Share via

random crashes

Anonymous
2023-12-30T03:15:01+00:00

i do not get a blue screen, screens just go black and computer restarts. usually happens while playing games.

event viewer shows

The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ef (0xffff90043c82a080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: e5dd5862-3fdc-4191-8d80-2124e275e1c4.

this is what i get viewing the dump file with windbg

************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : false
   AllowNugetExeUpdate : false
   AllowNugetMSCredentialProviderInstall : false
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25877.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff803`3a200000 PsLoadedModuleList = 0xfffff803`3ae2a770
Debug session time: Fri Dec 29 19:31:05.169 2023 (UTC - 6:00)
System Uptime: 0 days 19:35:26.814
Loading Kernel Symbols
...............................................................
................................................................
...........................Page 283dda not present in the dump file. Type ".hh dbgerr004" for details
.....................................
..................
Loading User Symbols
..............................................................
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`3a5fd6f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff602`c322ec10=00000000000000ef

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Can't set dump file contexts
MachineInfo::SetContext failed - Thread: 0000026491B20970  Handle: b  Id: b - Error == 0x8000FFFF

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff803`3a200000 PsLoadedModuleList = 0xfffff803`3ae2a770
Debug session time: Fri Dec 29 19:31:05.169 2023 (UTC - 6:00)
System Uptime: 0 days 19:35:26.814
Loading Kernel Symbols
...............................................................
................................................................
...........................Page 283dda not present in the dump file. Type ".hh dbgerr004" for details
.....................................
..................
Loading User Symbols
..............................................................
Loading unloaded module list
.....................
nt!KeBugCheckEx:
fffff803`3a5fd6f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff602`c322ec10=00000000000000ef

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Can't set dump file contexts
MachineInfo::SetContext failed - Thread: 000002649CDE1DE0  Handle: b  Id: b - Error == 0x8000FFFF

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff803`3a200000 PsLoadedModuleList = 0xfffff803`3ae2a770
Debug session time: Fri Dec 29 19:31:05.169 2023 (UTC - 6:00)
System Uptime: 0 days 19:35:26.814
Loading Kernel Symbols
...............................................................
................................................................
...........................Page 283dda not present in the dump file. Type ".hh dbgerr004" for details
.....................................
..................
Loading User Symbols
..............................................................
Loading unloaded module list
.....................
nt!KeBugCheckEx:
fffff803`3a5fd6f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff602`c322ec10=00000000000000ef
||2:10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: ffff90043c82a080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000

Debugging Details:
------------------

Page 283dda not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 4140

    Key  : Analysis.Elapsed.mSec
    Value: 4193

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 1

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 1296

    Key  : Analysis.Init.Elapsed.mSec
    Value: 10037

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 198

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0xef

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xef

    Key  : CriticalProcessDied.ExceptionCode
    Value: 3c896080

    Key  : CriticalProcessDied.Process
    Value: svchost.exe

    Key  : Failure.Bucket
    Value: 0xEF_svchost.exe_LocalServiceNoNetworkFirewall_BUGCHECK_CRITICAL_PROCESS_3c896080_ntdll!RtlpHpAllocWithExceptionProtection$filt$0

    Key  : Failure.Hash
    Value: {cf443853-89ca-77f5-8109-f31ae12321b0}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 16908288

    Key  : Hypervisor.Flags.ValueHex
    Value: 1020000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  ef

BUGCHECK_P1: ffff90043c82a080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

FILE_IN_CAB:  MEMORY.DMP

PROCESS_NAME:  svchost.exe

CRITICAL_PROCESS:  svchost.exe

EXCEPTION_RECORD:  ffff90043c82a7c0 -- (.exr 0xffff90043c82a7c0)
ExceptionAddress: 0000000000000000
   ExceptionCode: 00000000
  ExceptionFlags: 00000000
NumberParameters: 0

