AVR:Unallocated e2d.0f3

Id:	AVR:Unallocated e2d.0f3
Description:	Access violation while reading unallocated memory at 0x4C261
Location:	microsoftedgecp.exe!edgehtml.dll!CBaseScriptable::PrivateQueryInterface
Security impact:	Potentially exploitable security issue

edgehtml.dll!CBaseScriptable::PrivateQueryInterface + 0xBC (e2d in id)
edgehtml.dll!CBaseTypeOperations::QueryObjectInterface + 0xC0 (0f3 in id)
chakra.dll!Js::CustomExternalObject::QueryObjectInterface + 0x39
chakra.dll!JavascriptDispatch::QueryInterface + 0x1CB
combase.dll!ObtainStdIDFromUnk + 0x19 [d:\th\com\combase\dcomrem\stdid.cxx @ 2133]
combase.dll!StdMarshalObject + 0xB2 [d:\th\com\combase\dcomrem\marshal.cxx @ 9570]
combase.dll!CDestObjectWrapper::MarshalInterface + 0x5EF [d:\th\com\combase\dcomrem\coapi.cxx @ 718]
combase.dll!CoMarshalInterface + 0x613 [d:\th\com\combase\dcomrem\coapi.cxx @ 1001]
combase.dll!WdtpInterfacePointer_UserMarshal + 0x68 [d:\th\com\combase\proxy\proxy\transmit.cxx @ 882]
OLEAUT32.dll!VARIANT_UserMarshal + 0x125
RPCRT4.dll!NdrpUserMarshalMarshall + 0xAE
RPCRT4.dll!NdrUserMarshalMarshall + 0x8B
RPCRT4.dll!NdrStubCall2 + 0x8EA
combase.dll!CStdStubBuffer_Invoke + 0xDE [d:\th\com\combase\ndr\ndrole\stub.cxx @ 1446]
combase.dll!InvokeStubWithExceptionPolicyAndTracing::__l7::<lambda_adf5d6ba83bff890864fd80ca2bbf1eb>::operator() + 0x1C [d:\th\com\combase\dcomrem\channelb.cxx @ 1805]
combase.dll!ObjectMethodExceptionHandlingAction<<lambda_adf5d6ba83bff890864fd80ca2bbf1eb> > + 0x76 [d:\th\com\combase\dcomrem\excepn.hxx @ 91]
combase.dll!InvokeStubWithExceptionPolicyAndTracing + 0x8E [d:\th\com\combase\dcomrem\channelb.cxx @ 1808]
combase.dll!DefaultStubInvoke + 0x207 [d:\th\com\combase\dcomrem\channelb.cxx @ 1880]
combase.dll!SyncStubCall::Invoke + 0x22 [d:\th\com\combase\dcomrem\channelb.cxx @ 1934]
combase.dll!SyncServerCall::StubInvoke + 0x22 [d:\th\com\combase\dcomrem\servercall.hpp @ 736]
combase.dll!StubInvoke + 0x1D7 [d:\th\com\combase\dcomrem\channelb.cxx @ 2154]
combase.dll!ServerCall::ContextInvoke + 0x381 [d:\th\com\combase\dcomrem\ctxchnl.cxx @ 1568]
combase.dll!CServerChannel::ContextInvoke + 0x8B [d:\th\com\combase\dcomrem\ctxchnl.cxx @ 1458]
combase.dll!DefaultInvokeInApartment + 0xC5 [d:\th\com\combase\dcomrem\callctrl.cxx @ 3438]
combase.dll!ClassicSTAInvokeInApartment + 0x186 [d:\th\com\combase\dcomrem\callctrl.cxx @ 3202]
combase.dll!AppInvoke + 0x410 [d:\th\com\combase\dcomrem\channelb.cxx @ 1606]
combase.dll!ComInvokeWithLockAndIPID + 0x625 [d:\th\com\combase\dcomrem\channelb.cxx @ 2686]
combase.dll!ComInvoke + 0x1F1 [d:\th\com\combase\dcomrem\channelb.cxx @ 2223]
combase.dll!ThreadDispatch + 0x25A [d:\th\com\combase\dcomrem\chancont.cxx @ 414]
combase.dll!ThreadWndProc + 0x426 [d:\th\com\combase\dcomrem\chancont.cxx @ 722]
USER32.dll!_InternalCallWinProc + 0x2B
USER32.dll!UserCallWinProcCheckWow + 0x1AA
USER32.dll!DispatchMessageWorker + 0x1A0
USER32.dll!DispatchMessageW + 0x10
EMODEL.dll!CTabWindow::_TabWindowThreadProc + 0x54D
EMODEL.dll!LCIETab_ThreadProc + 0x2F3
iertutil.dll!_IsoThreadProc_WrapperToReleaseScope + 0x1C
KERNEL32.DLL!BaseThreadInitThunk + 0x24
ntdll.dll!__RtlUserThreadStart + 0x2B
ntdll.dll!_RtlUserThreadStart + 0x1B

6556b038 5d pop ebp
6556b039 c20c00 ret 0Ch
6556b03c bac858c664 mov edx,offset edgehtml!_GUID_00000000_0000_0000_c000_000000000046 (64c658c8)
6556b041 8bce mov ecx,esi
6556b043 e86883bfff call edgehtml!== (651633b0)
6556b048 84c0 test al,al
6556b04a 7405 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b04c 8b4508 mov eax,dword ptr [ebp+8]
6556b04f 8907 mov dword ptr [edi],eax
6556b051 8b0f mov ecx,dword ptr [edi]
6556b053 85c9 test ecx,ecx
6556b055 74da je edgehtml!CBaseScriptable::PrivateQueryInterface+0x91 (6556b031)
6556b057 8b01 mov eax,dword ptr [ecx]
6556b059 8bfc mov edi,esp
6556b05b 51 push ecx
edgehtml!CBaseScriptable::PrivateQueryInterface+0xbc:
6556b05c 8b7004 mov esi,dword ptr [eax+4] ⇐ instruction pointer
6556b05f 8bce mov ecx,esi
6556b061 ff15287bc365 call dword ptr [edgehtml!__guard_check_icall_fptr (65c37b28)]
6556b067 ffd6 call esi
6556b069 3bfc cmp edi,esp
6556b06b 7407 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xd4 (6556b074)
6556b06d b904000000 mov ecx,4
6556b072 cd29 int 29h
6556b074 eba7 jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x7d (6556b01d)
6556b076 baa872e364 mov edx,offset edgehtml!IID_ICanvasPattern (64e372a8)
6556b07b e96fffffff jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b080 3d18075130 cmp eax,30510718h
6556b085 0f8481000000 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x16c (6556b10c)
6556b08b 3d1a075130 cmp eax,3051071Ah
6556b090 7470 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x162 (6556b102)
6556b092 3d1600cb9b cmp eax,9BCB0016h
6556b097 740e je edgehtml!CBaseScriptable::PrivateQueryInterface+0x107 (6556b0a7)
6556b099 3d6098efa6 cmp eax,0A6EF9860h

eax=0004c25d ebx=074fec00 ecx=6cc86dda edx=00140001 esi=772c7460 edi=103bc548
eip=6556b05c esp=103bc544 ebp=103bc550 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
fpcw=027F: rn 53 puozdi fpsw=0120: top=0 cc=0001 --p----- fptw=FFFF
fopcode=0000 fpip=001b:647bec2d fpdp=0023:118ecfb8
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 9.999999776482582092290e-0003 st3= 1.000000000000000000000e+0000
st4= 1.000000000000000000000e+0000 st5= 5.664062500000000000000e-0002
st6= 1.463408495963000000000e+0012 st7= 1.018066406250000000000e-0001
mm0=0000000000000000 mm1=0000000000000000
mm2=a3d70a0000000000 mm3=8000000000000000
mm4=8000000000000000 mm5=e800000000000000
mm6=aa5cf8c6ad800000 mm7=d080000000000000
xmm0=0 0 0 0
xmm1=0 0 0 0
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
dr0=00000000 dr1=00000000 dr2=00000000
dr3=00000000 dr6=00000000 dr7=00000000
edgehtml!CBaseScriptable::PrivateQueryInterface+0xbc:
6556b05c 8b7004 mov esi,dword ptr [eax+4] ds:0023:0004c261=????????

