; This code is from 64 bit Windows 7 Ultimate sp0, latest updates as of 2010-07-14. ; To redirect ALL exceptions to kernel debugger (kd), regardless if the target process ; has a user mode debugger attached, you need to patch the jump at fffff800`0290aa1a ; to jump to fffff800`0290aa53 nt!KiDispatchException: fffff800`0290a770 4c89442418 mov qword ptr [rsp+18h],r8 fffff800`0290a775 48894c2408 mov qword ptr [rsp+8],rcx fffff800`0290a77a 55 push rbp fffff800`0290a77b 4154 push r12 fffff800`0290a77d 4155 push r13 fffff800`0290a77f 4156 push r14 fffff800`0290a781 4157 push r15 fffff800`0290a783 4881ec60010000 sub rsp,160h fffff800`0290a78a 488d6c2430 lea rbp,[rsp+30h] fffff800`0290a78f 48899d68010000 mov qword ptr [rbp+168h],rbx fffff800`0290a796 4889b578010000 mov qword ptr [rbp+178h],rsi fffff800`0290a79d 488b050c021400 mov rax,qword ptr [nt!_security_cookie (fffff800`02a4a9b0)] fffff800`0290a7a4 4833c5 xor rax,rbp fffff800`0290a7a7 48898520010000 mov qword ptr [rbp+120h],rax fffff800`0290a7ae 458af1 mov r14b,r9b fffff800`0290a7b1 44884d00 mov byte ptr [rbp],r9b fffff800`0290a7b5 498bf0 mov rsi,r8 fffff800`0290a7b8 4c8bfa mov r15,rdx fffff800`0290a7bb 488bd9 mov rbx,rcx fffff800`0290a7be 65ff0425b4480000 inc dword ptr gs:[48B4h] fffff800`0290a7c6 41bd1f001000 mov r13d,10001Fh fffff800`0290a7cc 44896d04 mov dword ptr [rbp+4],r13d fffff800`0290a7d0 4584c9 test r9b,r9b fffff800`0290a7d3 7421 je nt!KiDispatchException+0x86 (fffff800`0290a7f6) fffff800`0290a7d5 0fba2567d81f0017 bt dword ptr [nt!KeFeatureBits (fffff800`02b08044)],17h fffff800`0290a7dd 7317 jae nt!KiDispatchException+0x86 (fffff800`0290a7f6) fffff800`0290a7df 48f7059ed91f00fcffffff test qword ptr [nt!KeEnabledXStateFeatures (fffff800`02b08188)],0FFFFFFFFFFFFFFFCh fffff800`0290a7ea 418d4520 lea eax,[r13+20h] fffff800`0290a7ee 440f45e8 cmovne r13d,eax fffff800`0290a7f2 44896d04 mov dword ptr [rbp+4],r13d fffff800`0290a7f6 488d550c lea rdx,[rbp+0Ch] fffff800`0290a7fa 418bcd mov ecx,r13d fffff800`0290a7fd e8a6ecffff call nt!RtlGetExtendedContextLength (fffff800`029094a8) fffff800`0290a802 448b5d0c mov r11d,dword ptr [rbp+0Ch] fffff800`0290a806 498d430f lea rax,[r11+0Fh] fffff800`0290a80a 493bc3 cmp rax,r11 fffff800`0290a80d 770a ja nt!KiDispatchException+0xa9 (fffff800`0290a819) fffff800`0290a80f 48b8f0ffffffffffff0f mov rax,0FFFFFFFFFFFFFF0h fffff800`0290a819 4883e0f0 and rax,0FFFFFFFFFFFFFFF0h fffff800`0290a81d e8aedefbff call nt!