Crash Dump Debugger Report

  • Thread starter Thread starter AWTZA
  • Start date Start date
A

AWTZA

Guest
I have a crash dump file that I have used the Windows Debugger to analyze. I am not familiar enough with this process to actually read the information and interpret it. Will someone take a look at them and let me know what caused them? Much appreciated.

Here is the link for the dump file:

011021-4593-01.dmp


3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff803768d0e36, The address that the exception occurred at
Arg3: fffff48ed9185df8, Exception Record Address
Arg4: fffff48ed9185630, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : AV.Dereference
Value: NullClassPtr

Key : AV.Fault
Value: Read

Key : Analysis.CPU.mSec
Value: 2921

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on WTZ-MASTER

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 5701

Key : Analysis.Memory.CommitPeak.Mb
Value: 77

Key : Analysis.System
Value: CreateObject


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff803768d0e36

BUGCHECK_P3: fffff48ed9185df8

BUGCHECK_P4: fffff48ed9185630

EXCEPTION_RECORD: fffff48ed9185df8 --
(.exr 0xfffff48ed9185df8)
ExceptionAddress: fffff803768d0e36 (nvlddmkm+0x00000000007c0e36)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000048
Attempt to read from address 0000000000000048

CONTEXT: fffff48ed9185630 --
(.cxr 0xfffff48ed9185630)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffa806cd4dc1d8
rdx=0000000000000000 rsi=ffff95834917490d rdi=ffffa806cd446000
rip=fffff803768d0e36 rsp=fffff48ed9186030 rbp=ffffa806cd467f20
r8=0000000000000009 r9=0000000000000000 r10=0000000000000000
r11=ffff958349174979 r12=0000000000000000 r13=0000000000000000
r14=0000000000000002 r15=ffffa806cd446180
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nvlddmkm+0x7c0e36:
fffff803`768d0e36 ff5048 call qword ptr [rax+48h] ds:002b:00000000`00000048=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

READ_ADDRESS: fffff8035d2fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
fffff8035d20f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000048

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000048

EXCEPTION_STR: 0xc0000005

STACK_TEXT:
fffff48e`d9186030 ffffa806`ce752080 : fffff803`5cb19946 00000000`00000001 fffff803`5c9d3608 00000000`000000ff : nvlddmkm+0x7c0e36
fffff48e`d9186038 fffff803`5cb19946 : 00000000`00000001 fffff803`5c9d3608 00000000`000000ff ffff9583`49173b05 : 0xffffa806`ce752080
fffff48e`d9186040 ffffa806`cd311010 : ffff8281`00000004 ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 : nt!KiHeteroChooseTargetProcessor+0x426
fffff48e`d9186110 ffff8281`00000004 : ffff9583`491739f1 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 : 0xffffa806`cd311010
fffff48e`d9186118 ffff9583`491739f1 : 00000000`00000000 ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 : 0xffff8281`00000004
fffff48e`d9186120 00000000`00000000 : ffffa806`cd446180 fffff48e`d9186190 ffff9583`49112419 00000008`ccf84000 : 0xffff9583`491739f1


SYMBOL_NAME: nvlddmkm+7c0e36

MODULE_NAME:
nvlddmkm

IMAGE_NAME: nvlddmkm.sys

STACK_COMMAND: .cxr 0xfffff48ed9185630 ; kb

BUCKET_ID_FUNC_OFFSET: 7c0e36

FAILURE_BUCKET_ID: AV_nvlddmkm!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {7eea5677-f68d-2154-717e-887e07e55cd3}

Followup: MachineOwner
---------


Thanks!

Continue reading...
 
Back
Top