Windows 10: Random BSOD? - DMP file inside

Discus and support Random BSOD? - DMP file inside in Windows 10 BSOD Crashes and Debugging to solve the problem; Can anyone help? Opened the DMP file within Windbg. Can't see anything to point out what is causing it. Have done memory scans to check the RAM - all... Discussion in 'Windows 10 BSOD Crashes and Debugging' started by Knowxys, Jul 9, 2019.

  1. Knowxys Win User

    Random BSOD? - DMP file inside


    Can anyone help? Opened the DMP file within Windbg. Can't see anything to point out what is causing it.

    Have done memory scans to check the RAM - all came back ok. (ram is brand new)

    Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


    ************* Path validation summary **************
    Response Time (ms) Location
    Deferred SRV*C:\Temp*http://msdl.microsoft.com/download/symbol
    Symbol search path is: SRV*C:\Temp*http://msdl.microsoft.com/download/symbol
    Executable search path is:
    Windows 10 Kernel Version 18362 MP (16 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 18362.1.amd64fre.19h1_release.190318-1202
    Machine Name:
    Kernel base = 0xfffff805`2ac02000 PsLoadedModuleList = 0xfffff805`2b045370
    Debug session time: Tue Jul 9 11:49:10.342 2019 (UTC + 1:00)
    System Uptime: 0 days 0:00:41.043
    Loading Kernel Symbols
    ...............................................................
    ......Page 14a3a5 not present in the dump file. Type ".hh dbgerr004" for details
    ..........................................................
    ...............................................................
    Loading User Symbols

    Loading unloaded module list
    ......
    For analysis of this file, run !analyze -v
    15: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff8052b562cc5, The address that the exception occurred at
    Arg3: ffffad03a699bf98, Exception Record Address
    Arg4: ffffad03a699b7e0, Context Record Address

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1

    Key : AV.Fault
    Value: Read


    PROCESSES_ANALYSIS: 1

    SERVICE_ANALYSIS: 1

    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 401

    BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

    SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.

    SYSTEM_PRODUCT_NAME: AB350-Gaming 3

    SYSTEM_SKU: Default string

    SYSTEM_VERSION: Default string

    BIOS_VENDOR: American Megatrends Inc.

    BIOS_VERSION: F7

    BIOS_DATE: 06/16/2017

    BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.

    BASEBOARD_PRODUCT: AB350-Gaming 3-CF

    BASEBOARD_VERSION: x.x

    DUMP_TYPE: 1

    BUGCHECK_P1: ffffffffc0000005

    BUGCHECK_P2: fffff8052b562cc5

    BUGCHECK_P3: ffffad03a699bf98

    BUGCHECK_P4: ffffad03a699b7e0

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

    FAULTING_IP:
    nt!IovpValidateDeviceObject+5
    fffff805`2b562cc5 66833903 cmp word ptr [rcx],3

    EXCEPTION_RECORD: ffffad03a699bf98 -- (.exr 0xffffad03a699bf98)
    ExceptionAddress: fffff8052b562cc5 (nt!IovpValidateDeviceObject+0x0000000000000005)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 0000000000000000
    Parameter[1]: 00000000046dc232
    Attempt to read from address 00000000046dc232

    CONTEXT: ffffad03a699b7e0 -- (.cxr 0xffffad03a699b7e0)
    rax=ffffae8b8747ebb0 rbx=ffffae8b8747ebb0 rcx=00000000046dc232
    rdx=0000000000000000 rsi=00000000046dc232 rdi=ffffae8b8765d2e0
    rip=fffff8052b562cc5 rsp=ffffad03a699c1d8 rbp=fffff8052ad7db5a
    r8=0000000000000000 r9=0000000000000000 r10=fffff8052b5c8840
    r11=0000000000000000 r12=ffffae8b8bef0000 r13=fffff80e8b804000
    r14=0000000000000000 r15=0000000000400000
    iopl=0 nv up ei pl nz na pe nc
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
    nt!IovpValidateDeviceObject+0x5:
    fffff805`2b562cc5 66833903 cmp word ptr [rcx],3 ds:002b:00000000`046dc232=????
    Resetting default scope

