Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.I need help analyzing why this crash keeps happening (PLEASE HELP)
justdaniel55
Member Posts: 1
- *
- Bugcheck Analysis *
- *
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff80312e04d2c, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000fffff80312d5, Parameter 1 of the exception
Debugging Details:
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec Value: 3593 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 6754 Key : Analysis.Init.CPU.mSec Value: 358 Key : Analysis.Init.Elapsed.mSec Value: 6850 Key : Analysis.Memory.CommitPeak.Mb Value: 82 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffff80000003
BUGCHECK_P2: fffff80312e04d2c
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80312d5
EXCEPTION_PARAMETER2: 0000fffff80312d5
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: fffff80316643690 -- (.trap 0xfffff80316643690)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff803140ff610 rbx=0000000000000000 rcx=fffff8030d1af764
rdx=0000000000000080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80292dffac0 rsp=fffff80316643828 rbp=fffff80316643960
r8=0000000000000000 r9=0000000000000000 r10=0000fffff80312d5
r11=00000008e1779328 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
fffff802`92dffac0 ?? ???
Resetting default scope
STACK_TEXT:
fffff80316658158 fffff80312ef53ee : 000000000000001e ffffffff80000003 fffff80312e04d2c 0000000000000000 : nt!KeBugCheckEx
fffff80316658160 fffff80312dffde2 : fffff80312ef53cc 0000000000000000 0000000000000000 0000000000000000 : nt!HvlpVtlCallExceptionHandler+0x22
fffff803166581a0 fffff80312ce6e07 : fffff80316658710 0000000000000000 fffff80316643c60 fffff80312dfaa8e : nt!RtlpExecuteHandlerForException+0x12
fffff803166581d0 fffff80312ce59f6 : fffff80316643458 fffff80316658e20 fffff80316643458 fffff8030d1af760 : nt!RtlDispatchException+0x297
fffff803166588f0 fffff80312df7db2 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiDispatchException+0x186
fffff80316658fb0 fffff80312df7d80 : fffff80312e08fa5 fffff80312d62f90 fffff80312d23c44 000000000000fffe : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff80316643318 fffff80312e08fa5 : fffff80312d62f90 fffff80312d23c44 000000000000fffe 0000000000000000 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff80316643320 fffff80312e02916 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiExceptionDispatch+0x125
fffff80316643500 fffff80312e04d2d : 0000000000000004 0000000000000000 0000000000000002 ffff9181e449f180 : nt!KiBreakpointTrap+0x316
fffff80316643690 fffff80292dffac0 : fffff80312d5161d 0000000000000000 0000000000000000 0000000000000000 : nt!KiPageFault+0x2d
fffff80316643828 fffff80312d5161d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0xfffff80292dffac0 fffff80316643830 fffff80312c9a3be : fffff8030d1aa240 fffff80316643b10 fffff8030d1a7180 ffffb888e50a7080 : nt!KiEntropyDpcRoutine+0x3d fffff80316643860 fffff80312c996a4 : 0000000000000000 0000000000000000 000000000000002a 00000000001e316d : nt!KiExecuteAllDpcs+0x30e fffff803166439d0 fffff80312dfaa8e : 0000000000000000 fffff8030d1a7180 fffff80313726a00 ffffb888e12dc080 : nt!KiRetireDpcList+0x1f4 fffff80316643c60 0000000000000000 : fffff80316644000 fffff8031663e000 0000000000000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: nt!KiPageFault+2c
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.1110
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2c
FAILURE_BUCKET_ID: 0x1E_80000003_nt!KiPageFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {dd972cec-b3fc-7856-8a36-888ca66e1181}
Followup: MachineOwner
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Internals & Software Drivers | 15 November 2021 | Live, Online |
| Writing WDF Drivers | TBD | Live, Online |
| Developing Minifilters | 7 February 2022 | Live, Online |
| Kernel Debugging | 21 March 2022 | Live, Online |
Comments
Do you have a driver on this machine? It seems to be showing a page fault jumping to empty memory while handling a DPC. That can mean that you forgot to unregister a callback when your driver unloaded, or that you're trying to call a DPC in a segment marked as "paged" or "init". How your stack dump get corrupted?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.