Memory around address 0x4C261:

0004c221 ????????
0004c225 ????????
0004c229 ????????
0004c22d ????????
0004c231 ????????
0004c235 ????????
0004c239 ????????
0004c23d ????????
0004c241 ????????
0004c245 ????????
0004c249 ????????
0004c24d ????????
0004c251 ????????
0004c255 ????????
0004c259 ????????
0004c25d ????????
0004c261 ???????? ⇐ referenced
0004c265 ????????
0004c269 ????????
0004c26d ????????
0004c271 ????????
0004c275 ????????
0004c279 ????????
0004c27d ????????
0004c281 ????????
0004c285 ????????
0004c289 ????????
0004c28d ????????
0004c291 ????????
0004c295 ????????
0004c299 ????????
0004c29d ????????

edgehtml.dll

Loaded symbol image file: C:\WINDOWS\SYSTEM32\edgehtml.dll
Image path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Image name: edgehtml.dll
Timestamp: Sat Apr 23 06:20:39 2016 (571AF817)
CheckSum: 011D509E
ImageSize: 011EB000
File version: 11.0.10586.306
Product version: 11.0.10586.306
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10586.306
FileVersion: 11.00.10586.306 (th2_release_sec.160422-1850)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.

microsoftedgecp.exe

Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Tue Nov 24 07:49:28 2015 (56540878)
CheckSum: 00053B24
ImageSize: 0004E000
File version: 11.0.10586.20
Product version: 11.0.10586.20
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10586.20
FileVersion: 11.00.10586.20 (th2_release_sec.151123-1940)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.

Microsoft (R) Windows Debugger Version 6.3.9600.16384 X86
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 01090000 010a4000 C:\Windows\System32\RuntimeBroker.exe
ModLoad: 775d0000 7774b000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 6cc80000 6cce1000 C:\WINDOWS\system32\verifier.dll
ModLoad: 75160000 751f6000 C:\WINDOWS\system32\KERNEL32.DLL
ModLoad: 74460000 745df000 C:\WINDOWS\system32\KERNELBASE.dll
ModLoad: 75a40000 75afe000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 770e0000 771a2000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 772b0000 7746d000 C:\WINDOWS\system32\combase.dll
ModLoad: 747d0000 74828000 C:\WINDOWS\system32\bcryptPrimitives.dll
ModLoad: 74350000 74394000 C:\WINDOWS\system32\powrprof.dll
ModLoad: 74340000 7434c000 C:\WINDOWS\system32\kernel.appcore.dll
ModLoad: 76f10000 76ffb000 C:\WINDOWS\system32\ole32.dll
ModLoad: 75210000 75254000 C:\WINDOWS\system32\sechost.dll
ModLoad: 77470000 775c5000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 75720000 75858000 C:\WINDOWS\system32\USER32.dll
ModLoad: 74e60000 74e8f000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 74dd0000 74e54000 C:\WINDOWS\system32\clbcatq.dll
ModLoad: 6eb60000 6ece7000 C:\Windows\System32\Windows.UI.Immersive.dll
ModLoad: 759b0000 75a3d000 C:\WINDOWS\system32\shcore.dll
ModLoad: 72100000 7231c000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 6efc0000 6f088000 C:\Windows\System32\WinTypes.dll
ModLoad: 73280000 7334d000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 742a0000 742bd000 C:\Windows\System32\bcrypt.dll
ModLoad: 6cb30000 6cb51000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 743b0000 743bf000 C:\WINDOWS\system32\profapi.dll
ModLoad: 73a00000 73a28000 C:\WINDOWS\SYSTEM32\ntmarta.dll
ModLoad: 73c10000 73c29000 C:\Windows\System32\USERENV.dll
ModLoad: 69b00000 69b12000 C:\WINDOWS\SYSTEM32\profext.dll
ModLoad: 74050000 74074000 C:\WINDOWS\system32\SspiCli.dll
ModLoad: 678a0000 678b5000 C:\WINDOWS\SYSTEM32\capauthz.dll
ModLoad: 72fc0000 73052000 C:\WINDOWS\system32\apphelp.dll
(1154.1624): Break instruction exception - code 80000003 (first chance)
eax=002f1000 ebx=00000000 ecx=77691d90 edx=40040110 esi=77691d90 edi=77691d90
eip=77661250 esp=068efc5c ebp=068efc88 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!DbgBreakPoint:
77661250 cc int 3

Create process 4436 breakpoint.

0:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00d30000 00d38000 C:\WINDOWS\system32\browser_broker.exe
ModLoad: 775d0000 7774b000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 6cc80000 6cce1000 C:\WINDOWS\system32\verifier.dll
ModLoad: 75160000 751f6000 C:\WINDOWS\system32\KERNEL32.DLL
ModLoad: 74460000 745df000 C:\WINDOWS\system32\KERNELBASE.dll
ModLoad: 75a40000 75afe000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 772b0000 7746d000 C:\WINDOWS\system32\combase.dll
ModLoad: 770e0000 771a2000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 747d0000 74828000 C:\WINDOWS\system32\bcryptPrimitives.dll
ModLoad: 75210000 75254000 C:\WINDOWS\system32\sechost.dll
ModLoad: 75720000 75858000 C:\WINDOWS\system32\user32.dll
ModLoad: 77470000 775c5000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 74e60000 74e8f000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 74340000 7434c000 C:\WINDOWS\system32\kernel.appcore.dll
ModLoad: 73070000 730e9000 C:\WINDOWS\system32\uxtheme.dll
ModLoad: 6cb90000 6cba7000 C:\WINDOWS\SYSTEM32\browserbroker.dll
ModLoad: 759b0000 75a3d000 C:\WINDOWS\system32\shcore.dll
ModLoad: 750c0000 75152000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 74650000 747c9000 C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 743a0000 743ae000 C:\WINDOWS\system32\MSASN1.dll
ModLoad: 6ecf0000 6efbb000 C:\WINDOWS\SYSTEM32\iertutil.dll
ModLoad: 748d0000 74dca000 C:\WINDOWS\system32\windows.storage.dll
ModLoad: 74420000 74457000 C:\WINDOWS\system32\cfgmgr32.dll
ModLoad: 77060000 770db000 C:\WINDOWS\system32\advapi32.dll
ModLoad: 75670000 756b5000 C:\WINDOWS\system32\shlwapi.dll
ModLoad: 74350000 74394000 C:\WINDOWS\system32\powrprof.dll
ModLoad: 743b0000 743bf000 C:\WINDOWS\system32\profapi.dll
ModLoad: 6bf70000 6c0ec000 C:\WINDOWS\SYSTEM32\urlmon.dll
ModLoad: 715f0000 71606000 C:\WINDOWS\SYSTEM32\MPR.dll
ModLoad: 6a650000 6a878000 C:\WINDOWS\SYSTEM32\WININET.dll
ModLoad: 716f0000 7171d000 C:\WINDOWS\SYSTEM32\XmlLite.dll
ModLoad: 73ac0000 73ac8000 C:\WINDOWS\SYSTEM32\DPAPI.DLL
ModLoad: 74dd0000 74e54000 C:\WINDOWS\system32\clbcatq.dll
ModLoad: 61d00000 61d4f000 C:\Windows\System32\ieproxy.dll
ModLoad: 76f10000 76ffb000 C:\WINDOWS\system32\ole32.dll
ModLoad: 73280000 7334d000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 742a0000 742bd000 C:\Windows\System32\bcrypt.dll
ModLoad: 74050000 74074000 C:\WINDOWS\SYSTEM32\SspiCli.dll
ModLoad: 75b00000 76efe000 C:\WINDOWS\system32\SHELL32.dll
(e1c.110c): Break instruction exception - code 80000003 (first chance)

Create process 3612 breakpoint.

1:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 01040000 0151d000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
ModLoad: 775d0000 7774b000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 6cc80000 6cce1000 C:\WINDOWS\system32\verifier.dll
ModLoad: 75160000 751f6000 C:\WINDOWS\system32\KERNEL32.DLL
ModLoad: 74460000 745df000 C:\WINDOWS\system32\KERNELBASE.dll
ModLoad: 72fc0000 73052000 C:\WINDOWS\system32\apphelp.dll
ModLoad: 77060000 770db000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 75a40000 75afe000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 75210000 75254000 C:\WINDOWS\system32\sechost.dll
ModLoad: 770e0000 771a2000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 76f10000 76ffb000 C:\WINDOWS\system32\ole32.dll
ModLoad: 772b0000 7746d000 C:\WINDOWS\system32\combase.dll
ModLoad: 747d0000 74828000 C:\WINDOWS\system32\bcryptPrimitives.dll
ModLoad: 77470000 775c5000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 75720000 75858000 C:\WINDOWS\system32\USER32.dll
ModLoad: 6fe50000 6fe99000 C:\WINDOWS\SYSTEM32\wincorlib.DLL
ModLoad: 750c0000 75152000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 74e60000 74e8f000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 74340000 7434c000 C:\WINDOWS\system32\kernel.appcore.dll
ModLoad: 6f090000 6fd00000 C:\Windows\System32\Windows.UI.Xaml.dll
ModLoad: 6efc0000 6f088000 C:\WINDOWS\SYSTEM32\wintypes.dll
ModLoad: 72bf0000 72c77000 C:\WINDOWS\SYSTEM32\CoreMessaging.dll
ModLoad: 72320000 72372000 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
ModLoad: 6ecf0000 6efbb000 C:\WINDOWS\SYSTEM32\iertutil.dll
ModLoad: 759b0000 75a3d000 C:\WINDOWS\system32\shcore.dll
ModLoad: 748d0000 74dca000 C:\WINDOWS\system32\windows.storage.dll
ModLoad: 74420000 74457000 C:\WINDOWS\system32\cfgmgr32.dll
ModLoad: 75670000 756b5000 C:\WINDOWS\system32\shlwapi.dll
ModLoad: 74350000 74394000 C:\WINDOWS\system32\powrprof.dll
ModLoad: 743b0000 743bf000 C:\WINDOWS\system32\profapi.dll
ModLoad: 73280000 7334d000 C:\Windows\System32\twinapi.appcore.dll
ModLoad: 742a0000 742bd000 C:\WINDOWS\SYSTEM32\bcrypt.dll
ModLoad: 6e510000 6e525000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 73c10000 73c29000 C:\WINDOWS\SYSTEM32\USERENV.dll
ModLoad: 715f0000 71606000 C:\WINDOWS\SYSTEM32\MPR.dll
ModLoad: 615f0000 61a2c000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ModLoad: 75b00000 76efe000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 743c0000 7441e000 C:\WINDOWS\system32\firewallapi.dll
ModLoad: 734a0000 734cd000 C:\WINDOWS\SYSTEM32\fwbase.dll
ModLoad: 72100000 7231c000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 73070000 730e9000 C:\WINDOWS\system32\uxtheme.dll
ModLoad: 6a930000 6aaf6000 C:\WINDOWS\system32\CoreUIComponents.dll
ModLoad: 72b10000 72b2d000 C:\WINDOWS\SYSTEM32\dwmapi.dll
ModLoad: 72860000 728e2000 C:\WINDOWS\SYSTEM32\dxgi.dll
ModLoad: 6b5a0000 6b5c9000 C:\Windows\System32\Windows.ApplicationModel.dll
ModLoad: 601b0000 60533000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll
ModLoad: 6bf70000 6c0ec000 C:\WINDOWS\SYSTEM32\urlmon.dll
ModLoad: 6fd80000 6fe50000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 6fd00000 6fd7b000 C:\Windows\System32\Windows.UI.dll
ModLoad: 728f0000 72b0a000 C:\WINDOWS\SYSTEM32\d3d11.dll
ModLoad: 71bb0000 71dc8000 C:\WINDOWS\SYSTEM32\d3d10warp.dll
ModLoad: 71720000 71bae000 C:\WINDOWS\SYSTEM32\d2d1.dll
ModLoad: 75890000 759af000 C:\WINDOWS\system32\MSCTF.dll
ModLoad: 72c80000 72d34000 C:\Windows\System32\dcomp.dll
ModLoad: 69b00000 69b12000 C:\WINDOWS\SYSTEM32\profext.dll
ModLoad: 73a00000 73a28000 C:\WINDOWS\SYSTEM32\ntmarta.dll
ModLoad: 6a650000 6a878000 C:\WINDOWS\SYSTEM32\WININET.dll
ModLoad: 74050000 74074000 C:\WINDOWS\SYSTEM32\SspiCli.dll
ModLoad: 66850000 6685b000 C:\WINDOWS\SYSTEM32\tokenbinding.dll
ModLoad: 75000000 7505f000 C:\WINDOWS\system32\WS2_32.dll
ModLoad: 6bba0000 6bbb2000 C:\WINDOWS\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 71620000 7164f000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
ModLoad: 70e40000 70edb000 C:\WINDOWS\SYSTEM32\winhttp.dll
ModLoad: 73d50000 73da0000 C:\WINDOWS\system32\mswsock.dll
ModLoad: 70210000 70218000 C:\WINDOWS\SYSTEM32\WINNSI.DLL
ModLoad: 75200000 75207000 C:\WINDOWS\system32\NSI.dll
ModLoad: 6b100000 6b10f000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
ModLoad: 696a0000 696e1000 C:\WINDOWS\system32\DataExchange.dll
ModLoad: 73ed0000 73eda000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
ModLoad: 69b60000 69b6c000 C:\WINDOWS\system32\execmodelproxy.dll
ModLoad: 64350000 644cb000 C:\WINDOWS\SYSTEM32\ieapfltr.dll
ModLoad: 73de0000 73df3000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
ModLoad: 6ddc0000 6de0a000 C:\WINDOWS\SYSTEM32\policymanager.dll
ModLoad: 6dd50000 6ddb5000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll
ModLoad: 716f0000 7171d000 C:\WINDOWS\SYSTEM32\XmlLite.dll
ModLoad: 6e7c0000 6e8f2000 C:\Windows\System32\Windows.Globalization.dll
ModLoad: 6b7d0000 6b804000 C:\WINDOWS\System32\netprofm.dll
ModLoad: 6b6a0000 6b6a9000 C:\WINDOWS\System32\npmproxy.dll
ModLoad: 71610000 71620000 C:\WINDOWS\SYSTEM32\wkscli.dll
ModLoad: 70ba0000 70bc8000 C:\WINDOWS\SYSTEM32\netjoin.dll
ModLoad: 73f00000 73f1e000 C:\WINDOWS\SYSTEM32\JoinUtil.dll
ModLoad: 756c0000 7571a000 C:\WINDOWS\system32\coml2.dll
ModLoad: 73940000 7394a000 C:\WINDOWS\SYSTEM32\netutils.dll
ModLoad: 731f0000 73274000 C:\WINDOWS\SYSTEM32\DNSAPI.dll
ModLoad: 6cb60000 6cb89000 C:\WINDOWS\SYSTEM32\MDMRegistration.DLL
ModLoad: 6da50000 6da63000 C:\WINDOWS\SYSTEM32\DMCmnUtils.dll
ModLoad: 74650000 747c9000 C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 743a0000 743ae000 C:\WINDOWS\system32\MSASN1.dll
ModLoad: 730f0000 73112000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll
ModLoad: 73f70000 73f90000 C:\WINDOWS\SYSTEM32\ncrypt.dll
ModLoad: 73f40000 73f6c000 C:\WINDOWS\SYSTEM32\NTASN1.dll
ModLoad: 72770000 72790000 C:\WINDOWS\SYSTEM32\SLC.dll
ModLoad: 72750000 7276d000 C:\WINDOWS\SYSTEM32\sppc.dll
ModLoad: 69fb0000 69fe4000 C:\Windows\System32\execmodelclient.dll
ModLoad: 733d0000 733ef000 C:\Windows\System32\rmclient.dll
ModLoad: 725a0000 726eb000 C:\WINDOWS\SYSTEM32\PROPSYS.dll
ModLoad: 701c0000 701c8000 C:\Windows\System32\rasadhlp.dll
ModLoad: 70060000 700a7000 C:\WINDOWS\System32\fwpuclnt.dll
ModLoad: 6cb30000 6cb51000 C:\Windows\System32\Windows.ApplicationModel.Core.dll
ModLoad: 6e900000 6eaf1000 C:\WINDOWS\SYSTEM32\dwrite.dll
ModLoad: 666a0000 666ec000 C:\Windows\System32\Windows.Graphics.dll
ModLoad: 660a0000 66333000 C:\WINDOWS\SYSTEM32\msftedit.dll
ModLoad: 72060000 72083000 C:\WINDOWS\SYSTEM32\globinputhost.dll
ModLoad: 67920000 6796d000 C:\WINDOWS\SYSTEM32\NInput.dll
ModLoad: 66350000 66362000 C:\Windows\System32\Windows.Globalization.Fontgroups.dll
ModLoad: 66340000 66349000 C:\WINDOWS\SYSTEM32\fontgroupsoverride.dll
ModLoad: 6cb10000 6cb30000 C:\Windows\System32\Windows.System.Profile.RetailInfo.dll
ModLoad: 69a50000 69ae3000 C:\WINDOWS\system32\twinapi.dll
ModLoad: 6e750000 6e7c0000 C:\WINDOWS\system32\directmanipulation.dll
ModLoad: 61d00000 61d4f000 C:\Windows\System32\ieproxy.dll
ModLoad: 6de80000 6de91000 C:\Windows\System32\threadpoolwinrt.dll
ModLoad: 66990000 669d0000 C:\Windows\System32\Windows.Storage.ApplicationData.dll
(68c.a70): Break instruction exception - code 80000003 (first chance)

Create process 1676 breakpoint.

2:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 009c0000 00a0e000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
ModLoad: 775d0000 7774b000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 6cc80000 6cce1000 C:\WINDOWS\system32\verifier.dll
ModLoad: 75160000 751f6000 C:\WINDOWS\system32\KERNEL32.DLL
ModLoad: 74460000 745df000 C:\WINDOWS\system32\KERNELBASE.dll
ModLoad: 72fc0000 73052000 C:\WINDOWS\system32\apphelp.dll
ModLoad: 77060000 770db000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 75a40000 75afe000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 75210000 75254000 C:\WINDOWS\system32\sechost.dll
ModLoad: 770e0000 771a2000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 759b0000 75a3d000 C:\WINDOWS\system32\shcore.dll
ModLoad: 772b0000 7746d000 C:\WINDOWS\system32\combase.dll
ModLoad: 747d0000 74828000 C:\WINDOWS\system32\bcryptPrimitives.dll
ModLoad: 74600000 74642000 C:\WINDOWS\system32\WINTRUST.dll
ModLoad: 743a0000 743ae000 C:\WINDOWS\system32\MSASN1.dll
ModLoad: 74650000 747c9000 C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 6ecf0000 6efbb000 C:\WINDOWS\SYSTEM32\iertutil.dll
ModLoad: 748d0000 74dca000 C:\WINDOWS\system32\windows.storage.dll
ModLoad: 74420000 74457000 C:\WINDOWS\system32\cfgmgr32.dll
ModLoad: 75670000 756b5000 C:\WINDOWS\system32\shlwapi.dll
ModLoad: 77470000 775c5000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 75720000 75858000 C:\WINDOWS\system32\USER32.dll
ModLoad: 74340000 7434c000 C:\WINDOWS\system32\kernel.appcore.dll
ModLoad: 74350000 74394000 C:\WINDOWS\system32\powrprof.dll
ModLoad: 743b0000 743bf000 C:\WINDOWS\system32\profapi.dll
ModLoad: 74e60000 74e8f000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 615f0000 61a2c000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ModLoad: 75b00000 76efe000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 750c0000 75152000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 743c0000 7441e000 C:\WINDOWS\system32\firewallapi.dll
ModLoad: 73c10000 73c29000 C:\WINDOWS\SYSTEM32\USERENV.dll
ModLoad: 734a0000 734cd000 C:\WINDOWS\SYSTEM32\fwbase.dll
ModLoad: 6e510000 6e525000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EShims.dll
ModLoad: 715f0000 71606000 C:\WINDOWS\SYSTEM32\MPR.dll
ModLoad: 76f10000 76ffb000 C:\WINDOWS\system32\ole32.dll
ModLoad: 73070000 730e9000 C:\WINDOWS\system32\uxtheme.dll
ModLoad: 69b00000 69b12000 C:\WINDOWS\SYSTEM32\profext.dll
ModLoad: 73a00000 73a28000 C:\WINDOWS\SYSTEM32\ntmarta.dll
ModLoad: 73280000 7334d000 C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
ModLoad: 742a0000 742bd000 C:\WINDOWS\SYSTEM32\bcrypt.dll
ModLoad: 64bb0000 65d9b000 C:\WINDOWS\SYSTEM32\edgehtml.dll
ModLoad: 73de0000 73df3000 C:\WINDOWS\SYSTEM32\cryptsp.dll
ModLoad: 64540000 64bb0000 C:\WINDOWS\SYSTEM32\chakra.dll
ModLoad: 64500000 64533000 C:\WINDOWS\SYSTEM32\MLANG.dll
ModLoad: 73ed0000 73eda000 C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
ModLoad: 6efc0000 6f088000 C:\Windows\System32\WinTypes.dll
ModLoad: 6a650000 6a878000 C:\WINDOWS\SYSTEM32\WININET.dll
ModLoad: 74050000 74074000 C:\WINDOWS\SYSTEM32\SspiCli.dll
ModLoad: 66850000 6685b000 C:\WINDOWS\SYSTEM32\tokenbinding.dll
ModLoad: 75000000 7505f000 C:\WINDOWS\system32\WS2_32.dll
ModLoad: 6bba0000 6bbb2000 C:\WINDOWS\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 71620000 7164f000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
ModLoad: 70e40000 70edb000 C:\WINDOWS\SYSTEM32\winhttp.dll
ModLoad: 73d50000 73da0000 C:\WINDOWS\system32\mswsock.dll
ModLoad: 70210000 70218000 C:\WINDOWS\SYSTEM32\WINNSI.DLL
ModLoad: 75200000 75207000 C:\WINDOWS\system32\NSI.dll
ModLoad: 6bf70000 6c0ec000 C:\WINDOWS\SYSTEM32\urlmon.dll
ModLoad: 72b10000 72b2d000 C:\WINDOWS\SYSTEM32\dwmapi.dll
ModLoad: 75890000 759af000 C:\WINDOWS\system32\MSCTF.dll
ModLoad: 64350000 644cb000 C:\WINDOWS\SYSTEM32\ieapfltr.dll
ModLoad: 6ddc0000 6de0a000 C:\WINDOWS\SYSTEM32\policymanager.dll
ModLoad: 6dd50000 6ddb5000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll
ModLoad: 733d0000 733ef000 C:\Windows\System32\rmclient.dll
ModLoad: 696a0000 696e1000 C:\WINDOWS\system32\dataexchange.dll
ModLoad: 728f0000 72b0a000 C:\WINDOWS\SYSTEM32\d3d11.dll
ModLoad: 72c80000 72d34000 C:\WINDOWS\SYSTEM32\dcomp.dll
ModLoad: 72860000 728e2000 C:\WINDOWS\SYSTEM32\dxgi.dll
ModLoad: 69a50000 69ae3000 C:\WINDOWS\system32\twinapi.dll
ModLoad: 644e0000 644fc000 C:\WINDOWS\SYSTEM32\srpapi.dll
ModLoad: 67920000 6796d000 C:\WINDOWS\SYSTEM32\ninput.dll
ModLoad: 71720000 71bae000 C:\WINDOWS\SYSTEM32\d2d1.dll
ModLoad: 6e900000 6eaf1000 C:\WINDOWS\SYSTEM32\DWrite.dll
ModLoad: 71bb0000 71dc8000 C:\WINDOWS\SYSTEM32\d3d10warp.dll
ModLoad: 6fd00000 6fd7b000 C:\Windows\System32\Windows.UI.dll
ModLoad: 644d0000 644de000 C:\WINDOWS\system32\msimtf.dll
ModLoad: 6e750000 6e7c0000 C:\WINDOWS\system32\directmanipulation.dll
ModLoad: 6fd80000 6fe50000 C:\Windows\System32\MrmCoreR.dll
ModLoad: 72320000 72372000 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
ModLoad: 731f0000 73274000 C:\WINDOWS\SYSTEM32\DNSAPI.dll
ModLoad: 61d00000 61d4f000 C:\Windows\System32\ieproxy.dll
ModLoad: 70060000 700a7000 C:\WINDOWS\System32\fwpuclnt.dll
ModLoad: 701c0000 701c8000 C:\Windows\System32\rasadhlp.dll
ModLoad: 72100000 7231c000 C:\Windows\System32\ActXPrxy.dll
(1728.11a8): Break instruction exception - code 80000003 (first chance)

Create process 5928 breakpoint.