    CPU_COUNT: 10

    CPU_MHZ: d42

    CPU_VENDOR: AuthenticAMD

    CPU_FAMILY: 17

    CPU_MODEL: 1

    CPU_STEPPING: 1

    BLACKBOXBSD: 1 (!blackboxbsd)


    BLACKBOXNTFS: 1 (!blackboxntfs)


    BLACKBOXWINLOGON: 1

    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

    PROCESS_NAME: System

    CURRENT_IRQL: 0

    FOLLOWUP_IP:
    HIDCLASS+393a
    fffff80e`8b7e393a 807f1800 cmp byte ptr [rdi+18h],0

    BUGCHECK_STR: AV

    READ_ADDRESS: 00000000046dc232

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

    EXCEPTION_CODE_STR: c0000005

    EXCEPTION_PARAMETER1: 0000000000000000

    EXCEPTION_PARAMETER2: 00000000046dc232

    ANALYSIS_SESSION_HOST: CHARLIE-PC

    ANALYSIS_SESSION_TIME: 07-09-2019 12:30:36.0128

    ANALYSIS_VERSION: 10.0.18362.1 amd64fre

    LOCK_ADDRESS: fffff8052b05f760 -- (!locks fffff8052b05f760)

    Resource @ nt!PiEngineLock (0xfffff8052b05f760) Exclusively owned
    Contention Count = 17
    NumberOfExclusiveWaiters = 1
    Threads: ffffae8b80f41640-01<*>

    Threads Waiting On Exclusive Access:
    ffffae8b80fca040
    1 total locks

    PNP_TRIAGE_DATA:
    Lock address : 0xfffff8052b05f760
    Thread Count : 1
    Thread address: 0xffffae8b80f41640
    Thread wait : 0xa42

