4386  ????????`????????
0000003d`945c438e  ????????`????????
0000003d`945c4396  ????????`????????
0000003d`945c439e  ????????`????????
0000003d`945c43a6  ????????`????????
0000003d`945c43ae  ????????`????????
0000003d`945c43b6  ????????`????????
0000003d`945c43be  ????????`????????
0000003d`945c43c6  ????????`????????
0000003d`945c43ce  ????????`????????
0000003d`945c43d6  ????????`????????
0000003d`945c43de  ????????`????????
0000003d`945c43e6  ????????`????????
0000003d`945c43ee  ????????`????????
0000003d`945c43f6  ????????`????????
0000003d`945c43fe  ????????`????????
0000003d`945c4406  ????????`????????
0000003d`945c440e  ????????`????????
0000003d`945c4416  ????????`????????

Disassembly

00007ffc`8bb2ae8a 0000            add     byte ptr [rax],al
00007ffc`8bb2ae8c 7523            jne     EDGEHTML!CTextExtractor::GetBlockText+0x391 (00007ffc`8bb2aeb1)
00007ffc`8bb2ae8e 2b8f88000000    sub     ecx,dword ptr [rdi+88h]
00007ffc`8bb2ae94 4c8bc6          mov     r8,rsi
00007ffc`8bb2ae97 440fb64c2431    movzx   r9d,byte ptr [rsp+31h]
00007ffc`8bb2ae9d 488b542460      mov     rdx,qword ptr [rsp+60h]
00007ffc`8bb2aea2 894c2420        mov     dword ptr [rsp+20h],ecx
00007ffc`8bb2aea6 488bcd          mov     rcx,rbp
00007ffc`8bb2aea9 e892050000      call    EDGEHTML!CTextExtractor::AddElementToCache (00007ffc`8bb2b440)
00007ffc`8bb2aeae 4533c0          xor     r8d,r8d
00007ffc`8bb2aeb1 44898798000000  mov     dword ptr [rdi+98h],r8d
00007ffc`8bb2aeb8 e96bfdffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x108 (00007ffc`8bb2ac28)
00007ffc`8bb2aebd 85db            test    ebx,ebx
00007ffc`8bb2aebf 0f84a5010000    je      EDGEHTML!CTextExtractor::GetBlockText+0x54a (00007ffc`8bb2b06a)
00007ffc`8bb2aec5 8d42ff          lea     eax,[rdx-1]
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h]         ⇐ instruction pointer
00007ffc`8bb2aed1 664189845000100000 mov   word ptr [r8+rdx*2+1000h],ax
00007ffc`8bb2aeda e9b2feffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x271 (00007ffc`8bb2ad91)
00007ffc`8bb2aedf 66ffc0          inc     ax
00007ffc`8bb2aee2 89442434        mov     dword ptr [rsp+34h],eax
00007ffc`8bb2aee6 e95dffffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x328 (00007ffc`8bb2ae48)
00007ffc`8bb2aeeb 3d02200000      cmp     eax,2002h
00007ffc`8bb2aef0 0f8f82010000    jg      EDGEHTML!CTextExtractor::GetBlockText+0x558 (00007ffc`8bb2b078)
00007ffc`8bb2aef6 0f8472020000    je      EDGEHTML!CTextExtractor::GetBlockText+0x64e (00007ffc`8bb2b16e)
00007ffc`8bb2aefc 3da0000000      cmp     eax,0A0h
00007ffc`8bb2af01 0f8f07020000    jg      EDGEHTML!CTextExtractor::GetBlockText+0x5ee (00007ffc`8bb2b10e)

Binary information

EDGEHTML.dll

    Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
    Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
    Image name: EDGEHTML.dll
    Timestamp:        Sun Jan 31 06:38:01 2016 (56AD9DB9)
    CheckSum:         014E961D
    ImageSize:        014F3000
    File version:     11.0.10240.16683
    Product version:  11.0.10240.16683
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Internet Explorer
    InternalName:     EDGEHTML
    OriginalFilename: EDGEHTML.DLL
    ProductVersion:   11.00.10240.16683
    FileVersion:      11.00.10240.16683 (th1.160130-1842)
    FileDescription:  Microsoft (R) HTML Viewer
    LegalCopyright:   � Microsoft Corporation. All rights reserved.

microsoftedgecp.exe

    Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
    Image name: microsoftedgecp.exe
    Timestamp:        Wed Nov 25 05:17:08 2015 (56553644)
    CheckSum:         0004DF0B
    ImageSize:        0004D000
    File version:     11.0.10240.16603
    Product version:  11.0.10240.16603
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft Edge
    InternalName:     MicrosoftEdgeCP
    OriginalFilename: MicrosoftEdgeCP.exe
    ProductVersion:   11.00.10240.16603
    FileVersion:      11.00.10240.16603 (th1_st1.151124-1750)
    FileDescription:  Microsoft Edge Content Process
    LegalCopyright:   � Microsoft Corporation. All rights reserved.

