9
995.Unknown
My girlfriend's PC is constantly facing blue screens. When I say constantly, I don't mean its a daily event, but once a week or so her PC crashes. I am fairly competent with computers, I built my own and her PCs myself, I can troubleshoot Windows all day, but I have absolutely zero experience with dmp files. I have the MEMORY.DMP file saved from the crash, here is the link to the file: MEMORY.DMP
And link to the EventViewer System logs: hji.evtx
Never mind the name of the second file, I just face smashed the keyboard to give the file a name quickly
EDIT: Before reading any further, I should mention the CPU is in no way overclocked and the RAM is running the built in XMP to reach 3200Mhz.
Analysing it using WinDbg, it tells me this and nothing more:
: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffcc0db27afcc8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8021b4e934e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2406
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on UNKNOWN
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5494
Key : Analysis.Memory.CommitPeak.Mb
Value: 87
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffcc0db27afcc8
BUGCHECK_P2: 0
BUGCHECK_P3: fffff8021b4e934e
BUGCHECK_P4: 2
READ_ADDRESS: ffffcc0db27afcc8 Nonpaged pool
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: steam.exe
TRAP_FRAME: ffffbe00dc3d4150 -- (.trap 0xffffbe00dc3d4150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00ffffcc0db27afc rbx=0000000000000000 rcx=00000000000000fc
rdx=ffffcc0db27afce0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021b4e934e rsp=ffffbe00dc3d42e8 rbp=ffff8984e0485b40
r8=0000000000000000 r9=ffffcc0db27afcb0 r10=00000000000c5408
r11=ffffbe00dc3d4330 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!ObpCaptureHandleInformation+0x8e:
fffff802`1b4e934e 410fb64118 movzx eax,byte ptr [r9+18h] ds:ffffcc0d`b27afcc8=??
Resetting default scope
STACK_TEXT:
ffffbe00`dc3d3ea8 fffff802`1b035de9 : 00000000`00000050 ffffcc0d`b27afcc8 00000000`00000000 ffffbe00`dc3d4150 : nt!KeBugCheckEx
ffffbe00`dc3d3eb0 fffff802`1ae12d00 : 00000000`00000110 00000000`00000000 ffffbe00`dc3d41d0 00000000`00000000 : nt!MiSystemFault+0x1ae0e9
ffffbe00`dc3d3fb0 fffff802`1afec01e : ffff8984`e15fff10 fffff802`1afdffa5 00000000`00000004 ffff8984`d726d4c0 : nt!MmAccessFault+0x400
ffffbe00`dc3d4150 fffff802`1b4e934e : fffff802`1b559121 00000000`00000ecc 00000000`00000000 ffffcc0d`00000000 : nt!KiPageFault+0x35e
ffffbe00`dc3d42e8 fffff802`1b559121 : 00000000`00000ecc 00000000`00000000 ffffcc0d`00000000 fffff802`1aec9dc2 : nt!ObpCaptureHandleInformation+0x8e
ffffbe00`dc3d42f0 fffff802`1b4e9245 : fffff802`1b4e92c0 ffff8984`e0485b58 00000000`0017fffc ffffbe00`dc3d4434 : nt!ExpSnapShotHandleTables+0x131
ffffbe00`dc3d4380 fffff802`1b5568b1 : ffffbe00`dc3d4434 00000000`000c5408 00000000`0017fffc 00000000`00000000 : nt!ObGetHandleInformation+0x39
ffffbe00`dc3d43c0 fffff802`1b3e460a : 00000000`09288050 00000000`00020000 ffff9a00`dfc00050 ffffcc0d`39f2f010 : nt!ExpGetHandleInformation+0x5d
ffffbe00`dc3d4400 fffff802`1b1fba47 : 00000000`00000002 00000000`00018002 00000000`00000001 00000000`00180010 : nt!ExpQuerySystemInformation+0x1e8a7a
ffffbe00`dc3d4ac0 fffff802`1afef878 : ffffcc0d`33a50000 ffffcc0d`35b9b8e0 ffffbe00`dc3d4b18 ffffbe00`dc3d4b80 : nt!NtQuerySystemInformation+0x37
ffffbe00`dc3d4b00 00007fff`c7f8c484 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`008ddd98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`c7f8c484
SYMBOL_NAME: nt!ObpCaptureHandleInformation+8e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 8e
FAILURE_BUCKET_ID: AV_R_INVALID_nt!ObpCaptureHandleInformation
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {ca33f0ed-ea4f-08da-9cd1-d248328d82af}
Followup: MachineOwner
If anybody could make sense of this text or if there is more info in the file (there has to be, the file is over 1gb in size) and let me know what the issue is, I'd very much appreciate that.
The full specs of her PC are:
AMD Ryzen 5 3600X
Corsair Vengeance RGB PRO 16GB 3200Mhz C16
MSI X470 GAMING PLUS MAX
Gigabyte GeForce RTX 2060 Super Windforce OC 8GB
Sabrent Rocket 1TB NVMe 2280
Seagate BarraCuda 4TB 3.5" HDD 5400RPM
Noctua NH-D15
Seasonic Focus GX 750W 80+ Gold
Plus peripherals. Thanks for any help in advance and if any additional info is needed, please ask.