3:007> g
*** wait with pending attach

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred cache*\\J3\Symbols
Deferred cache*\\server\Symbols
Deferred srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred srv*http://symbols.mozilla.org/firefox
Symbol search path is: srv*http://msdl.microsoft.com/download/symbols;cache*\\J3\Symbols;cache*\\server\Symbols;srv*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 01390000 0139b000 C:\WINDOWS\system32\ApplicationFrameHost.exe
ModLoad: 775d0000 7774b000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 6cc80000 6cce1000 C:\WINDOWS\system32\verifier.dll
ModLoad: 75160000 751f6000 C:\WINDOWS\system32\KERNEL32.DLL
ModLoad: 74460000 745df000 C:\WINDOWS\system32\KERNELBASE.dll
ModLoad: 75a40000 75afe000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 772b0000 7746d000 C:\WINDOWS\system32\combase.dll
ModLoad: 770e0000 771a2000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 747d0000 74828000 C:\WINDOWS\system32\bcryptPrimitives.dll
ModLoad: 74340000 7434c000 C:\WINDOWS\system32\kernel.appcore.dll
ModLoad: 74dd0000 74e54000 C:\WINDOWS\system32\clbcatq.dll
ModLoad: 67c30000 67d31000 C:\WINDOWS\System32\ApplicationFrame.dll
ModLoad: 759b0000 75a3d000 C:\WINDOWS\system32\SHCORE.dll
ModLoad: 75670000 756b5000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 77470000 775c5000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 75720000 75858000 C:\WINDOWS\system32\USER32.dll
ModLoad: 750c0000 75152000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 725a0000 726eb000 C:\WINDOWS\System32\PROPSYS.dll
ModLoad: 75210000 75254000 C:\WINDOWS\system32\sechost.dll
ModLoad: 73280000 7334d000 C:\WINDOWS\System32\twinapi.appcore.dll
ModLoad: 73070000 730e9000 C:\WINDOWS\System32\UxTheme.dll
ModLoad: 730f0000 73112000 C:\WINDOWS\System32\DEVOBJ.dll
ModLoad: 74420000 74457000 C:\WINDOWS\system32\cfgmgr32.dll
ModLoad: 69a50000 69ae3000 C:\WINDOWS\System32\TWINAPI.dll
ModLoad: 71720000 71bae000 C:\WINDOWS\System32\d2d1.dll
ModLoad: 728f0000 72b0a000 C:\WINDOWS\System32\d3d11.dll
ModLoad: 72c80000 72d34000 C:\WINDOWS\System32\dcomp.dll
ModLoad: 72b10000 72b2d000 C:\WINDOWS\System32\dwmapi.dll
ModLoad: 742a0000 742bd000 C:\WINDOWS\System32\bcrypt.dll
ModLoad: 72860000 728e2000 C:\WINDOWS\System32\dxgi.dll
ModLoad: 74e60000 74e8f000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 72100000 7231c000 C:\Windows\System32\ActXPrxy.dll
ModLoad: 75890000 759af000 C:\WINDOWS\system32\MSCTF.dll
ModLoad: 71bb0000 71dc8000 C:\WINDOWS\system32\D3D10Warp.dll
ModLoad: 6c7a0000 6c8bc000 C:\WINDOWS\system32\UIAutomationCore.DLL
ModLoad: 73c10000 73c29000 C:\WINDOWS\system32\USERENV.dll
ModLoad: 743b0000 743bf000 C:\WINDOWS\system32\profapi.dll
ModLoad: 75b00000 76efe000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 748d0000 74dca000 C:\WINDOWS\system32\windows.storage.dll
ModLoad: 77060000 770db000 C:\WINDOWS\system32\advapi32.dll
ModLoad: 74350000 74394000 C:\WINDOWS\system32\powrprof.dll
ModLoad: 72320000 72372000 C:\WINDOWS\system32\Bcp47Langs.dll
ModLoad: 72410000 72583000 C:\WINDOWS\system32\windowscodecs.dll
ModLoad: 6fd80000 6fe50000 C:\WINDOWS\SYSTEM32\mrmcorer.dll
ModLoad: 6ecf0000 6efbb000 C:\WINDOWS\SYSTEM32\iertutil.dll
ModLoad: 6fd00000 6fd7b000 C:\Windows\System32\Windows.UI.dll
ModLoad: 723d0000 7240f000 C:\WINDOWS\System32\UIAnimation.dll
(8a8.f9c): Break instruction exception - code 80000003 (first chance)

Create process 2216 breakpoint.

4:007> g
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(1728.374): Unknown exception - code 00000005 (first chance)
inetcore\apfilter\src\util\unmanaged\core\src\useraccountstore.cpp(48)\ieapfltr.dll!64399176: (caller: 64398D8F) Exception(1) tid(374) 80040154 Class not registered
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(68c.abc): Windows Runtime Originate Error - code 40080201 (first chance)
(1728.374): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.

3:084> .lastevent
Last event: 1728.374: Access violation - code c0000005 (first chance)
debugger time: Mon May 16 16:21:35.963 2016 (UTC + 2:00)

3:084> |.
. 3 id: 1728 attach name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe

3:084> .exr -1
ExceptionAddress: 6556b05c (edgehtml!CBaseScriptable::PrivateQueryInterface+0x000000bc)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0004c261
Attempt to read from address 0004c261

3:084> lm on
start end module name
009c0000 00a0e000 microsoftedgecp microsoftedgecp.exe
615f0000 61a2c000 EMODEL EMODEL.dll
61d00000 61d4f000 ieproxy ieproxy.dll
64350000 644cb000 ieapfltr ieapfltr.dll
644d0000 644de000 msimtf msimtf.dll
644e0000 644fc000 srpapi srpapi.dll
64500000 64533000 MLANG MLANG.dll
64540000 64bb0000 chakra chakra.dll
64bb0000 65d9b000 edgehtml edgehtml.dll
66850000 6685b000 tokenbinding tokenbinding.dll
67920000 6796d000 ninput ninput.dll
696a0000 696e1000 dataexchange dataexchange.dll
69a50000 69ae3000 twinapi twinapi.dll
69b00000 69b12000 profext profext.dll
6a650000 6a878000 WININET WININET.dll
6bba0000 6bbb2000 ondemandconnroutehelper ondemandconnroutehelper.dll
6bf70000 6c0ec000 urlmon urlmon.dll
6cc80000 6cce1000 verifier verifier.dll
6dd50000 6ddb5000 msvcp110_win msvcp110_win.dll
6ddc0000 6de0a000 policymanager policymanager.dll
6e1c0000 6e1e0000 IDStore IDStore.dll
6e510000 6e525000 EShims EShims.dll
6e750000 6e7c0000 directmanipulation directmanipulation.dll
6e7c0000 6e8f2000 windows_globalization windows.globalization.dll
6e900000 6eaf1000 DWrite DWrite.dll
6ecf0000 6efbb000 iertutil iertutil.dll
6efc0000 6f088000 WinTypes WinTypes.dll
6fd00000 6fd7b000 Windows_UI Windows.UI.dll
6fd80000 6fe50000 MrmCoreR MrmCoreR.dll
6fed0000 6fed8000 dispex dispex.dll
70060000 700a7000 fwpuclnt fwpuclnt.dll
701c0000 701c8000 rasadhlp rasadhlp.dll
70210000 70218000 WINNSI WINNSI.DLL
70e40000 70edb000 winhttp winhttp.dll
715f0000 71606000 MPR MPR.dll
71620000 7164f000 IPHLPAPI IPHLPAPI.DLL
71720000 71bae000 d2d1 d2d1.dll
71bb0000 71dc8000 d3d10warp d3d10warp.dll
72100000 7231c000 ActXPrxy ActXPrxy.dll
72320000 72372000 Bcp47Langs Bcp47Langs.dll
725a0000 726eb000 PROPSYS PROPSYS.dll
726f0000 72703000 SAMLIB SAMLIB.dll
72860000 728e2000 dxgi dxgi.dll
728f0000 72b0a000 d3d11 d3d11.dll
72b10000 72b2d000 dwmapi dwmapi.dll
72c80000 72d34000 dcomp dcomp.dll
72fc0000 73052000 apphelp apphelp.dll
73070000 730e9000 uxtheme uxtheme.dll
731f0000 73274000 DNSAPI DNSAPI.dll
73280000 7334d000 twinapi_appcore twinapi.appcore.dll
733d0000 733ef000 rmclient rmclient.dll
734a0000 734cd000 fwbase fwbase.dll
73970000 7397a000 tbs tbs.dll
73a00000 73a28000 ntmarta ntmarta.dll
73a90000 73abf000 rsaenh rsaenh.dll
73c10000 73c29000 USERENV USERENV.dll
73d50000 73da0000 mswsock mswsock.dll
73de0000 73df3000 cryptsp cryptsp.dll
73ed0000 73eda000 CRYPTBASE CRYPTBASE.DLL
74050000 74074000 SspiCli SspiCli.dll
74210000 74291000 sxs sxs.dll
742a0000 742bd000 bcrypt bcrypt.dll
74340000 7434c000 kernel_appcore kernel.appcore.dll
74350000 74394000 powrprof powrprof.dll
743a0000 743ae000 MSASN1 MSASN1.dll
743b0000 743bf000 profapi profapi.dll
743c0000 7441e000 firewallapi firewallapi.dll
74420000 74457000 cfgmgr32 cfgmgr32.dll
74460000 745df000 KERNELBASE KERNELBASE.dll
74600000 74642000 WINTRUST WINTRUST.dll
74650000 747c9000 CRYPT32 CRYPT32.dll
747d0000 74828000 bcryptPrimitives bcryptPrimitives.dll
748d0000 74dca000 windows_storage windows.storage.dll
74e60000 74e8f000 IMM32 IMM32.DLL
75000000 7505f000 WS2_32 WS2_32.dll
750c0000 75152000 OLEAUT32 OLEAUT32.dll
75160000 751f6000 KERNEL32 KERNEL32.DLL
75200000 75207000 NSI NSI.dll
75210000 75254000 sechost sechost.dll
75670000 756b5000 shlwapi shlwapi.dll
75720000 75858000 USER32 USER32.dll
75890000 759af000 MSCTF MSCTF.dll
759b0000 75a3d000 shcore shcore.dll
75a40000 75afe000 msvcrt msvcrt.dll
75b00000 76efe000 SHELL32 SHELL32.dll
76f10000 76ffb000 ole32 ole32.dll
77060000 770db000 ADVAPI32 ADVAPI32.dll
770e0000 771a2000 RPCRT4 RPCRT4.dll
772b0000 7746d000 combase combase.dll
77470000 775c5000 GDI32 GDI32.dll
775d0000 7774b000 ntdll ntdll.dll