Debugger IO


Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*http://msdl.microsoft.com/download/symbols
Deferred                                       cache*C:\Symbols
Deferred                                       cache*\\server\Symbols
Deferred                                       srv*http://symbols.mozilla.org/firefox
Deferred                                       srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
ModLoad: 00007ff7`2b760000 00007ff7`2b776000   C:\Windows\System32\RuntimeBroker.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000   C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000   C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000   C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000   C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000   C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000   C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000   C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000   C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000   C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000   C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9dae0000 00007ffc`9db85000   C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000   C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000   C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000   C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000   C:\Windows\System32\CRYPTBASE.dll
ModLoad: 00007ffc`94160000 00007ffc`94185000   C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000   C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000   C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000   C:\Windows\System32\USERENV.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000   C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000   C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000   C:\Windows\system32\SspiCli.dll
ModLoad: 00007ffc`8ff20000 00007ffc`8ff36000   C:\Windows\SYSTEM32\capauthz.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000   C:\Windows\system32\apphelp.dll
(1144.11b0): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffc`9fa753e0 cc              int     3

Create process 4420 breakpoint.
0:008> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*http://msdl.microsoft.com/download/symbols
Deferred                                       cache*C:\Symbols
Deferred                                       cache*\\server\Symbols
Deferred                                       srv*http://symbols.mozilla.org/firefox
Deferred                                       srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
ModLoad: 00007ff6`ab540000 00007ff6`ab54a000   C:\Windows\system32\browser_broker.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000   C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000   C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000   C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000   C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000   C:\Windows\system32\user32.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000   C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000   C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000   C:\Windows\system32\bcryptPrimitives.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000   C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`94c10000 00007ffc`94c28000   C:\Windows\SYSTEM32\browserbroker.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000   C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000   C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9c800000 00007ffc`9c9c1000   C:\Windows\system32\CRYPT32.dll
ModLoad: 00007ffc`9c430000 00007ffc`9c441000   C:\Windows\system32\MSASN1.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000   C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000   C:\Windows\system32\advapi32.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000   C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000   C:\Windows\system32\shlwapi.dll
ModLoad: 00007ffc`9b650000 00007ffc`9b66c000   C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000   C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000   C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000   C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9b830000 00007ffc`9b83a000   C:\Windows\SYSTEM32\DPAPI.DLL
ModLoad: 00007ffc`9dae0000 00007ffc`9db85000   C:\Windows\system32\clbcatq.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000   C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000   C:\Windows\system32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000   C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000   C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000   C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000   C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000   C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000   C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000   C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000   C:\Windows\system32\profapi.dll
(1354.fb8): Break instruction exception - code 80000003 (first chance)

Create process 4948 breakpoint.
1:018> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*http://msdl.microsoft.com/download/symbols
Deferred                                       cache*C:\Symbols
Deferred                                       cache*\\server\Symbols
Deferred                                       srv*http://symbols.mozilla.org/firefox
Deferred                                       srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
ModLoad: 00007ff7`beb50000 00007ff7`bf14e000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000   C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000   C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000   C:\Windows\system32\apphelp.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000   C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000   C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000   C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000   C:\Windows\system32\combase.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000   C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`96220000 00007ffc`9628a000   C:\Windows\SYSTEM32\wincorlib.DLL
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000   C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000   C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000   C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000   C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffc`94ff0000 00007ffc`95fe6000   C:\Windows\System32\Windows.UI.Xaml.dll
