blue screen analyse，Whether a hardware problem or not

Question

************* Preparing the environment for Debugger Extensions Gallery repositories ************** ExtensionRepository : Implicit UseExperimentalFeatureForNugetShare : true AllowNugetExeUpdate : true NonInteractiveNuget : true AllowNugetMSCredentialProviderInstall : true AllowParallelInitializationOfLocalRepositories : true EnableRedirectToChakraJsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27704.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\16265\Desktop\100324-19953-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0xfffff802`19000000 PsLoadedModuleList = 0xfffff802`19c134f0
Debug session time: Thu Oct  3 22:14:53.228 2024 (UTC + 8:00)
System Uptime: 0 days 0:47:32.231
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`002c9018).  Type ".hh dbgerr001" for details
Loading unloaded module list
....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`19416000 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff878e`fbc3dad0=000000000000000a
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000201000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80219281d55, address which referenced memory

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1156

    Key  : Analysis.Elapsed.mSec
    Value: 4129

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 187

    Key  : Analysis.Init.Elapsed.mSec
    Value: 7855

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 92

    Key  : Analysis.Version.DbgEng
    Value: 10.0.27704.1001

    Key  : Analysis.Version.Description
    Value: 10.2408.27.01 amd64fre

    Key  : Analysis.Version.Ext
    Value: 1.2408.27.1

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xa

    Key  : Bugcheck.Code.TargetModel
    Value: 0xa

    Key  : Dump.Attributes.AsUlong
    Value: 1808

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 0

    Key  : Failure.Bucket
    Value: AV_nt!RtlpUnwindPrologue

    Key  : Failure.Hash
    Value: {95440a5f-e24c-ed5b-673e-409517bcf837}

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 1417df84

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 1

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 1

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 1

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 1

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 1

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 1

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 1

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 1

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 21631230

    Key  : Hypervisor.Flags.ValueHex
    Value: 14a10fe

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 1

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 1

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 1

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 1

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 1

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 1

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 1

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 1

    Key  : Hypervisor.RootFlags.Value
    Value: 1015

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 3f7

BUGCHECK_CODE:  a

BUGCHECK_P1: 201000000

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80219281d55

FILE_IN_CAB:  100324-19953-01.dmp

TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x1808
  Kernel Generated Triage Dump

FAULTING_THREAD:  ffffad025f3e2080

READ_ADDRESS: fffff80219d1d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 0000000201000000 

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  DeltaForceClie

DEVICE_OBJECT: ffffad025b670190

TRAP_FRAME:  ffff878efbc3dc10 -- (.trap 0xffff878efbc3dc10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000201000000 rbx=0000000000000000 rcx=0000000000000008
rdx=ffff878efbc3e6b0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80219281d55 rsp=ffff878efbc3dda0 rbp=ffff878efbc3e490
 r8=0000000000000006  r9=fffff802190d1564 r10=0000000000000018
r11=fffff80219000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!RtlpUnwindPrologue+0x165:
fffff802`19281d55 483b10          cmp     rdx,qword ptr [rax] ds:00000002`01000000=????????????????
Resetting default scope