3:084> kn 0x64
# ChildEBP RetAddr
00 103bc550 65253d90 edgehtml!CBaseScriptable::PrivateQueryInterface+0xbc
01 103bc574 646afa19 edgehtml!CBaseTypeOperations::QueryObjectInterface+0xc0
02 103bc59c 6472d3cb chakra!Js::CustomExternalObject::QueryObjectInterface+0x39
03 103bc5c4 7733c72f chakra!JavascriptDispatch::QueryInterface+0x1cb
04 (Inline) -------- combase!ObtainStdIDFromUnk+0x19 [d:\th\com\combase\dcomrem\stdid.cxx @ 2133]
05 (Inline) -------- combase!StdMarshalObject+0xb2 [d:\th\com\combase\dcomrem\marshal.cxx @ 9570]
06 103bc6cc 7733c053 combase!CDestObjectWrapper::MarshalInterface+0x5ef [d:\th\com\combase\dcomrem\coapi.cxx @ 718]
07 103bc73c 772bb878 combase!CoMarshalInterface+0x613 [d:\th\com\combase\dcomrem\coapi.cxx @ 1001]
08 103bc7bc 750e4285 combase!WdtpInterfacePointer_UserMarshal+0x68 [d:\th\com\combase\proxy\proxy\transmit.cxx @ 882]
09 103bc7f0 770f0301 OLEAUT32!VARIANT_UserMarshal+0x125
0a 103bc83c 770f01db RPCRT4!NdrpUserMarshalMarshall+0xae
0b 103bc868 770e479a RPCRT4!NdrUserMarshalMarshall+0x8b
0c 103bccb0 772bc39e RPCRT4!NdrStubCall2+0x8ea
0d 103bccfc 77316906 combase!CStdStubBuffer_Invoke+0xde [d:\th\com\combase\ndr\ndrole\stub.cxx @ 1446]
0e (Inline) -------- combase!InvokeStubWithExceptionPolicyAndTracing::__l7::<lambda_adf5d6ba83bff890864fd80ca2bbf1eb>::operator()+0x1c [d:\th\com\combase\dcomrem\channelb.cxx @ 1805]
0f 103bcd50 77318ae7 combase!ObjectMethodExceptionHandlingAction<<lambda_adf5d6ba83bff890864fd80ca2bbf1eb> >+0x76 [d:\th\com\combase\dcomrem\excepn.hxx @ 91]
10 (Inline) -------- combase!InvokeStubWithExceptionPolicyAndTracing+0x8e [d:\th\com\combase\dcomrem\channelb.cxx @ 1808]
11 103bce74 7731dd91 combase!DefaultStubInvoke+0x207 [d:\th\com\combase\dcomrem\channelb.cxx @ 1880]
12 (Inline) -------- combase!SyncStubCall::Invoke+0x22 [d:\th\com\combase\dcomrem\channelb.cxx @ 1934]
13 (Inline) -------- combase!SyncServerCall::StubInvoke+0x22 [d:\th\com\combase\dcomrem\servercall.hpp @ 736]
14 (Inline) -------- combase!StubInvoke+0x1d7 [d:\th\com\combase\dcomrem\channelb.cxx @ 2154]
15 103bcfb4 773218b0 combase!ServerCall::ContextInvoke+0x381 [d:\th\com\combase\dcomrem\ctxchnl.cxx @ 1568]
16 (Inline) -------- combase!CServerChannel::ContextInvoke+0x8b [d:\th\com\combase\dcomrem\ctxchnl.cxx @ 1458]
17 (Inline) -------- combase!DefaultInvokeInApartment+0xc5 [d:\th\com\combase\dcomrem\callctrl.cxx @ 3438]
18 (Inline) -------- combase!ClassicSTAInvokeInApartment+0x186 [d:\th\com\combase\dcomrem\callctrl.cxx @ 3202]
19 103bd0ac 7731ae45 combase!AppInvoke+0x410 [d:\th\com\combase\dcomrem\channelb.cxx @ 1606]
1a 103bd464 773227c6 combase!ComInvokeWithLockAndIPID+0x625 [d:\th\com\combase\dcomrem\channelb.cxx @ 2686]
1b (Inline) -------- combase!ComInvoke+0x1f1 [d:\th\com\combase\dcomrem\channelb.cxx @ 2223]
1c (Inline) -------- combase!ThreadDispatch+0x25a [d:\th\com\combase\dcomrem\chancont.cxx @ 414]
1d 103bd538 75755d93 combase!ThreadWndProc+0x426 [d:\th\com\combase\dcomrem\chancont.cxx @ 722]
1e 103bd564 75739f3a USER32!_InternalCallWinProc+0x2b
1f 103bd5fc 75739a80 USER32!UserCallWinProcCheckWow+0x1aa
20 103bd65c 757398d0 USER32!DispatchMessageWorker+0x1a0
21 103bd668 6168a62d USER32!DispatchMessageW+0x10
22 103bf80c 61689e13 EMODEL!CTabWindow::_TabWindowThreadProc+0x54d
23 103bf8dc 6eef1e7c EMODEL!LCIETab_ThreadProc+0x2f3
24 103bf8f4 751795f4 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1c
25 103bf908 775f241a KERNEL32!BaseThreadInitThunk+0x24
26 103bf950 775f23e9 ntdll!__RtlUserThreadStart+0x2b
27 103bf960 00000000 ntdll!_RtlUserThreadStart+0x1b

3:084> .exr -1
ExceptionAddress: 6556b05c (edgehtml!CBaseScriptable::PrivateQueryInterface+0x000000bc)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0004c261
Attempt to read from address 0004c261

3:084> !heap -p -a 0x4C261
ReadMemory error for address 3d2c4b26
Use `!address 3d2c4b26' to check validity of the address.
ReadMemory error for address 3d4a4b26
Use `!address 3d4a4b26' to check validity of the address.
ReadMemory error for address 3da64b26
Use `!address 3da64b26' to check validity of the address.
ReadMemory error for address 3b9f4b26
Use `!address 3b9f4b26' to check validity of the address.
ReadMemory error for address 37374b26
Use `!address 37374b26' to check validity of the address.

