Interpreting Windows dmp file

H

Hasan Obaydi

Hi,


Intermittently my machine has been restarting with no apparent error or BSOD. I've been able to track the respective error Event Viewer and have opened the dmp file using WinDbg Preview but I can't make sense of the information.


Can anyone please help or advise on what the below means?




Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.




Loading Dump File [C:\Users\User\Desktop\error logs\121720-13000-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available





************* Path validation summary **************

Response Time (ms) Location

Deferred srv*

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP (4 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Edition build lab: 19041.1.amd64fre.vb_release.191206-1406

Machine Name:

Kernel base = 0xfffff807`41000000 PsLoadedModuleList = 0xfffff807`41c2a2b0

Debug session time: Thu Dec 17 19:38:27.308 2020 (UTC + 0:00)

System Uptime: 6 days 12:24:15.790

Loading Kernel Symbols

...............................................................

................................................................

................................................................

.........

Loading User Symbols

Loading unloaded module list

..................................................

For analysis of this file, run !analyze -v

nt!KeBugCheckEx:

fffff807`413f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe006`2f5d0e10=00000000000000ef

3: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



CRITICAL_PROCESS_DIED (ef)

A critical system process died

Arguments:

Arg1: ffffaa0fbff7e080, Process object or thread object

Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.

Arg3: 0000000000000000

Arg4: 0000000000000000



Debugging Details:

------------------





KEY_VALUES_STRING: 1



Key : Analysis.CPU.mSec

Value: 13484



Key : Analysis.DebugAnalysisProvider.CPP

Value: Create: 8007007e on HASAN-DESKTOP



Key : Analysis.DebugData

Value: CreateObject



Key : Analysis.DebugModel

Value: CreateObject



Key : Analysis.Elapsed.mSec

Value: 21509



Key : Analysis.Memory.CommitPeak.Mb

Value: 83



Key : Analysis.System

Value: CreateObject



Key : WER.OS.Branch

Value: vb_release



Key : WER.OS.Timestamp

Value: 2019-12-06T14:06:00Z



Key : WER.OS.Version

Value: 10.0.19041.1





ADDITIONAL_XML: 1



OS_BUILD_LAYERS: 1



BUGCHECK_CODE: ef



BUGCHECK_P1: ffffaa0fbff7e080



BUGCHECK_P2: 0



BUGCHECK_P3: 0



BUGCHECK_P4: 0



PROCESS_NAME: services.exe



CRITICAL_PROCESS: services.exe



EXCEPTION_RECORD: ffffe0062f5d1910 -- (.exr 0xffffe0062f5d1910)

ExceptionAddress: ffffe0062f5d1910

ExceptionCode: 2f5d1b80

ExceptionFlags: ffffe006

NumberParameters: 16

Parameter[0]: ffff572375e58cff

Parameter[1]: 0000000000000000

Parameter[2]: 0000006b33130f01

Parameter[3]: 0000000000000001

Parameter[4]: 0000000000000000

Parameter[5]: 0000000000000000

Parameter[6]: 0000000000000000

Parameter[7]: 0000000000000000

Parameter[8]: 0000000000000000

Parameter[9]: 0000000000000000

Parameter[10]: 0000000000000000

Parameter[11]: 0000000000000000

Parameter[12]: 0000000000000000

Parameter[13]: 0000000000000000

Parameter[14]: 0000000000000000



ERROR_CODE: (NTSTATUS) 0x2f5d1b80 - <Unable to get error code text>



BLACKBOXBSD: 1 (!blackboxbsd)





BLACKBOXNTFS: 1 (!blackboxntfs)





BLACKBOXPNP: 1 (!blackboxpnp)





BLACKBOXWINLOGON: 1



CUSTOMER_CRASH_COUNT: 1



EXCEPTION_CODE_STR: 2f5d1b80



EXCEPTION_PARAMETER1: ffff572375e58cff



EXCEPTION_PARAMETER2: 0000000000000000



EXCEPTION_PARAMETER3: 0000006b33130f01



EXCEPTION_PARAMETER4: 0



EXCEPTION_STR: 0x2f5d1b80



TRAP_FRAME: ffff572375e58cff -- (.trap 0xffff572375e58cff)