Continue reading...
And link to the EventViewer System logs: hji.evtx
Never mind the name of the second file, I just face smashed the keyboard to give the file a name quickly
EDIT: Before reading any further, I should mention the CPU is in no way overclocked and the RAM is running the built in XMP to reach 3200Mhz.
Analysing it using WinDbg, it tells me this and nothing more:
: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffcc0db27afcc8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8021b4e934e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2406
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on UNKNOWN
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5494
Key : Analysis.Memory.CommitPeak.Mb
Value: 87
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffcc0db27afcc8
BUGCHECK_P2: 0
BUGCHECK_P3: fffff8021b4e934e
BUGCHECK_P4: 2
READ_ADDRESS: ffffcc0db27afcc8 Nonpaged pool
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: steam.exe
TRAP_FRAME: ffffbe00dc3d4150 -- (.trap 0xffffbe00dc3d4150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00ffffcc0db27afc rbx=0000000000000000 rcx=00000000000000fc
rdx=ffffcc0db27afce0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021b4e934e rsp=ffffbe00dc3d42e8 rbp=ffff8984e0485b40
r8=0000000000000000 r9=ffffcc0db27afcb0 r10=00000000000c5408
r11=ffffbe00dc3d4330 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!ObpCaptureHandleInformation+0x8e:
fffff802`1b4e934e 410fb64118 movzx eax,byte ptr [r9+18h] ds:ffffcc0d`b27afcc8=??
Resetting default scope
STACK_TEXT:
ffffbe00`dc3d3ea8 fffff802`1b035de9 : 00000000`00000050 ffffcc0d`b27afcc8 00000000`00000000 ffffbe00`dc3d4150 : nt!KeBugCheckEx
ffffbe00`dc3d3eb0 fffff802`1ae12d00 : 00000000`00000110 00000000`00000000 ffffbe00`dc3d41d0 00000000`00000000 : nt!MiSystemFault+0x1ae0e9
ffffbe00`dc3d3fb0 fffff802`1afec01e : ffff8984`e15fff10 fffff802`1afdffa5 00000000`00000004 ffff8984`d726d4c0 : nt!MmAccessFault+0x400
ffffbe00`dc3d4150 fffff802`1b4e934e : fffff802`1b559121 00000000`00000ecc 00000000`00000000 ffffcc0d`00000000 : nt!KiPageFault+0x35e
ffffbe00`dc3d42e8 fffff802`1b559121 : 00000000`00000ecc 00000000`00000000 ffffcc0d`00000000 fffff802`1aec9dc2 : nt!ObpCaptureHandleInformation+0x8e
ffffbe00`dc3d42f0 fffff802`1b4e9245 : fffff802`1b4e92c0 ffff8984`e0485b58 00000000`0017fffc ffffbe00`dc3d4434 : nt!ExpSnapShotHandleTables+0x131
ffffbe00`dc3d4380 fffff802`1b5568b1 : ffffbe00`dc3d4434 00000000`000c5408 00000000`0017fffc 00000000`00000000 : nt!ObGetHandleInformation+0x39
ffffbe00`dc3d43c0 fffff802`1b3e460a : 00000000`09288050 00000000`00020000 ffff9a00`dfc00050 ffffcc0d`39f2f010 : nt!ExpGetHandleInformation+0x5d
ffffbe00`dc3d4400 fffff802`1b1fba47 : 00000000`00000002 00000000`00018002 00000000`00000001 00000000`00180010 : nt!ExpQuerySystemInformation+0x1e8a7a
ffffbe00`dc3d4ac0 fffff802`1afef878 : ffffcc0d`33a50000 ffffcc0d`35b9b8e0 ffffbe00`dc3d4b18 ffffbe00`dc3d4b80 : nt!NtQuerySystemInformation+0x37
ffffbe00`dc3d4b00 00007fff`c7f8c484 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`008ddd98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`c7f8c484
SYMBOL_NAME: nt!ObpCaptureHandleInformation+8e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 8e
FAILURE_BUCKET_ID: AV_R_INVALID_nt!ObpCaptureHandleInformation
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {ca33f0ed-ea4f-08da-9cd1-d248328d82af}
Followup: MachineOwner
If anybody could make sense of this text or if there is more info in the file (there has to be, the file is over 1gb in size) and let me know what the issue is, I'd very much appreciate that.
The full specs of her PC are:
AMD Ryzen 5 3600X
Corsair Vengeance RGB PRO 16GB 3200Mhz C16
MSI X470 GAMING PLUS MAX
Gigabyte GeForce RTX 2060 Super Windforce OC 8GB
Sabrent Rocket 1TB NVMe 2280
Seagate BarraCuda 4TB 3.5" HDD 5400RPM
Noctua NH-D15
Seasonic Focus GX 750W 80+ Gold
Plus peripherals. Thanks for any help in advance and if any additional info is needed, please ask.
Continue reading...