ModLoad: 00007ffc`98920000 00007ffc`98a51000   C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffc`9a4a0000 00007ffc`9a568000   C:\Windows\SYSTEM32\CoreMessaging.dll
ModLoad: 00007ffc`9aa10000 00007ffc`9aa76000   C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000   C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000   C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9a440000 00007ffc`9a49c000   C:\Windows\SYSTEM32\NInput.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000   C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000   C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000   C:\Windows\System32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000   C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000   C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000   C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000   C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9a9f0000 00007ffc`9aa08000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffc`883b0000 00007ffc`88906000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000   C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000   C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000   C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000   C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c7b0000 00007ffc`9c7f4000   C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffc`9b080000 00007ffc`9b102000   C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffc`9af70000 00007ffc`9afa2000   C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffc`931e0000 00007ffc`9364a000   C:\Windows\System32\ActXPrxy.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000   C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`9a0a0000 00007ffc`9a0c2000   C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffc`936a0000 00007ffc`93901000   C:\Windows\system32\CoreUIComponents.dll
ModLoad: 00007ffc`99d50000 00007ffc`99dec000   C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`99df0000 00007ffc`9a093000   C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`99aa0000 00007ffc`99d0e000   C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffc`8e7e0000 00007ffc`8e814000   C:\Windows\System32\Windows.ApplicationModel.dll
ModLoad: 00007ffc`96ff0000 00007ffc`97535000   C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`89400000 00007ffc`89783000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000   C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`9a170000 00007ffc`9a241000   C:\Windows\System32\dcomp.dll
ModLoad: 00007ffc`96110000 00007ffc`9621f000   C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffc`96060000 00007ffc`960fe000   C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000   C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000   C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000   C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`92450000 00007ffc`92496000   C:\Windows\system32\DataExchange.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000   C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`9a800000 00007ffc`9a983000   C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffc`9d0b0000 00007ffc`9d119000   C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffc`9f680000 00007ffc`9f688000   C:\Windows\system32\NSI.dll
ModLoad: 00007ffc`94730000 00007ffc`94745000   C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffc`9a110000 00007ffc`9a148000   C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`9a100000 00007ffc`9a10b000   C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffc`991d0000 00007ffc`992a6000   C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffc`9bc20000 00007ffc`9bc7d000   C:\Windows\system32\mswsock.dll
ModLoad: 00007ffc`977a0000 00007ffc`977d9000   C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffc`97700000 00007ffc`97792000   C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000   C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`93660000 00007ffc`93672000   C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
ModLoad: 00007ffc`92c70000 00007ffc`92c85000   C:\Windows\system32\execmodelproxy.dll
ModLoad: 00007ffc`8afb0000 00007ffc`8b152000   C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffc`94810000 00007ffc`94996000   C:\Windows\System32\Windows.Globalization.dll
ModLoad: 00007ffc`92ee0000 00007ffc`92f1f000   C:\Windows\System32\netprofm.dll
ModLoad: 00007ffc`949a0000 00007ffc`94bf9000   C:\Windows\SYSTEM32\dwrite.dll
ModLoad: 00007ffc`92bd0000 00007ffc`92bde000   C:\Windows\System32\npmproxy.dll
ModLoad: 00007ffc`9df30000 00007ffc`9df9f000   C:\Windows\system32\coml2.dll
ModLoad: 00007ffc`9ba20000 00007ffc`9bac8000   C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffc`9ab10000 00007ffc`9ab36000   C:\Windows\SYSTEM32\SLC.dll
ModLoad: 00007ffc`9aa80000 00007ffc`9aaa5000   C:\Windows\SYSTEM32\sppc.dll
ModLoad: 00007ffc`96100000 00007ffc`9610a000   C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffc`97f70000 00007ffc`97fd8000   C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffc`8f3d0000 00007ffc`8f42a000   C:\Windows\System32\Windows.Graphics.dll
ModLoad: 00007ffc`92e90000 00007ffc`92ed3000   C:\Windows\System32\execmodelclient.dll
ModLoad: 00007ffc`98660000 00007ffc`986d2000   C:\Windows\SYSTEM32\MMDevAPI.DLL
ModLoad: 00007ffc`9ad80000 00007ffc`9ada7000   C:\Windows\SYSTEM32\DEVOBJ.dll
ModLoad: 00007ffc`9b110000 00007ffc`9b138000   C:\Windows\System32\rmclient.dll
ModLoad: 00007ffc`94160000 00007ffc`94185000   C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 00007ffc`8d6b0000 00007ffc`8d9d0000   C:\Windows\SYSTEM32\msftedit.dll
ModLoad: 00007ffc`8e050000 00007ffc`8e07e000   C:\Windows\SYSTEM32\globinputhost.dll
ModLoad: 00007ffc`947f0000 00007ffc`94808000   C:\Windows\System32\Windows.Globalization.Fontgroups.dll
ModLoad: 00007ffc`947e0000 00007ffc`947ea000   C:\Windows\SYSTEM32\fontgroupsoverride.dll
ModLoad: 00007ffc`8a990000 00007ffc`8a9b6000   C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000   C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffc`92870000 00007ffc`9292a000   C:\Windows\system32\twinapi.dll
ModLoad: 00007ffc`8f430000 00007ffc`8f483000   C:\Windows\System32\Windows.Storage.ApplicationData.dll
ModLoad: 00007ffc`94750000 00007ffc`947d9000   C:\Windows\system32\directmanipulation.dll
(1374.1178): Break instruction exception - code 80000003 (first chance)