Unable to read trap frame at ffff5723`75e58cff



STACK_TEXT:

ffffe006`2f5d0e08 fffff807`419068e2 : 00000000`000000ef ffffaa0f`bff7e080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx

ffffe006`2f5d0e10 fffff807`41849b39 : 00000000`00000001 fffff807`4135971d 00000000`00000002 fffff807`41358d37 : nt!PspCatchCriticalBreak+0x10e

ffffe006`2f5d0eb0 fffff807`41709724 : ffffaa0f`00000000 00000000`00000000 ffffaa0f`bff7e080 ffffaa0f`bff7e4b8 : nt!PspTerminateAllThreads+0x140b4d

ffffe006`2f5d0f20 fffff807`41709a4c : ffffaa0f`bff7e080 00000000`00000001 ffffffff`ffffffff 00000000`00000000 : nt!PspTerminateProcess+0xe0

ffffe006`2f5d0f60 fffff807`414071b5 : ffffaa0f`bff7e080 ffffaa0f`cb638080 ffffe006`2f5d1050 fffff807`4171da92 : nt!NtTerminateProcess+0x9c

ffffe006`2f5d0fd0 fffff807`413f95e0 : fffff807`41491307 ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x25

ffffe006`2f5d1168 fffff807`41491307 : ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff 00007ff7`eb3a7a68 : nt!KiServiceLinkage

ffffe006`2f5d1170 fffff807`414078ac : ffffe006`2f5d1910 00000000`00000010 ffff5723`75e58cff 00000000`00000000 : nt!KiDispatchException+0x166907

ffffe006`2f5d1920 fffff807`41403a43 : ffffaa0f`cb638080 000001aa`7f7b8f00 ffffe006`2f5d1b80 ffffaa0f`bffa0cb0 : nt!KiExceptionDispatch+0x12c

ffffe006`2f5d1b00 00007ff9`0369b3de : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x443

0000006b`33130f70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`0369b3de





SYMBOL_NAME: nt!PspCatchCriticalBreak+10e



MODULE_NAME: nt



IMAGE_NAME: ntkrnlmp.exe



IMAGE_VERSION: 10.0.19041.685



STACK_COMMAND: .thread ; .cxr ; kb



BUCKET_ID_FUNC_OFFSET: 10e



FAILURE_BUCKET_ID: 0xEF_services.exe_BUGCHECK_CRITICAL_PROCESS_cb638080_nt!PspCatchCriticalBreak



OS_VERSION: 10.0.19041.1



BUILDLAB_STR: vb_release



OSPLATFORM_TYPE: x64



OSNAME: Windows 10



FAILURE_ID_HASH: {a15e0295-f858-878b-9661-62b50968cd12}



Followup: MachineOwner

---------



3: kd> .exr 0xffffe0062f5d1910

ExceptionAddress: ffffe0062f5d1910

ExceptionCode: 2f5d1b80

ExceptionFlags: ffffe006

NumberParameters: 16

Parameter[0]: ffff572375e58cff

Parameter[1]: 0000000000000000

Parameter[2]: 0000006b33130f01

Parameter[3]: 0000000000000001

Parameter[4]: 0000000000000000

Parameter[5]: 0000000000000000

Parameter[6]: 0000000000000000

Parameter[7]: 0000000000000000

Parameter[8]: 0000000000000000

Parameter[9]: 0000000000000000

Parameter[10]: 0000000000000000

Parameter[11]: 0000000000000000

Parameter[12]: 0000000000000000

Parameter[13]: 0000000000000000

Parameter[14]: 0000000000000000

Continue reading...
 

Similar threads

C
Replies
0
Views
457
ChandlerH1990
C
C
Replies
0
Views
358
CleanPinch123
C
Back
Top Bottom