Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
After running procmon to convert a boot log (/ConvertBootLog) with command line, the process crashed.
I have the dump, though not sure where to upload it to. I'll post the output of "analyze -v", though I don't have symbols so it's net very helpful as it is...
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Execute
Key : Analysis.CPU.mSec
Value: 1530
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 1573
Key : Analysis.Init.CPU.mSec
Value: 546
Key : Analysis.Init.Elapsed.mSec
Value: 9634
Key : Analysis.Memory.CommitPeak.Mb
Value: 72
Key : Timeline.OS.Boot.DeltaSec
Value: 44
Key : Timeline.Process.Start.DeltaSec
Value: 11
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
Key : WER.Process.Version
Value: 3.83.0.0
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
rax=0000000000000000 rbx=00007ff7fa30bb08 rcx=0000000000002000
rdx=00000000000d0000 rsi=00007ff7fa30a2f0 rdi=0000000000000300
rip=0000000000000000 rsp=000000ee03d0a4c8 rbp=0000000000000300
r8=000000000000000d r9=0000000000000029 r10=0000000000000000
r11=0000020000000000 r12=0000000000000000 r13=0000000000000000
r14=000000ee03d0a5a0 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
00000000`00000000 ?? ???
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000
PROCESS_NAME: Procmon64.exe
EXECUTE_ADDRESS: 0
FAILED_INSTRUCTION_ADDRESS:
+0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
STACK_TEXT:
000000ee`03d0a4c8 00007ff7`fa280029 : 00000000`00000000 00000000`00000000 00000000`0000014c 00000000`00008664 : 0x0
000000ee`03d0a4d0 00007ff7`fa27e2c7 : 000002c5`00000001 000002c5`ef970000 00000000`00000000 00000000`00002000 : Procmon64+0xb0029
000000ee`03d0a560 00007ff7`fa258c22 : 000002c5`edcb7710 000000ee`03d0aaa8 000000ee`03d0aaa8 000002c5`ef8e1480 : Procmon64+0xae2c7
000000ee`03d0aa60 00007ff7`fa25551e : 000002c5`ef935d90 000002c5`ef8b4850 00007ff7`fa30a2f0 00000000`00000000 : Procmon64+0x88c22
000000ee`03d0ab10 00007ff7`fa246073 : 000000ee`03d268d0 000002c5`edcb7150 00007ff7`fa30a200 000002c5`ef8decd0 : Procmon64+0x8551e
000000ee`03d0aba0 00007ff7`fa1fe573 : 000000ee`03d268d0 000000ee`03d0aca9 000000ee`03d0aca9 00007ff7`fa30a2f0 : Procmon64+0x76073
000000ee`03d0abf0 00007ff7`fa24625b : 000000ee`03d268d0 00007ffc`00000000 00000000`2a0bd041 00000000`00000000 : Procmon64+0x2e573
000000ee`03d0ad10 00007ff7`fa245b96 : 00000000`ffffffbc 00000000`ffffffbc 00000000`00000000 00000000`0001ba4c : Procmon64+0x7625b
000000ee`03d0ada0 00007ff7`fa260b2c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : Procmon64+0x75b96
000000ee`03d2aee0 00007ff7`fa26d688 : 00000000`00000000 00000000`00000000 00000000`00000000 000002c5`edca0950 : Procmon64+0x90b2c
000000ee`03d2b220 00007ff7`fa282d86 : 00000000`00000000 00000000`0000000a 00000000`00000000 00000000`00000000 : Procmon64+0x9d688
000000ee`03d2fc90 00007ffc`88c77034 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Procmon64+0xb2d86
000000ee`03d2fcd0 00007ffc`8ac42651 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000ee`03d2fd00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
SYMBOL_NAME: procmon64+b0029
MODULE_NAME: Procmon64
IMAGE_NAME: Procmon64.exe
STACK_COMMAND: ~0s ; .ecxr ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_Procmon64.exe!Unknown
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 3.83.0.0
FAILURE_ID_HASH: {2f2936a6-c982-fea1-63ce-aa38b7573309}
Followup: MachineOwner
---------