Question How do I troubleshoot .DMP files safely?

[Kaitaborgsf]

I'm always paranoid using third party resources to troubleshoot my system but I've been having system lockups among other issues that have forced me to delve into the world of .DMP troubleshooting. From my research it appears that this is only possible using third party software.

Are there any somewhat respectable tools to use out there? Free or Fee?

Any help would be appreciated!

 

[Colif]

There are tools like Bluescreenview and Whocrashed that will attempt to identify the cause. Relying on Whocrashed to identify the driver takes too long, 90% of the time it blames ntoskrnl which is the windows kernel and might have been what crashed, but it doesn't tell you why.

What I would suggest is set PC up for collecting minidumps and then just show us the link. Another mod has written a convertor for the dumps and it at least lets us scratch beneath the surface - it basically just shows the dump info in a format easier for us to read

Can you follow option one on the following link - here - and then do this step below: Small memory dumps - Have Windows Create a Small Memory Dump (Minidump) on BSOD
that creates a file in c windows/minidump after the next BSOD

copy that file to documents

upload the copy from documents to a file sharing web site

Share the link in your thread so we can help fix the problem

 

[Kaitaborgsf]

There are tools like Bluescreenview and Whocrashed that will attempt to identify the cause. Relying on Whocrashed to identify the driver takes too long, 90% of the time it blames ntoskrnl which is the windows kernel and might have been what crashed, but it doesn't tell you why.

What I would suggest is set PC up for collecting minidumps and then just show us the link. Another mod has written a convertor for the dumps and it at least lets us scratch beneath the surface - it basically just shows the dump info in a format easier for us to read

Can you follow option one on the following link - here - and then do this step below: Small memory dumps - Have Windows Create a Small Memory Dump (Minidump) on BSOD
that creates a file in c windows/minidump after the next BSOD

copy that file to documents

upload the copy from documents to a file sharing web site

Share the link in your thread so we can help fix the problem

I can do all of that but I'm not BSOD'ing -- the system locks up and I have to hard reset. Should I proceed?

 

[gardenman]

I still might be able to read the dump file. Go ahead and upload it and I'll take a look.

I use the debugger to read dump files. There's a newer (buggy) version in the Windows Store called Debugger Preview I believe. I use an older one. The debugger is usually downloaded with the Windows SDK. You can download it, choose to install the debugger only, and it will download about 2 gigs worth of useless data then the debugger also (about 50 MB).

That will allow you to open the dump file in WinDbg and you can get the basic info from it by using the Verbose command. Additional commands are more complicated and take a while to learn (there's probably websites that can help you if you want to spend hours learning how to use it).

I use an older debugger available from the Windows 10 SDK (ver. 10.0.14393.795) downloaded from here: https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/

 

[Kaitaborgsf]

I still might be able to read the dump file. Go ahead and upload it and I'll take a look.

I use the debugger to read dump files. There's a newer (buggy) version in the Windows Store called Debugger Preview I believe. I use an older one. The debugger is usually downloaded with the Windows SDK. You can download it, choose to install the debugger only, and it will download about 2 gigs worth of useless data then the debugger also (about 50 MB).

That will allow you to open the dump file in WinDbg and you can get the basic info from it by using the Verbose command. Additional commands are more complicated and take a while to learn (there's probably websites that can help you if you want to spend hours learning how to use it).

I use an older debugger available from the Windows 10 SDK (ver. 10.0.14393.795) downloaded from here: https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/

I'll try the older debugger version and see where this rabbit hole takes me!

Ty!

 

[Kaitaborgsf]

This is what I am getting from one of the .DMP files

DEBUG_FLR_EXCEPTION_CODE(c00ce513) and the ".exr -1" ExceptionCode(c0000409) don't match

KEY_VALUES_STRING: 1

    Key  : Timeline.Process.Start.DeltaSec
    Value: 15570


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
    Name: <blank>
    Time: 2020-05-06T19:29:32.875Z
    Diff: 305082875 mSec

Timeline: Dump.Current
    Name: <blank>
    Time: 2020-05-03T06:44:50.0Z
    Diff: 0 mSec

Timeline: Process.Start
    Name: <blank>
    Time: 2020-05-03T02:25:20.0Z
    Diff: 15570000 mSec


DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
rax=000000b7b317cec0 rbx=000000b7b317d430 rcx=000000b7b317cec0
rdx=0000000000000000 rsi=0000000000000000 rdi=000000b7b317cec0
rip=00007ffdebd3faff rsp=000000b7b317cde0 rbp=000000b7b317eb49
 r8=0000000000000000  r9=0000000000000000 r10=00000fffbd7a7f4b
r11=0000000000000800 r12=00007ffdd36c7ea8 r13=00007ffdd36c6af0
r14=000001c0c4da7820 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
KERNELBASE!RaiseFailFastException+0xaf:
00007ffd`ebd3faff 0f1f440000      nop     dword ptr [rax+rax]
Resetting default scope

FAULTING_IP:
QuietHours!QuietMomentToastHelper::ShowToast+5fc
00007ffd`d36ad7e0 90              nop

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffdd36ad7e0 (QuietHours!QuietMomentToastHelper::ShowToast+0x00000000000005fc)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 3
   Parameter[0]: 0000000000000007
   Parameter[1]: ffffffffc00ce513
   Parameter[2]: 0000000000000092
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT

PROCESS_NAME:  svchost.exe

EXCEPTION_CODE: (NTSTATUS) 0xc00ce513 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c00ce513

WATSON_BKT_PROCSTAMP:  32d6c210

WATSON_BKT_PROCVER:  10.0.18362.1

PROCESS_VER_PRODUCT:  Microsoft® Windows® Operating System

WATSON_BKT_MODULE:  QuietHours.dll

WATSON_BKT_MODSTAMP:  5aca78f4

WATSON_BKT_MODOFFSET:  4d7e0

WATSON_BKT_MODVER:  10.0.18362.1

MODULE_VER_PRODUCT:  Microsoft® Windows® Operating System

BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202

MODLIST_WITH_TSCHKSUM_HASH:  106292c7babdfd7f032b0f0cd2445cbed9409c80

MODLIST_SHA1_HASH:  a3d844daf19b4bd91b3b97f43078f0ac1237fac3

NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

DUMP_FLAGS:  94

DUMP_TYPE:  1

GROUP:  UnistackSvcGroup

FAULTING_SERVICE_NAME:  WpnUserService

ANALYSIS_SESSION_HOST:  SHERLOCK

ANALYSIS_SESSION_TIME:  05-06-2020 12:29:32.0875

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

THREAD_ATTRIBUTES:
OS_LOCALE:  ENU

BUGCHECK_STR:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST_FATAL_APP_EXIT

DEFAULT_BUCKET_ID:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST_FATAL_APP_EXIT

PRIMARY_PROBLEM_CLASS:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST

PROBLEM_CLASSES:

    ID:     [0n282]
    Type:   [FAIL_FAST]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [Unspecified]
    Frame:  [0]

    ID:     [0n271]
    Type:   [FATAL_APP_EXIT]
    Class:  Addendum
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [Unspecified]
    Frame:  [0]

    ID:     [0n358]
    Type:   [SVCHOSTGROUP]
    Class:  Mandatory
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Add
            String: [UnistackSvcGroup]
    PID:    [0xb8c]
    TID:    [0x3020]
    Frame:  [Unspecified]

