A
AWTZA
Guest
I have a crash dump file that I have used the Windows Debugger to analyze. I am not familiar enough with this process to actually read the information and interpret it. Will someone take a look at them and let me know what caused them? Much appreciated.
Here is the link for the dump file:
011021-4593-01.dmp
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff803768d0e36, The address that the exception occurred at
Arg3: fffff48ed9185df8, Exception Record Address
Arg4: fffff48ed9185630, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 2921
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on WTZ-MASTER
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5701
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff803768d0e36
BUGCHECK_P3: fffff48ed9185df8
BUGCHECK_P4: fffff48ed9185630
EXCEPTION_RECORD: fffff48ed9185df8 -- (.exr 0xfffff48ed9185df8)
ExceptionAddress: fffff803768d0e36 (nvlddmkm+0x00000000007c0e36)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000048
Attempt to read from address 0000000000000048
CONTEXT: fffff48ed9185630 -- (.cxr 0xfffff48ed9185630)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffa806cd4dc1d8
rdx=0000000000000000 rsi=ffff95834917490d rdi=ffffa806cd446000
rip=fffff803768d0e36 rsp=fffff48ed9186030 rbp=ffffa806cd467f20
r8=0000000000000009 r9=0000000000000000 r10=0000000000000000
r11=ffff958349174979 r12=0000000000000000 r13=0000000000000000
r14=0000000000000002 r15=ffffa806cd446180
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nvlddmkm+0x7c0e36:
fffff803`768d0e36 ff5048 call qword ptr [rax+48h] ds:002b:00000000`00000048=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8035d2fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000048
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000048
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
fffff48e`d9186030 ffffa806`ce752080 : fffff803`5cb19946 00000000`00000001 fffff803`5c9d3608 00000000`000000ff : nvlddmkm+0x7c0e36
fffff48e`d9186038 fffff803`5cb19946 : 00000000`00000001 fffff803`5c9d3608 00000000`000000ff ffff9583`49173b05 : 0xffffa806`ce752080
fffff48e`d9186040 ffffa806`cd311010 : ffff8281`00000004 ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 : nt!KiHeteroChooseTargetProcessor+0x426
fffff48e`d9186110 ffff8281`00000004 : ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 : 0xffffa806`cd311010
fffff48e`d9186118 ffff9583`491739f1 : 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 : 0xffff8281`00000004
fffff48e`d9186120 00000000`00000000 : ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 00000008`ccf84000 : 0xffff9583`491739f1
SYMBOL_NAME: nvlddmkm+7c0e36
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr 0xfffff48ed9185630 ; kb
BUCKET_ID_FUNC_OFFSET: 7c0e36
FAILURE_BUCKET_ID: AV_nvlddmkm!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {7eea5677-f68d-2154-717e-887e07e55cd3}
Followup: MachineOwner
---------
Thanks!
Continue reading...
Here is the link for the dump file:
011021-4593-01.dmp
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff803768d0e36, The address that the exception occurred at
Arg3: fffff48ed9185df8, Exception Record Address
Arg4: fffff48ed9185630, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 2921
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on WTZ-MASTER
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 5701
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff803768d0e36
BUGCHECK_P3: fffff48ed9185df8
BUGCHECK_P4: fffff48ed9185630
EXCEPTION_RECORD: fffff48ed9185df8 -- (.exr 0xfffff48ed9185df8)
ExceptionAddress: fffff803768d0e36 (nvlddmkm+0x00000000007c0e36)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000048
Attempt to read from address 0000000000000048
CONTEXT: fffff48ed9185630 -- (.cxr 0xfffff48ed9185630)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffa806cd4dc1d8
rdx=0000000000000000 rsi=ffff95834917490d rdi=ffffa806cd446000
rip=fffff803768d0e36 rsp=fffff48ed9186030 rbp=ffffa806cd467f20
r8=0000000000000009 r9=0000000000000000 r10=0000000000000000
r11=ffff958349174979 r12=0000000000000000 r13=0000000000000000
r14=0000000000000002 r15=ffffa806cd446180
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nvlddmkm+0x7c0e36:
fffff803`768d0e36 ff5048 call qword ptr [rax+48h] ds:002b:00000000`00000048=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8035d2fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000048
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000048
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
fffff48e`d9186030 ffffa806`ce752080 : fffff803`5cb19946 00000000`00000001 fffff803`5c9d3608 00000000`000000ff : nvlddmkm+0x7c0e36
fffff48e`d9186038 fffff803`5cb19946 : 00000000`00000001 fffff803`5c9d3608 00000000`000000ff ffff9583`49173b05 : 0xffffa806`ce752080
fffff48e`d9186040 ffffa806`cd311010 : ffff8281`00000004 ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 : nt!KiHeteroChooseTargetProcessor+0x426
fffff48e`d9186110 ffff8281`00000004 : ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 : 0xffffa806`cd311010
fffff48e`d9186118 ffff9583`491739f1 : 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 : 0xffff8281`00000004
fffff48e`d9186120 00000000`00000000 : ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 00000008`ccf84000 : 0xffff9583`491739f1
SYMBOL_NAME: nvlddmkm+7c0e36
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr 0xfffff48ed9185630 ; kb
BUCKET_ID_FUNC_OFFSET: 7c0e36
FAILURE_BUCKET_ID: AV_nvlddmkm!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {7eea5677-f68d-2154-717e-887e07e55cd3}
Followup: MachineOwner
---------
Thanks!
Continue reading...