Share via

BSOD, System Service Exception, would like some help debugging

Chris Wong 0 Reputation points
2026-03-11T15:11:01.83+00:00

BSOD, minidump attached in the OneDrive link below

https://1drv.ms/u/c/8295c25a83dd0571/IQDmJnhjXAtiQovEYEQB76yeAdZlT8pyiB_zOmOS5aN6AIQ?e=Ml5rzx

Windows for home | Windows 10 | Performance and system failures
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. DaveM121 864.9K Reputation points Independent Advisor
    2026-03-11T15:45:25.1133333+00:00

    Your one minidump file did not indicate the underlying cause of that crash, it just indicated generic system errors.

    Did your PC just crash once, or if this is an on-going problem, do you have any more minidump files available that you can upload for analysis.

    0 comments
  2. Q&A Assist
    2026-03-11T15:11:24.56+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The minidump cannot be analyzed directly here, but the stop code SYSTEM_SERVICE_EXCEPTION (0x3B) has well-defined meaning and a standard debugging approach.

    SYSTEM_SERVICE_EXCEPTION indicates that an exception occurred while executing a routine that transitions from user mode (non‑privileged) to kernel mode (privileged). Common causes include:

    • Accessing invalid memory (STATUS_ACCESS_VIOLATION 0xC0000005)
    • NULL pointer dereference
    • Use-after-free or data structure corruption in a driver or kernel component

    To debug the minidump with WinDbg and identify the faulty component:

    1. Open the dump in WinDbg (Preview or WinDbg Classic)
      • File → Open Crash Dump → select the .dmp file.
    2. Run automatic analysis
      • In the command window: !analyze -v
      • This displays the bug check code (0x3B), parameters, and often points to a probable faulty module or driver.
    3. Inspect the exception and stack
      • Parameter 1 of the bug check is the exception code. To decode it:
        • !error <Parameter1>
      • Parameter 3 is the address of the context record. Use it to get a focused stack:
        • .cxr <Parameter3>
        • kb (display stack backtrace)
      • Look at the stack frames to see which driver or module was executing when the exception occurred.
    4. Identify the driver (if any)
      • If Windows recorded a specific driver as responsible, it is stored at KiBugCheckDriver:
        • dx KiBugCheckDriver
      • This will show a name like "nvlddmkm.sys" or another driver file. That driver is a prime suspect.
    5. Inspect loaded modules and memory state (optional but useful)
      • List loaded modules: lm t n
      • Check general memory usage: !memusage
      • If you suspect pool/memory issues, examine:
        • !pte for page table entries
        • !pool for pool allocations
    6. If the crash appears driver-related, use Driver Verifier
      • From an elevated command prompt: verifier
      • Configure it to verify only non‑Microsoft drivers that are suspected (do not enable all drivers on a production system because of overhead and potential additional crashes).
      • Reboot and use the system; if a misbehaving driver violates rules, Driver Verifier will force a more informative bug check that you can analyze with the same steps.
    7. General system troubleshooting steps
      • If new device drivers or system services were recently installed or updated, remove or update them and see if the crashes stop.
      • In Device Manager, check for devices with an exclamation mark and review their event logs; update or roll back their drivers.
      • In Event Viewer → Windows Logs → System, look for critical errors around the time of the BSOD to correlate with a specific driver or component.
      • If new hardware was added, temporarily remove or replace it, or check with the manufacturer for firmware/driver updates.

    Once the specific driver or module is identified from !analyze -v, the stack trace, or KiBugCheckDriver, the next step is usually to update, roll back, or remove that driver, or contact the vendor if it is custom or third‑party code.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.