Question Just had a BSOD for the first time

jakerobson

Distinguished
Apr 7, 2012
10
0
18,510
0
If I posted the memory dump file who somebody with any idea on how to read them have a look and check if it's something I have to worry about?

Thanks in advance.


Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff8065f400000 PsLoadedModuleList = 0xfffff8065f848170
Debug session time: Sat Dec 7 00:40:56.607 2019 (UTC + 0:00)
System Uptime: 0 days 8:54:55.301
Loading Kernel Symbols
.......................................Page 20010d7ac too large to be in the dump file.
Page 20010d7ab too large to be in the dump file.
........................
................................................................
....................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000009de76b3018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
[LIST]
[*]*
[*]Bugcheck Analysis *
[*]*
[/LIST]
*******************************************************************************

KERNEL_MODE_HEAP_CORRUPTION (13a)
The kernel mode heap manager has detected corruption in a heap.
Arguments:
Arg1: 0000000000000012, Type of corruption detected
Arg2: ffffaa0c50a00100, Address of the heap that reported the corruption
Arg3: ffffaa0c6717e000, Address at which the corruption was detected
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

SYSTEM_MANUFACTURER: System manufacturer

SYSTEM_PRODUCT_NAME: System Product Name

SYSTEM_SKU: SKU

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 3701

BIOS_DATE: 11/30/2012

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: P8P67-M PRO

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 1

BUGCHECK_P1: 12

BUGCHECK_P2: ffffaa0c50a00100

BUGCHECK_P3: ffffaa0c6717e000

BUGCHECK_P4: 0

CORRUPTING_POOL_ADDRESS: ffffaa0c6717e000 Paged pool

FAULTING_IP:
nt!ExFreePool+9
fffff806
5f76f0a9 4883c428 add rsp,28h

BUGCHECK_STR: 0x13a_12

CPU_COUNT: 8

CPU_MHZ: e16

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3a

CPU_STEPPING: 9

CPU_MICROCODE: 6,3a,9,0 (F,M,S,R) SIG: 20'00000000 (cache) 20'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DESKTOP-JMANBJ8

ANALYSIS_SESSION_TIME: 12-07-2019 01:35:41.0833

ANALYSIS_VERSION: 10.0.18362.1 x86fre

LAST_CONTROL_TRANSFER: from fffff8065f71ac78 to fffff8065f5c14e0

STACK_TEXT:
ffffa405506ca228 fffff8065f71ac78 : 000000000000013a 0000000000000012 ffffaa0c50a00100 ffffaa0c6717e000 : nt!KeBugCheckEx
ffffa405506ca230 fffff8065f71acd8 : 0000000000000012 ffffaa0c50a00280 ffffaa0c50a00100 0000000000000000 : nt!RtlpHeapHandleError+0x40
ffffa405506ca270 fffff8065f71a901 : ffffaa0c6717e000 ffffaa0c671eaff0 0000000200000000 0000000000000000 : nt!RtlpHpHeapHandleError+0x58
ffffa405506ca2a0 fffff8065f5faaf2 : 0000000200000100 ffffaa0c50a00200 fffff8066b5ee010 0000000000000000 : nt!RtlpLogHeapFailure+0x45
ffffa405506ca2d0 fffff8065f4460ed : ffffaa0c671eb000 ffffaa0c50a00000 0000000000000000 0000000000000000 : nt!RtlpHpVsContextFree+0x1b6e02
ffffa405506ca370 fffff8065f76f0a9 : ffffba85ebf93060 ffffba850004b250 ffffba85f0caa000 0100000000100000 : nt!ExFreeHeapPool+0x56d
ffffa405506ca490 fffff80668a1c8dc : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!ExFreePool+0x9
ffffa405506ca4c0 fffff80668b10eed : ffffa405506ca7a0 ffffa405506cab80 ffff37ba58b1d7b3 ffffba85f0cac048 : dxgkrnl!operator delete[]+0x1c
ffffa405506ca4f0 fffff80668b117b4 : ffffba85f0caa000 ffffba85f0caa000 0000000000000000 ffffa405506cab80 : dxgkrnl!DxgkEscape'::2'::ENSURE_DATA_DELETION::~ENSURE_DATA_DELETION+0x25
ffffa405506ca520 fffff8065f5d2d18 : ffffba8500000000 ffffba85f81ad080 0000024344667ed0 0000000000010001 : dxgkrnl!DxgkEscape+0x8b4
ffffa405506cab00 00007ff898cc4b24 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28
0000009dea9fc258 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ff898cc4b24


THREAD_SHA1_HASH_MOD_FUNC: 26a4ff752920e379ebd6f77b44e8fb42c6b3f190

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9403fc739c83548098b069b4ae56a54aa69cffa8

THREAD_SHA1_HASH_MOD: 7f84001b1e2c8b10c2558a088000995f708ebbc8

FOLLOWUP_IP:
nt!ExFreePool+9
fffff806
5f76f0a9 4883c428 add rsp,28h

FAULT_INSTR_CODE: 28c48348

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: nt!ExFreePool+9

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 9

FAILURE_BUCKET_ID: 0x13a_12_nt!ExFreePool

BUCKET_ID: 0x13a_12_nt!ExFreePool

PRIMARY_PROBLEM_CLASS: 0x13a_12_nt!ExFreePool

TARGET_TIME: 2019-12-07T00:40:56.000Z

OSBUILD: 18362

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2011-12-29 23:28:41

BUILDDATESTAMP_STR: 190318-1202

BUILDLAB_STR: 19h1_release

BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME: 2e91

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x13a_12_nt!exfreepool

FAILURE_ID_HASH: {0e8bc89c-9b1f-e697-ed6c-83210db041e2}

Followup: Pool_corruption
---------
 

Newtonius

Notable
Sep 25, 2019
801
157
1,140
137
Might want to check the health status of your Hard drives, possible failure. Either that or you got a virus/trojan. Would also look into full scanning your drive after you've performed a health-check. Hard to say with this data, next time just copy the error code on the BSOD itself.

You can use Crystaldisk info to see drive health status.
 

jakerobson

Distinguished
Apr 7, 2012
10
0
18,510
0
Firstly can I say you guys people are fantastic for your support, it's much appreciated!

The RAM are brand new, I'll run the Crystaldisk you mentioned as my HDD are pretty old!

The information on the BSOD was 'KERNEL MODE HEAP CORRUPTION', don't know if that will help.

From what I can tell (from looking at the ASUS website) I also have the most up to date BIOS.
 
Last edited:

jakerobson

Distinguished
Apr 7, 2012
10
0
18,510
0
Everything come up as good health on Crystaldiskinfo.
I've run spybot and fixed any issues that came up so I'll guess I'll wait and see.
 

jakerobson

Distinguished
Apr 7, 2012
10
0
18,510
0
I've scanned and cleared with malwarebytes, if my computer crashes again (touch wood so far) I'll use whocrashed and post the file on here.

Thanks again everyone!
 

Colif

Win 10 Master
Moderator

ASK THE COMMUNITY

TRENDING THREADS