Create process 4980 breakpoint.
2:018> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*http://msdl.microsoft.com/download/symbols
Deferred                                       cache*C:\Symbols
Deferred                                       cache*\\server\Symbols
Deferred                                       srv*http://symbols.mozilla.org/firefox
Deferred                                       srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*C:\Symbols;cache*\\server\Symbols;srv*http://symbols.mozilla.org/firefox;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
ModLoad: 00007ff7`6f740000 00007ff7`6f78d000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
ModLoad: 00007ffc`9f9e0000 00007ffc`9fba2000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffc`93e10000 00007ffc`93e7d000   C:\Windows\system32\verifier.dll
ModLoad: 00007ffc`9f4f0000 00007ffc`9f59d000   C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ffc`9c5d0000 00007ffc`9c7ad000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00007ffc`9a780000 00007ffc`9a7f8000   C:\Windows\system32\apphelp.dll
ModLoad: 00007ffc`9d8d0000 00007ffc`9d976000   C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffc`9d540000 00007ffc`9d5dd000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffc`9d1e0000 00007ffc`9d23b000   C:\Windows\system32\sechost.dll
ModLoad: 00007ffc`9f6a0000 00007ffc`9f7c6000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffc`9d3f0000 00007ffc`9d53e000   C:\Windows\system32\USER32.dll
ModLoad: 00007ffc`9dda0000 00007ffc`9df26000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ffc`9c4b0000 00007ffc`9c563000   C:\Windows\system32\shcore.dll
ModLoad: 00007ffc`9d650000 00007ffc`9d8cc000   C:\Windows\system32\combase.dll
ModLoad: 00007ffc`96680000 00007ffc`969f6000   C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 00007ffc`9f9a0000 00007ffc`9f9d6000   C:\Windows\system32\IMM32.DLL
ModLoad: 00007ffc`9d980000 00007ffc`9dadc000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffc`92580000 00007ffc`927f4000   C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\Comctl32.dll
ModLoad: 00007ffc`883b0000 00007ffc`88906000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ModLoad: 00007ffc`9d390000 00007ffc`9d3e1000   C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffc`9dfa0000 00007ffc`9f4c2000   C:\Windows\system32\SHELL32.dll
ModLoad: 00007ffc`9ca80000 00007ffc`9d0a8000   C:\Windows\system32\windows.storage.dll
ModLoad: 00007ffc`9c450000 00007ffc`9c45f000   C:\Windows\system32\kernel.appcore.dll
ModLoad: 00007ffc`9c460000 00007ffc`9c4aa000   C:\Windows\system32\powrprof.dll
ModLoad: 00007ffc`9c410000 00007ffc`9c423000   C:\Windows\system32\profapi.dll
ModLoad: 00007ffc`9d240000 00007ffc`9d381000   C:\Windows\system32\ole32.dll
ModLoad: 00007ffc`9d120000 00007ffc`9d1de000   C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffc`9c7b0000 00007ffc`9c7f4000   C:\Windows\system32\cfgmgr32.dll
ModLoad: 00007ffc`9b080000 00007ffc`9b102000   C:\Windows\SYSTEM32\firewallapi.dll
ModLoad: 00007ffc`9af70000 00007ffc`9afa2000   C:\Windows\SYSTEM32\fwbase.dll
ModLoad: 00007ffc`9a9f0000 00007ffc`9aa08000   C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 00007ffc`9c1c0000 00007ffc`9c22b000   C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffc`9ac30000 00007ffc`9acc6000   C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffc`9bc80000 00007ffc`9bc97000   C:\Windows\SYSTEM32\cryptsp.dll
ModLoad: 00007ffc`9c340000 00007ffc`9c368000   C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffc`9b8d0000 00007ffc`9b903000   C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffc`9bdd0000 00007ffc`9bddb000   C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffc`9add0000 00007ffc`9aebe000   C:\Windows\SYSTEM32\twinapi.appcore.dll
ModLoad: 00007ffc`9b9c0000 00007ffc`9b9df000   C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffc`8ba60000 00007ffc`8cf53000   C:\Windows\SYSTEM32\EDGEHTML.dll
ModLoad: 00007ffc`8b320000 00007ffc`8ba58000   C:\Windows\SYSTEM32\chakra.dll
ModLoad: 00007ffc`94640000 00007ffc`9467d000   C:\Windows\SYSTEM32\MLANG.dll
ModLoad: 00007ffc`98920000 00007ffc`98a51000   C:\Windows\System32\WinTypes.dll
ModLoad: 00007ffc`93910000 00007ffc`93bd1000   C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffc`9bfd0000 00007ffc`9bffc000   C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffc`9d0b0000 00007ffc`9d119000   C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffc`9f680000 00007ffc`9f688000   C:\Windows\system32\NSI.dll
ModLoad: 00007ffc`94730000 00007ffc`94745000   C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffc`9a110000 00007ffc`9a148000   C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffc`9a100000 00007ffc`9a10b000   C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffc`991d0000 00007ffc`992a6000   C:\Windows\SYSTEM32\winhttp.dll
ModLoad: 00007ffc`92960000 00007ffc`92975000   C:\Windows\SYSTEM32\profext.dll
ModLoad: 00007ffc`9b750000 00007ffc`9b782000   C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffc`9bc20000 00007ffc`9bc7d000   C:\Windows\system32\mswsock.dll
ModLoad: 00007ffc`9a0a0000 00007ffc`9a0c2000   C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffc`96a00000 00007ffc`96b96000   C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffc`8afb0000 00007ffc`8b152000   C:\Windows\SYSTEM32\ieapfltr.dll
ModLoad: 00007ffc`977a0000 00007ffc`977d9000   C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffc`97700000 00007ffc`97792000   C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffc`98fd0000 00007ffc`99006000   C:\Windows\SYSTEM32\XmlLite.dll
ModLoad: 00007ffc`9ba20000 00007ffc`9bac8000   C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffc`92450000 00007ffc`92496000   C:\Windows\system32\dataexchange.dll
ModLoad: 00007ffc`96ff0000 00007ffc`97535000   C:\Windows\SYSTEM32\d2d1.dll
ModLoad: 00007ffc`99df0000 00007ffc`9a093000   C:\Windows\SYSTEM32\d3d11.dll
ModLoad: 00007ffc`9a170000 00007ffc`9a241000   C:\Windows\SYSTEM32\dcomp.dll
ModLoad: 00007ffc`99d50000 00007ffc`99dec000   C:\Windows\SYSTEM32\dxgi.dll
ModLoad: 00007ffc`92870000 00007ffc`9292a000   C:\Windows\system32\twinapi.dll
ModLoad: 00007ffc`9a440000 00007ffc`9a49c000   C:\Windows\SYSTEM32\ninput.dll
ModLoad: 00007ffc`949a0000 00007ffc`94bf9000   C:\Windows\SYSTEM32\DWrite.dll
ModLoad: 00007ffc`99aa0000 00007ffc`99d0e000   C:\Windows\SYSTEM32\d3d10warp.dll
ModLoad: 00007ffc`96060000 00007ffc`960fe000   C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffc`94320000 00007ffc`94330000   C:\Windows\system32\msimtf.dll
ModLoad: 00007ffc`94750000 00007ffc`947d9000   C:\Windows\system32\directmanipulation.dll
ModLoad: 00007ffc`96110000 00007ffc`9621f000   C:\Windows\System32\MrmCoreR.dll
ModLoad: 00007ffc`9aa10000 00007ffc`9aa76000   C:\Windows\SYSTEM32\Bcp47Langs.dll
ModLoad: 00007ffc`94810000 00007ffc`94996000   C:\Windows\SYSTEM32\windows.globalization.dll
ModLoad: 00007ffc`8a330000 00007ffc`8a3d8000   C:\Windows\System32\ieproxy.dll
ModLoad: 00007ffc`97f70000 00007ffc`97fd8000   C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffc`96100000 00007ffc`9610a000   C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffc`9b110000 00007ffc`9b138000   C:\Windows\System32\rmclient.dll
(13d4.d1c): Break instruction exception - code 80000003 (first chance)