LAST_CONTROL_TRANSFER:  from 00007ffdd3662b39 to 00007ffdebd3faff

STACK_TEXT: 
000000b7`b317cde0 00007ffd`d3662b39 : 00000000`00000000 00007ffd`ebd3fa50 00000000`00000000 000000b7`b317d430 : KERNELBASE!RaiseFailFastException+0xaf
000000b7`b317d3b0 00007ffd`d366294c : 000000b7`b317d560 000001c0`c4da7901 000000b7`b317d560 00007ffd`d3664774 : QuietHours!wil::details::WilDynamicLoadRaiseFailFastException+0x49
000000b7`b317d3e0 00007ffd`d3663747 : 000003ed`989aa7c1 000000b7`b317d5f0 00000000`00000001 00007ffd`d3663634 : QuietHours!wil::details::WilRaiseFailFastException+0x18
000000b7`b317d410 00007ffd`d3663835 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : QuietHours!wil::details::WilFailFast+0x93
000000b7`b317d4e0 00007ffd`d36638cc : 000001c0`c515b638 00007ffd`cee09788 000001c0`00000000 00000000`c00ce513 : QuietHours!wil::details::ReportFailure+0xe5
000000b7`b317ea20 00007ffd`d3681af9 : 000001c0`c515b590 00007ffd`cee7a5ce 000001c0`c00ce513 00000000`00000000 : QuietHours!wil::details::ReportFailure_Hr+0x44
000000b7`b317ea80 00007ffd`d36ad7e0 : 000001c0`c515b638 000001c0`c4da7901 000001c0`c47ee930 00000000`00000000 : QuietHours!wil::details::in1diag3::_FailFast_Hr+0x29
000000b7`b317ead0 00007ffd`d36afc28 : 000000b7`b317f900 00007ffd`d3678c50 000001c0`c4da7830 00740073`0061006f : QuietHours!QuietMomentToastHelper::ShowToast+0x5fc
000000b7`b317ebb0 00007ffd`d36633fe : 000003ed`989a9081 00000000`00000005 00000000`00000000 00000000`00000005 : QuietHours!wil::details::functor_wrapper_void<<lambda_3c14ad6c89822610eb37b6e229c1f65e> &>::Run+0x28
000000b7`b317ebe0 00007ffd`d36ad121 : 000001c0`c4da7830 000000b7`b317ec50 000000b7`b317f900 000001c0`c4da7928 : QuietHours!wil::details::RunFunctorWithExceptionFilter+0x1e
000000b7`b317ec20 00007ffd`d369b8e3 : 000001c0`00000000 00000000`00000000 000001c0`c4da76d0 00007ffd`d36817f0 : QuietHours!QuietMomentToastHelper::CreateAndShowQuietMomentEndToast+0x289
000000b7`b317eeb0 00007ffd`d366b973 : 000001c0`c47fca50 00007ffd`d36c6ad8 000001c0`c4da76d0 00000000`00000006 : QuietHours!QuietMomentsManager::CreateAndShowQuietMomentEndToast+0x6f
000000b7`b317ef00 00007ffd`d3669de4 : 000001c0`c4d66df0 000001c0`c4da77a0 00000000`00000006 00000000`00000004 : QuietHours!QuietHoursSettings::put_ActiveQuietMomentProfile+0x513
000000b7`b317f2c0 00007ffd`d369b27a : 000001c0`c4d66df8 00000000`00000006 000001c0`c4da75e0 000001c0`c4d583d0 : QuietHours!<lambda_ad5c8dbff942146631f3fa9a3a25d669>::operator()+0x58
000000b7`b317f300 00007ffd`d366a4ae : 000001c0`c4da75e0 000001c0`c4d583d0 00007ffd`d36c7650 000001c0`c4d58248 : QuietHours!QuietMomentsManager::OnQuietMomentApplicabilityChanged+0x276
000000b7`b317f620 00007ffd`d36a10d4 : 000001c0`c4da75e8 00007ffd`d36cb388 000001c0`c4d583a0 00007ffd`d36c7650 : QuietHours!<lambda_9972a47c4d130a172e8e13a7afe7dea3>::operator()+0x42
000000b7`b317f660 00007ffd`d36b6915 : 000001c0`c4d58240 000001c0`c2a47be0 000001c0`c2a47be0 00007ffd`d36c8138 : QuietHours!QuietMoment::put_IsApplicable+0x164
000000b7`b317f800 00007ffd`ec6fc590 : 00000000`00000000 00000000`00000000 000001c0`c2b077a0 00000000`00000001 : QuietHours!Windows::Internal::ComTaskPool::CTaskWrapper<<lambda_7abc2a87bf828373adadbaed198311b1> >::Run+0x135
000000b7`b317f9a0 00007ffd`ec6fc218 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : SHCore!WorkThreadManager::CThread::ThreadProc+0x260
000000b7`b317fc00 00007ffd`ec6facb1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SHCore!WorkThreadManager::CThread::s_ExecuteThreadProc+0x18
000000b7`b317fc30 00007ffd`ec337bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SHCore!<lambda_9844335fc14345151eefcc3593dd6895>::<lambda_invoker_cdecl>+0x11
000000b7`b317fc60 00007ffd`eeb0ced1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000b7`b317fc90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


THREAD_SHA1_HASH_MOD_FUNC:  dd11883601e0a01820bbdcc6ee557e93cc50ebbb

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  e6c840aa75a5eaaf23118c58beb0e19da26b53f1

THREAD_SHA1_HASH_MOD:  d4585916f74e3e9031b12d299c0dbf57ac10fdaa

FOLLOWUP_IP:
QuietHours!QuietMomentToastHelper::ShowToast+5fc
00007ffd`d36ad7e0 90              nop

FAULT_INSTR_CODE:  c88b4490

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  QuietHours!QuietMomentToastHelper::ShowToast+5fc

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: QuietHours

IMAGE_NAME:  QuietHours.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  5aca78f4

STACK_COMMAND:  ~5s ; .ecxr ; kb

BUCKET_ID:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST_FATAL_APP_EXIT_QuietHours!QuietMomentToastHelper::ShowToast+5fc