    LAST_CONTROL_TRANSFER: from fffff8052add8043 to fffff8052adbe8a0

    STACK_TEXT:
    ffffad03`a699c1d8 fffff805`2b561f9e : ffffae8b`8747ebb0 ffffad03`a699c1f8 ffffae8b`8747ed10 ffffae8b`8bc0b150 : nt!IovpValidateDeviceObject+0x5
    ffffad03`a699c1e0 fffff805`2b56fac8 : ffffae8b`8747ebb0 00000000`00000000 ffffae8b`8bef9d10 ffffae8b`8765d2e0 : nt!IovCallDriver+0x16a
    ffffad03`a699c220 fffff805`2ad7db5a : 00000000`00000000 fffff805`2b56da2c ffffae8b`00000000 ffffae8b`00000000 : nt!VerifierIofCallDriver+0x18
    ffffad03`a699c250 fffff805`2b5620a9 : ffffae8b`8747ebb0 ffffae8b`8bef9d10 ffffae8b`8bc0b1c8 fffff805`2b56c9da : nt!IopfCallDriver+0x56
    ffffad03`a699c290 fffff805`2adf3a39 : ffffae8b`8747ebb0 00000000`00000000 ffffae8b`8a7ccae0 ffffae8b`87649a10 : nt!IovCallDriver+0x275
    ffffad03`a699c2d0 fffff805`2b581bbf : ffffae8b`8747ebb0 00000000`00000000 ffffae8b`8a7ccae0 fffff80e`8b804000 : nt!IofCallDriver+0x1bfdc9
    ffffad03`a699c310 fffff805`2ad7db5a : ffffae8b`8a7ccc30 ffffae8b`8747ebb0 ffffae8b`00000000 ffffae8b`00000000 : nt!ViFilterDispatchGeneric+0xbf
    ffffad03`a699c350 fffff805`2b5620a9 : ffffae8b`8747ebb0 ffffae8b`8a7ccae0 ffffae8b`8747ebb0 ffffae8b`8a7ccae0 : nt!IopfCallDriver+0x56
    ffffad03`a699c390 fffff805`2b56fac8 : ffffae8b`8747ebb0 00000000`00000017 ffffae8b`874860a0 ffffae8b`9835ed70 : nt!IovCallDriver+0x275
    ffffad03`a699c3d0 fffff80e`8b7e393a : 00000000`00000008 fffff805`2b5701d8 ffffb3aa`0ea9c806 fffff805`2aca7160 : nt!VerifierIofCallDriver+0x18
    ffffad03`a699c400 fffff80e`8b7f3d81 : 00000000`00000000 ffffae8b`87486210 ffffae8b`8747ebb0 fffff805`2b574357 : HIDCLASS+0x393a
    ffffad03`a699c470 fffff80e`8b810f1d : ffffae8b`874861f0 ffffae8b`87643a30 ffffae8b`8bc0b240 fffff805`2b56c9da : HIDCLASS!HidNotifyPresence+0xfd1
    ffffad03`a699c4d0 fffff80e`8b7e269b : ffffae8b`00000002 ffffae8b`874861f0 ffffae8b`8bc0b240 00000000`00000017 : HIDCLASS!DllInitialize+0x45d
    ffffad03`a699c500 fffff805`2ad7db5a : 00000000`00000000 ffffae8b`8747ebb0 ffffae8b`874860a0 ffffae8b`00000000 : HIDCLASS+0x269b
    ffffad03`a699c590 fffff805`2b5620a9 : ffffae8b`8747ebb0 ffffae8b`874860a0 ffffae8b`8bc0b2b8 fffff805`2b56c9da : nt!IopfCallDriver+0x56
    ffffad03`a699c5d0 fffff805`2adf3a39 : ffffae8b`8747ebb0 00000000`00000000 ffffae8b`8beed0f0 ffffae8b`87643a30 : nt!IovCallDriver+0x275
    ffffad03`a699c610 fffff805`2b581bbf : ffffae8b`8747ebb0 00000000`00000000 ffffae8b`8beed0f0 ffffae8b`8bed9720 : nt!IofCallDriver+0x1bfdc9
    ffffad03`a699c650 fffff805`2ad7db5a : ffffae8b`8beed240 ffffae8b`8747ebb0 ffffae8b`00000001 ffffae8b`00000001 : nt!ViFilterDispatchGeneric+0xbf
    ffffad03`a699c690 fffff805`2b5620a9 : ffffae8b`8747ebb0 ffffae8b`8beed0f0 00000000`00000000 fffff805`2b56df39 : nt!IopfCallDriver+0x56
    ffffad03`a699c6d0 fffff805`2adf3a39 : ffffae8b`8747ebb0 ffffae8b`8beed0f0 00000000`00000000 ffffae8b`8763c2c0 : nt!IovCallDriver+0x275
    ffffad03`a699c710 fffff805`2b56de95 : ffffae8b`8bef9d10 00000000`00000000 ffffad03`00000002 00000000`00000000 : nt!IofCallDriver+0x1bfdc9
    ffffad03`a699c750 fffff805`2b57f84a : ffffae8b`8bef9d10 ffffad03`a699c939 00000000`00000001 ffffae8b`8bef9d10 : nt!VfIrpSendSynchronousIrp+0x115
    ffffad03`a699c7c0 fffff805`2b574204 : 00000000`00000000 ffffad03`a699c939 00000000`00000001 ffffae8b`8bef9d10 : nt!VfWmiTestStartedPdoStack+0x5a
    ffffad03`a699c860 fffff805`2ad4277f : 00000000`00000000 ffffad03`a699c939 00000000`00000001 ffffae8b`7d0da9b0 : nt!VfMajorTestStartedPdoStack+0x58
    ffffad03`a699c890 fffff805`2b2f6643 : 00000000`00000000 ffffad03`a699c939 00000000`00000001 ffffad03`a699c939 : nt!PpvUtilTestStartedPdoStack+0x17
    ffffad03`a699c8c0 fffff805`2b2f2ccd : ffffae8b`87d4a010 ffffad03`00000001 00000000`00000000 00000000`00000000 : nt!PipProcessStartPhase3+0xbf
    ffffad03`a699c9a0 fffff805`2b31679c : ffffae8b`8bed9700 fffff805`2ac3b401 ffffad03`a699cab0 fffff805`00000002 : nt!PipProcessDevNodeTree+0x375
    ffffad03`a699ca60 fffff805`2ad5adc7 : 00000001`00000003 ffffae8b`7d0da9b0 ffffae8b`8bed9720 ffffae8b`8bed9720 : nt!PiProcessReenumeration+0x88
    ffffad03`a699cab0 fffff805`2acc6855 : ffffae8b`80f41640 ffffae8b`7d094cb0 fffff805`2b05e000 ffffae8b`7d094cb0 : nt!PnpDeviceActionWorker+0x207
    ffffad03`a699cb70 fffff805`2ad31725 : ffffae8b`80f41640 00000000`00000080 ffffae8b`7d084040 00000067`b4bbbdff : nt!ExpWorkerThread+0x105
    ffffad03`a699cc10 fffff805`2adc5dfa : ffffc200`230de180 ffffae8b`80f41640 fffff805`2ad316d0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
    ffffad03`a699cc60 00000000`00000000 : ffffad03`a699d000 ffffad03`a6997000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x2a


