Windows 10: Analyzing .DMP file after BSOD

Discus and support Analyzing .DMP file after BSOD in Windows 10 Customization to solve the problem; Wondering if anyone can pinpoint the exact cause of the BSOD by looking at the DMP file; your help is appreciated. Symbol search path is: srv*... Discussion in 'Windows 10 Customization' started by luceafaru, Sep 18, 2018.

  1. LUCEAFARU
    luceafaru Win User

    Analyzing .DMP file after BSOD


    Wondering if anyone can pinpoint the exact cause of the BSOD by looking at the DMP file; your help is appreciated.

    Symbol search path is: srv*
    Executable search path is:
    Windows 8.1 Kernel Version 9600 MP (2 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 9600.19038.amd64fre.winblue_ltsb_escrow.180608-1416
    Machine Name:
    Kernel base = 0xfffff803`2e601000 PsLoadedModuleList = 0xfffff803`2e8cd530
    Debug session time: Mon Sep 17 09:33:43.673 2018 (UTC - 7:00)
    System Uptime: 0 days 0:33:22.111
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............
    Loading User Symbols

    Loading unloaded module list
    ............
    ERROR: FindPlugIns 8007007b
    ERROR: Some plugins may not be available [8007007b]
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {ffffe00183ab5f0d, 2, 8, ffffe00183ab5f0d}

    Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+525 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    ERROR: FindPlugIns 8007007b
    ERROR: Some plugins may not be available [8007007b]
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: ffffe00183ab5f0d, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
    Arg4: ffffe00183ab5f0d, address which referenced memory

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1


    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 401

    BUILD_VERSION_STRING: 9600.19038.amd64fre.winblue_ltsb_escrow.180608-1416

    SYSTEM_MANUFACTURER: VMware, Inc.

    VIRTUAL_MACHINE: VMware

    SYSTEM_PRODUCT_NAME: VMware Virtual Platform

    SYSTEM_VERSION: None

    BIOS_VENDOR: Phoenix Technologies LTD

    BIOS_VERSION: 6.00

    BIOS_DATE: 07/09/2012

    BASEBOARD_MANUFACTURER: Intel Corporation

    BASEBOARD_PRODUCT: 440BX Desktop Reference Platform

    BASEBOARD_VERSION: None

    DUMP_TYPE: 1

    BUGCHECK_P1: ffffe00183ab5f0d

    BUGCHECK_P2: 2

    BUGCHECK_P3: 8

    BUGCHECK_P4: ffffe00183ab5f0d

    READ_ADDRESS: ffffe00183ab5f0d Nonpaged pool

    CURRENT_IRQL: 2

    FAULTING_IP:
    +0
    ffffe001`83ab5f0d ?? ???

    CPU_COUNT: 2

    CPU_MHZ: 960

    CPU_VENDOR: GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 1a

    CPU_STEPPING: 4

    CPU_MICROCODE: 6,1a,4,0 (F,M,S,R) SIG: 15'00000000 (cache) 15'00000000 (init)

    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

    BUGCHECK_STR: AV

    PROCESS_NAME: System

    ANALYSIS_SESSION_HOST: 2UA5032D29

    ANALYSIS_SESSION_TIME: 09-18-2018 11:33:20.0234

    ANALYSIS_VERSION: 10.0.17134.12 amd64fre

    TRAP_FRAME: ffffd001b318c030 -- (.trap 0xffffd001b318c030)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000080040031 rbx=0000000000000000 rcx=fffff6fb7dbedf80
    rdx=ffffd001b318c5d0 rsi=0000000000000000 rdi=0000000000000000
    rip=ffffe00183ab5f0d rsp=ffffd001b318c1c8 rbp=ffffd001b318c280
    r8=0000000000000000 r9=0000000000000000 r10=7010008004002001
    r11=0000000080050031 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz na po nc
    ffffe001`83ab5f0d ?? ???
    Resetting default scope

    LAST_CONTROL_TRANSFER: from fffff8032e768a29 to fffff8032e7562a0

    FAILED_INSTRUCTION_ADDRESS:
    +0
    ffffe001`83ab5f0d ?? ???