3:084> !vprot 0x4C261
BaseAddress: 0004c000
AllocationBase: 00000000
RegionSize: 00004000
State: 00010000 MEM_FREE
Protect: 00000001 PAGE_NOACCESS

3:084> .if ($vvalid(@$scopeip - 138, 138)) { u @$scopeip - 138 @$scopeip - 1; };
edgehtml!CServer::SetData+0x24:
6556af24 0080eb59ff75 add byte ptr SHELL32!GetCorrespondingGenericKey+0xb1 (75ff59eb)[eax],al
6556af2a 0c8b or al,8Bh
6556af2c 56 push esi
6556af2d 3c8b cmp al,8Bh
6556af2f 4e dec esi
6556af30 40 inc eax
6556af31 e8f28b1500 call edgehtml!FindCompatibleFormat (656c3b28)
6556af36 85c0 test eax,eax
6556af38 7907 jns edgehtml!CServer::SetData+0x41 (6556af41)
6556af3a be64000480 mov esi,80040064h
6556af3f eb28 jmp edgehtml!CServer::SetData+0x69 (6556af69)
6556af41 8b7644 mov esi,dword ptr [esi+44h]
6556af44 8bfc mov edi,esp
6556af46 ff7510 push dword ptr [ebp+10h]
6556af49 ff750c push dword ptr [ebp+0Ch]
6556af4c 8b3486 mov esi,dword ptr [esi+eax*4]
6556af4f 8bce mov ecx,esi
6556af51 ff7508 push dword ptr [ebp+8]
6556af54 ff15287bc365 call dword ptr [edgehtml!__guard_check_icall_fptr (65c37b28)]
6556af5a ffd6 call esi
6556af5c 3bfc cmp edi,esp
6556af5e 7407 je edgehtml!CServer::SetData+0x67 (6556af67)
6556af60 b904000000 mov ecx,4
6556af65 cd29 int 29h
6556af67 8bf0 mov esi,eax
6556af69 837d1400 cmp dword ptr [ebp+14h],0
6556af6d 7409 je edgehtml!CServer::SetData+0x78 (6556af78)
6556af6f ff7510 push dword ptr [ebp+10h]
6556af72 ff15a476c365 call dword ptr [edgehtml!_imp__ReleaseStgMedium (65c376a4)]
6556af78 8bc6 mov eax,esi
6556af7a eb05 jmp edgehtml!CServer::SetData+0x81 (6556af81)
6556af7c b857000780 mov eax,80070057h
6556af81 5f pop edi
6556af82 5e pop esi
6556af83 5d pop ebp
6556af84 c21000 ret 10h
6556af87 cc int 3
6556af88 cc int 3
6556af89 cc int 3
6556af8a cc int 3
6556af8b cc int 3
6556af8c cc int 3
6556af8d cc int 3
6556af8e cc int 3
6556af8f cc int 3
edgehtml!CNonAnimatablePropertyListElement::GetCurrentValues:
6556af90 e804c51500 call edgehtml!Abandonment::NotYetImplemented (656c7499)
6556af95 cc int 3
6556af96 cc int 3
6556af97 cc int 3
6556af98 cc int 3
6556af99 cc int 3
6556af9a cc int 3
6556af9b cc int 3
6556af9c cc int 3
6556af9d cc int 3
6556af9e cc int 3
6556af9f cc int 3
edgehtml!CBaseScriptable::PrivateQueryInterface:
6556afa0 8bff mov edi,edi
6556afa2 55 push ebp
6556afa3 8bec mov ebp,esp
6556afa5 56 push esi
6556afa6 8b750c mov esi,dword ptr [ebp+0Ch]
6556afa9 b916075130 mov ecx,30510716h
6556afae 57 push edi
6556afaf 8b7d10 mov edi,dword ptr [ebp+10h]
6556afb2 8b06 mov eax,dword ptr [esi]
6556afb4 3bc1 cmp eax,ecx
6556afb6 0f87c4000000 ja edgehtml!CBaseScriptable::PrivateQueryInterface+0xe0 (6556b080)
6556afbc 0f84b4000000 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xd6 (6556b076)
6556afc2 83e800 sub eax,0
6556afc5 7475 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x9c (6556b03c)
6556afc7 83e808 sub eax,8
6556afca 7455 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x81 (6556b021)
6556afcc 2df8030200 sub eax,203F8h
6556afd1 0f84ee000000 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x125 (6556b0c5)
6556afd7 2d9af04e30 sub eax,304EF09Ah
6556afdc 7428 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x66 (6556b006)
6556afde 2d65120000 sub eax,1265h
6556afe3 741a je edgehtml!CBaseScriptable::PrivateQueryInterface+0x5f (6556afff)
6556afe5 83e815 sub eax,15h
6556afe8 7567 jne edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556afea ba8872e364 mov edx,offset edgehtml!IID_ICanvasGradient (64e37288)
6556afef 8bce mov ecx,esi
6556aff1 e8ba83bfff call edgehtml!== (651633b0)
6556aff6 84c0 test al,al
6556aff8 7457 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556affa e87cc31500 call edgehtml!Abandonment::DeprecatedAPI (656c737b)
6556afff bab872e364 mov edx,offset edgehtml!IID_ICanvasRenderingContext2D (64e372b8)
6556b004 ebe9 jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b006 bad858c664 mov edx,offset edgehtml!CLSID_CBase (64c658d8)
6556b00b 8bce mov ecx,esi
6556b00d e89e83bfff call edgehtml!== (651633b0)
6556b012 84c0 test al,al
6556b014 743b je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b016 8b4d08 mov ecx,dword ptr [ebp+8]
6556b019 8bc7 mov eax,edi
6556b01b 8908 mov dword ptr [eax],ecx
6556b01d 33c0 xor eax,eax
6556b01f eb15 jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x96 (6556b036)
6556b021 ba8858c664 mov edx,offset edgehtml!IID_IProxyManager (64c65888)
6556b026 8bce mov ecx,esi
6556b028 e88383bfff call edgehtml!== (651633b0)
6556b02d 84c0 test al,al
6556b02f 7420 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b031 b802400080 mov eax,80004002h
6556b036 5f pop edi
6556b037 5e pop esi
6556b038 5d pop ebp
6556b039 c20c00 ret 0Ch
6556b03c bac858c664 mov edx,offset edgehtml!_GUID_00000000_0000_0000_c000_000000000046 (64c658c8)
6556b041 8bce mov ecx,esi
6556b043 e86883bfff call edgehtml!== (651633b0)
6556b048 84c0 test al,al
6556b04a 7405 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b04c 8b4508 mov eax,dword ptr [ebp+8]
6556b04f 8907 mov dword ptr [edi],eax
6556b051 8b0f mov ecx,dword ptr [edi]
6556b053 85c9 test ecx,ecx
6556b055 74da je edgehtml!CBaseScriptable::PrivateQueryInterface+0x91 (6556b031)
6556b057 8b01 mov eax,dword ptr [ecx]
6556b059 8bfc mov edi,esp
6556b05b 51 push ecx