    THREAD_SHA1_HASH_MOD_FUNC: fe758a8a4921f4ba4b0fa425fbf273bb60612e76

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8a5043323ebb8de5dcfc14afbfe9864ce571bdd8

    THREAD_SHA1_HASH_MOD: 54d521d0fbbc9f6c0adede35bd6c572b0d6b1822

    FAULT_INSTR_CODE: 187f80

    SYMBOL_STACK_INDEX: a

    SYMBOL_NAME: HIDCLASS+393a

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: HIDCLASS

    IMAGE_NAME: HIDCLASS.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    IMAGE_VERSION: 10.0.18362.175

    STACK_COMMAND: .cxr 0xffffad03a699b7e0 ; kb

    BUCKET_ID_FUNC_OFFSET: 393a

    FAILURE_BUCKET_ID: AV_VRF_HIDCLASS!unknown_function

    BUCKET_ID: AV_VRF_HIDCLASS!unknown_function

    PRIMARY_PROBLEM_CLASS: AV_VRF_HIDCLASS!unknown_function

    TARGET_TIME: 2019-07-09T10:49:10.000Z

    OSBUILD: 18362

    OSSERVICEPACK: 0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK: 784

    PRODUCT_TYPE: 1

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 10

    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

    OS_LOCALE:

    USER_LCID: 0

    OSBUILD_TIMESTAMP: unknown_date

    BUILDDATESTAMP_STR: 190318-1202

    BUILDLAB_STR: 19h1_release

    BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

    ANALYSIS_SESSION_ELAPSED_TIME: 5a29

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:av_vrf_hidclass!unknown_function

    FAILURE_ID_HASH: {f79fb2d9-9bae-0d70-dc72-09082def633c}

    Followup: MachineOwner
    ---------

    :)
     
    Knowxys, Jul 9, 2019
    #1
  2. ARC
    Arc Win User

    Random BSOD while browsing internet


    BitDefender is nothing special. mwac.sys causes BSODs anywhere.
    A tiny documentation can be found here: Solved Random BSODs - Windows 10 Forums
    In that very thread, the suggested action apparently worked.

    The storage and network filters of any third party antivirus can cause BSODs. Neither MBAM nor BitDefender is any special. For a regular antivirus, it may be shifted to an alternative; but MBAM has no alternative. So a clean install of the said program is the most feasible first step.
    As far as the first step is not failing, it is better to not think for the second step. Because the BSODs are not universal, failure at the first step is not universal; and success at the second step is also not universal.
    That is why I posted that my suggestion may work, or may not. Let us see where it goes.
     
  3. Read a DMP file? From a BSOD

    Hi,

    Can anyone help me read a DMP file to try and figure out the cause of a random BSOD that one my users is experiencing?

    It happens randomly, maybe once a week to a couple times a day. It's on a Win 7 machine

    Any help would be greatly appreciated.

    Thanks,

    Kevin M.
     
    Kevin Mendoza (kevin), Jul 9, 2019
    #3
  4. Random BSOD? - DMP file inside

    BSOD with DMP files and MSInfo

    I have used the verifier app and collect the dmp files along with the MSInfo32.

    I been receiving the BSOD for a bit and I had the motherboard replace at the Company's helpdesk requested it. I knew that was not the issue. I know is a driver issue but don't know how to fix it and what is exactly causing the issue. I believe is the Cisco
    VPN software that is causing it.