_chkstk (fffff800`028c86d0) fffff800`0290a822 482be0 sub rsp,rax fffff800`0290a825 4c8d642430 lea r12,[rsp+30h] fffff800`0290a82a 4c896548 mov qword ptr [rbp+48h],r12 fffff800`0290a82e 4c8d4510 lea r8,[rbp+10h] fffff800`0290a832 418bd5 mov edx,r13d fffff800`0290a835 498bcc mov rcx,r12 fffff800`0290a838 e82febffff call nt!RtlInitializeExtendedContext (fffff800`0290936c) fffff800`0290a83d 894508 mov dword ptr [rbp+8],eax fffff800`0290a840 418bc5 mov eax,r13d fffff800`0290a843 b920001000 mov ecx,100020h fffff800`0290a848 23c1 and eax,ecx fffff800`0290a84a 3bc1 cmp eax,ecx fffff800`0290a84c 7519 jne nt!KiDispatchException+0xf7 (fffff800`0290a867) fffff800`0290a84e 488b4510 mov rax,qword ptr [rbp+10h] fffff800`0290a852 48634810 movsxd rcx,dword ptr [rax+10h] fffff800`0290a856 4803c8 add rcx,rax fffff800`0290a859 488b0528d91f00 mov rax,qword ptr [nt!KeEnabledXStateFeatures (fffff800`02b08188)] fffff800`0290a860 4883e0fc and rax,0FFFFFFFFFFFFFFFCh fffff800`0290a864 488901 mov qword ptr [rcx],rax fffff800`0290a867 4d8bc4 mov r8,r12 fffff800`0290a86a 498bd7 mov rdx,r15 fffff800`0290a86d 488bce mov rcx,rsi fffff800`0290a870 e8effaffff call nt!KeContextFromKframes (fffff800`0290a364) fffff800`0290a875 813b03000080 cmp dword ptr [rbx],80000003h fffff800`0290a87b 7508 jne nt!KiDispatchException+0x115 (fffff800`0290a885) fffff800`0290a87d 49ff8c24f8000000 dec qword ptr [r12+0F8h] fffff800`0290a885 458ace mov r9b,r14b fffff800`0290a888 4d8bc4 mov r8,r12 fffff800`0290a88b 488bd6 mov rdx,rsi fffff800`0290a88e 488bcb mov rcx,rbx fffff800`0290a891 e886040000 call nt!KiPreprocessFault (fffff800`0290ad1c) fffff800`0290a896 84c0 test al,al fffff800`0290a898 0f8531040000 jne nt!KiDispatchException+0x55e (fffff800`0290accf) fffff800`0290a89e 4584f6 test r14b,r14b fffff800`0290a8a1 0f8583000000 jne nt!KiDispatchException+0x1ba (fffff800`0290a92a) fffff800`0290a8a7 4438b580010000 cmp byte ptr [rbp+180h],r14b fffff800`0290a8ae 7437 je nt!KiDispatchException+0x177 (fffff800`0290a8e7) fffff800`0290a8b0 4488742428 mov byte ptr [rsp+28h],r14b fffff800`0290a8b5 4488742420 mov byte ptr [rsp+20h],r14b fffff800`0290a8ba 4d8bcc mov r9,r12 fffff800`0290a8bd 4c8bc3 mov r8,rbx fffff800`0290a8c0 498bd7 mov rdx,r15 fffff800`0290a8c3 488bce mov rcx,rsi fffff800`0290a8c6 ff15a4da1f00 call qword ptr [nt!KiDebugRoutine (fffff800`02b08370)] fffff800`0290a8cc 84c0 test al,al fffff800`0290a8ce 0f85fb030000 jne nt!KiDispatchException+0x55e (fffff800`0290accf) fffff800`0290a8d4 498bd4 mov rdx,r12 fffff800`0290a8d7 488bcb mov rcx,rbx fffff800`0290a8da e8612cffff call nt!RtlDispatchException (fffff800`028fd540) fffff800`0290a8df 84c0 test al,al fffff800`0290a8e1 0f85e8030000 jne nt!KiDispatchException+0x55e (fffff800`0290accf) fffff800`0290a8e7 c644242801 mov byte ptr [rsp+28h],1 fffff800`0290a8ec c644242000 mov byte ptr [rsp+20h],0 fffff800`0290a8f1 4d8bcc mov r9,r12 fffff800`0290a8f4 4c8bc3 mov r8,rbx fffff800`0290a8f7 498bd7 mov rdx,r15 fffff800`0290a8fa 488bce mov rcx,rsi