Share via

Windows Debug code help

Anonymous
2023-12-20T05:35:21+00:00

Have a machine that is blue screening after a few minutes powered up.
I am able to get the minidump and this is the WinDBG Files from it.

How do i decipher this and identify the program/driver causing the error

system_thread_exception_not_handled (ndis sys)

************* Preparing the environment for Debugger Extensions Gallery repositories **************

  1. ExtensionRepository : Implicit
  2. UseExperimentalFeatureForNugetShare : true
  3. AllowNugetExeUpdate : true
  4. AllowNugetMSCredentialProviderInstall : true
  5. AllowParallelInitializationOfLocalRepositories : true
  7. -- Configuring repositories
  8. ----> Repository : LocalInstalled, Enabled: true
  9. ----> Repository : UserExtensions, Enabled: true
  11. >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
  13. ************* Waiting for Debugger Extensions Gallery to Initialize **************
  15. >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.015 seconds
  16. ----> Repository : UserExtensions, Enabled: true, Packages count: 0
  17. ----> Repository : LocalInstalled, Enabled: true, Packages count: 36
  19. Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
  20. Copyright (c) Microsoft Corporation. All rights reserved.
  23. Loading Dump File [D:\122023-12906-01.dmp]
  24. Mini Kernel Dump File: Only registers and stack trace are available
  27. ************* Path validation summary **************
  28. Response Time (ms) Location
  29. Deferred srv*
  30. Symbol search path is: srv*
  31. Executable search path is:
  32. Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
  33. Product: LanManNt, suite: TerminalServer SingleUserTS
  34. Edition build lab: 9600.19228.amd64fre.winblue_ltsb.181208-0600
  35. Kernel base = 0xfffff802aa61c000 PsLoadedModuleList = 0xfffff802aa8e05f0
  36. Debug session time: Wed Dec 20 13:27:11.938 2023 (UTC + 11:00)
  37. System Uptime: 0 days 0:06:00.632
  38. Loading Kernel Symbols
  39. ...............................................................
  40. ................................................................
  41. ............................
  42. Loading User Symbols
  44. Loading unloaded module list
  45. .........
  46. For analysis of this file, run !analyze -v
  47. NDIS!ndisCreateStringStreamEntry+0x2f:
  48. fffff801974a556b 66413929 cmp word ptr [r9],bp ds:002b:0000000000000000=????
  49. 6: kd> !analyze -v
  50. *******************************************************************************
  51. * *
  52. * Bugcheck Analysis *
  53. * *
  54. *******************************************************************************
  56. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
  57. This is a very common BugCheck. Usually the exception address pinpoints
  58. the driver/function that caused the problem. Always note this address
  59. as well as the link date of the driver/image that contains this address.
  60. Arguments:
  61. Arg1: ffffffffc0000005, The exception code that was not handled
  62. Arg2: fffff801974a556b, The address that the exception occurred at
  63. Arg3: ffffd00024ef0b08, Exception Record Address
  64. Arg4: ffffd00024ef0320, Context Record Address
  66. Debugging Details:
  70. KEY_VALUES_STRING: 1
  72. Key : AV.Dereference
  73. Value: NullPtr
  75. Key : AV.Fault
  76. Value: Read
  78. Key : Analysis.CPU.mSec
  79. Value: 2109
  81. Key : Analysis.Elapsed.mSec
  82. Value: 12596
  84. Key : Analysis.IO.Other.Mb
  85. Value: 1
  87. Key : Analysis.IO.Read.Mb
  88. Value: 1
  90. Key : Analysis.IO.Write.Mb
  91. Value: 2
  93. Key : Analysis.Init.CPU.mSec
  94. Value: 968
  96. Key : Analysis.Init.Elapsed.mSec
  97. Value: 169374
  99. Key : Analysis.Memory.CommitPeak.Mb
  100. Value: 87
  102. Key : Bugcheck.Code.LegacyAPI
  103. Value: 0x1000007e
  105. Key : Failure.Bucket
  106. Value: AV_NDIS!ndisCreateStringStreamEntry
  108. Key : Failure.Hash
  109. Value: {a6009a6f-0469-bc4c-27f7-a8fa2f293092}
  111. Key : Hypervisor.Enlightenments.Value
  112. Value: 0
  114. Key : Hypervisor.Enlightenments.ValueHex
  115. Value: 0
  117. Key : Hypervisor.Flags.Value
  118. Value: 0
  120. Key : Hypervisor.Flags.ValueHex
  121. Value: 0
  123. Key : WER.OS.Branch
  124. Value: winblue_ltsb
  126. Key : WER.OS.Version
  127. Value: 8.1.9600.19228
  130. BUGCHECK_CODE: 7e
  132. BUGCHECK_P1: ffffffffc0000005
  134. BUGCHECK_P2: fffff801974a556b
  136. BUGCHECK_P3: ffffd00024ef0b08
  138. BUGCHECK_P4: ffffd00024ef0320
  140. FILE_IN_CAB: 122023-12906-01.dmp
  142. EXCEPTION_RECORD: ffffd00024ef0b08 -- (.exr 0xffffd00024ef0b08)
  143. ExceptionAddress: fffff801974a556b (NDIS!ndisCreateStringStreamEntry+0x000000000000002f)
  144. ExceptionCode: c0000005 (Access violation)
  145. ExceptionFlags: 00000000
  146. NumberParameters: 2
  147. Parameter[0]: 0000000000000000
  148. Parameter[1]: 0000000000000000
  149. Attempt to read from address 0000000000000000
  151. CONTEXT: ffffd00024ef0320 -- (.cxr 0xffffd00024ef0320)
  152. rax=ffffd00024ef1010 rbx=0000000000000015 rcx=ffffd00024ef0dc0
  153. rdx=ffffe000bf3eb538 rsi=ffffd00024ef0f00 rdi=ffffd00024ef0dc0
  154. rip=fffff801974a556b rsp=ffffd00024ef0d40 rbp=0000000000000000
  155. r8=ffffd00024ef0f00 r9=0000000000000000 r10=0000000000000000
  156. r11=ffffd00024ef1010 r12=fffff80197492950 r13=ffffe000c7f6b040
  157. r14=ffffe000bf3eb3f0 r15=0000000000000000
  158. iopl=0 nv up ei ng nz na pe nc
  159. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
  160. NDIS!ndisCreateStringStreamEntry+0x2f:
  161. fffff801974a556b 66413929 cmp word ptr [r9],bp ds:002b:0000000000000000=????
  162. Resetting default scope
  164. CUSTOMER_CRASH_COUNT: 1
  166. PROCESS_NAME: System
  168. READ_ADDRESS: GetUlongPtrFromAddress: unable to read from fffff802aa96a310
  169. GetUlongPtrFromAddress: unable to read from fffff802aa96a2b0
  170. GetUlongPtrFromAddress: unable to read from fffff802aa96a530
  171. 0000000000000000
  173. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  175. EXCEPTION_CODE_STR: c0000005
  177. EXCEPTION_PARAMETER1: 0000000000000000
  179. EXCEPTION_PARAMETER2: 0000000000000000
  181. EXCEPTION_STR: 0xc0000005
  183. STACK_TEXT:
  184. ffffd00024ef0d40 fffff801974a5689 : 0000000000000015 0000000000000002 ffffe000bf3eb538 ffffe000bf3e3bd8 : NDIS!ndisCreateStringStreamEntry+0x2f
  185. ffffd00024ef0d70 fffff80197420aa8 : ffffe000bf3eb360 ffffd00024ef1250 fffff80197493e00 ffffd00024ef1250 : NDIS!ndisSqmLogDriverVersion+0xb9
  186. ffffd00024ef1150 fffff802aa677b7f : fffff80197420958 fffff80197493ea8 0000000000000000 fffff802aa8b9480 : NDIS!ndisSqmTimerWorkerRoutine+0x150
  187. ffffd00024ef13d0 fffff802aa6efda2 : 0000000000000000 ffffd00102c40180 0000000000000080 ffffe000be5b0900 : nt!ExpWorkerThread+0x69f
  188. ffffd00024ef1480 fffff802aa763c36 : ffffd00102c40180 ffffe000c7f6b040 ffffd00102c50480 0000000000000000 : nt!PspSystemThreadStartup+0x18a
  189. ffffd00024ef14e0 0000000000000000 : ffffd00024ef2000 ffffd00024eeb000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16
  192. SYMBOL_NAME: NDIS!ndisCreateStringStreamEntry+2f
  194. MODULE_NAME: NDIS
  196. IMAGE_NAME: NDIS.SYS
  198. IMAGE_VERSION: 6.3.9600.19090
  200. STACK_COMMAND: .cxr 0xffffd00024ef0320 ; kb
  202. BUCKET_ID_FUNC_OFFSET: 2f
  204. FAILURE_BUCKET_ID: AV_NDIS!ndisCreateStringStreamEntry
  206. OS_VERSION: 8.1.9600.19228
  208. BUILDLAB_STR: winblue_ltsb
  210. OSPLATFORM_TYPE: x64
  212. OSNAME: Windows 8.1
  214. FAILURE_ID_HASH: {a6009a6f-0469-bc4c-27f7-a8fa2f293092}
  216. Followup: MachineOwner
Windows for business Windows Server Performance System performance

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-12-21T07:44:07+00:00

    Hello

    Thank you for posting in Microsoft Community forum.

    .

    It looks like you're dealing with a system crash caused by a SYSTEM_THREAD_EXCEPTION_NOT_HANDLED error in the NDIS (Network Driver Interface Specification) module (NDIS.SYS). The error details suggest an access violation occurred at memory address fffff801974a556b.

    The exception code c0000005 often indicates an attempt to read or write to a memory location that the system does not have permission to access, potentially due to a null pointer dereference (AV.Dereference: NullPtr). The particular function ndisCreateStringStreamEntry within the NDIS module seems to be implicated in causing this issue.

    To troubleshoot this error:

    Driver Issues: Given that NDIS.SYS is a network-related driver, outdated or incompatible network drivers could be the root cause. Consider updating or reinstalling your network drivers.

    Memory Corruption: Check if there's any faulty RAM by running memory diagnostics tools. Faulty RAM can cause access violations like the one you're experiencing.

    System File Corruption: Conduct a system file check using the sfc /scannow command in the Command Prompt to verify and repair corrupted system files.

    Windows Updates: Ensure your system is fully updated. Sometimes, Microsoft releases patches or fixes that can address such issues.

    Third-Party Software: If the crash started occurring after installing new software, try uninstalling it to see if that resolves the problem.

    Best Regards,

    Wesley Li

    0 comments