Windows 10 How do I interpret this dump file after a BSOD?

  • Thread starter Thread starter Croooow
  • Start date Start date
C

Croooow

[COLOR=rgba(30, 30, 30, 1)]Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is:
Page 200000230 too large to be in the dump file.
Page 200002ff9 too large to be in the dump file.
Windows 10 Kernel Version 18362 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff802`682af000 PsLoadedModuleList = 0xfffff802`686f51b0
Debug session time: Sun Jan 31 13:05:59.201 2021 (UTC - 5:00)
System Uptime: 0 days 0:04:47.114
Loading Kernel Symbols
...............................................................
...Page 88556c not present in the dump file. Type ".hh dbgerr004" for details
.......Page 359f1 not present in the dump file. Type ".hh dbgerr004" for details
......................................................
................................................................
...........................
Loading User Symbols

Loading unloaded module list
..................
For analysis of this file, run [/COLOR][COLOR=rgba(0, 0, 255, 1)]!analyze -v
[/COLOR][COLOR=rgba(30, 30, 30, 1)]nt!KeBugCheckEx:
fffff802`68472b20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffaa04`19c56470=000000000000007e
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff8026847a9b8, The address that the exception occurred at
Arg3: ffffaa0419c57488, Exception Record Address
Arg4: ffffaa0419c56cd0, Context Record Address

Debugging Details:
------------------

Page 852f1c not present in the dump file. Type ".hh dbgerr004" for details
Page 852f1c not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3921

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-UT1061N

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 8642

Key : Analysis.Memory.CommitPeak.Mb
Value: 79

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: 19h1_release

Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z

Key : WER.OS.Version
Value: 10.0.18362.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffff80000003

BUGCHECK_P2: fffff8026847a9b8

BUGCHECK_P3: ffffaa0419c57488

BUGCHECK_P4: ffffaa0419c56cd0

EXCEPTION_RECORD: ffffaa0419c57488 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffffaa0419c57488)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff8026847a9b8 (nt!DebugPrompt+0x0000000000000018)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000002

CONTEXT: ffffaa0419c56cd0 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.cxr 0xffffaa0419c56cd0)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=0000000000000002 rbx=000000000000005a rcx=fffff80269351c78
rdx=ffffaa0419c5001f rsi=fffff80269359fc0 rdi=000000000000002f
rip=fffff8026847a9b7 rsp=ffffaa0419c576c8 rbp=ffffaa0419c57820
r8=ffffaa0419c57750 r9=0000000000000002 r10=0000000000000007
r11=ffffaa0419c57718 r12=0000000000000408 r13=000000000000012c
r14=000000000000012c r15=ffffaa041a0276d0
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00040246
nt!DebugPrompt+0x17:
fffff802`6847a9b7 cc int 3
Resetting default scope

BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXPNP: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxpnp[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXWINLOGON: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.

EXCEPTION_CODE_STR: 80000003

EXCEPTION_PARAMETER1: 0000000000000002

EXCEPTION_STR: 0x80000003

STACK_TEXT:
ffffaa04`19c576c8 fffff802`685ba194 : ffffaa04`19c57820 fffff802`683d54d0 00000000`0000005a fffff802`69359fc0 : nt!DebugPrompt+0x17
ffffaa04`19c576d0 fffff802`6938d9ab : 00000000`0000005a fffff802`69359fc0 fffff802`69351c74 00000000`00000007 : nt!DbgPrompt+0x44
ffffaa04`19c57720 fffff802`6938d38f : 00000000`0000002d ffffe184`a27f4bd0 ffffe184`a27ceff0 00000000`00000000 : FLTMGR!FltpvPrintErrors+0x183
ffffaa04`19c579a0 fffff802`68308d35 : ffffe184`588e7c90 ffffe184`8f431040 ffffe184`588e7c90 ffffaa04`1a0276e0 : FLTMGR!FltpvDoLostObjectCheck+0x1ef
ffffaa04`19c57a70 fffff802`683e2585 : ffffe184`8f431040 00000000`00000080 ffffe184`588a7300 000024ef`bd9bbfff : nt!ExpWorkerThread+0x105
ffffaa04`19c57b10 fffff802`6847a128 : ffff8201`f63c0180 ffffe184`8f431040 fffff802`683e2530 93939393`93939393 : nt!PspSystemThreadStartup+0x55
ffffaa04`19c57b60 00000000`00000000 : ffffaa04`19c58000 ffffaa04`19c51000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME: nt!DebugPrompt+18

MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]nt

[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr 0xffffaa0419c56cd0 ; kb

BUCKET_ID_FUNC_OFFSET: 18

FAILURE_BUCKET_ID: AV_VRF_nt!DebugPrompt

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {f47fc276-52c8-da5f-1a32-8baabfc97af2}

Followup: MachineOwner
---------[/COLOR]


Continue reading...
 
Back
Top