FAILURE_EXCEPTION_CODE:  c00ce513

FAILURE_IMAGE_NAME:  QuietHours.dll

BUCKET_ID_IMAGE_STR:  QuietHours.dll

FAILURE_MODULE_NAME:  QuietHours

BUCKET_ID_MODULE_STR:  QuietHours

FAILURE_FUNCTION_NAME:  QuietMomentToastHelper::ShowToast

BUCKET_ID_FUNCTION_STR:  QuietMomentToastHelper::ShowToast

BUCKET_ID_OFFSET:  5fc

BUCKET_ID_MODTIMEDATESTAMP:  5aca78f4

BUCKET_ID_MODCHECKSUM:  9d30c

BUCKET_ID_MODVER_STR:  10.0.18362.1

BUCKET_ID_PREFIX_STR:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST_FATAL_APP_EXIT_

FAILURE_PROBLEM_CLASS:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST

FAILURE_SYMBOL_NAME:  QuietHours.dll!QuietMomentToastHelper::ShowToast

FAILURE_BUCKET_ID:  SVCHOSTGROUP_UnistackSvcGroup_FAIL_FAST_FATAL_APP_EXIT_c00ce513_QuietHours.dll!QuietMomentToastHelper::ShowToast

WATSON_STAGEONE_URL:  [url=http://watson.microsoft.com/StageOne/svchost.exe/10.0.18362.1/32d6c210/QuietHours.dll/10.0.18362.1/5aca78f4/c00ce513/0004d7e0.htm?Retriage=1]http://watson.microsoft.com/StageOne/svchost.exe/10.0.18362.1/32d6c210/QuietHours.dll/10.0.18362.1/5aca78f4/c00ce513/0004d7e0.htm?Retriage=1[/url]

TARGET_TIME:  2020-05-03T06:44:50.000Z

OSBUILD:  18363

OSSERVICEPACK:  329

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  256

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  190318-1202

BUILDLAB_STR:  19h1_release

BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME:  4e5

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:svchostgroup_unistacksvcgroup_fail_fast_fatal_app_exit_c00ce513_quiethours.dll!quietmomenttoasthelper::showtoast

FAILURE_ID_HASH:  {6f5a9719-5191-7b22-bd88-1b4e673e07a3}

Followup:     MachineOwner
---------

 

[Colif]

So this is a report by Watson, never seen it before
FAULTING_SERVICE_NAME: WpnUserService
ANALYSIS_SESSION_HOST: SHERLOCK
WpnUserService - Windows Push Notification User Service
Stack text appears to blame quiethours.dll which is very probably associated with the feature of same name in win 10.

See if this helps
right click start button
choose powershell (admin)
type SFC /scannow and press enter
once its completed, copy/paste this command into same window:
Repair-WindowsImage -Online -RestoreHealth
and press enter
SFC fixes system files, second command cleans image files that SFC uses to fix files with.
So re run SFC after the 2nd command if it failed to fix all files the first time and restart PC

 

[Kaitaborgsf]

So this is a report by Watson, never seen it before
FAULTING_SERVICE_NAME: WpnUserService
ANALYSIS_SESSION_HOST: SHERLOCK
WpnUserService - Windows Push Notification User Service
Stack text appears to blame quiethours.dll which is very probably associated with the feature of same name in win 10.

See if this helps
right click start button
choose powershell (admin)
type SFC /scannow and press enter
once its completed, copy/paste this command into same window:
Repair-WindowsImage -Online -RestoreHealth
and press enter
SFC fixes system files, second command cleans image files that SFC uses to fix files with.
So re run SFC after the 2nd command if it failed to fix all files the first time and restart PC

lol Sherlock is the name of my computer. I'll try the recommended powershell command lines and get back with you on the progress.

*Edit

 

[Colif]

well, thats a nice coincidence as output was created by Dr Watson and it was originally called Sherlock

The tool is named after Doctor Watson of Sherlock Holmes fame, the idea being that it would collect error information (symptoms) following a program crash.

https://en.wikipedia.org/wiki/Dr._Watson_(debugger)

 

[Kaitaborgsf]

I think the powershell command line helped repair the major system lock-up but I am still having CTD's while playing specific games despite having up-to-date drivers. I am wondering if the Geforce 980 is overlcocked higher than it should be. It appears that the CTD's occur when the MSI Clock MHZ show ~1417 but I'm not sure how to move forward on taking care of this issue. Some people suggested lowering the card's 'power' option in the MSI program but others suggest just lowering the clock speed.

Heat doesn't appear to be an issue--the card sits at about 60 C under normal gaming load (I tweaked the fan speed to 50% to keep it at 60 otherwise normal fan curves kept it around 70).

Thoughts? Ideas?