procmon64.exe crashed

Bugale Bugale 1 Reputation point
2021-07-29T19:20:27.78+00:00

After running procmon to convert a boot log (/ConvertBootLog) with command line, the process crashed.
I have the dump, though not sure where to upload it to. I'll post the output of "analyze -v", though I don't have symbols so it's net very helpful as it is...
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Execute

    Key  : Analysis.CPU.mSec
    Value: 1530

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 1573

    Key  : Analysis.Init.CPU.mSec
    Value: 546

    Key  : Analysis.Init.Elapsed.mSec
    Value: 9634

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 72

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 44

    Key  : Timeline.Process.Start.DeltaSec
    Value: 11

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

    Key  : WER.Process.Version
    Value: 3.83.0.0


NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  (.ecxr)
rax=0000000000000000 rbx=00007ff7fa30bb08 rcx=0000000000002000
rdx=00000000000d0000 rsi=00007ff7fa30a2f0 rdi=0000000000000300
rip=0000000000000000 rsp=000000ee03d0a4c8 rbp=0000000000000300
 r8=000000000000000d  r9=0000000000000029 r10=0000000000000000
r11=0000020000000000 r12=0000000000000000 r13=0000000000000000
r14=000000ee03d0a5a0 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
00000000`00000000 ??              ???
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 0000000000000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000

PROCESS_NAME:  Procmon64.exe

EXECUTE_ADDRESS: 0

FAILED_INSTRUCTION_ADDRESS: 
+0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000008

EXCEPTION_PARAMETER2:  0000000000000000

STACK_TEXT:  
000000ee`03d0a4c8 00007ff7`fa280029     : 00000000`00000000 00000000`00000000 00000000`0000014c 00000000`00008664 : 0x0
000000ee`03d0a4d0 00007ff7`fa27e2c7     : 000002c5`00000001 000002c5`ef970000 00000000`00000000 00000000`00002000 : Procmon64+0xb0029
000000ee`03d0a560 00007ff7`fa258c22     : 000002c5`edcb7710 000000ee`03d0aaa8 000000ee`03d0aaa8 000002c5`ef8e1480 : Procmon64+0xae2c7
000000ee`03d0aa60 00007ff7`fa25551e     : 000002c5`ef935d90 000002c5`ef8b4850 00007ff7`fa30a2f0 00000000`00000000 : Procmon64+0x88c22
000000ee`03d0ab10 00007ff7`fa246073     : 000000ee`03d268d0 000002c5`edcb7150 00007ff7`fa30a200 000002c5`ef8decd0 : Procmon64+0x8551e
000000ee`03d0aba0 00007ff7`fa1fe573     : 000000ee`03d268d0 000000ee`03d0aca9 000000ee`03d0aca9 00007ff7`fa30a2f0 : Procmon64+0x76073
000000ee`03d0abf0 00007ff7`fa24625b     : 000000ee`03d268d0 00007ffc`00000000 00000000`2a0bd041 00000000`00000000 : Procmon64+0x2e573
000000ee`03d0ad10 00007ff7`fa245b96     : 00000000`ffffffbc 00000000`ffffffbc 00000000`00000000 00000000`0001ba4c : Procmon64+0x7625b
000000ee`03d0ada0 00007ff7`fa260b2c     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : Procmon64+0x75b96
000000ee`03d2aee0 00007ff7`fa26d688     : 00000000`00000000 00000000`00000000 00000000`00000000 000002c5`edca0950 : Procmon64+0x90b2c
000000ee`03d2b220 00007ff7`fa282d86     : 00000000`00000000 00000000`0000000a 00000000`00000000 00000000`00000000 : Procmon64+0x9d688
000000ee`03d2fc90 00007ffc`88c77034     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Procmon64+0xb2d86
000000ee`03d2fcd0 00007ffc`8ac42651     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000ee`03d2fd00 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


SYMBOL_NAME:  procmon64+b0029

MODULE_NAME: Procmon64

IMAGE_NAME:  Procmon64.exe

STACK_COMMAND:  ~0s ; .ecxr ; kb

FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_c0000005_Procmon64.exe!Unknown

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  3.83.0.0

FAILURE_ID_HASH:  {2f2936a6-c982-fea1-63ce-aa38b7573309}

Followup:     MachineOwner
---------
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,100 questions
0 comments No comments
{count} votes