[SOLVED] BSOD Crash Dump Analysis

Toggle sidebar Toggle sidebar
E

ERGLS88

Feb 24, 2022
1
0
10
My Win 10 System crashed out of the blue. This has happened a few times. I finally have a crash dump listed. Can anyone help me to understand it and where to go from here? Thanks in advance for any assistance.

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


* Path validation summary **
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff80064000000 PsLoadedModuleList = 0xfffff80064c2a2d0
Debug session time: Wed Feb 23 23:37:33.692 2022 (UTC - 8:00)
System Uptime: 0 days 0:46:39.514
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000000000a07018). Type ".hh dbgerr001" for details Loading unloaded module list .................... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff800643f73b0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffee8e7905e3f0=000000000000003b 7: kd> !analyze -v ******************************************************************************* [LIST] [*]* [*]Bugcheck Analysis * [*]* [/LIST] ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the BugCheck Arg2: fffff800645e2919, Address of the instruction which caused the BugCheck Arg3: ffffee8e7905ecf0, Address of the context record for the exception that caused the BugCheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 3030 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 3031 Key : Analysis.Init.CPU.mSec Value: 312 Key : Analysis.Init.Elapsed.mSec Value: 14071 Key : Analysis.Memory.CommitPeak.Mb Value: 93 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 FILE_IN_CAB: MEMORY.DMP BUGCHECK_CODE: 3b BUGCHECK_P1: c0000005 BUGCHECK_P2: fffff800645e2919 BUGCHECK_P3: ffffee8e7905ecf0 BUGCHECK_P4: 0 CONTEXT: ffffee8e7905ecf0 -- (.cxr 0xffffee8e7905ecf0) rax=46ffa28ca62c5550 rbx=0000000000000000 rcx=ffffa28ca9ed7240 rdx=0000000000000018 rsi=0000000000000001 rdi=0000000000000000 rip=fffff800645e2919 rsp=ffffee8e7905f6f0 rbp=ffffee8e7905fa80 r8=0000000000000001 r9=0000000000000000 r10=fffff800645e21c0 r11=ffffee8e7905f988 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=00000000764d9a38 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206 nt!NtNotifyChangeMultipleKeys+0x6a9: fffff800645e2919 0fb74008 movzx eax,word ptr [rax+8] ds:002b:46ffa28ca62c5558=???? Resetting default scope BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: Connection Service.exe STACK_TEXT: ffffee8e7905f6f0 fffff800645e2220 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!NtNotifyChangeMultipleKeys+0x6a9 ffffee8e7905f920 fffff80064408db5 : 0000000000000000 ffffa28c00000001 0000000000000000 ffffee8e7905fa80 : nt!NtNotifyChangeKey+0x60 ffffee8e7905f990 00007ffde7b8f084 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25 000000000773e788 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffde7b8f084


SYMBOL_NAME: nt!NtNotifyChangeMultipleKeys+6a9

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr 0xffffee8e7905ecf0 ; kb

BUCKET_ID_FUNC_OFFSET: 6a9

FAILURE_BUCKET_ID: AV_nt!NtNotifyChangeMultipleKeys

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {d6800c9d-9964-a937-1abe-f865bbfb7586}

Followup: MachineOwner
---------

NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\ObjectiveC.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2202.7001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis'
 
Solution
kerberos_20
this file caused it:
Connection Service.exe
its not windows file, try to look in task manager to find where it came from (task manager -> details -> right click conenction service and click on Open file location), that will take you where that file is
Sort by date Sort by votes
this file caused it:
Connection Service.exe
its not windows file, try to look in task manager to find where it came from (task manager -> details -> right click conenction service and click on Open file location), that will take you where that file is
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom