Access violation - code c0000005

[romanholidaypancakes]

Describe the bug
Sometimes using the !epthook MmGetPhysicalAddress triggers an exception.

To Reproduce
Use !epthook MmGetPhysicalAddress (note: this is an occasional

0: kd> K
 # Child-SP          RetAddr               Call Site
00 fffff806`152a3128 01000000`00100000     nt!KiDispatchInterruptContinue+0x1b
01 fffff806`152a3130 00000000`00000103     0x01000000`00100000
02 fffff806`152a3138 00000000`00000000     0x103
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
nt!KiDispatchInterruptContinue+0x1b:
fffff806`137c5cab c3              ret
0: kd> .crash
Access violation - code c0000005 (!!! second chance !!!)
nt!HvlpGetRegister64+0xd6:
fffff806`13885ece 48c1e220        shl     rdx,20h
0: kd> k
 # Child-SP          RetAddr               Call Site
00 fffff806`152a1b00 fffff806`1387e54d     nt!HvlpGetRegister64+0xd6
01 fffff806`152a1b30 fffff806`1389eb6f     nt!HvlLogGuestCrashInformation+0x39
02 fffff806`152a1b70 fffff806`137bf147     nt!KeBugCheck2+0x7cf
03 fffff806`152a2290 fffff806`13ea7907     nt!KeBugCheckEx+0x107
04 fffff806`152a22d0 fffff806`13ea69ef     nt!KdpSendWaitContinue+0x807
05 fffff806`152a24d0 fffff806`13899ef4     nt!KdpReportExceptionStateChange+0x9b
06 fffff806`152a2630 fffff806`13ea9665     nt!KdpReport+0xb4
07 fffff806`152a2670 fffff806`13716138     nt!KdpTrap+0x14d
08 fffff806`152a26c0 fffff806`138426d1     nt!KdTrap+0x2c
09 fffff806`152a2700 fffff806`137d0942     nt!KiDispatchException+0x12ca61
0a fffff806`152a2db0 fffff806`137cc805     nt!KiExceptionDispatch+0xc2
0b fffff806`152a2f90 fffff806`137c5cab     nt!KiGeneralProtectionFault+0x305
0c fffff806`152a3128 01000000`00100000     nt!KiDispatchInterruptContinue+0x1b
0d fffff806`152a3130 00000000`00000103     0x01000000`00100000
0e fffff806`152a3138 00000000`00000000     0x103

Expected behavior
The error no longer occurs

Screenshots
n/a

Desktop (please complete the following information):

• OS: 10.0.17763.107
• Processor : Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz 2.60 GHz
• Version 0.8.2
• Environment VMWare 17.5.1
  

Additional context
n/a

[SinaKarvandi]

Hi,
Thanks for creating this issue.

I tried to reproduce it and test it almost a hundred times with the function you mentioned (MmGetPhysicalAddress) but still couldn't reproduce it.

It might be because of a race condition that didn't happen in my system, but anyway in your picture, you dedicate 2 GB RAM to the VM, which is kinda weird for me. It might cause problems since the behavior of Windows changes when the memory is low. Would you please increase it and test it again?

Also, make sure to test it with the latest released version (v0.9 which will be available today).