Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
procmon64.exe crashed
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 18%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bugale Bugale
1
Reputation point
After running procmon to convert a boot log (/ConvertBootLog) with command line, the process crashed.
I have the dump, though not sure where to upload it to. I'll post the output of "analyze -v", though I don't have symbols so it's net very helpful as it is...
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Execute
Key : Analysis.CPU.mSec
Value: 1530
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 1573
Key : Analysis.Init.CPU.mSec
Value: 546
Key : Analysis.Init.Elapsed.mSec
Value: 9634
Key : Analysis.Memory.CommitPeak.Mb
Value: 72
Key : Timeline.OS.Boot.DeltaSec
Value: 44
Key : Timeline.Process.Start.DeltaSec
Value: 11
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
Key : WER.Process.Version
Value: 3.83.0.0
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
rax=0000000000000000 rbx=00007ff7fa30bb08 rcx=0000000000002000
rdx=00000000000d0000 rsi=00007ff7fa30a2f0 rdi=0000000000000300
rip=0000000000000000 rsp=000000ee03d0a4c8 rbp=0000000000000300
r8=000000000000000d r9=0000000000000029 r10=0000000000000000
r11=0000020000000000 r12=0000000000000000 r13=0000000000000000
r14=000000ee03d0a5a0 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
00000000`00000000 ?? ???
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000
PROCESS_NAME: Procmon64.exe
EXECUTE_ADDRESS: 0
FAILED_INSTRUCTION_ADDRESS:
+0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
STACK_TEXT:
000000ee`03d0a4c8 00007ff7`fa280029 : 00000000`00000000 00000000`00000000 00000000`0000014c 00000000`00008664 : 0x0
000000ee`03d0a4d0 00007ff7`fa27e2c7 : 000002c5`00000001 000002c5`ef970000 00000000`00000000 00000000`00002000 : Procmon64+0xb0029
000000ee`03d0a560 00007ff7`fa258c22 : 000002c5`edcb7710 000000ee`03d0aaa8 000000ee`03d0aaa8 000002c5`ef8e1480 : Procmon64+0xae2c7
000000ee`03d0aa60 00007ff7`fa25551e : 000002c5`ef935d90 000002c5`ef8b4850 00007ff7`fa30a2f0 00000000`00000000 : Procmon64+0x88c22
000000ee`03d0ab10 00007ff7`fa246073 : 000000ee`03d268d0 000002c5`edcb7150 00007ff7`fa30a200 000002c5`ef8decd0 : Procmon64+0x8551e
000000ee`03d0aba0 00007ff7`fa1fe573 : 000000ee`03d268d0 000000ee`03d0aca9 000000ee`03d0aca9 00007ff7`fa30a2f0 : Procmon64+0x76073
000000ee`03d0abf0 00007ff7`fa24625b : 000000ee`03d268d0 00007ffc`00000000 00000000`2a0bd041 00000000`00000000 : Procmon64+0x2e573
000000ee`03d0ad10 00007ff7`fa245b96 : 00000000`ffffffbc 00000000`ffffffbc 00000000`00000000 00000000`0001ba4c : Procmon64+0x7625b
000000ee`03d0ada0 00007ff7`fa260b2c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : Procmon64+0x75b96
000000ee`03d2aee0 00007ff7`fa26d688 : 00000000`00000000 00000000`00000000 00000000`00000000 000002c5`edca0950 : Procmon64+0x90b2c
000000ee`03d2b220 00007ff7`fa282d86 : 00000000`00000000 00000000`0000000a 00000000`00000000 00000000`00000000 : Procmon64+0x9d688
000000ee`03d2fc90 00007ffc`88c77034 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Procmon64+0xb2d86
000000ee`03d2fcd0 00007ffc`8ac42651 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000ee`03d2fd00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
SYMBOL_NAME: procmon64+b0029
MODULE_NAME: Procmon64
IMAGE_NAME: Procmon64.exe
STACK_COMMAND: ~0s ; .ecxr ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000005_Procmon64.exe!Unknown
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 3.83.0.0
FAILURE_ID_HASH: {2f2936a6-c982-fea1-63ce-aa38b7573309}
Followup: MachineOwner
---------
Sysinternals