12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806240c1f61, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1655
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 54460
Key : Analysis.IO.Other.Mb
Value: 9
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 27
Key : Analysis.Init.CPU.mSec
Value: 796
Key : Analysis.Init.Elapsed.mSec
Value: 976220
Key : Analysis.Memory.CommitPeak.Mb
Value: 97
Key : Bugcheck.Code.DumpHeader
Value: 0x1e
Key : Bugcheck.Code.Register
Value: 0x1e
Key : Dump.Attributes.AsUlong
Value: 1808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
FILE_IN_CAB: 030223-11250-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1808
Kernel Generated Triage Dump
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff806240c1f61
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffffffffffff
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: fffff80624b1c468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: dwm.exe
STACK_TEXT:
ffff8c80567770e8 fffff806243392aa : 000000000000001e ffffffffc0000005 fffff806240c1f61 0000000000000000 : nt!KeBugCheckEx
ffff8c80567770f0 fffff80624233ebf : ffff8c8056777900 ffff8c80567771c0 fffff80623e00000 fffff806242320c5 : nt!HvlpVtlCallExceptionHandler+0x22
ffff8c8056777130 fffff8062400fac3 : ffffdf0f87f47d20 ffffdf0f87f478a8 fffff806242320c5 fffff80623ee9e28 : nt!RtlpExecuteHandlerForException+0xf
ffff8c8056777160 fffff80624013907 : ffffffffffffffff ffffdf0f87f47950 ffffdf0f87f47950 ffff8c8056777900 : nt!RtlDispatchException+0x2f3
ffff8c80567778d0 fffff80624229e12 : 0204000002050068 0204000202050003 0204000002050069 0204000102050068 : nt!KiDispatchException+0x317
ffff8c8056777fb0 fffff80624229de0 : fffff8062423e3f5 0000000000000001 00000000b32d6c00 0000000000000000 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffffdf0f87f47768 fffff8062423e3f5 : 0000000000000001 00000000b32d6c00 0000000000000000 0000000000000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffffdf0f87f47770 fffff80624239483 : 0000000000000100 fffff8062400e9a0 ffff2e16b32d6de9 0000000000000000 : nt!KiExceptionDispatch+0x135
ffffdf0f87f47950 fffff806240c1f61 : 0000000c00000020 0000000000000000 ffff8c8056756102 ffffdf0f87f47e68 : nt!KiGeneralProtectionFault+0x343
ffffdf0f87f47ae0 fffff806240bbaf5 : ffffcf07e4960188 0000000000000000 ffffcf07e4960250 ffffdf0f87f47b78 : nt!KiTryUnwaitThread+0x31
ffffdf0f87f47b40 fffff806240bb61a : ffffcf07e4960180 ffffcf07d1de1000 ffffdf0f87f47e68 0000000000000002 : nt!KiTimerWaitTest+0x205
ffffdf0f87f47bf0 fffff806240bcea6 : 0000000000016a25 ffffdf0f87f47e20 ffffcf07ee35c080 00000000000bc986 : nt!KiProcessExpiredTimerList+0xda
ffffdf0f87f47d20 fffff806242320c5 : 0000000000000000 0000000000000000 ffffcf07ee35c080 ffffcf07e45dc7c0 : nt!KiRetireDpcList+0xed6
ffffdf0f87f47fb0 fffff8062423206f : ffffdf0f8e6466b9 fffff806240bf699 ffff9d000c696ab0 0000000423239880 : nt!KxSwapStacksAndRetireDpcList+0x5
ffffdf0f8e646620 fffff806240bf699 : ffff9d000c696ab0 0000000423239880 ffff9d0006ff7dd0 fffff8062403270c : nt!KiPlatformSwapStacksAndCallReturn
ffffdf0f8e646630 fffff806242314e0 : 0000000100000000 fffff80624a6ae40 ffff9d0000000001 0000000000000000 : nt!KiDispatchInterrupt+0xd9
ffffdf0f8e646720 fffff806240a6d9f : ffffcf07ec168080 ffffcf07e45dc080 ffff91ff53542000 ffffbe8d1483acc0 : nt!KiDpcInterrupt+0x350
ffffdf0f8e6468b0 fffff80624450778 : ffffdf0f8e6469f0 ffffdf0f00000000 ffffcf07e45dc700 fffffa810944e000 : nt!MiUnlockWorkingSetExclusive+0xcf
ffffdf0f8e6468f0 fffff8062483c1fd : ffffcf07e45dc080 ffffdf0f8e646bf9 ffffcf07ec168080 ffffcf0700000001 : nt!MiCloneVads+0x3ac
ffffdf0f8e646b80 fffff806246de796 : 0000000000000000 ffffcf07e45dc080 0000000000000000 ffffcf07ec168080 : nt!MiCloneProcessAddressSpace+0x271
ffffdf0f8e646c60 fffff806246df0c9 : 000000000042ac3c ffffdf0f8e647aa0 0000000000000000 ffffcf07e45dc080 : nt!MmInitializeProcessAddressSpace+0x191b06
ffffdf0f8e646e50 fffff8062466acee : ffffcf07ee35c001 0000000000000080 ffffcf07d16a67a0 0000000000000001 : nt!PspAllocateProcess+0x190791
ffffdf0f8e647680 fffff806247a45b5 : ffff2e16babd6e69 000001315b670000 0000000000000000 0000000000000000 : nt!PspCreateProcess+0x23a
ffffdf0f8e647950 fffff8062423d9e5 : ffffcf07d16a67a0 0000000000000000 0000000077566d4d ffffdf0f8e647a00 : nt!NtCreateProcessEx+0x85
ffffdf0f8e6479b0 00007ff8588af7a4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
000000155013f1a8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ff8`588af7a4
SYMBOL_NAME: nt!KiTryUnwaitThread+31
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.1265
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 31
FAILURE_BUCKET_ID: AV_R_nt!KiTryUnwaitThread
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {b87b90b7-27ff-ddf1-5fc0-016b5361d7ef}
Followup: MachineOwner
12: kd> lmvm nt
Browse full module list
start end module name
fffff80623e00000 fffff80624e47000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\152D2E35E673E842C282B1EDB82FD0601\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\9ADC6FBF1047000\ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 9ADC6FBF (This is a reproducible build file hash, not a timestamp)
CheckSum: 00B71E1F
ImageSize: 01047000
File version: 10.0.22621.1265
Product version: 10.0.22621.1265
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.22621.1265
FileVersion: 10.0.22621.1265 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 7.000000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)