fffff800`0290a8fd ff156dda1f00 call qword ptr [nt!KiDebugRoutine (fffff800`02b08370)] fffff800`0290a903 84c0 test al,al fffff800`0290a905 0f85c4030000 jne nt!KiDispatchException+0x55e (fffff800`0290accf) fffff800`0290a90b 486313 movsxd rdx,dword ptr [rbx] fffff800`0290a90e 488b4328 mov rax,qword ptr [rbx+28h] fffff800`0290a912 4889442420 mov qword ptr [rsp+20h],rax fffff800`0290a917 4c8b4b20 mov r9,qword ptr [rbx+20h] fffff800`0290a91b 4c8b4310 mov r8,qword ptr [rbx+10h] fffff800`0290a91f b91e000000 mov ecx,1Eh fffff800`0290a924 e8d75cfcff call nt!KeBugCheckEx (fffff800`028d0600) fffff800`0290a929 cc int 3 fffff800`0290a92a 65488b042588010000 mov rax,qword ptr gs:[188h] fffff800`0290a933 488b4870 mov rcx,qword ptr [rax+70h] fffff800`0290a937 4883b92003000000 cmp qword ptr [rcx+320h],0 fffff800`0290a93f 7423 je nt!KiDispatchException+0x1f4 (fffff800`0290a964) fffff800`0290a941 813b02000080 cmp dword ptr [rbx],80000002h fffff800`0290a947 751b jne nt!KiDispatchException+0x1f4 (fffff800`0290a964) fffff800`0290a949 8b8678010000 mov eax,dword ptr [rsi+178h] fffff800`0290a94f 0fbae012 bt eax,12h fffff800`0290a953 730f jae nt!KiDispatchException+0x1f4 (fffff800`0290a964) fffff800`0290a955 0fbaf012 btr eax,12h fffff800`0290a959 898678010000 mov dword ptr [rsi+178h],eax fffff800`0290a95f e983030000 jmp nt!KiDispatchException+0x576 (fffff800`0290ace7) fffff800`0290a964 410fb7442438 movzx eax,word ptr [r12+38h] fffff800`0290a96a b9f8ff0000 mov ecx,0FFF8h fffff800`0290a96f 6623c1 and ax,cx fffff800`0290a972 6683f820 cmp ax,20h fffff800`0290a976 7534 jne nt!KiDispatchException+0x23c (fffff800`0290a9ac) fffff800`0290a978 813b03000080 cmp dword ptr [rbx],80000003h fffff800`0290a97e 7410 je nt!KiDispatchException+0x220 (fffff800`0290a990) fffff800`0290a980 813b04000080 cmp dword ptr [rbx],80000004h fffff800`0290a986 750e jne nt!KiDispatchException+0x226 (fffff800`0290a996) fffff800`0290a988 c7031e000040 mov dword ptr [rbx],4000001Eh fffff800`0290a98e eb06 jmp nt!KiDispatchException+0x226 (fffff800`0290a996) fffff800`0290a990 c7031f000040 mov dword ptr [rbx],4000001Fh fffff800`0290a996 458bb42498000000 mov r14d,dword ptr [r12+98h] fffff800`0290a99e b8f0ffffff mov eax,0FFFFFFF0h fffff800`0290a9a3 4c23f0 and r14,rax fffff800`0290a9a6 4c897520 mov qword ptr [rbp+20h],r14 fffff800`0290a9aa eb0c jmp nt!KiDispatchException+0x248 (fffff800`0290a9b8) fffff800`0290a9ac 4d8bb42498000000 mov r14,qword ptr [r12+98h] fffff800`0290a9b4 4c897520 mov qword ptr [rbp+20h],r14 fffff800`0290a9b8 813b04000080 cmp dword ptr [rbx],80000004h fffff800`0290a9be 7537 jne nt!KiDispatchException+0x287 (fffff800`0290a9f7) fffff800`0290a9c0 65488b142588010000 mov rdx,qword ptr gs:[188h] fffff800`0290a9c9 488bc2 mov