Share via

BSOD dump report

Anonymous
2022-11-28T10:52:48+00:00

I was doing routine stuff on my pc and had a BSOD crash for the first time in months. I was analyzing the dump report and got a little confused. Is there a way to find out what "Arg2: fffff80345623fa7, Address of the instruction  which caused the BugCheck" is referring to? Below is a copy of the Windows Debugger tool repot.

Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\112822-10750-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`45400000 PsLoadedModuleList = 0xfffff803`4602a2b0
Debug session time: Mon Nov 28 01:48:51.425 2022 (UTC - 8:00)
System Uptime: 7 days 22:28:33.736
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
............................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`457f92d0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffffb05`caa7fed0=000000000000003b
6: kd> !analyze-v
No export analyze-v found
6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80345623fa7, Address of the instruction which caused the BugCheck
Arg3: fffffb05caa807d0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 7468

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 27171

    Key  : Analysis.IO.Other.Mb
    Value: 14

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 37

    Key  : Analysis.Init.CPU.mSec
    Value: 1484

    Key  : Analysis.Init.Elapsed.mSec
    Value: 35717

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 97

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x3b

    Key  : Bugcheck.Code.Register
    Value: 0x3b

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

FILE_IN_CAB:  112822-10750-01.dmp

BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff80345623fa7

BUGCHECK_P3: fffffb05caa807d0

BUGCHECK_P4: 0

CONTEXT:  fffffb05caa807d0 -- (.cxr 0xfffffb05caa807d0)
rax=0000000000000000 rbx=ffffcd01cf982690 rcx=0000000000000000
rdx=fffff80345400000 rsi=00000000000007d0 rdi=a2e64eada2e64ead
rip=fffff80345623fa7 rsp=fffffb05caa811d0 rbp=0000000000000000
 r8=0000000000000000  r9=fffffb05caa813c0 r10=fffff8034560e370
r11=000000000000004e r12=0000000000000000 r13=0000000000000000
r14=fffffb05caa813c0 r15=0000000000000123
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!ExFreeHeapPool+0xb7:
fffff803`45623fa7 488b5810        mov     rbx,qword ptr [rax+10h] ds:002b:00000000`00000010=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  svchost.exe

STACK_TEXT:  
fffffb05`caa811d0 fffff803`45db5019     : ffffcd01`b8b9e918 fffff803`51b85c7a 00000000`0000009c 01000000`00100000 : nt!ExFreeHeapPool+0xb7
fffffb05`caa812b0 fffff803`51b955b9     : 4a979287`a6893b74 aa8d1db4`7997f3b2 fffffb05`caa814c0 fffffb05`caa81500 : nt!ExFreePool+0x9
fffffb05`caa812e0 4a979287`a6893b74     : aa8d1db4`7997f3b2 fffffb05`caa814c0 fffffb05`caa81500 00000000`00000000 : avgbidsdriver+0x255b9
fffffb05`caa812e8 aa8d1db4`7997f3b2     : fffffb05`caa814c0 fffffb05`caa81500 00000000`00000000 fffff803`51b956ac : 0x4a979287`a6893b74
fffffb05`caa812f0 fffffb05`caa814c0     : fffffb05`caa81500 00000000`00000000 fffff803`51b956ac 00000000`00000000 : 0xaa8d1db4`7997f3b2
fffffb05`caa812f8 fffffb05`caa81500     : 00000000`00000000 fffff803`51b956ac 00000000`00000000 fffffb05`caa81520 : 0xfffffb05`caa814c0
fffffb05`caa81300 00000000`00000000     : fffff803`51b956ac 00000000`00000000 fffffb05`caa81520 00000000`00000a6c : 0xfffffb05`caa81500

SYMBOL_NAME:  avgbidsdriver+255b9

MODULE_NAME: avgbidsdriver

IMAGE_NAME:  avgbidsdriver.sys

STACK_COMMAND:  .cxr 0xfffffb05caa807d0 ; kb

BUCKET_ID_FUNC_OFFSET:  255b9

FAILURE_BUCKET_ID:  AV_avgbidsdriver!unknown_function

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {e13bc2fa-b4bf-2afd-b917-a4aea46e4e24}

Followup:     MachineOwner
---------

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Can't set dump file contexts
MachineInfo::SetContext failed - Thread: 00000192D6B35590  Handle: 7  Id: 7 - Error == 0x8000FFFF

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`45400000 PsLoadedModuleList = 0xfffff803`4602a2b0
Debug session time: Mon Nov 28 01:48:51.425 2022 (UTC - 8:00)
System Uptime: 7 days 22:28:33.736
Loading Kernel Symbols
...............................................................
................................................................
....................Page 61a9 not present in the dump file. Type ".hh dbgerr004" for details
............................................
...
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000bb`1afe1018).  Type ".hh dbgerr001" for details
Loading unloaded module list
............................
nt!KeBugCheckEx:
fffff803`457f92d0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffffb05`caa7fed0=000000000000003b
Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. DaveM121 891.1K Reputation points Independent Advisor
    2022-11-28T11:25:47+00:00

    Hi Greysmdl,

    I am Dave, I will help you with this.

    You printout indicates it is a virtual driver on AVG security that caused the system crash, temporarily uninstall AVG from your PC and test to see if your system is stable.

    If not, please upload any minidump files you have, I will check those to see if they provide any insight into a potential cause of the system crashes.

    Open Windows File Explorer.

    Navigate to C:\Windows\Minidump

    Copy any minidump files onto your Desktop, then zip those up.

    Upload the zip file to the Cloud (OneDrive, DropBox... etc.), then choose to share those and get a share link.

    Then post the link here to the zip file, so we can take a look for you.

    Was this answer helpful?

    0 comments