Share via

BSOD error. Please help

Anonymous
2023-05-30T16:31:56+00:00

Running Certutil -delstore ROOT "RootCertName" causes BSOD

FRom windbg

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8053611f745, Address of the instruction which caused the BugCheck
Arg3: fffffd01e975dbd0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

"C:\WINDOWS\System32\KERNELBASE.dll" was not found in the image list.
Debugger will attempt to load "C:\WINDOWS\System32\KERNELBASE.dll" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
DbsSplayTreeRangeMap::Add: Conflicting region 00000000`002b0000 - 00000000`002b05ff
Unable to map C:\WINDOWS\System32\KERNELBASE.dll region at 00000000`002b0000, NTSTATUS 0xC0000018
*** WARNING: Unable to verify timestamp for KERNELBASE.dll
*** ERROR: Module load completed but symbols could not be loaded for KERNELBASE.dll
Unable to add module at 00000000`00000000

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 5749

    Key  : Analysis.Elapsed.mSec
    Value: 6402

    Key  : Analysis.IO.Other.Mb
    Value: 8

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 27

    Key  : Analysis.Init.CPU.mSec
    Value: 2358

    Key  : Analysis.Init.Elapsed.mSec
    Value: 44535

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 110

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x3b

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x3b

    Key  : Failure.Bucket
    Value: AV_ctifile!unknown_function

    Key  : Failure.Hash
    Value: {dc6105b6-ed1f-ca47-f274-fca557dbb1ec}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 16908288

    Key  : Hypervisor.Flags.ValueHex
    Value: 1020000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff8053611f745

BUGCHECK_P3: fffffd01e975dbd0

BUGCHECK_P4: 0

FILE_IN_CAB:  MEMORY.DMP

CONTEXT:  fffffd01e975dbd0 -- (.cxr 0xfffffd01e975dbd0)
rax=0000000000000000 rbx=ffffd10672c7ea10 rcx=ffff800ac1014930
rdx=ffffd1066f6a6390 rsi=ffffd106a92b20d0 rdi=ffff800ac1014930
rip=fffff8053611f745 rsp=fffffd01e975e5d0 rbp=fffffd01e975e700
 r8=0000000000000196  r9=fffffd01e975e600 r10=fffff8053067a0d0
r11=0000000000000000 r12=ffffd106751299a0 r13=ffffd10672c7ea10
r14=0000000000000000 r15=ffffd10664cc81d0
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
ctifile+0x11f745:
fffff805`3611f745 488b00          mov     rax,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  certutil.exe

