Share via

I would like to know why happen memory dump in my computer

Carlos Zamora 0 Reputation points
2023-01-19T20:39:51.9233333+00:00

Hello,

I write here to ask for help to know please why happen the memory dumps in my computer.

I used the WinDbg Tool to read memory.dmp file and this is the result:

Loading Dump File [C:\Users\USER\Downloads\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff801`28200000 PsLoadedModuleList = 0xfffff801`28e2a2d0
Debug session time: Thu Jan 19 12:00:35.915 2023 (UTC - 5:00)
System Uptime: 0 days 19:43:26.942
Loading Kernel Symbols
...............................................................
................................................................
....................................................Page 14ee53 not present in the dump file. Type ".hh dbgerr004" for details
............
.........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000003`16824018).  Type ".hh dbgerr001" for details
Loading unloaded module list
.........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`285fa1d0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff10c`1f55d250=0000000000000001
7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
BugCheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 00007ff9ac8ce234, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff10c1f55d480, Call type (0 - system call, 1 - worker routine)

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2109

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 2162

    Key  : Analysis.IO.Other.Mb
    Value: 12

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 24

    Key  : Analysis.Init.CPU.mSec
    Value: 1656

    Key  : Analysis.Init.Elapsed.mSec
    Value: 43379

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 97

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x1

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x1

    Key  : Bugcheck.Code.Register
    Value: 0x1

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


FILE_IN_CAB:  MEMORY.DMP

TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b


BUGCHECK_CODE:  1

BUGCHECK_P1: 7ff9ac8ce234

BUGCHECK_P2: 0

BUGCHECK_P3: ffff

BUGCHECK_P4: fffff10c1f55d480

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  WUDFHost.exe

STACK_TEXT:  
fffff10c`1f55d248 fffff801`2860e229     : 00000000`00000001 00007ff9`ac8ce234 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
fffff10c`1f55d250 fffff801`2860e0df     : ffff9204`1bd87380 fffff10c`1f55d480 00000003`16afdb88 fffff10c`1f55d3a8 : nt!KiBugCheckDispatch+0x69
fffff10c`1f55d390 00007ff9`ac8ce234     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x334
00000003`16afdb68 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`ac8ce234


SYMBOL_NAME:  nt!KiSystemServiceExitPico+334

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  334

FAILURE_BUCKET_ID:  0x1_SysCallNum_8c_nt!KiSystemServiceExitPico

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {d36608be-7cc5-9aa4-6e2f-7c8e35c58edb}

Followup:     MachineOwner
---------
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.