Create process 5076 breakpoint.
3:082> g
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.834): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.26c): Windows Runtime Originate Error - code 40080201 (first chance)
(1374.2e4): Windows Runtime Originate Error - code 40080201 (first chance)
(13d4.6f8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.

3:111> .lastevent
Last event: 13d4.6f8: Access violation - code c0000005 (first chance)
  debugger time: Sun Mar  6 00:28:35.531 2016 (UTC + 1:00)

3:111> |.
.  3 id: 13d4 attach name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe

3:111> .exr -1
ExceptionAddress: 00007ffc8bb2aec8 (EDGEHTML!CTextExtractor::GetBlockText+0x00000000000003a8)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000003d945c439e
Attempt to read from address 0000003d945c439e

3:111> lm on
start             end                 module name
00007ff7`6f740000 00007ff7`6f78d000   microsoftedgecp microsoftedgecp.exe
00007ffc`883b0000 00007ffc`88906000   EMODEL   EMODEL.dll  
00007ffc`8a330000 00007ffc`8a3d8000   ieproxy  ieproxy.dll 
00007ffc`8afb0000 00007ffc`8b152000   ieapfltr ieapfltr.dll
00007ffc`8b320000 00007ffc`8ba58000   chakra   chakra.dll  
00007ffc`8ba60000 00007ffc`8cf53000   EDGEHTML EDGEHTML.dll
00007ffc`92450000 00007ffc`92496000   dataexchange dataexchange.dll
00007ffc`92580000 00007ffc`927f4000   Comctl32 Comctl32.dll
00007ffc`92870000 00007ffc`9292a000   twinapi  twinapi.dll 
00007ffc`92960000 00007ffc`92975000   profext  profext.dll 
00007ffc`931e0000 00007ffc`9364a000   ActXPrxy ActXPrxy.dll
00007ffc`93910000 00007ffc`93bd1000   WININET  WININET.dll 
00007ffc`93e10000 00007ffc`93e7d000   verifier verifier.dll
00007ffc`94320000 00007ffc`94330000   msimtf   msimtf.dll  
00007ffc`94640000 00007ffc`9467d000   MLANG    MLANG.dll   
00007ffc`94730000 00007ffc`94745000   ondemandconnroutehelper ondemandconnroutehelper.dll
00007ffc`94750000 00007ffc`947d9000   directmanipulation directmanipulation.dll
00007ffc`94810000 00007ffc`94996000   windows_globalization windows.globalization.dll
00007ffc`949a0000 00007ffc`94bf9000   DWrite   DWrite.dll  
00007ffc`96060000 00007ffc`960fe000   Windows_UI Windows.UI.dll
00007ffc`96100000 00007ffc`9610a000   rasadhlp rasadhlp.dll
00007ffc`96110000 00007ffc`9621f000   MrmCoreR MrmCoreR.dll
00007ffc`96290000 00007ffc`9629c000   dispex   dispex.dll  
00007ffc`96680000 00007ffc`969f6000   iertutil iertutil.dll
00007ffc`96a00000 00007ffc`96b96000   urlmon   urlmon.dll  
00007ffc`96ff0000 00007ffc`97535000   d2d1     d2d1.dll    
00007ffc`97700000 00007ffc`97792000   msvcp110_win msvcp110_win.dll
00007ffc`977a0000 00007ffc`977d9000   policymanager policymanager.dll
00007ffc`97f70000 00007ffc`97fd8000   fwpuclnt fwpuclnt.dll
00007ffc`98920000 00007ffc`98a51000   WinTypes WinTypes.dll
00007ffc`98fd0000 00007ffc`99006000   XmlLite  XmlLite.dll 
00007ffc`991d0000 00007ffc`992a6000   winhttp  winhttp.dll 
00007ffc`99aa0000 00007ffc`99d0e000   d3d10warp d3d10warp.dll
00007ffc`99d50000 00007ffc`99dec000   dxgi     dxgi.dll    
00007ffc`99df0000 00007ffc`9a093000   d3d11    d3d11.dll   
00007ffc`9a0a0000 00007ffc`9a0c2000   dwmapi   dwmapi.dll  
00007ffc`9a100000 00007ffc`9a10b000   WINNSI   WINNSI.DLL  
00007ffc`9a110000 00007ffc`9a148000   IPHLPAPI IPHLPAPI.DLL
00007ffc`9a170000 00007ffc`9a241000   dcomp    dcomp.dll   
00007ffc`9a440000 00007ffc`9a49c000   ninput   ninput.dll  
00007ffc`9a780000 00007ffc`9a7f8000   apphelp  apphelp.dll 
00007ffc`9a800000 00007ffc`9a983000   PROPSYS  PROPSYS.dll 
00007ffc`9a9f0000 00007ffc`9aa08000   EShims   EShims.dll  
00007ffc`9aa10000 00007ffc`9aa76000   Bcp47Langs Bcp47Langs.dll
00007ffc`9ac30000 00007ffc`9acc6000   uxtheme  uxtheme.dll 
00007ffc`9add0000 00007ffc`9aebe000   twinapi_appcore twinapi.appcore.dll
00007ffc`9af70000 00007ffc`9afa2000   fwbase   fwbase.dll  
00007ffc`9b080000 00007ffc`9b102000   firewallapi firewallapi.dll
00007ffc`9b110000 00007ffc`9b138000   rmclient rmclient.dll
00007ffc`9b750000 00007ffc`9b782000   ntmarta  ntmarta.dll 
00007ffc`9b8d0000 00007ffc`9b903000   rsaenh   rsaenh.dll  
00007ffc`9b9c0000 00007ffc`9b9df000   USERENV  USERENV.dll 
00007ffc`9ba20000 00007ffc`9bac8000   DNSAPI   DNSAPI.dll  
00007ffc`9bc20000 00007ffc`9bc7d000   mswsock  mswsock.dll 
00007ffc`9bc80000 00007ffc`9bc97000   cryptsp  cryptsp.dll 
00007ffc`9bdd0000 00007ffc`9bddb000   CRYPTBASE CRYPTBASE.dll
00007ffc`9bfd0000 00007ffc`9bffc000   SspiCli  SspiCli.dll 
00007ffc`9c1c0000 00007ffc`9c22b000   bcryptPrimitives bcryptPrimitives.dll
00007ffc`9c230000 00007ffc`9c2c8000   sxs      sxs.dll     
00007ffc`9c340000 00007ffc`9c368000   bcrypt   bcrypt.dll  
00007ffc`9c410000 00007ffc`9c423000   profapi  profapi.dll 
00007ffc`9c450000 00007ffc`9c45f000   kernel_appcore kernel.appcore.dll
00007ffc`9c460000 00007ffc`9c4aa000   powrprof powrprof.dll
00007ffc`9c4b0000 00007ffc`9c563000   shcore   shcore.dll  
00007ffc`9c5d0000 00007ffc`9c7ad000   KERNELBASE KERNELBASE.dll
00007ffc`9c7b0000 00007ffc`9c7f4000   cfgmgr32 cfgmgr32.dll
00007ffc`9ca80000 00007ffc`9d0a8000   windows_storage windows.storage.dll
00007ffc`9d0b0000 00007ffc`9d119000   WS2_32   WS2_32.dll  
00007ffc`9d120000 00007ffc`9d1de000   OLEAUT32 OLEAUT32.dll
00007ffc`9d1e0000 00007ffc`9d23b000   sechost  sechost.dll 
00007ffc`9d240000 00007ffc`9d381000   ole32    ole32.dll   
00007ffc`9d390000 00007ffc`9d3e1000   SHLWAPI  SHLWAPI.dll 
00007ffc`9d3f0000 00007ffc`9d53e000   USER32   USER32.dll  
00007ffc`9d540000 00007ffc`9d5dd000   msvcrt   msvcrt.dll  
00007ffc`9d650000 00007ffc`9d8cc000   combase  combase.dll 
00007ffc`9d8d0000 00007ffc`9d976000   ADVAPI32 ADVAPI32.dll
00007ffc`9d980000 00007ffc`9dadc000   MSCTF    MSCTF.dll   
00007ffc`9dda0000 00007ffc`9df26000   GDI32    GDI32.dll   
00007ffc`9dfa0000 00007ffc`9f4c2000   SHELL32  SHELL32.dll 
00007ffc`9f4f0000 00007ffc`9f59d000   KERNEL32 KERNEL32.DLL
00007ffc`9f680000 00007ffc`9f688000   NSI      NSI.dll     
00007ffc`9f6a0000 00007ffc`9f7c6000   RPCRT4   RPCRT4.dll  
00007ffc`9f9a0000 00007ffc`9f9d6000   IMM32    IMM32.DLL   
00007ffc`9f9e0000 00007ffc`9fba2000   ntdll    ntdll.dll   

