C
Capousd9u2hjaspojd
I am trying to figure out how to read this memory dump, which I retrieved following a BSOD. I've had many of these BSOD over the past 18 months, basically ever since I built my computer. Usually I get the "IRQ_LESS_OR_EQUAL" code but this time it was SYSTEM_THREAD_EXCEPTION_NOT_HANDLED).
Could someone knowledgeable take a look at this memory dump and tell me what important information is found in it ? I tried to take a look but couldn't understand much of it. I don't know if every BSOD has had the same cause, but hopefully I can fix this today and never get another BSOD.
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\*User Name*\Desktop\020919-12171-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17134 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff801`18ea1000 PsLoadedModuleList = 0xfffff801`1924f150
Debug session time: Sat Feb 9 12:31:51.160 2019 (UTC - 5:00)
System Uptime: 6 days 1:25:08.085
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80f5ca277b0, ffffa380120e6378, ffffa380120e5bc0}
*** WARNING: Unable to verify timestamp for bridge.sys
*** ERROR: Module load completed but symbols could not be loaded for bridge.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : bridge.sys ( bridge+77b0 )
Followup: MachineOwner
---------
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*Symbol information
13: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80f5ca277b0, The address that the exception occurred at
Arg3: ffffa380120e6378, Exception Record Address
Arg4: ffffa380120e5bc0, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for bridge.sys
*** ERROR: Module load completed but symbols could not be loaded for bridge.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
SYSTEM_MANUFACTURER: Micro-Star International Co., Ltd
SYSTEM_PRODUCT_NAME: MS-7A93
SYSTEM_SKU: Default string
SYSTEM_VERSION: 1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.00
BIOS_DATE: 06/02/2017
BASEBOARD_MANUFACTURER: Micro-Star International Co., Ltd
BASEBOARD_PRODUCT: X299 SLI PLUS (MS-7A93)
BASEBOARD_VERSION: 1.0
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80f5ca277b0
BUGCHECK_P3: ffffa380120e6378
BUGCHECK_P4: ffffa380120e5bc0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
bridge+77b0
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h]
EXCEPTION_RECORD: ffffa380120e6378 -- (.exr 0xffffa380120e6378)
ExceptionAddress: fffff80f5ca277b0 (bridge+0x00000000000077b0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffa380120e5bc0 -- (.cxr 0xffffa380120e5bc0)
rax=0000000000000000 rbx=0000000000000000 rcx=6565724600010028
rdx=0000000000000000 rsi=ffff938017096030 rdi=ffff938002c7c880
rip=fffff80f5ca277b0 rsp=ffffa380120e65b0 rbp=ffffa380120e6700
r8=ffff938008489420 r9=fffffffffffffffe r10=ffff9380008e91a0
r11=ffffa380120e6430 r12=0000000000000100 r13=0000000000000000
r14=ffff938017096260 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
bridge+0x77b0:
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h] ds:002b:65657246`00010040=????????????????
Resetting default scope
CPU_COUNT: 10
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 55
CPU_STEPPING: 4
CPU_MICROCODE: 6,55,4,0 (F,M,S,R) SIG: 2000049'00000000 (cache) 2000049'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
FOLLOWUP_IP:
bridge+77b0
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h]
BUGCHECK_STR: AV
READ_ADDRESS: fffff801192ee388: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: GAMING-PC
ANALYSIS_SESSION_TIME: 02-09-2019 12:57:29.0351
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80f5ca277b0
STACK_TEXT:
ffffa380`120e65b0 00000000`00000000 : ffff9380`17096030 ffff9380`02c7cd78 00000000`00000000 fffff80f`5ca3be00 : bridge+0x77b0
THREAD_SHA1_HASH_MOD_FUNC: 2fa1981b4a9a7a3e2f1294354810635b9030c74f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 23a2638ad0f49cf68a5ec48bad8e798e8405963b
THREAD_SHA1_HASH_MOD: 2fa1981b4a9a7a3e2f1294354810635b9030c74f
FAULT_INSTR_CODE: 18498b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: bridge+77b0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: bridge
IMAGE_NAME: bridge.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffa380120e5bc0 ; kb
BUCKET_ID_FUNC_OFFSET: 77b0
FAILURE_BUCKET_ID: AV_bridge!unknown_function
BUCKET_ID: AV_bridge!unknown_function
PRIMARY_PROBLEM_CLASS: AV_bridge!unknown_function
TARGET_TIME: 2019-02-09T17:31:51.000Z
OSBUILD: 17134
OSSERVICEPACK: 523
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-01-01 01:44:13
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: 21ca
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_bridge!unknown_function
FAILURE_ID_HASH: {fc408975-df9e-bb6d-cca0-5d9f6ee3388a}
Followup: MachineOwner
---------
13: kd> .exr 0xffffa380120e6378
ExceptionAddress: fffff80f5ca277b0 (bridge+0x00000000000077b0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
Continue reading...