STACK_TEXT:  
ffff878e`fbc3dac8 fffff802`1942bf29     : 00000000`0000000a 00000002`01000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff878e`fbc3dad0 fffff802`19427389     : 00000000`0000000c 00000000`00000000 ffff878e`fbc3e5e8 00000000`0000000e : nt!KiBugCheckDispatch+0x69
ffff878e`fbc3dc10 fffff802`19281d55     : ffff878e`fbc3f430 fffff802`190b63f8 00071e8c`00000000 ffffd481`55a51180 : nt!KiPageFault+0x489
ffff878e`fbc3dda0 fffff802`19281828     : fffff802`19000000 fffff802`19205c62 ffff878e`fbc3e670 fffff802`190d1564 : nt!RtlpUnwindPrologue+0x165
ffff878e`fbc3de70 fffff802`19280254     : 00000000`00000002 00000000`00000013 fffff802`19205c62 fffff802`190d1564 : nt!RtlpxVirtualUnwind+0x108
ffff878e`fbc3df30 fffff802`19205d0e     : 00000000`00000000 00000000`00000001 00000000`00000003 00000000`00000080 : nt!RtlpWalkFrameChain+0x314
ffff878e`fbc3e640 fffff802`19205c62     : 00000000`00000002 ffff878e`fbc3e700 ffff878e`fbc3e6e8 00000000`00000010 : nt!RtlWalkFrameChain+0x6e
ffff878e`fbc3e670 fffff802`1962ed48     : 00000000`00000080 ffff878e`fbc3e769 00000000`00000000 00000000`00000090 : nt!RtlCaptureStackBackTrace+0x42
ffff878e`fbc3e6a0 fffff802`19483bde     : 1a000004`0a1eb867 00000000`00000000 00000000`002af624 00000000`00000000 : nt!MiShowBadMapper+0xac
ffff878e`fbc3e7d0 fffff802`193234a8     : fffffe00`014fb000 ffff878e`fbc3edd0 fffffe00`014faff8 fffffe00`014faff8 : nt!MiDeletePteRun+0x20a47e
ffff878e`fbc3e9c0 fffff802`19223649     : ffff878e`fbc3edd0 fffffe00`014faff8 ffff258e`05eabb16 ffffad02`51c3e780 : nt!MiDeleteVaTail+0x48
ffff878e`fbc3e9f0 fffff802`1922378a     : ffff878e`00000000 ffffad02`51c3e780 fffffe7f`00000000 ffff878e`fbc3ee20 : nt!MiWalkPageTablesRecursively+0x4e9
ffff878e`fbc3ea80 fffff802`1922378a     : ffff878e`fbc3edd0 ffffad02`51c3e780 fffffe7f`00000000 ffff878e`fbc3ee30 : nt!MiWalkPageTablesRecursively+0x62a
ffff878e`fbc3eb10 fffff802`1922378a     : ffff878e`fbc3edd0 ffffad02`51c3e780 fffffe7f`00000000 ffff878e`fbc3ee40 : nt!MiWalkPageTablesRecursively+0x62a
ffff878e`fbc3eba0 fffff802`19223061     : ffffd481`5554e180 ffffad02`51c3e780 00000000`00000000 ffff878e`fbc3ee50 : nt!MiWalkPageTablesRecursively+0x62a
ffff878e`fbc3ec30 fffff802`19324862     : ffff878e`fbc3edd0 00000000`00000001 00000000`00000002 00000000`00000000 : nt!MiWalkPageTables+0x371
ffff878e`fbc3ed30 fffff802`19332eae     : ffffad02`51c3e5d0 ffffad02`5f3e2080 ffff878e`fbc3f0d0 ffffad02`5f3e2780 : nt!MiDeletePagablePteRange+0x3c2
ffff878e`fbc3f040 fffff802`197c8497     : 00000000`00000000 ffffad02`00000001 ffffad02`5feb52a0 ffffad02`51c3e5c8 : nt!MiDeleteVirtualAddresses+0x4e
ffff878e`fbc3f090 fffff802`198b4002     : 00000002`9de90000 00000000`00000000 ffff878e`fbc3f1a0 00000000`00000000 : nt!MiDeleteVad+0x1b7
ffff878e`fbc3f150 fffff802`196a253f     : ffffad02`51c3e100 005c0065`00000008 ffffad02`2010ba60 00000000`00000000 : nt!MiUnmapViewOfSection+0x211a92
ffff878e`fbc3f230 fffff802`196a248c     : ffffad02`5f3e2080 00000000`00000002 00000000`00000000 ffffad02`51c3e100 : nt!NtUnmapViewOfSectionEx+0x9f
ffff878e`fbc3f280 fffff802`1942b605     : 00000000`00000000 ffffad02`5f73d218 00000000`00040246 fffff802`00000000 : nt!NtUnmapViewOfSection+0xc
ffff878e`fbc3f2b0 fffff802`1941baf0     : fffff802`37522312 ffff878e`fbc3f470 fffff802`19227d4b 00000000`5591ffff : nt!KiSystemServiceCopyEnd+0x25
ffff878e`fbc3f448 fffff802`37522312     : ffff878e`fbc3f470 fffff802`19227d4b 00000000`5591ffff 00000000`000000ff : nt!KiServiceLinkage
ffff878e`fbc3f450 ffff878e`fbc3f470     : fffff802`19227d4b 00000000`5591ffff 00000000`000000ff 00000000`c0000001 : ACE_BASE+0x32312
ffff878e`fbc3f458 fffff802`19227d4b     : 00000000`5591ffff 00000000`000000ff 00000000`c0000001 00000002`9de90000 : 0xffff878e`fbc3f470
ffff878e`fbc3f460 00000000`42536f49     : ffffad02`5f73d180 fffff802`197c3590 ffffad02`5b670190 00000000`00000002 : nt!KiSearchForNewThreadsForRescheduleContext+0x13b
ffff878e`fbc3f690 ffffad02`5f73d180     : fffff802`197c3590 ffffad02`5b670190 00000000`00000002 ffffad02`5f73d180 : 0x42536f49
ffff878e`fbc3f698 fffff802`197c3590     : ffffad02`5b670190 00000000`00000002 ffffad02`5f73d180 ffffad02`5f73d180 : 0xffffad02`5f73d180
ffff878e`fbc3f6a0 fffff802`197c1e20     : ffffad02`5b670190 00000000`00000000 ffff878e`fbc3fa05 ffffad02`5f73d180 : nt!IopSynchronousServiceTail+0x1d0
ffff878e`fbc3f750 fffff802`197c1706     : ffffd481`5554e180 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x700
ffff878e`fbc3f940 fffff802`1942b605     : 00000002`9fe90000 00000000`00000000 00000000`00000000 00000000`00000005 : nt!NtDeviceIoControlFile+0x56
ffff878e`fbc3f9b0 00007ffa`b4030214     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000001`2421f6d8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`b4030214

