Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff80312e04d2c, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000fffff80312d5, Parameter 1 of the exception
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec Value: 3593 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 6754 Key : Analysis.Init.CPU.mSec Value: 358 Key : Analysis.Init.Elapsed.mSec Value: 6850 Key : Analysis.Memory.CommitPeak.Mb Value: 82 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffff80000003
BUGCHECK_P2: fffff80312e04d2c
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80312d5
EXCEPTION_PARAMETER2: 0000fffff80312d5
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: fffff80316643690 -- (.trap 0xfffff80316643690)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff803140ff610 rbx=0000000000000000 rcx=fffff8030d1af764
rdx=0000000000000080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80292dffac0 rsp=fffff80316643828 rbp=fffff80316643960
r8=0000000000000000 r9=0000000000000000 r10=0000fffff80312d5
r11=00000008e1779328 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
fffff802`92dffac0 ?? ???
Resetting default scope
STACK_TEXT:
fffff80316658158 fffff803
12ef53ee : 000000000000001e ffffffff
80000003 fffff80312e04d2c 00000000
00000000 : nt!KeBugCheckEx
fffff80316658160 fffff803
12dffde2 : fffff80312ef53cc 00000000
00000000 0000000000000000 00000000
00000000 : nt!HvlpVtlCallExceptionHandler+0x22
fffff803166581a0 fffff803
12ce6e07 : fffff80316658710 00000000
00000000 fffff80316643c60 fffff803
12dfaa8e : nt!RtlpExecuteHandlerForException+0x12
fffff803166581d0 fffff803
12ce59f6 : fffff80316643458 fffff803
16658e20 fffff80316643458 fffff803
0d1af760 : nt!RtlDispatchException+0x297
fffff803166588f0 fffff803
12df7db2 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiDispatchException+0x186
fffff80316658fb0 fffff803
12df7d80 : fffff80312e08fa5 fffff803
12d62f90 fffff80312d23c44 00000000
0000fffe : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff80316643318 fffff803
12e08fa5 : fffff80312d62f90 fffff803
12d23c44 000000000000fffe 00000000
00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff80316643320 fffff803
12e02916 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiExceptionDispatch+0x125
fffff80316643500 fffff803
12e04d2d : 0000000000000004 00000000
00000000 0000000000000002 ffff9181
e449f180 : nt!KiBreakpointTrap+0x316
fffff80316643690 fffff802
92dffac0 : fffff80312d5161d 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiPageFault+0x2d
fffff80316643828 fffff803
12d5161d : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : 0xfffff80292dffac0 fffff803
16643830 fffff80312c9a3be : fffff803
0d1aa240 fffff80316643b10 fffff803
0d1a7180 ffffb888e50a7080 : nt!KiEntropyDpcRoutine+0x3d fffff803
16643860 fffff80312c996a4 : 00000000
00000000 0000000000000000 00000000
0000002a 00000000001e316d : nt!KiExecuteAllDpcs+0x30e fffff803
166439d0 fffff80312dfaa8e : 00000000
00000000 fffff8030d1a7180 fffff803
13726a00 ffffb888e12dc080 : nt!KiRetireDpcList+0x1f4 fffff803
16643c60 0000000000000000 : fffff803
16644000 fffff8031663e000 00000000
00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: nt!KiPageFault+2c
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.1110
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2c
FAILURE_BUCKET_ID: 0x1E_80000003_nt!KiPageFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {dd972cec-b3fc-7856-8a36-888ca66e1181}
Followup: MachineOwner
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Writing WDF Drivers | 12 September 2022 | Live, Online |
Internals & Software Drivers | 23 October 2022 | Live, Online |
Kernel Debugging | 14 November 2022 | Live, Online |
Developing Minifilters | 5 December 2022 | Live, Online |
Comments
Do you have a driver on this machine? It seems to be showing a page fault jumping to empty memory while handling a DPC. That can mean that you forgot to unregister a callback when your driver unloaded, or that you're trying to call a DPC in a segment marked as "paged" or "init". How your stack dump get corrupted?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.