ERROR_CODE: (NTSTATUS) 0x3c896080 - <Unable to get error code text>

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

EXCEPTION_STR:  0x0

TRAP_FRAME:  ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000

STACK_TEXT:  
fffff602`c322ec08 fffff803`3ab0d6d2     : 00000000`000000ef ffff9004`3c82a080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff602`c322ec10 fffff803`3aa19207     : 00000000`00000001 fffff803`3a4b8c11 00000000`00000002 fffff803`3a4b8b3b : nt!PspCatchCriticalBreak+0x10e
fffff602`c322ecb0 fffff803`3a883420     : ffff9004`00000000 00000000`00000000 ffff9004`3c82a080 ffff9004`3c82a4b8 : nt!PspTerminateAllThreads+0x175f6b
fffff602`c322ed20 fffff803`3a88321c     : ffff9004`3c82a080 00000000`00000001 ffffffff`ffffffff 00000000`00000000 : nt!PspTerminateProcess+0xe0
fffff602`c322ed60 fffff803`3a611235     : ffff9004`3c82a080 ffff9004`3c896080 fffff602`c322ee50 fffff803`3a932672 : nt!NtTerminateProcess+0x9c
fffff602`c322edd0 fffff803`3a6023d0     : fffff803`3a67a7f5 fffff602`c322f958 fffff602`c322f958 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x25
fffff602`c322ef68 fffff803`3a67a7f5     : fffff602`c322f958 fffff602`c322f958 ffffffff`ffffffff 00000000`00000000 : nt!KiServiceLinkage
fffff602`c322ef70 fffff803`3a612024     : ffff9004`3c82a7c0 fffff803`3a4269c6 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x141485
fffff602`c322f820 fffff803`3a60ff9d     : 00007fff`ef157afb fffff602`c322fa80 00007fff`ef157afb ffff9004`00000000 : nt!KiFastFailDispatch+0xe4
fffff602`c322fa00 00007fff`ef1f4ff8     : 00000047`8be7e388 00000047`8be7e3c8 00007fff`ef17c282 00000000`00000001 : nt!KiRaiseSecurityCheckFailure+0x31d
00000047`8be7e320 00007fff`ef1dca06     : 00007fff`ef2c3878 00007fff`ef150000 00000047`8be7e430 00007fff`ef180e7b : ntdll!RtlpHpAllocWithExceptionProtection$filt$0+0x38
00000047`8be7e350 00007fff`ef1f23af     : 00000000`00000000 00000047`8be7e930 00000047`8be7eff0 00000000`00000000 : ntdll!_C_specific_handler+0x96
00000047`8be7e3c0 00007fff`ef1a14b4     : 00000000`00000000 00000047`8be7e930 00000047`8be7eff0 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
00000047`8be7e3f0 00007fff`ef1f0ebe     : 000001a8`385e62a0 00007fff`eef80000 000001a8`385e503e 00007fff`eefd6e4a : ntdll!RtlDispatchException+0x244
00000047`8be7eb00 00007fff`ef17cf80     : 00000000`00000000 00000000`00001d20 00000000`00000007 00007fff`ef1523e5 : ntdll!KiUserExceptionDispatch+0x2e
00000047`8be7f2a0 00007fff`ef17ae20     : 000001a8`370f0340 000001a8`370f3f80 00000000`00000001 00007fff`00000278 : ntdll!RtlpHpLfhSlotAllocate+0xcd0
00000047`8be7f380 00007fff`ef157afb     : 00000000`00000008 00000000`00000278 000001a8`370f0000 00000000`00000001 : ntdll!RtlpAllocateHeapInternal+0x400
00000047`8be7f490 00007fff`ef17c282     : 00000000`00000000 00000000`000000f8 00000047`8be7f5a0 00000000`00000000 : ntdll!RtlpHpTagAllocateHeap+0x47
00000047`8be7f4c0 00007fff`eefd63a4     : 00000000`00000000 00000047`8be7f5a0 00000047`8be7f580 00007fff`ef157bf3 : ntdll!RtlpHpAllocWithExceptionProtection+0x12
00000047`8be7f520 00007fff`dd8659b7     : 000001a8`389acb00 00000000`00000000 00007fff`dd86f990 00000000`00000000 : RPCRT4!MesDecodeBufferHandleCreate+0x74
00000047`8be7f580 00007fff`dd864e74     : 00000000`00000000 000001a8`389718a0 000001a8`389acb00 000001a8`389718a0 : bfe!WfpMidlObjectDecode+0x47
00000047`8be7f5d0 00007fff`dd864cb3     : 00000000`00000000 00000000`000ddfac 00000047`8be7f7c8 00000000`000000f8 : bfe!WfpMidlObjectCopy+0x50
00000047`8be7f610 00007fff`dd864c5b     : 00000047`8be7f710 00007fff`ecbe507d 000001a8`37bcb9c0 00000047`8be7f710 : bfe!BfeNotifyCopy+0x1f
00000047`8be7f640 00007fff`dd864b7a     : 000001a8`37bcb9c0 00000047`8be7f710 000001a8`38971890 00000047`8be7f7c8 : bfe!BfeNotifyEntryCreate+0x57
00000047`8be7f680 00007fff`dd864de4     : 00000000`00000000 000001a8`37bcb898 00000001`00000258 00000047`8be7f7c8 : bfe!BfeNotifyOneWay+0x3e
00000047`8be7f6b0 00007fff`dd8627e7     : 000001a8`37bd0440 00000047`8be7f7c8 00000000`00000000 000001a8`37b03500 : bfe!BfeNetEventNotify+0x114
00000047`8be7f730 00007fff`dd868457     : 00000047`8be7f7c8 00000000`00000001 00000000`00000001 000001a8`3727d4f0 : bfe!BfeNetEventCallback+0x47
00000047`8be7f770 00007fff`eeee386b     : 000001a8`372c04d0 000001a8`372c04d0 000001a8`3727c8c0 000001a8`3727c8c0 : bfe!BfeNetEventRealTimeCallback+0xd7
00000047`8be7f9f0 00007fff`eeee369f     : 000001a8`3727c8c0 00000000`00000000 00000000`00000000 7fffffff`ffffffff : sechost!EtwpLoadEventTrigger+0x15b
00000047`8be7fb00 00007fff`eeeeb8ea     : 00000000`00000000 00000000`00000000 000001a8`3727c8c0 00000000`00000000 : sechost!EtwpProcessRealTimeTraces+0xc7
00000047`8be7fb60 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ProcessTrace+0x18a

SYMBOL_NAME:  ntdll!RtlpHpAllocWithExceptionProtection$filt$0+38

MODULE_NAME: ntdll

IMAGE_NAME:  ntdll.dll

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  38

FAILURE_BUCKET_ID:  0xEF_svchost.exe_LocalServiceNoNetworkFirewall_BUGCHECK_CRITICAL_PROCESS_3c896080_ntdll!RtlpHpAllocWithExceptionProtection$filt$0

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {cf443853-89ca-77f5-8109-f31ae12321b0}

Followup:     MachineOwner
---------
Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lester Bernard Reyes 82,025 Reputation points Independent Advisor
    2023-12-31T03:54:52+00:00

    Hi, thank you for that information, can you use CMD as administrator instead of Powershell? if the issue persists, kindly proceed to the next step provided.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2023-12-30T05:19:05+00:00

    when i enter regsvr32.exe /u ntdll.dll in power shell (admin) I receive this pop up

    "the module "ntdll.dll" was loaded but the entry-point DIIUnregisterserver was not found.

    make sure that "ntdll.dll is a valid DLL or OCX file then try again."

    Was this answer helpful?

    0 comments
  3. Lester Bernard Reyes 82,025 Reputation points Independent Advisor
    2023-12-30T04:47:01+00:00

    Hi Patrick, thanks for reaching out. My name is Bernard a Windows fan like you. I'll be happy to help you out today.

    I understand the issue you have, there is nothing to worry I am here to help, as per checking and analyzing the DMP logs, there is an error ntdll.dll, this is a system file that might be corrupted which is causing the issue, and for us to sort out the issue, kindly follow the steps below:

    Method 1. Reinstall ntdll.dll.

    Open Powershell with Admin or CMD with Admin, Press Windows key + X then click Windows Powershell(Admin) or Command prompt (admin)

    Copy each line of command to Powershell then press enter (one line at a time)

    regsvr32.exe /u ntdll.dll

    regsvr32.exe ntdll.dll

    Method 2. Run system file checker.

    On Powershell(admin), copy, paste, and enter each command below:

    sfc /scannow

    Dism /Online /Cleanup-Image /CheckHealth

    Dism /Online /Cleanup-Image /ScanHealth

    DISM /Online /Cleanup-Image /RestoreHealth

    Once done restart the PC and check.

    Note: If the issue persists, we will run a system repair on the PC.

    Let me know how it goes and I hope that helps.

    Bernard

    Was this answer helpful?

    0 comments