SYMBOL_NAME:  nt!RtlpUnwindPrologue+165

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.22621.4169

STACK_COMMAND:  .process /r /p 0xffffad0251c3e100; .thread 0xffffad025f3e2080 ; kb

BUCKET_ID_FUNC_OFFSET:  165

FAILURE_BUCKET_ID:  AV_nt!RtlpUnwindPrologue

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {95440a5f-e24c-ed5b-673e-409517bcf837}

Followup:     MachineOwner
---------

Answer 1

Hello, yitu1234

Welcome to the Microsoft Community

Thank you for your feedback. I analyzed the blue screen log you provided.

According to the first dump file you provided, the system has an IRQL_NOT_LESS_OR_EQUAL (a), which usually means that a pageable or invalid memory address is accessed at a higher interrupt request level (IRQL) than allowed. It is usually caused by the driver using an incorrect address.

The process name that generated the fault is DeltaForceClie, which indicates that DeltaForceClie is one of the running processes when the crash occurs, but it does not necessarily mean that this process is the root cause of the problem.

The module that generated the fault is ntkrnlmp.exe, which is a Windows kernel module, which usually means that the problem may be related to kernel mode operations or drivers.

Based on the above analysis, you can try the following methods to troubleshoot the error, which may be helpful to you.

Method 1. Run SFC and DISM commands to repair system files

Press Win + X or right-click the Start button and select Command Prompt (Admin) or Windows PowerShell (Admin).

Enter and run the SFC command:

sfc /scannow

This command will scan all protected system files and replace damaged files. This process may take some time, please be patient.

DISM can repair problems in Windows image files and is the next step when SFC cannot repair files.

Continue to use the command prompt with administrator privileges. Enter and run the following commands:

DISM /Online /Cleanup-Image /CheckHealth

DISM /Online /Cleanup-Image /ScanHealth

DISM /Online /Cleanup-Image /RestoreHealth

These commands will check and repair problems in Windows image files. /RestoreHealth may require an Internet connection to download and replace damaged files.

Method 2. Make sure all device drivers are up to date, especially those that interact directly with hardware, such as graphics, network, and storage drivers. Please go to your device manufacturer's official website to download the latest relevant drivers.

Method 3. The blue screen log shows that the system blue screen occurred when running DeltaForce. Please uninstall this program or perform a clean boot, and then test whether the blue screen error still occurs. Please follow the guide in the following link.

How to perform a clean boot in Windows - Microsoft Support

Disclaimer: A "clean boot" starts Windows with a minimal set of drivers and startup programs. It helps determine whether background services are interfering with your game or program and isolate the cause of the problem.

Best regards

Brian - Microsoft Community Support Specialist