False Effective Address

When calculating effective addresses such as [r10+10h] or [rax+rcx*12h+40h] to show their value in the output of some commands such as .trap or .cxr a debugger uses CPU register values from a saved trap frame or context structure. If such information is invalid the reported effective address doesn't correspond to the real one during code execution. This analysis pattern is similar to False Function Parameters (Volume 2, page 173). Therefore, if a fault address is saved during bugcheck or exception processing it may not correspond to the output of some commands where such calculation is necessary. For example, in a bugcheck parameter we have this referenced memory address:

Arg1: fffffadda17d001d, memory referenced

But the output of .trap command shows a NULL pointer (Volume 3, page 131) address:

NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
[...]
movzx eax,word ptr [rax+10h] 0010=????

Usually we are lucky and an effective address is correct despite such warning such as in pattern example from Volume 6, page 94 and pattern interaction case study from Volume 4, page 201.