Could someone knowledgeable take a look at this memory dump and tell me what important information is found in it ? I tried to take a look but couldn't understand much of it. I don't know if every BSOD has had the same cause, but hopefully I can fix this today and never get another BSOD.
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\*User Name*\Desktop\020919-12171-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17134 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff801`18ea1000 PsLoadedModuleList = 0xfffff801`1924f150
Debug session time: Sat Feb 9 12:31:51.160 2019 (UTC - 5:00)
System Uptime: 6 days 1:25:08.085
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80f5ca277b0, ffffa380120e6378, ffffa380120e5bc0}
*** WARNING: Unable to verify timestamp for bridge.sys
*** ERROR: Module load completed but symbols could not be loaded for bridge.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : bridge.sys ( bridge+77b0 )
Followup: MachineOwner
---------
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*Symbol information
13: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80f5ca277b0, The address that the exception occurred at
Arg3: ffffa380120e6378, Exception Record Address
Arg4: ffffa380120e5bc0, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for bridge.sys
*** ERROR: Module load completed but symbols could not be loaded for bridge.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
SYSTEM_MANUFACTURER: Micro-Star International Co., Ltd
SYSTEM_PRODUCT_NAME: MS-7A93
SYSTEM_SKU: Default string
SYSTEM_VERSION: 1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.00
BIOS_DATE: 06/02/2017
BASEBOARD_MANUFACTURER: Micro-Star International Co., Ltd
BASEBOARD_PRODUCT: X299 SLI PLUS (MS-7A93)
BASEBOARD_VERSION: 1.0
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80f5ca277b0
BUGCHECK_P3: ffffa380120e6378
BUGCHECK_P4: ffffa380120e5bc0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
bridge+77b0
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h]
EXCEPTION_RECORD: ffffa380120e6378 -- (.exr 0xffffa380120e6378)
ExceptionAddress: fffff80f5ca277b0 (bridge+0x00000000000077b0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffa380120e5bc0 -- (.cxr 0xffffa380120e5bc0)
rax=0000000000000000 rbx=0000000000000000 rcx=6565724600010028
rdx=0000000000000000 rsi=ffff938017096030 rdi=ffff938002c7c880
rip=fffff80f5ca277b0 rsp=ffffa380120e65b0 rbp=ffffa380120e6700
r8=ffff938008489420 r9=fffffffffffffffe r10=ffff9380008e91a0
r11=ffffa380120e6430 r12=0000000000000100 r13=0000000000000000
r14=ffff938017096260 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
bridge+0x77b0:
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h] ds:002b:65657246`00010040=????????????????
Resetting default scope
CPU_COUNT: 10
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 55
CPU_STEPPING: 4
CPU_MICROCODE: 6,55,4,0 (F,M,S,R) SIG: 2000049'00000000 (cache) 2000049'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
FOLLOWUP_IP:
bridge+77b0
fffff80f`5ca277b0 488b4918 mov rcx,qword ptr [rcx+18h]
BUGCHECK_STR: AV
READ_ADDRESS: fffff801192ee388: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: GAMING-PC
ANALYSIS_SESSION_TIME: 02-09-2019 12:57:29.0351
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80f5ca277b0
STACK_TEXT:
ffffa380`120e65b0 00000000`00000000 : ffff9380`17096030 ffff9380`02c7cd78 00000000`00000000 fffff80f`5ca3be00 : bridge+0x77b0
THREAD_SHA1_HASH_MOD_FUNC: 2fa1981b4a9a7a3e2f1294354810635b9030c74f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 23a2638ad0f49cf68a5ec48bad8e798e8405963b
THREAD_SHA1_HASH_MOD: 2fa1981b4a9a7a3e2f1294354810635b9030c74f
FAULT_INSTR_CODE: 18498b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: bridge+77b0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: bridge
IMAGE_NAME: bridge.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffa380120e5bc0 ; kb
BUCKET_ID_FUNC_OFFSET: 77b0
FAILURE_BUCKET_ID: AV_bridge!unknown_function
BUCKET_ID: AV_bridge!unknown_function
PRIMARY_PROBLEM_CLASS: AV_bridge!unknown_function
TARGET_TIME: 2019-02-09T17:31:51.000Z
OSBUILD: 17134
OSSERVICEPACK: 523
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-01-01 01:44:13
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: 21ca
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_bridge!unknown_function
FAILURE_ID_HASH: {fc408975-df9e-bb6d-cca0-5d9f6ee3388a}
Followup: MachineOwner
---------
13: kd> .exr 0xffffa380120e6378
ExceptionAddress: fffff80f5ca277b0 (bridge+0x00000000000077b0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
Continue reading...