3:111> kn 0x64
 # Child-SP          RetAddr           Call Site
00 0000003b`9d9fcdc0 00007ffc`8bb2b036 EDGEHTML!CTextExtractor::GetBlockText+0x3a8
01 0000003b`9d9fce80 00007ffc`8bb2a557 EDGEHTML!CTextExtractor::GetBlockText+0x516
02 0000003b`9d9fcf40 00007ffc`8bb29ea0 EDGEHTML!CTextExtractor::FillOutElementPackage+0x217
03 0000003b`9d9fd000 00007ffc`8bcbc863 EDGEHTML!CTextExtractor::RunTextExtractionInternal+0x25c
04 0000003b`9d9fd0b0 00007ffc`8bcb8943 EDGEHTML!CView::EnsureView+0x6d3
05 0000003b`9d9fd190 00007ffc`8bcbac73 EDGEHTML!CPaintController::EnsureView+0x53
06 0000003b`9d9fd1c0 00007ffc`8bd8deca EDGEHTML!CPaintBeat::OnBeat+0x163
07 0000003b`9d9fd220 00007ffc`8bd8ddc0 EDGEHTML!CPaintBeat::OnPaintTimer+0x5a
08 0000003b`9d9fd250 00007ffc`8bb9dd9b EDGEHTML!CContainedTimerSink<CPaintBeat>::OnTimerMethodCall+0xa0
09 0000003b`9d9fd280 00007ffc`8bc9fd51 EDGEHTML!GlobalWndOnPaintPriorityMethodCall+0x38b
0a 0000003b`9d9fd370 00007ffc`9d4000dc EDGEHTML!GlobalWndProc+0x101
0b 0000003b`9d9fd3f0 00007ffc`9d3ffe52 USER32!UserCallWinProcCheckWow+0x1fc
0c 0000003b`9d9fd4e0 00007ffc`9d40d3fe USER32!DispatchClientMessage+0xa2
0d 0000003b`9d9fd540 00007ffc`9fa75714 USER32!_fnDWORD+0x3e
0e 0000003b`9d9fd5a0 00007ffc`9d41ffba ntdll!KiUserCallbackDispatcherContinue
0f 0000003b`9d9fd628 00007ffc`9d3ffca7 USER32!NtUserDispatchMessage+0xa
10 0000003b`9d9fd630 00007ffc`883f0988 USER32!DispatchMessageWorker+0x247
11 0000003b`9d9fd6b0 00007ffc`8844f24b EMODEL!CTabWindow::_TabWindowThreadProc+0x5b8
12 0000003b`9d9ff910 00007ffc`966b7f8f EMODEL!LCIETab_ThreadProc+0x2bb
13 0000003b`9d9ffa40 00007ffc`9f502d92 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f
14 0000003b`9d9ffa70 00007ffc`9f9e9f64 KERNEL32!BaseThreadInitThunk+0x22
15 0000003b`9d9ffaa0 00000000`00000000 ntdll!RtlUserThreadStart+0x34