rax,rdx fffff800`0290a9cc 4885d2 test rdx,rdx fffff800`0290a9cf 7509 jne nt!KiDispatchException+0x26a (fffff800`0290a9da) fffff800`0290a9d1 65488b042588010000 mov rax,qword ptr gs:[188h] fffff800`0290a9da f6400340 test byte ptr [rax+3],40h fffff800`0290a9de 7417 je nt!KiDispatchException+0x287 (fffff800`0290a9f7) fffff800`0290a9e0 488b82b8010000 mov rax,qword ptr [rdx+1B8h] fffff800`0290a9e7 8b4858 mov ecx,dword ptr [rax+58h] fffff800`0290a9ea 83c910 or ecx,10h fffff800`0290a9ed 488b82b8010000 mov rax,qword ptr [rdx+1B8h] fffff800`0290a9f4 894858 mov dword ptr [rax+58h],ecx fffff800`0290a9f7 8b4318 mov eax,dword ptr [rbx+18h] fffff800`0290a9fa 488d4cc320 lea rcx,[rbx+rax*8+20h] fffff800`0290a9ff 4c8bc3 mov r8,rbx fffff800`0290aa02 4c2bc1 sub r8,rcx fffff800`0290aa05 4981c098000000 add r8,98h fffff800`0290aa0c 33d2 xor edx,edx fffff800`0290aa0e e87d7dfcff call nt!memset (fffff800`028d2790) fffff800`0290aa13 80bd8001000001 cmp byte ptr [rbp+180h],1 ; !!! patch following jump to unconditional jump to fffff800`0290aa53 fffff800`0290aa1a 0f855e020000 jne nt!KiDispatchException+0x50d (fffff800`0290ac7e) fffff800`0290aa20 41b001 mov r8b,1 fffff800`0290aa23 498bd4 mov rdx,r12 fffff800`0290aa26 488bcb mov rcx,rbx fffff800`0290aa29 e8828e4400 call nt!KdIsThisAKdTrap (fffff800`02d538b0) fffff800`0290aa2e 65488b0c2588010000 mov rcx,qword ptr gs:[188h] fffff800`0290aa37 488b5170 mov rdx,qword ptr [rcx+70h] fffff800`0290aa3b 4883baf001000000 cmp qword ptr [rdx+1F0h],0 fffff800`0290aa43 7509 jne nt!KiDispatchException+0x2de (fffff800`0290aa4e) fffff800`0290aa45 803d61711c0000 cmp byte ptr [nt!KdIgnoreUmExceptions (fffff800`02ad1bad)],0 fffff800`0290aa4c 7405 je nt!KiDispatchException+0x2e3 (fffff800`0290aa53) fffff800`0290aa4e 413ac0 cmp al,r8b fffff800`0290aa51 7526 jne nt!KiDispatchException+0x309 (fffff800`0290aa79) ; calling kernel debugger fffff800`0290aa53 c644242800 mov byte ptr [rsp+28h],0 fffff800`0290aa58 8a4500 mov al,byte ptr [rbp] fffff800`0290aa5b 88442420 mov byte ptr [rsp+20h],al fffff800`0290aa5f 4d8bcc mov r9,r12 fffff800`0290aa62 4c8bc3 mov r8,rbx fffff800`0290aa65 498bd7 mov rdx,r15 fffff800`0290aa68 488bce mov rcx,rsi fffff800`0290aa6b ff15ffd81f00 call qword ptr [nt!KiDebugRoutine (fffff800`02b08370)] fffff800`0290aa71 84c0 test al,al fffff800`0290aa73 0f8552020000 jne nt!KiDispatchException+0x55a (fffff800`0290accb) fffff800`0290aa79 4533c0 xor r8d,r8d fffff800`0290aa7c b201 mov dl,1 fffff800`0290aa7e 488bcb mov rcx,rbx fffff800`0290aa81 e82a812600 call nt!DbgkForwardException (fffff800`02b72bb0) fffff800`0290aa86 84c0 test al,al fffff800`0290aa88 0f8559020000 jne nt!KiDispatchException+0x576 (fffff800`0290ace7) fffff800`0290aa8e 0fbab67801000008 btr