CVE-2020-1247

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffa9d2c7b19000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: ffffa9abc18bc7ca, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000000, (reserved)

nt!DbgBreakPointWithStatus
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x952
nt!KeBugCheckEx+0x107
nt!MiSystemFault+0x195f11
nt!MmAccessFault+0x34f
nt!KiPageFault+0x360
win32kfull!vStrWrite04+0x18a
win32kfull!EngStretchBltNew+0xc89
win32kfull!EngStretchBlt+0xd1
win32kfull!EngStretchBltROP+0x319
win32kfull!BLTRECORD::bStretch+0x37f
win32kfull!GreStretchBltInternal+0x721
win32kfull!NtGdiStretchBlt+0x68
nt!KiSystemServiceCopyEnd+0x25
win32u!NtGdiStretchBlt+0x14
gdi32full!StretchBlt+0xaf
GDI32!StretchBltStub+0x90
poc+0x1156

Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=ffffa9abc18bc7ca rsp=fffff408294d6b50 rbp=fffff408294d6bb9
 r8=ffffa9d2c7b19000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
win32kfull!vStrWrite04+0x18a:
ffffa9ab`c18bc7ca 418b10          mov     edx,dword ptr [r8] ds:ffffa9d2`c7b19000=????????