3:111> ~s
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000003d`945c439e=????

3:111> !heap -p -a 0x3D945C439E
ReadMemory error for address 0000003bfee9ffe8
Use `!address 0000003bfee9ffe8' to check validity of the address.
ReadMemory error for address 0000003bff1dffe8
Use `!address 0000003bff1dffe8' to check validity of the address.
ReadMemory error for address 0000003bff34ffe8
Use `!address 0000003bff34ffe8' to check validity of the address.
ReadMemory error for address 0000003bffe2ffe8
Use `!address 0000003bffe2ffe8' to check validity of the address.
ReadMemory error for address 0000003b8661ffe8
Use `!address 0000003b8661ffe8' to check validity of the address.
ReadMemory error for address 0000003b8a7effe8
Use `!address 0000003b8a7effe8' to check validity of the address.
 

3:111> rM 0x7D
rax=00000000ffffffff rbx=0000000000000001 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000002 rdi=0000000000000001
rip=00007ffc8bb2aec8 rsp=0000003b9d9fcdc0 rbp=0000003b86577800
 r8=0000003b945c33a0  r9=0000003b88ba1ffc r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000003b86577800
r14=0000003b9d9fd030 r15=0000003b995e1f50
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
fpcw=027F    fpsw=0000    fptw=0000
st0= 0.000000000000000000000e+0000  st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000  st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000  st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000  st7= 0.000000000000000000000e+0000
mm0=0000000000000000  mm1=0000000000000000
mm2=0000000000000000  mm3=0000000000000000
mm4=0000000000000000  mm5=0000000000000000
mm6=0000000000000000  mm7=0000000000000000
xmm0=5.05103e-039 5.14286e-039 5.32653e-039 4.95919e-039
xmm1=4.50001e-039 4.40817e-039 1.09285e-038 4.31635e-039
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
xmm8=0 0 0 0
xmm9=0 0 0 0
xmm10=0 0 0 0
xmm11=0 0 0 0
xmm12=0 0 0 0
xmm13=0 0 0 0
xmm14=0 0 0 0
xmm15=0 0 0 0
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h] ds:0000003d`945c439e=????

3:111> dpp @$ea - 10*$ptrsize L10;
0000003d`945c431e  ????????`????????
0000003d`945c4326  ????????`????????
0000003d`945c432e  ????????`????????
0000003d`945c4336  ????????`????????
0000003d`945c433e  ????????`????????
0000003d`945c4346  ????????`????????
0000003d`945c434e  ????????`????????
0000003d`945c4356  ????????`????????
0000003d`945c435e  ????????`????????
0000003d`945c4366  ????????`????????
0000003d`945c436e  ????????`????????
0000003d`945c4376  ????????`????????
0000003d`945c437e  ????????`????????
0000003d`945c4386  ????????`????????
0000003d`945c438e  ????????`????????
0000003d`945c4396  ????????`????????

3:111> dpp @$ea L10;
0000003d`945c439e  ????????`????????
0000003d`945c43a6  ????????`????????
0000003d`945c43ae  ????????`????????
0000003d`945c43b6  ????????`????????
0000003d`945c43be  ????????`????????
0000003d`945c43c6  ????????`????????
0000003d`945c43ce  ????????`????????
0000003d`945c43d6  ????????`????????
0000003d`945c43de  ????????`????????
0000003d`945c43e6  ????????`????????
0000003d`945c43ee  ????????`????????
0000003d`945c43f6  ????????`????????
0000003d`945c43fe  ????????`????????
0000003d`945c4406  ????????`????????
0000003d`945c440e  ????????`????????
0000003d`945c4416  ????????`????????