dword ptr [rsi+178h],8 fffff800`0290aa96 c78580000000050000c0 mov dword ptr [rbp+80h],0C0000005h fffff800`0290aaa0 90 nop fffff800`0290aaa1 498bd6 mov rdx,r14 fffff800`0290aaa4 48895518 mov qword ptr [rbp+18h],rdx fffff800`0290aaa8 418bc5 mov eax,r13d fffff800`0290aaab 2520001000 and eax,100020h fffff800`0290aab0 3d20001000 cmp eax,100020h fffff800`0290aab5 7516 jne nt!KiDispatchException+0x35d (fffff800`0290aacd) fffff800`0290aab7 488b4510 mov rax,qword ptr [rbp+10h] fffff800`0290aabb 8b4814 mov ecx,dword ptr [rax+14h] fffff800`0290aabe 482bd1 sub rdx,rcx fffff800`0290aac1 48895518 mov qword ptr [rbp+18h],rdx fffff800`0290aac5 4883e2c0 and rdx,0FFFFFFFFFFFFFFC0h fffff800`0290aac9 48895518 mov qword ptr [rbp+18h],rdx fffff800`0290aacd 488d42d8 lea rax,[rdx-28h] fffff800`0290aad1 4883e0f1 and rax,0FFFFFFFFFFFFFFF1h fffff800`0290aad5 48894550 mov qword ptr [rbp+50h],rax fffff800`0290aad9 48894540 mov qword ptr [rbp+40h],rax fffff800`0290aadd 480560ffffff add rax,0FFFFFFFFFFFFFF60h fffff800`0290aae3 48894558 mov qword ptr [rbp+58h],rax fffff800`0290aae7 4c8d40e0 lea r8,[rax-20h] fffff800`0290aaeb 4c894568 mov qword ptr [rbp+68h],r8 fffff800`0290aaef 4d8db830fbffff lea r15,[r8-4D0h] fffff800`0290aaf6 4c897d60 mov qword ptr [rbp+60h],r15 fffff800`0290aafa 498bc7 mov rax,r15 fffff800`0290aafd 492bc0 sub rax,r8 fffff800`0290ab00 894528 mov dword ptr [rbp+28h],eax fffff800`0290ab03 498bce mov rcx,r14 fffff800`0290ab06 492bcf sub rcx,r15 fffff800`0290ab09 894d2c mov dword ptr [rbp+2Ch],ecx fffff800`0290ab0c 894530 mov dword ptr [rbp+30h],eax fffff800`0290ab0f c74534d0040000 mov dword ptr [rbp+34h],4D0h fffff800`0290ab16 488bc2 mov rax,rdx fffff800`0290ab19 492bc0 sub rax,r8 fffff800`0290ab1c 894538 mov dword ptr [rbp+38h],eax fffff800`0290ab1f 498bc6 mov rax,r14 fffff800`0290ab22 482bc2 sub rax,rdx fffff800`0290ab25 89453c mov dword ptr [rbp+3Ch],eax fffff800`0290ab28 4885c9 test rcx,rcx fffff800`0290ab2b 743d je nt!KiDispatchException+0x3f9 (fffff800`0290ab6a) fffff800`0290ab2d 4881f900100000 cmp rcx,1000h fffff800`0290ab34 7334 jae nt!KiDispatchException+0x3f9 (fffff800`0290ab6a) fffff800`0290ab36 41f6c70f test r15b,0Fh fffff800`0290ab3a 7406 je nt!KiDispatchException+0x3d1 (fffff800`0290ab42) fffff800`0290ab3c e80ffa3400 call nt!ExRaiseDatatypeMisalignment (fffff800`02c5a550) fffff800`0290ab41 cc int 3 fffff800`0290ab42 488b05b7d41f00 mov rax,qword ptr [nt!MmUserProbeAddress (fffff800`02b08000)] fffff800`0290ab49 4c3bf8 cmp r15,rax fffff800`0290ab4c 4c0f43f8 cmovae r15,rax fffff800`0290ab50 418a07 mov al,byte ptr [r15] fffff800`0290ab53 418807 mov byte ptr [r15],al fffff800`0290ab56 418a440fff mov al,byte ptr [r15+rcx-1] fffff800`0290ab5b 4188440fff mov byte ptr [r15+rcx-1],al fffff800`0290ab60 488b4d40 mov rcx,qword ptr [rbp+40h] fffff800`0290ab64 4c8b7d60 mov r15,qword ptr [rbp+60h] fffff800`0290ab68 eb15 jmp nt!KiDispatchException+0x40e (fffff800`0290ab7f) fffff800`0290ab6a 41b810000000 mov r8d,10h fffff800`0290ab70 488bd1 mov rdx,rcx fffff800`0290ab73 498bcf mov rcx,r15 fffff800`0290ab76 e8e5d32d00 call nt!ProbeForWrite (fffff800`02be7f60) fffff800`0290ab7b 488b4d50 mov rcx,qword ptr [rbp+50h] fffff800`0290ab7f 4c897118 mov qword ptr [rcx+18h],r14 fffff800`0290ab83 498b8424f8000000 mov rax,qword ptr [r12+0F8h] fffff800`0290ab8b 488901 mov qword ptr [rcx],rax fffff800`0290ab8e 488b4d58 mov rcx,qword ptr [rbp+58h] fffff800`0290ab92 488bd3 mov rdx,rbx fffff800`0290ab95 41b898000000 mov r8d,98h fffff800`0290ab9b e870c7fbff call nt!memmove (fffff800`028c7310) fffff800`0290aba0 488364242800 and qword ptr [rsp+28h],0 fffff800`0290aba6 488b4510 mov rax,qword ptr [rbp+10h] fffff800`0290abaa 4889442420 mov qword ptr [rsp+20h],rax fffff800`0290abaf 458bcd mov r9d,r13d fffff800`0290abb2 4c8d4528 lea r8,[rbp+28h] fffff800`0290abb6 488b5d68 mov rbx,qword ptr [rbp+68h] fffff800`0290abba 488bd3 mov rdx,rbx fffff800`0290abbd b101 mov cl,1 fffff800`0290abbf e83044faff call nt!RtlpCopyExtendedContext (fffff800`028aeff4) fffff800`0290abc4 894508 mov dword ptr [rbp+8],eax fffff800`0290abc7 488bcb mov rcx,rbx fffff800`0290abca 488d5528 lea rdx,[rbp+28h] fffff800`0290abce 41b818000000 mov r8d,18h fffff800`0290abd4 e837c7fbff call nt!memmove (fffff800`028c7310) fffff800`0290abd9 4c89be80010000 mov qword ptr [rsi+180h],r15 fffff800`0290abe0 fa cli fffff800`0290abe1 b833000000 mov eax,33h fffff800`0290abe6 66898670010000 mov word ptr [rsi+170h],ax fffff800`0290abed 488b0504db1f00 mov rax,qword ptr [nt!KeUserExceptionDispatcher (fffff800`02b086f8)] fffff800`0290abf4 48898668010000 mov qword ptr [rsi+168h],rax fffff800`0290abfb 65488b042588010000 mov rax,qword ptr gs:[188h] fffff800`0290ac04 488b4870 mov rcx,qword ptr [rax+70h] fffff800`0290ac08 488b9100010000 mov rdx,qword ptr [rcx+100h] fffff800`0290ac0f 4885d2 test rdx,rdx fffff800`0290ac12 7412 je nt!KiDispatchException+0x4b5 (fffff800`0290ac26) fffff800`0290ac14 488b8668010000 mov rax,qword ptr [rsi+168h] fffff800`0290ac1b 48894658 mov qword ptr [rsi+58h],rax fffff800`0290ac1f 48899668010000 mov qword ptr [rsi+168h],rdx fffff800`0290ac26 fb sti fffff800`0290ac27 e9bb000000 jmp nt!KiDispatchException+0x576 (fffff800`0290ace7) fffff800`0290ac2c 81bd80000000fd0000c0 cmp dword ptr [rbp+80h],0C00000FDh fffff800`0290ac36 753f jne nt!KiDispatchException+0x506 (fffff800`0290ac77) fffff800`0290ac38 488b9d60010000 mov rbx,qword ptr [rbp+160h] fffff800`0290ac3f 488b4310 mov rax,qword ptr [rbx+10h] fffff800`0290ac43 48898590000000 mov qword ptr [rbp+90h],rax fffff800`0290ac4a 488bcb mov rcx,rbx fffff800`0290ac4d 488d9580000000 lea rdx,[rbp+80h] fffff800`0290ac54 41b898000000 mov r8d,98h fffff800`0290ac5a e8b1c6fbff call nt!memmove (fffff800`028c7310) fffff800`0290ac5f 488bb570010000 mov rsi,qword ptr [rbp+170h] fffff800`0290ac66 448b6d04 mov r13d,dword ptr [rbp+4] fffff800`0290ac6a 4c8b6548 mov r12,qword ptr [rbp+48h] fffff800`0290ac6e 4c8b7520 mov r14,qword ptr [rbp+20h] fffff800`0290ac72 e929feffff jmp nt!KiDispatchException+0x330 (fffff800`0290aaa0) fffff800`0290ac77 488b9d60010000 mov rbx,qword ptr [rbp+160h] fffff800`0290ac7e 41b001 mov r8b,1 fffff800`0290ac81 418ad0 mov dl,r8b fffff800`0290ac84 488bcb mov rcx,rbx fffff800`0290ac87 e8247f2600 call nt!DbgkForwardException (fffff800`02b72bb0) fffff800`0290ac8c 84c0 test al,al fffff800`0290ac8e 7557 jne nt!KiDispatchException+0x576 (fffff800`0290ace7) fffff800`0290ac90 41b001 mov r8b,1 fffff800`0290ac93 33d2 xor edx,edx fffff800`0290ac95 488bcb mov rcx,rbx fffff800`0290ac98 e8137f2600 call nt!DbgkForwardException (fffff800`02b72bb0) fffff800`0290ac9d 84c0 test al,al fffff800`0290ac9f 7546 jne nt!KiDispatchException+0x576 (fffff800`0290ace7) fffff800`0290aca1 8b13 mov edx,dword ptr [rbx] fffff800`0290aca3 4883c9ff or rcx,0FFFFFFFFFFFFFFFFh fffff800`0290aca7 e834e4fbff call nt!ZwTerminateProcess (fffff800`028c90e0) fffff800`0290acac 486313 movsxd rdx,dword ptr [rbx] fffff800`0290acaf 488b4328 mov rax,qword ptr [rbx+28h] fffff800`0290acb3 4889442420 mov qword ptr [rsp+20h],rax fffff800`0290acb8 4c8b4b20 mov r9,qword ptr [rbx+20h] fffff800`0290acbc 4c8b4310 mov r8,qword ptr [rbx+10h] fffff800`0290acc0 b91e000000 mov ecx,1Eh fffff800`0290acc5 e83659fcff call nt!KeBugCheckEx (fffff800`028d0600) fffff800`0290acca cc int 3 fffff800`0290accb 448a7500 mov r14b,byte ptr [rbp] fffff800`0290accf 4488742420 mov byte ptr [rsp+20h],r14b fffff800`0290acd4 458b4c2430 mov r9d,dword ptr [r12+30h] fffff800`0290acd9 4d8bc4 mov r8,r12 fffff800`0290acdc 498bd7 mov rdx,r15 fffff800`0290acdf 488bce mov rcx,rsi fffff800`0290ace2 e8495afcff call nt!KeContextToKframes (fffff800`028d0730) fffff800`0290ace7 488b8d20010000 mov rcx,qword ptr [rbp+120h] fffff800`0290acee 4833cd xor rcx,rbp fffff800`0290acf1 e8dad0fbff call nt!_security_check_cookie (fffff800`028c7dd0) fffff800`0290acf6 488b9d68010000 mov rbx,qword ptr [rbp+168h] fffff800`0290acfd 488bb578010000 mov rsi,qword ptr [rbp+178h] fffff800`0290ad04 488da530010000 lea rsp,[rbp+130h] fffff800`0290ad0b 415f pop r15 fffff800`0290ad0d 415e pop r14 fffff800`0290ad0f 415d pop r13 fffff800`0290ad11 415c pop r12 fffff800`0290ad13 5d pop rbp fffff800`0290ad14 c3 ret fffff800`0290ad15 90 nop