    STACK_TEXT:
    ffffd001`b318bee8 fffff803`2e768a29 : 00000000`0000000a ffffe001`83ab5f0d 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
    ffffd001`b318bef0 fffff803`2e765465 : 00000000`00000008 00000000`009c4063 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    ffffd001`b318c030 ffffe001`83ab5f0d : ffffe001`83f98fb4 b3b74bde`e4453415 ffffd001`b318c280 ffffe001`83f8e33b : nt!KiPageFault+0x525
    ffffd001`b318c1c8 ffffe001`83f98fb4 : b3b74bde`e4453415 ffffd001`b318c280 ffffe001`83f8e33b 00000000`00000001 : 0xffffe001`83ab5f0d
    ffffd001`b318c1d0 b3b74bde`e4453415 : ffffd001`b318c280 ffffe001`83f8e33b 00000000`00000001 ffffe001`7cec6f20 : 0xffffe001`83f98fb4
    ffffd001`b318c1d8 ffffd001`b318c280 : ffffe001`83f8e33b 00000000`00000001 ffffe001`7cec6f20 00000000`00000000 : 0xb3b74bde`e4453415
    ffffd001`b318c1e0 ffffe001`83f8e33b : 00000000`00000001 ffffe001`7cec6f20 00000000`00000000 00000000`00000000 : 0xffffd001`b318c280
    ffffd001`b318c1e8 00000000`00000001 : ffffe001`7cec6f20 00000000`00000000 00000000`00000000 ffffd001`b318c478 : 0xffffe001`83f8e33b
    ffffd001`b318c1f0 ffffe001`7cec6f20 : 00000000`00000000 00000000`00000000 ffffd001`b318c478 00000000`00000000 : 0x1
    ffffd001`b318c1f8 00000000`00000000 : 00000000`00000000 ffffd001`b318c478 00000000`00000000 ffffe001`7ce4e6b8 : 0xffffe001`7cec6f20


    THREAD_SHA1_HASH_MOD_FUNC: bf99962f16aee8a6a536cfcc5454c0cd4db15ac9

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0a8b1ac24a7943b9376cfe4d4d90df97a32eee05

    THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b

    FOLLOWUP_IP:
    nt!KiPageFault+525
    fffff803`2e765465 440f20c0 mov rax,cr8

    FAULT_INSTR_CODE: c0200f44

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: nt!KiPageFault+525

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 5b1b10ea

    STACK_COMMAND: .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET: 525

    FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault

    BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault

    PRIMARY_PROBLEM_CLASS: AV_CODE_AV_BAD_IP_nt!KiPageFault

    TARGET_TIME: 2018-09-17T16:33:43.000Z

    OSBUILD: 9600

    OSSERVICEPACK: 0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK: 272

    PRODUCT_TYPE: 3

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 8.1

    OSEDITION: Windows 8.1 Server TerminalServer SingleUserTS

    OS_LOCALE:

    USER_LCID: 0

    OSBUILD_TIMESTAMP: 2018-06-08 16:27:38

    BUILDDATESTAMP_STR: 180608-1416

    BUILDLAB_STR: winblue_ltsb_escrow

    BUILDOSVER_STR: 6.3.9600.19038.amd64fre.winblue_ltsb_escrow.180608-1416

    ANALYSIS_SESSION_ELAPSED_TIME: 45a

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:av_code_av_bad_ip_nt!kipagefault

    FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}

    Followup: MachineOwner
    ---------

    0: kd> lmvm nt
    Browse full module list
    start end module name
    fffff803`2e601000 fffff803`2ed88000 nt (pdb symbols) C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntkrnlmp.pdb\625486F8668845039EF8E0907AB6FFB11\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols functions data
    Timestamp: Fri Jun 8 16:27:38 2018 (5B1B10EA)
    CheckSum: 0071C951
    ImageSize: 00787000
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

    :)
     
    luceafaru, Sep 18, 2018
    #1
  2. BLIANC
    Blianc Win User

    Constant BSODs, can someone analyze my DMP files?

    Hey guys, been getting a lot of blue screens. I ran a memtest on both sticks of my ram and immediately got 65k + errors. I then ran one of them and it passed. When i tried to run the other, my computer wouldn't even turn on. I was initially relieved
    that I had "isolated the problem". But I still ended up with a blue screen while running my pc with only the stick of RAM that passed. I am probably going to RMA the ram, but I need to solve the bsod problem first. Can someone analyze my DMP files: https://drive.google.com/open?id=0B8yfv-6nTE58b01vcGpEOW5DNFk
    ?
     
    Blianc, Sep 18, 2018
    #2
  3. AZUREROOKIEFL
    AzureRookieFL Win User
    BSOD with DMP files and MSInfo

    I have used the verifier app and collect the dmp files along with the MSInfo32.

    I been receiving the BSOD for a bit and I had the motherboard replace at the Company's helpdesk requested it. I knew that was not the issue. I know is a driver issue but don't know how to fix it and what is exactly causing the issue. I believe is the Cisco
    VPN software that is causing it.

