Understanding of Windows Events and Faulting Modules

Brian Havinga 21 Reputation points

I'm posting this just to confirm if my theory is correct. When troubleshooting browser issues in my organization I can see Application Error entries in the event log. The Faulting application shows as expected, but the faulting module lists the core DLL for the program (i.e. msedge.dll and chrome.dll).

I know the fault is not necessarily due to those DLLs.

So my theory is: Does Windows list the faulting module as the last thing it recognizes?

I ask because a previous rash of BSODs were caused by a McAfee product, but the crash dumps said the faulting module was NTDLL.DLL. I know it was only reporting that because it didn't have the symbol files or other necessary data to know the actual cause.

Thank you to anyone who answers. If this is way off and just stupid gibberish, please tell me. I love troubleshooting and I want to ensure I know I'm thinking about things correctly.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
6,024 questions
{count} votes

Accepted answer
  1. Limitless Technology 37,351 Reputation points

    Hi there,

    Yes, your theory seems right. There are five types of events that can be logged. All of these have well-defined common data and can optionally include event-specific data. The Event Viewer displays information about applications, security-related, systems, and set-up events.

    Event Types https://learn.microsoft.com/en-us/windows/win32/eventlog/event-types

    If you need to know the true process you can use other tools. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. You can get the tool from here https://learn.microsoft.com/en-us/sysinternals/downloads/procmon


    --If the reply is helpful, please Upvote and Accept it as an answer–

    No comments

0 additional answers

Sort by: Most helpful