STACK_TEXT:  
fffffd01`e975e5d0 fffff805`36124d34     : ffff800a`c10148c0 fffffd01`e975e730 ffff800a`b9c95000 ffff800a`c10148c0 : ctifile+0x11f745
fffffd01`e975e630 fffff805`36211208     : ffffd106`a92b20d0 00000000`00000001 ffffd106`72c7ea10 fffff805`36212264 : ctifile+0x124d34
fffffd01`e975e7d0 fffff805`36211522     : 00000000`00000004 ffffd106`66095c18 ffffd106`72c7ea10 00000000`00000150 : ctifile+0x211208
fffffd01`e975e820 fffff805`3620ee57     : fffff805`362c0201 ffffd106`a92b2000 fffffd01`e975e901 ffffd106`00000134 : ctifile+0x211522
fffffd01`e975e8c0 fffff805`3615e6cd     : ffffd106`55738900 ffffd106`a92b20d0 ffffd106`55738960 00000000`00000000 : ctifile+0x20ee57
fffffd01`e975ea10 fffff805`3615d9fe     : fffffd01`e975ec38 00000000`00004000 ffff800a`c6c8a3a0 ffffd106`51f8d670 : ctifile+0x15e6cd
fffffd01`e975eb80 fffff805`3614d45a     : fffffd01`e975ec68 fffffd01`e975ed20 00000000`00004000 ffff800a`c6c8a3a0 : ctifile+0x15d9fe
fffffd01`e975ebf0 fffff805`361c71eb     : fffffd01`e9759000 fffffd01`e975ed20 00000000`00004000 00000000`00000000 : ctifile+0x14d45a
fffffd01`e975ec60 fffff805`3614c02d     : ffff800a`c10148c0 fffffd01`e975ed80 ffff800a`f8fb2d30 ffff800a`b9c95010 : ctifile+0x1c71eb
fffffd01`e975ecf0 fffff805`3614d72a     : ffff800a`f8fb2d30 fffffd01`e975f158 ffffd106`6e85c308 00000001`00000000 : ctifile+0x14c02d
fffffd01`e975ed60 fffff805`36151877     : ffff800a`c6c8a3a0 fffffd01`e975eed0 00000000`00000000 00000000`00000000 : ctifile+0x14d72a
fffffd01`e975edd0 fffff805`2fa05b47     : 00000000`00000000 fffff805`306a07fb ffffd106`6601c080 ffffd106`6e85c220 : ctifile+0x151877
fffffd01`e975f110 fffff805`2fa0541b     : ffffd106`6e85c200 fffff805`2fa37e00 00000000`00000000 00000000`00000000 : FLTMGR!FltpPerformPostCallbacksWorker+0x347
fffffd01`e975f1e0 fffff805`2fa07162     : fffffd01`e9759000 fffffd01`e9760000 00000000`00000000 fffff805`2fa1c490 : FLTMGR!FltpPassThroughCompletionWorker+0xfb
fffffd01`e975f280 fffff805`2fa39f54     : fffffd01`e975f330 ffffd106`657d5868 ffffd106`518c0d20 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x322
fffffd01`e975f2f0 fffff805`306954d5     : 00000000`00000000 ffffd106`519acb80 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
fffffd01`e975f3a0 fffff805`30696ad4     : ffffd106`6601c530 fffff805`3085f34d ffffd106`6601c608 fffffd01`e975f6a0 : nt!IofCallDriver+0x55
fffffd01`e975f3e0 fffff805`30aa775d     : ffffd106`519acb80 ffffd106`519acb80 ffffd106`657d58a8 ffffd106`00000000 : nt!IoCallDriverWithTracing+0x34
fffffd01`e975f430 fffff805`30a8f68e     : ffffd106`519acb80 00000000`000000cb ffffd106`632e8010 ffffd106`632e8001 : nt!IopParseDevice+0x117d
fffffd01`e975f5a0 fffff805`30aba3da     : ffffd106`632e8000 fffffd01`e975f808 00000000`00000040 ffffd106`478f9e80 : nt!ObpLookupObjectName+0x3fe
fffffd01`e975f770 fffff805`30ac999f     : fffffd01`00000000 00000000`02bde8d0 00000000`00000000 00000000`00000001 : nt!ObOpenObjectByNameEx+0x1fa
fffffd01`e975f8a0 fffff805`30ac9579     : 00000000`02bde000 00000000`00000000 00000000`02bde8d0 00000000`02bde018 : nt!IopCreateFile+0x40f
fffffd01`e975f940 fffff805`3080d8f5     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x79
fffffd01`e975f9d0 00007ff8`9768db64     : 00007ff8`962773f6 00000000`02d13000 00000000`00000000 00000000`02e3f1a0 : nt!KiSystemServiceCopyEnd+0x25
00000000`02bddf88 00007ff8`962773f6     : 00000000`02d13000 00000000`00000000 00000000`02e3f1a0 00000000`02d15000 : ntdll!NtCreateFile+0x14
00000000`02bddf90 00007ff8`9627901a     : 00000000`02e3f1a4 00000000`00000000 00000000`00000000 00007ff8`00400060 : wow64!whNtCreateFile+0x106
00000000`02bde070 00000000`772f17c3     : 00000023`773730dc 00007ff8`96270023 00000000`00000000 00000000`02e3f980 : wow64!Wow64SystemServiceEx+0x15a
00000000`02bde930 00000000`772f11b9     : 00000000`02e3fc70 00007ff8`962739b4 00000000`02bdea00 00007ff8`96273aaf : wow64cpu!ServiceNoTurbo+0xb
00000000`02bde9e0 00007ff8`962738c9     : 00000000`02d12000 00000000`002b00f8 00000000`00000000 00000000`02bdf240 : wow64cpu!BTCpuSimulate+0x9
00000000`02bdea20 00007ff8`962732bd     : 00000000`00000000 00000000`02eb2be8 00000000`00000000 00000000`00000000 : wow64!RunCpuSimulation+0xd
00000000`02bdea50 00007ff8`976c39e7     : 00007ff8`97715a10 00007ff8`97715a10 00007ff8`97715900 00000000`00000010 : wow64!Wow64LdrpInitialize+0x12d
00000000`02bded00 00007ff8`97664deb     : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000001 : ntdll!LdrpInitializeProcess+0x1ae7
00000000`02bdf120 00007ff8`97664c73     : 00000000`00000000 00007ff8`975f0000 00000000`00000000 00000000`02d13000 : ntdll!LdrpInitialize+0x15f
00000000`02bdf1c0 00007ff8`97664c1e     : 00000000`02bdf240 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrpInitialize+0x3b
00000000`02bdf1f0 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe

SYMBOL_NAME:  ctifile+11f745

MODULE_NAME: ctifile

IMAGE_NAME:  ctifile.sys

STACK_COMMAND:  .cxr 0xfffffd01e975dbd0 ; kb

BUCKET_ID_FUNC_OFFSET:  11f745

FAILURE_BUCKET_ID:  AV_ctifile!unknown_function

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {dc6105b6-ed1f-ca47-f274-fca557dbb1ec}
Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-05-31T07:41:31+00:00

    Hello FlowerPower_PM

    Welcome to Microsoft Community.

    Based on your current behaviour it seems that running Certutil -delstore ROOT "RootCertName" is causing the BSOD to appear. If you are experiencing a stop code SYSTEM_SERVICE_EXCEPTION (3b) in Windows 10, it may have multiple causes, although an incorrect driver is one of the common cases. For more information on this error code, please refer to the following article:

    Bug Check 0x3B SYSTEM_SERVICE_EXCEPTION - Windows drivers | Microsoft Learn

    The error code 0xc0000005 indicates an access violation exception, which means that a process attempted to access a memory location it was not allowed to access.

    The specific cause of the error is related to the process executing the function, which results in an access violation. It appears that the module is involved in the crash, but it's not found in the image list. **** Certutil.exe **** is a command line program that is installed as part of the Certificate Service.

    To better assist you, could you please describe more specifically about this issue:

    1. Whether the current Windows being configured with trusted root and disallowed certificates in Windows? If so, could you please you ensure that it is a valid root certificate name and that there are no dependencies or system critical files associated with it.
    2. Whether your Windows currently running any virtual platform or Windows sandbox. If convenient, could you please provide if there was any software installed on the system at the time of the problem.

    From the report, it appears that the BSOD is caused by cifile.sys. It contains the message "C:\WINDOWS\System32\KERNELBASE.dll" was not found in the image list. This may contain a reference to a 64-bit dll in the project, but to be compiled to X86 and running on a 32-bit system, which would cause an error. If so, try referencing the driver validation program mentioned in the previous article and see if incompatible drivers and programs are causing this problem.

    Please feel free to let me know how it goes.

    Best regards,

    Chandy |Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments