CVE-2020-0791

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffddace291000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffffdb7dbdd52db, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000000, (reserved)

nt!DbgBreakPointWithStatus
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x906
nt!KeBugCheckEx+0x107
nt!MiSystemFault+0x196bc3
nt!MmAccessFault+0x218
nt!KiPageFault+0x360
win32kfull!vStrWrite01+0x8b
win32kfull!EngStretchBltNew+0xc87
win32kfull!EngStretchBlt+0xd4
win32kfull!EngStretchBltROP+0x325
win32kfull!BLTRECORD::bStretch+0x37f
win32kfull!GreStretchBltInternal+0x733
win32kfull!NtGdiStretchBlt+0x68
win32k!NtGdiStretchBlt+0x81
nt!KiSystemServiceCopyEnd+0x25
win32u!NtGdiStretchBlt+0x14
gdi32full!StretchBlt+0xaf
GDI32!StretchBltStub+0x91
poc!main+0x83 [r:\poc\poc\main.c @ 12]

rax=0000000000000008 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffddac7280ff0 rsi=0000000000000000 rdi=0000000000000000
rip=fffffdb7dbdd52db rsp=fffff98de5c66b60 rbp=fffff98de5c66be0
 r8=fffffddace291000  r9=0000000000000100 r10=0000000000000001
r11=fffffdb7dbcf0000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
win32kfull!vStrWrite01+0x8b:
fffffdb7`dbdd52db 418b10          mov     edx,dword ptr [r8] ds:fffffdda`ce291000=????????