    When the BSOD happened under the verifier app the

    DRIVER_VERIFIED_DETECTED_VIOLATION (xxxxx.sys) The xxxx.sys is the name of the driver that caused the crash.
    If it is listed please note it and tell us what it is.

    the xxxx.sys was something like vpnxxx64.sys I believe..can't remember it exactly.

    here is the link to OneDrive to see the DMP files and the MSInfo32 files.

    022417-11640-01.zip
     
    AzureRookieFL, Sep 18, 2018
    #3
  4. BRANDONB13
    BrandonB13 Win User

    Analyzing .DMP file after BSOD

    DMP file review

    I was getting the BSOD of death with Windows 10 and my search for help lead me to verifying my driver. Can anyone analyze the following DMP files?

    Minidump.rar
     
    BrandonB13, Sep 18, 2018
    #4
Thema:

Analyzing .DMP file after BSOD

Loading...

  1. Analyzing .DMP file after BSOD - Similar Threads - Analyzing DMP file

  2. Need help analyzing a DMP file to deduce the cause of a BSOD.

    in Windows 10 Software and Apps
    Need help analyzing a DMP file to deduce the cause of a BSOD.: Was simply playing Roblox, which isn't a very intensive game, when I suddenly bluescreened. I'm not sure what the cause was, and I'm not adept when it comes to understanding what might've occurred. Help would be appreciated— I'll attach both the corresponding DMP...

  3. Analyze a DMP file

    in Windows 10 Software and Apps
    Analyze a DMP file: Surface5Win11dmpCan someone help me analyze the dmp file from a recent BSOD. Its happening on our Surface Laptop 5s when they are on Windows 11. https://answers.microsoft.com/en-us/windows/forum/all/analyze-a-dmp-file/18c8ffdc-3a14-455b-8fae-af0b76ad3bad

  4. Analyze a DMP file

    in Windows 10 Gaming
    Analyze a DMP file: Surface5Win11dmpCan someone help me analyze the dmp file from a recent BSOD. Its happening on our Surface Laptop 5s when they are on Windows 11. https://answers.microsoft.com/en-us/windows/forum/all/analyze-a-dmp-file/18c8ffdc-3a14-455b-8fae-af0b76ad3bad

  5. Windows BSOD 0x000000ef. Need help analyzing the DMP file. DMP

    in Windows 10 Gaming
    Windows BSOD 0x000000ef. Need help analyzing the DMP file. DMP: #I am quite proficient in both Chinese and English. This post will be avaliable in both languages for greater outreach.#My PC restarted itself twice after BSOD in the last two days, and it has never happened before. I was not at home when it happened during both restarts, but...

  6. Windows BSOD 0x000000ef. Need help analyzing the DMP file. DMP

    in Windows 10 Software and Apps
    Windows BSOD 0x000000ef. Need help analyzing the DMP file. DMP: #I am quite proficient in both Chinese and English. This post will be avaliable in both languages for greater outreach.#My PC restarted itself twice after BSOD in the last two days, and it has never happened before. I was not at home when it happened during both restarts, but...

  7. Help analyzing DMP file

    in Windows 10 Gaming
    Help analyzing DMP file: Good evening,When playing Destiny 2, the monitor goes blank with "no input", then the computer eventually restarts. Any assistance in analyzing this dump file would be greatly appreciated. This does not seem to happen when playing other games.I have completely removed and...

  8. Help analyzing DMP file

    in Windows 10 Software and Apps
    Help analyzing DMP file: Good evening,When playing Destiny 2, the monitor goes blank with "no input", then the computer eventually restarts. Any assistance in analyzing this dump file would be greatly appreciated. This does not seem to happen when playing other games.I have completely removed and...

  9. Help analyzing DMP file

    in Windows 10 BSOD Crashes and Debugging
    Help analyzing DMP file: Good evening,When playing Destiny 2, the monitor goes blank with "no input", then the computer eventually restarts. Any assistance in analyzing this dump file would be greatly appreciated. This does not seem to happen when playing other games.I have completely removed and...

  10. Getting BSOD, need help analyzing the DMP file

    in Windows 10 BSOD Crashes and Debugging
    Getting BSOD, need help analyzing the DMP file: I have just built this new PC 1 month ago and everything seemed fine until recently i started getting BSOD and restarts. At first, i thought it was warzone causing this because the first 3 or 4 times it happened, warzone was running and the game has a history of crashing....