3:111> dpp @$ea2 - 10*$ptrsize L10;
Bad register error at '@$ea2 - 10*$ptrsize '

3:111> .if ($vvalid(@$scopeip - 40, 40)) { u @$scopeip - 40 @$scopeip - 1; };
EDGEHTML!CTextExtractor::GetBlockText+0x368:
00007ffc`8bb2ae88 0000            add     byte ptr [rax],al
00007ffc`8bb2ae8a 0000            add     byte ptr [rax],al
00007ffc`8bb2ae8c 7523            jne     EDGEHTML!CTextExtractor::GetBlockText+0x391 (00007ffc`8bb2aeb1)
00007ffc`8bb2ae8e 2b8f88000000    sub     ecx,dword ptr [rdi+88h]
00007ffc`8bb2ae94 4c8bc6          mov     r8,rsi
00007ffc`8bb2ae97 440fb64c2431    movzx   r9d,byte ptr [rsp+31h]
00007ffc`8bb2ae9d 488b542460      mov     rdx,qword ptr [rsp+60h]
00007ffc`8bb2aea2 894c2420        mov     dword ptr [rsp+20h],ecx
00007ffc`8bb2aea6 488bcd          mov     rcx,rbp
00007ffc`8bb2aea9 e892050000      call    EDGEHTML!CTextExtractor::AddElementToCache (00007ffc`8bb2b440)
00007ffc`8bb2aeae 4533c0          xor     r8d,r8d
00007ffc`8bb2aeb1 44898798000000  mov     dword ptr [rdi+98h],r8d
00007ffc`8bb2aeb8 e96bfdffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x108 (00007ffc`8bb2ac28)
00007ffc`8bb2aebd 85db            test    ebx,ebx
00007ffc`8bb2aebf 0f84a5010000    je      EDGEHTML!CTextExtractor::GetBlockText+0x54a (00007ffc`8bb2b06a)
00007ffc`8bb2aec5 8d42ff          lea     eax,[rdx-1]

3:111> .if ($vvalid(@$scopeip, 40)) { u @$scopeip @$scopeip + 39; };
EDGEHTML!CTextExtractor::GetBlockText+0x3a8:
00007ffc`8bb2aec8 410fb7844000100000 movzx eax,word ptr [r8+rax*2+1000h]
00007ffc`8bb2aed1 664189845000100000 mov   word ptr [r8+rdx*2+1000h],ax
00007ffc`8bb2aeda e9b2feffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x271 (00007ffc`8bb2ad91)
00007ffc`8bb2aedf 66ffc0          inc     ax
00007ffc`8bb2aee2 89442434        mov     dword ptr [rsp+34h],eax
00007ffc`8bb2aee6 e95dffffff      jmp     EDGEHTML!CTextExtractor::GetBlockText+0x328 (00007ffc`8bb2ae48)
00007ffc`8bb2aeeb 3d02200000      cmp     eax,2002h
00007ffc`8bb2aef0 0f8f82010000    jg      EDGEHTML!CTextExtractor::GetBlockText+0x558 (00007ffc`8bb2b078)
00007ffc`8bb2aef6 0f8472020000    je      EDGEHTML!CTextExtractor::GetBlockText+0x64e (00007ffc`8bb2b16e)
00007ffc`8bb2aefc 3da0000000      cmp     eax,0A0h
00007ffc`8bb2af01 0f8f07020000    jg      EDGEHTML!CTextExtractor::GetBlockText+0x5ee (00007ffc`8bb2b10e)

3:111> lm M *microsoftedgecp.exe
start             end                 module name
00007ff7`6f740000 00007ff7`6f78d000   microsoftedgecp   (deferred)             

3:111> lmv m *EDGEHTML
start             end                 module name
00007ffc`8ba60000 00007ffc`8cf53000   EDGEHTML   (pdb symbols)          c:\symbols\edgehtml.pdb\9B2B1A5DE82E4DE086518429F196DD931\edgehtml.pdb
    Loaded symbol image file: C:\Windows\SYSTEM32\EDGEHTML.dll
    Image path: C:\Windows\SYSTEM32\EDGEHTML.dll
    Image name: EDGEHTML.dll
    Timestamp:        Sun Jan 31 06:38:01 2016 (56AD9DB9)
    CheckSum:         014E961D
    ImageSize:        014F3000
    File version:     11.0.10240.16683
    Product version:  11.0.10240.16683
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Internet Explorer
    InternalName:     EDGEHTML
    OriginalFilename: EDGEHTML.DLL
    ProductVersion:   11.00.10240.16683
    FileVersion:      11.00.10240.16683 (th1.160130-1842)
    FileDescription:  Microsoft (R) HTML Viewer
    LegalCopyright:   � Microsoft Corporation. All rights reserved.

3:111> lmv m *microsoftedgecp
start             end                 module name
00007ff7`6f740000 00007ff7`6f78d000   microsoftedgecp   (deferred)             
    Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
    Image name: microsoftedgecp.exe
    Timestamp:        Wed Nov 25 05:17:08 2015 (56553644)
    CheckSum:         0004DF0B
    ImageSize:        0004D000
    File version:     11.0.10240.16603
    Product version:  11.0.10240.16603
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft Edge
    InternalName:     MicrosoftEdgeCP
    OriginalFilename: MicrosoftEdgeCP.exe
    ProductVersion:   11.00.10240.16603
    FileVersion:      11.00.10240.16603 (th1_st1.151124-1750)
    FileDescription:  Microsoft Edge Content Process
    LegalCopyright:   � Microsoft Corporation. All rights reserved.

3:111> q
quit: