H
Hhk_51472
Guest
At first I received BSODs frequently having some CRITICAL PROCESS DIED message.
Now I can not get into windows.
Can some tell me what the problem is and what is the solution.
The windbg analyze for MEMORY.DMP is written below.
Start
--------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`5bc00000 PsLoadedModuleList = 0xfffff803`5c043290
Debug session time: Fri Jan 22 14:23:52.710 2021 (UTC + 3:00)
System Uptime: 0 days 0:00:20.435
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
....................
Loading unloaded module list
........
For analysis of this file, run !analyze -v
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffc8062c853080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 7
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-F3C86VS
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 180
Key : Analysis.Memory.CommitPeak.Mb
Value: 73
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffc8062c853080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: wininit.exe
CRITICAL_PROCESS: wininit.exe
ERROR_CODE: (NTSTATUS) 0x2c854080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
STACK_TEXT:
ffffa70a`b9ce7878 fffff803`5c4c6c59 : 00000000`000000ef ffffc806`2c853080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffa70a`b9ce7880 fffff803`5c3cc2e7 : 00000000`00000000 00000000`00000004 ffffa70a`b9ce7a00 ffffbbbf`fd211340 : nt!PspCatchCriticalBreak+0x115
ffffa70a`b9ce7920 fffff803`5c2cb5ed : ffffffff`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspTerminateAllThreads+0x15685b
ffffa70a`b9ce7990 fffff803`5bdcde95 : ffffc806`2c854080 ffffc806`2c854080 ffffc806`2c853080 00000000`00000000 : nt!NtTerminateProcess+0x19d
ffffa70a`b9ce7a00 00007ffa`4441c5e4 : 00007ffa`443ea8f4 00000000`000036ff 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000072`7091fcf8 00007ffa`443ea8f4 : 00000000`000036ff 00000000`00000000 00000000`00000000 00007ffa`41769b08 : ntdll!NtTerminateProcess+0x14
00000072`7091fd00 00007ffa`4245cafa : 00000000`000036b1 00000000`00000000 00007ffa`41769b70 00007ffa`416cb8c0 : ntdll!RtlExitUserProcess+0x54
00000072`7091fd30 00007ffa`416cba9c : 00000000`000036b1 00000000`00000000 00000072`7091fdb8 00007ffa`4179bc20 : KERNEL32!ExitProcessImplementation+0xa
00000072`7091fd60 00007ffa`416cb93f : 00000000`000036b1 00000000`00000000 00007ff7`35f34b29 00000072`7091fdb0 : ucrtbase!exit_or_terminate_process+0x44
00000072`7091fd90 00007ffa`416cfaa4 : 00000000`000036b1 00000000`00000000 00000000`00000000 00000000`00000001 : ucrtbase!common_exit+0x6f
00000072`7091fde0 00007ff7`35ef3468 : 00000000`000036b1 00000000`00000000 00000000`00000000 00000000`00000000 : ucrtbase!__crt_state_management::wrapped_invoke<void (__cdecl*)(int),int,void>+0x20
00000072`7091fe10 00007ffa`42457944 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wininit!__scrt_common_main_seh+0x168
00000072`7091fe50 00007ffa`443ece71 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000072`7091fe80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
SYMBOL_NAME: ntdll!NtTerminateProcess+14
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 14
FAILURE_BUCKET_ID: 0xEF_wininit.exe_BUGCHECK_CRITICAL_PROCESS_2c854080_ntdll!NtTerminateProcess
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {394d374c-ecc9-4de6-fb0e-5c1685900d08}
Followup: MachineOwner
---------
End
--------------------------------------------------------------------------------------------------------------------------------------------------
Continue reading...
Now I can not get into windows.
Can some tell me what the problem is and what is the solution.
The windbg analyze for MEMORY.DMP is written below.
Start
--------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`5bc00000 PsLoadedModuleList = 0xfffff803`5c043290
Debug session time: Fri Jan 22 14:23:52.710 2021 (UTC + 3:00)
System Uptime: 0 days 0:00:20.435
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
....................
Loading unloaded module list
........
For analysis of this file, run !analyze -v
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffc8062c853080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 7
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-F3C86VS
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 180
Key : Analysis.Memory.CommitPeak.Mb
Value: 73
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffc8062c853080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: wininit.exe
CRITICAL_PROCESS: wininit.exe
ERROR_CODE: (NTSTATUS) 0x2c854080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
STACK_TEXT:
ffffa70a`b9ce7878 fffff803`5c4c6c59 : 00000000`000000ef ffffc806`2c853080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffa70a`b9ce7880 fffff803`5c3cc2e7 : 00000000`00000000 00000000`00000004 ffffa70a`b9ce7a00 ffffbbbf`fd211340 : nt!PspCatchCriticalBreak+0x115
ffffa70a`b9ce7920 fffff803`5c2cb5ed : ffffffff`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspTerminateAllThreads+0x15685b
ffffa70a`b9ce7990 fffff803`5bdcde95 : ffffc806`2c854080 ffffc806`2c854080 ffffc806`2c853080 00000000`00000000 : nt!NtTerminateProcess+0x19d
ffffa70a`b9ce7a00 00007ffa`4441c5e4 : 00007ffa`443ea8f4 00000000`000036ff 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000072`7091fcf8 00007ffa`443ea8f4 : 00000000`000036ff 00000000`00000000 00000000`00000000 00007ffa`41769b08 : ntdll!NtTerminateProcess+0x14
00000072`7091fd00 00007ffa`4245cafa : 00000000`000036b1 00000000`00000000 00007ffa`41769b70 00007ffa`416cb8c0 : ntdll!RtlExitUserProcess+0x54
00000072`7091fd30 00007ffa`416cba9c : 00000000`000036b1 00000000`00000000 00000072`7091fdb8 00007ffa`4179bc20 : KERNEL32!ExitProcessImplementation+0xa
00000072`7091fd60 00007ffa`416cb93f : 00000000`000036b1 00000000`00000000 00007ff7`35f34b29 00000072`7091fdb0 : ucrtbase!exit_or_terminate_process+0x44
00000072`7091fd90 00007ffa`416cfaa4 : 00000000`000036b1 00000000`00000000 00000000`00000000 00000000`00000001 : ucrtbase!common_exit+0x6f
00000072`7091fde0 00007ff7`35ef3468 : 00000000`000036b1 00000000`00000000 00000000`00000000 00000000`00000000 : ucrtbase!__crt_state_management::wrapped_invoke<void (__cdecl*)(int),int,void>+0x20
00000072`7091fe10 00007ffa`42457944 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wininit!__scrt_common_main_seh+0x168
00000072`7091fe50 00007ffa`443ece71 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000072`7091fe80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
SYMBOL_NAME: ntdll!NtTerminateProcess+14
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 14
FAILURE_BUCKET_ID: 0xEF_wininit.exe_BUGCHECK_CRITICAL_PROCESS_2c854080_ntdll!NtTerminateProcess
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {394d374c-ecc9-4de6-fb0e-5c1685900d08}
Followup: MachineOwner
---------
End
--------------------------------------------------------------------------------------------------------------------------------------------------
Continue reading...