    When the BSOD happened under the verifier app the

    DRIVER_VERIFIED_DETECTED_VIOLATION (xxxxx.sys) The xxxx.sys is the name of the driver that caused the crash.
    If it is listed please note it and tell us what it is.

    the xxxx.sys was something like vpnxxx64.sys I believe..can't remember it exactly.

    here is the link to OneDrive to see the DMP files and the MSInfo32 files.

    022417-11640-01.zip
     
    AzureRookieFL, Jul 9, 2019
    #4
Thema:

Random BSOD? - DMP file inside

Loading...
  1. Random BSOD? - DMP file inside - Similar Threads - Random BSOD DMP

  2. BSOD - DPC_WATCHDOG_VIOLATION, DMP file inside (0x00000133 : ntoskrnl.exe)

    in Windows 10 BSOD Crashes and Debugging
    BSOD - DPC_WATCHDOG_VIOLATION, DMP file inside (0x00000133 : ntoskrnl.exe): Hi everyone, Been encountering this issue on and off for the past few weeks. Noticed it happens most frequently after pausing a YouTube video. Not sure what's happening as I've updated my drivers on everything. Any help is appreciated. Thanks! BlueScreenView report:...
  3. Random BSOD, random restarts, No DMP files created

    in Windows 10 BSOD Crashes and Debugging
    Random BSOD, random restarts, No DMP files created: Hi, I've been troubleshooting my desktop computer for about a month now only recently really having time to figure out what's actually wrong. I have unfortunately hit a roadblock though and am unsure where to go from here. At first, I thought the power supply was causing...
  4. Probably caused by : win32kbase.sys dmp file inside KMODE_EXCEPTION_NOT_HANDLED

    in Windows 10 BSOD Crashes and Debugging
    Probably caused by : win32kbase.sys dmp file inside KMODE_EXCEPTION_NOT_HANDLED: Need help with the generic error to show which driver is causing my error. Dump file https://ufile.io/0dny0 https://answers.microsoft.com/en-us/windows/forum/all/probably-caused-by-win32kbasesys-dmp-file-inside/7412d9ee-a0ec-444e-a9b3-628a50fc5ec6
  5. Analyzing .DMP file after BSOD

    in Windows 10 Customization
    Analyzing .DMP file after BSOD: Wondering if anyone can pinpoint the exact cause of the BSOD by looking at the DMP file; your help is appreciated. Symbol search path is: srv* Executable search path is: Windows 8.1 Kernel Version 9600 MP (2 procs) Free x64 Product: Server, suite: TerminalServer...
  6. BSOD .dmp file and system info

    in Windows 10 BSOD Crashes and Debugging
    BSOD .dmp file and system info: Hi there I hope I'm posting this in the right place? I was following the "Driver Verifier-- tracking down a mis-behaving driver." thread and have got the .dmp file and system info links here: - https://1drv.ms/u/s!AmXfeEzR1K_YgR_LigraN-Ixp9wz...
  7. DMP files

    in Windows 10 Installation and Upgrade
    DMP files: Hi, First off, apologies if this isn't the right place to post this, i'm quite confused as to the process. I recently followed this wiki post and ran driver verifier. My system crashed on start up, so I followed procedure and disabled the verifier from safe mode and...
  8. BSOD and uploading dmp files.

    in Windows 10 BSOD Crashes and Debugging
    BSOD and uploading dmp files.: Hello, Since a few weeks I am getting BSODs randomly when I boot or reboot my computer. I have tried reinstalling windows 10 pro (64bit) but the crashes still occur. It is not always when I boot, sometimes it al goes ok. While looking on the web I found the page to use...
  9. BSOD with DMP files attached

    in Windows 10 BSOD Crashes and Debugging
    BSOD with DMP files attached: Hello, I was hoping someone can look at my DMP files and analyze what is causing my computer to crash. I'm am not exactly sure I need to provide more details, because I believe the DMP files are all that is necessarily. The crashes have occurred lately while I was importing...
  10. BSOD/WinDBG setup and DMP file help?

    in Windows 10 BSOD Crashes and Debugging
    BSOD/WinDBG setup and DMP file help?: I have followed the instructions to setup WinDBG in this videolink: Install and configure WinDBG - YouTube I did the setup instructions in this video for windows debugger and have the symbol file path saved. SRV"C:\SymCache"Symbol information I do not have the DMP...