3:084> .if ($vvalid(@$scopeip, 138)) { u @$scopeip @$scopeip + 137; };
edgehtml!CBaseScriptable::PrivateQueryInterface+0xbc:
6556b05c 8b7004 mov esi,dword ptr [eax+4]
6556b05f 8bce mov ecx,esi
6556b061 ff15287bc365 call dword ptr [edgehtml!__guard_check_icall_fptr (65c37b28)]
6556b067 ffd6 call esi
6556b069 3bfc cmp edi,esp
6556b06b 7407 je edgehtml!CBaseScriptable::PrivateQueryInterface+0xd4 (6556b074)
6556b06d b904000000 mov ecx,4
6556b072 cd29 int 29h
6556b074 eba7 jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x7d (6556b01d)
6556b076 baa872e364 mov edx,offset edgehtml!IID_ICanvasPattern (64e372a8)
6556b07b e96fffffff jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b080 3d18075130 cmp eax,30510718h
6556b085 0f8481000000 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x16c (6556b10c)
6556b08b 3d1a075130 cmp eax,3051071Ah
6556b090 7470 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x162 (6556b102)
6556b092 3d1600cb9b cmp eax,9BCB0016h
6556b097 740e je edgehtml!CBaseScriptable::PrivateQueryInterface+0x107 (6556b0a7)
6556b099 3d6098efa6 cmp eax,0A6EF9860h
6556b09e 7425 je edgehtml!CBaseScriptable::PrivateQueryInterface+0x125 (6556b0c5)
6556b0a0 3d0e9831a7 cmp eax,0A731980Eh
6556b0a5 75aa jne edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b0a7 ba0859c664 mov edx,offset edgehtml!IID_ITracker (64c65908)
6556b0ac 8bce mov ecx,esi
6556b0ae e8fd82bfff call edgehtml!== (651633b0)
6556b0b3 84c0 test al,al
6556b0b5 0f853fffffff jne edgehtml!CBaseScriptable::PrivateQueryInterface+0x5a (6556affa)
6556b0bb baf858c664 mov edx,offset edgehtml!IID_ITrackerJS9 (64c658f8)
6556b0c0 e92affffff jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b0c5 ba6474bd64 mov edx,offset edgehtml!_GUID_00020400_0000_0000_c000_000000000046 (64bd7464)
6556b0ca 8bce mov ecx,esi
6556b0cc e8df82bfff call edgehtml!== (651633b0)
6556b0d1 84c0 test al,al
6556b0d3 7514 jne edgehtml!CBaseScriptable::PrivateQueryInterface+0x149 (6556b0e9)
6556b0d5 ba38fdbe64 mov edx,offset edgehtml!_GUID_a6ef9860_c720_11d0_9337_00a0c90dcaa9 (64befd38)
6556b0da 8bce mov ecx,esi
6556b0dc e8cf82bfff call edgehtml!== (651633b0)
6556b0e1 84c0 test al,al
6556b0e3 0f8468ffffff je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b0e9 8b4d08 mov ecx,dword ptr [ebp+8]
6556b0ec 8bd7 mov edx,edi
6556b0ee e8bd8bb7ff call edgehtml!JsGetVarDispatch (650e3cb0)
6556b0f3 85c0 test eax,eax
6556b0f5 0f8456ffffff je edgehtml!CBaseScriptable::PrivateQueryInterface+0xb1 (6556b051)
6556b0fb 8bc8 mov ecx,eax
6556b0fd e87cc31500 call edgehtml!Abandonment::InduceRequiredQIAbandonment (656c747e)
6556b102 ba7872e364 mov edx,offset edgehtml!IID_ICanvasImageData (64e37278)
6556b107 e9e3feffff jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b10c ba9872e364 mov edx,offset edgehtml!IID_ICanvasTextMetrics (64e37298)
6556b111 e9d9feffff jmp edgehtml!CBaseScriptable::PrivateQueryInterface+0x4f (6556afef)
6556b116 cc int 3
6556b117 cc int 3
6556b118 cc int 3
6556b119 cc int 3
6556b11a cc int 3
6556b11b cc int 3
6556b11c cc int 3
6556b11d cc int 3
6556b11e cc int 3
6556b11f cc int 3
edgehtml!CServer::DoHide:
6556b120 8bff mov edi,edi
6556b122 55 push ebp
6556b123 8bec mov ebp,esp
6556b125 51 push ecx
6556b126 51 push ecx
6556b127 56 push esi
6556b128 8b7508 mov esi,dword ptr [ebp+8]
6556b12b 8d4df8 lea ecx,[ebp-8]
6556b12e 57 push edi
6556b12f 56 push esi
6556b130 e82f5bb3ff call edgehtml!CServer::CLock::CLock (650a0c64)
6556b135 807e7700 cmp byte ptr [esi+77h],0
6556b139 7407 je edgehtml!CServer::DoHide+0x22 (6556b142)
6556b13b bfffff0080 mov edi,8000FFFFh
6556b140 eb16 jmp edgehtml!CServer::DoHide+0x38 (6556b158)
6556b142 ff7510 push dword ptr [ebp+10h]
6556b145 8bce mov ecx,esi
6556b147 6a02 push 2
6556b149 e8e813c9ff call edgehtml!CServer::TransitionTo (651fc536)
6556b14e 8bf8 mov edi,eax
6556b150 85ff test edi,edi
6556b152 7504 jne edgehtml!CServer::DoHide+0x38 (6556b158)
6556b154 c6467501 mov byte ptr [esi+75h],1
6556b158 8d4df8 lea ecx,[ebp-8]
6556b15b e8900accff call edgehtml!CServer::CLock::~CLock (6522bbf0)
6556b160 8bc7 mov eax,edi
6556b162 5f pop edi
6556b163 5e pop esi
6556b164 8be5 mov esp,ebp
6556b166 5d pop ebp
6556b167 c21c00 ret 1Ch
6556b16a cc int 3
6556b16b cc int 3
6556b16c cc int 3
6556b16d cc int 3
6556b16e cc int 3
6556b16f cc int 3
edgehtml!CServer::DoInPlaceActivate:
6556b170 8bff mov edi,edi
6556b172 55 push ebp
6556b173 8bec mov ebp,esp
6556b175 83e4f8 and esp,0FFFFFFF8h
6556b178 83ec20 sub esp,20h
6556b17b 56 push esi
6556b17c 8b7508 mov esi,dword ptr [ebp+8]
6556b17f 8bce mov ecx,esi
6556b181 57 push edi
6556b182 807e7700 cmp byte ptr [esi+77h],0
6556b186 7409 je edgehtml!CServer::DoInPlaceActivate+0x21 (6556b191)
6556b188 e8c61fc9ff call edgehtml!CServer::ActivateView (651fd153)
6556b18d 8bf8 mov edi,eax
6556b18f eb2f jmp edgehtml!CServer::DoInPlaceActivate+0x50 (6556b1c0)
6556b191 ff7510 push dword ptr [ebp+10h]

3:084> rM 0x7D
eax=0004c25d ebx=074fec00 ecx=6cc86dda edx=00140001 esi=772c7460 edi=103bc548
eip=6556b05c esp=103bc544 ebp=103bc550 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
fpcw=027F: rn 53 puozdi fpsw=0120: top=0 cc=0001 --p----- fptw=FFFF
fopcode=0000 fpip=001b:647bec2d fpdp=0023:118ecfb8
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 9.999999776482582092290e-0003 st3= 1.000000000000000000000e+0000
st4= 1.000000000000000000000e+0000 st5= 5.664062500000000000000e-0002
st6= 1.463408495963000000000e+0012 st7= 1.018066406250000000000e-0001
mm0=0000000000000000 mm1=0000000000000000
mm2=a3d70a0000000000 mm3=8000000000000000
mm4=8000000000000000 mm5=e800000000000000
mm6=aa5cf8c6ad800000 mm7=d080000000000000
xmm0=0 0 0 0
xmm1=0 0 0 0
xmm2=0 0 0 0
xmm3=0 0 0 0
xmm4=0 0 0 0
xmm5=0 0 0 0
xmm6=0 0 0 0
xmm7=0 0 0 0
dr0=00000000 dr1=00000000 dr2=00000000
dr3=00000000 dr6=00000000 dr7=00000000
edgehtml!CBaseScriptable::PrivateQueryInterface+0xbc:
6556b05c 8b7004 mov esi,dword ptr [eax+4] ds:0023:0004c261=????????

3:084> dpp @$ea - 10*$ptrsize L10;
0004c221 ????????
0004c225 ????????
0004c229 ????????
0004c22d ????????
0004c231 ????????
0004c235 ????????
0004c239 ????????
0004c23d ????????
0004c241 ????????
0004c245 ????????
0004c249 ????????
0004c24d ????????
0004c251 ????????
0004c255 ????????
0004c259 ????????
0004c25d ????????

3:084> dpp @$ea L10;
0004c261 ????????
0004c265 ????????
0004c269 ????????
0004c26d ????????
0004c271 ????????
0004c275 ????????
0004c279 ????????
0004c27d ????????
0004c281 ????????
0004c285 ????????
0004c289 ????????
0004c28d ????????
0004c291 ????????
0004c295 ????????
0004c299 ????????
0004c29d ????????

3:084> dpp @$ea2 - 10*$ptrsize L10;
Bad register error at '@$ea2 - 10*$ptrsize '

3:084> lm M *microsoftedgecp.exe
start end module name
009c0000 00a0e000 microsoftedgecp (deferred)

3:084> lmv m *edgehtml
start end module name
64bb0000 65d9b000 edgehtml (pdb symbols) \\j3\symbols\edgehtml.pdb\EB51CD87F5FF4258B32C8451ECC8CB031\edgehtml.pdb
Loaded symbol image file: C:\WINDOWS\SYSTEM32\edgehtml.dll
Image path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Image name: edgehtml.dll
Timestamp: Sat Apr 23 06:20:39 2016 (571AF817)
CheckSum: 011D509E
ImageSize: 011EB000
File version: 11.0.10586.306
Product version: 11.0.10586.306
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
InternalName: EDGEHTML
OriginalFilename: EDGEHTML.DLL
ProductVersion: 11.00.10586.306
FileVersion: 11.00.10586.306 (th2_release_sec.160422-1850)
FileDescription: Microsoft (R) HTML Viewer
LegalCopyright: � Microsoft Corporation. All rights reserved.

3:084> lmv m *microsoftedgecp
start end module name
009c0000 00a0e000 microsoftedgecp (deferred)
Image path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Image name: microsoftedgecp.exe
Timestamp: Tue Nov 24 07:49:28 2015 (56540878)
CheckSum: 00053B24
ImageSize: 0004E000
File version: 11.0.10586.20
Product version: 11.0.10586.20
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Edge
InternalName: MicrosoftEdgeCP
OriginalFilename: MicrosoftEdgeCP.exe
ProductVersion: 11.00.10586.20
FileVersion: 11.00.10586.20 (th2_release_sec.151123-1940)
FileDescription: Microsoft Edge Content Process
LegalCopyright: � Microsoft Corporation. All rights reserved.

3:084>

Details

Stack

Disassembly

Registers

Referenced memory

Memory around address 0x4C261:

Binary information

edgehtml.dll

microsoftedgecp.exe

Debugger IO