Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


I don't know how to analyze it. (KMODE_EXCEPTION_NOT_HANDLED, GetContextState failed, 0xD0000147)

snheosnheo Member Posts: 8
in WINDBG

Hi.
I got a memory dump from my customer.
I am trying to start the analysis with '!analyze -v' but it came out as below, and I am not sure how to do the analysis.
I want to know if the memory dump is broken or if it is impossible to analyze it.
If analysis is possible, help is needed.

Thanks.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8006edf7314, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000000000d4, Parameter 1 of the exception

Debugging Details:
------------------

GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 0

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-67IIC0F

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 0

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 33

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  1e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8006edf7314

BUGCHECK_P3: 0

BUGCHECK_P4: d4

READ_ADDRESS: Unable to get size of nt!_MMPTE - probably bad symbols
 00000000000000d4 

EXCEPTION_PARAMETER2:  00000000000000d4

IP_IN_FREE_BLOCK: 0

STACK_TEXT:  
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147


SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

STACK_COMMAND:  .thread ; .cxr ; kb

FAILURE_BUCKET_ID:  CORRUPT_MODULELIST_0x1E_c0000005_R

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {9fbb6b05-1d22-18a3-1c13-7401b750327b}

Followup:     MachineOwner
---------

WARNING: Unable to reset page directories
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
· Share on Facebook

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,563

    The dump file is certainly damaged. Is this a minidump? Are you perhaps working on a driver in the storage stack? The bugcheck says that some driver tried to access a structure member using a null pointer (the bad address was 0xD4), but that's all the information there is.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 19-23 June 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online

Categories