Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\DJS\AppData\Local\CrashDumps\explorer.exe.3712.dmp] User Mini Dump File: Only registers, stack and portions of memory are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Version 9600 MP (12 procs) Free x64 Product: WinNt, suite: SingleUserTS Built by: 6.3.9600.17031 (winblue_gdr.140221-1952) Machine Name: Debug session time: Mon Apr 6 16:04:22.000 2015 (UTC - 4:00) System Uptime: not available Process Uptime: 0 days 0:02:57.000 ................................................................ ................................................................ ................................................................ ........................... Loading unloaded module list ................................................................ This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (e80.13f8): Access violation - code c0000005 (first/second chance not available) ntdll!NtWaitForMultipleObjects+0xa: 00007ffe`ac97133a c3 ret 0:050> g ^ No runnable debuggees error in 'g' 0:050> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* FAULTING_IP: devrtl!DllMain+47 00007ffe`9ed01475 48394208 cmp qword ptr [rdx+8],rax EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 00007ffe9ed01475 (devrtl!DllMain+0x0000000000000047) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000000000008 Attempt to read from address 0000000000000008 CONTEXT: 0000000000000000 -- (.cxr 0x0;r) rax=0000000004230000 rbx=0000000000000003 rcx=0000000004230000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000003 rip=00007ffeac97133a rsp=000000000a3ee0d8 rbp=000000000a3efdd0 r8=0000000000001000 r9=0000000000000000 r10=0000000000000040 r11=0000000000000286 r12=0000000000000010 r13=000000000a3ee4b0 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!NtWaitForMultipleObjects+0xa: 00007ffe`ac97133a c3 ret DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ PROCESS_NAME: explorer.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000008 READ_ADDRESS: 0000000000000008 FOLLOWUP_IP: devrtl!DllMain+47 00007ffe`9ed01475 48394208 cmp qword ptr [rdx+8],rax NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: explorer.exe ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre FAULTING_THREAD: 00000000000013f8 PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_READ BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ LAST_CONTROL_TRANSFER: from 00007ffe9ed01222 to 00007ffe9ed01475 STACK_TEXT: 00000000`0a3ef920 00007ffe`9ed01222 : 00000000`00000001 00000000`00000001 00000000`00000003 00007ff6`b2196000 : devrtl!DllMain+0x47 00000000`0a3ef950 00007ffe`ac8ff0b4 : 00007ffe`9ed00000 00007ffe`00000003 00000000`00000000 00007ffe`ac917e40 : devrtl!__DllMainCRTStartup+0x102 00000000`0a3efac0 00007ffe`ac8fead6 : 00007ff6`b205c000 00007ffe`9ed00000 00000000`00000003 00000000`0faddcf0 : ntdll!LdrpCallInitRoutine+0x4c 00000000`0a3efb20 00007ffe`ac94e9ce : 00000000`00000000 00000000`00000000 00000000`00000010 00000000`00000000 : ntdll!LdrShutdownThread+0x116 00000000`0a3efc10 00007ffe`a9df2c0c : 00000000`0fbb9cc0 00000000`00000000 00000000`001ca7c0 00000000`00000010 : ntdll!RtlExitUserThread+0x3e 00000000`0a3efc50 00007ffe`a8501f91 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNELBASE!FreeLibraryAndExitThread+0x4c 00000000`0a3efc80 00007ffe`a9fd13d2 : 00000000`000edf30 00000000`00000000 00000000`80004005 00000000`00000000 : SHCore!StrRetToBSTR+0x201 00000000`0a3efda0 00007ffe`ac94e954 : 00007ffe`a9fd13b0 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22 00000000`0a3efdd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: devrtl!DllMain+47 FOLLOWUP_NAME: MachineOwner MODULE_NAME: devrtl IMAGE_NAME: devrtl.dll DEBUG_FLR_IMAGE_TIMESTAMP: 5450429b STACK_COMMAND: ~50s; .ecxr ; kb FAILURE_BUCKET_ID: NULL_CLASS_PTR_READ_c0000005_devrtl.dll!DllMain BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_READ_devrtl!DllMain+47 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:null_class_ptr_read_c0000005_devrtl.dll!dllmain FAILURE_ID_HASH: {35a5c600-b57e-0649-1111-1b680ef340e9} Followup: MachineOwner --------- 0:050> lmvm devrtl !dllmain+047 Unknown option '!' Unknown option 'd' start end module name 0:050> lmvm devrtl!DLLMain+0x47 start end module name 0:050> lmvm devrtl start end module name 00007ffe`9ed00000 00007ffe`9ed16000 devrtl (pdb symbols) c:\windows\symbol_cache\devrtl.pdb\F6BB35E9BC184980B4C39BDA5EDBB4742\devrtl.pdb Loaded symbol image file: devrtl.dll Mapped memory image file: c:\windows\symbol_cache\devrtl.dll\5450429B16000\devrtl.dll Image path: C:\Windows\System32\devrtl.dll Image name: devrtl.dll Timestamp: Tue Oct 28 21:27:55 2014 (5450429B) CheckSum: 0001BCA3 ImageSize: 00016000 File version: 6.3.9600.17415 Product version: 6.3.9600.17415 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: DEVRTL.dll OriginalFilename: DEVRTL.DLL ProductVersion: 6.3.9600.17415 FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) FileDescription: Device Management Run Time Library LegalCopyright: © Microsoft Corporation. All rights reserved. 0:050> lmvm ntdll start end module name 00007ffe`ac8e0000 00007ffe`aca8c000 ntdll (pdb symbols) c:\windows\symbol_cache\ntdll.pdb\E86A7C0FC92A4FAF926C8EB1916B4F741\ntdll.pdb Loaded symbol image file: ntdll.dll Mapped memory image file: c:\windows\symbol_cache\ntdll.dll\54C850F51ac000\ntdll.dll Image path: C:\Windows\System32\ntdll.dll Image name: ntdll.dll Timestamp: Tue Jan 27 22:01:09 2015 (54C850F5) CheckSum: 001B3A88 ImageSize: 001AC000 File version: 6.3.9600.17668 Product version: 6.3.9600.17668 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntdll.dll OriginalFilename: ntdll.dll ProductVersion: 6.3.9600.17668 FileVersion: 6.3.9600.17668 (winblue_r8.150127-1500) FileDescription: NT Layer DLL LegalCopyright: © Microsoft Corporation. All rights reserved. 0:050> lmvm kernelbase start end module name 00007ffe`a9df0000 00007ffe`a9f05000 KERNELBASE (pdb symbols) c:\windows\symbol_cache\kernelbase.pdb\4A907B261B6F48029CCA866C3AA4BCBC2\kernelbase.pdb Loaded symbol image file: KERNELBASE.dll Mapped memory image file: c:\windows\symbol_cache\KERNELBASE.dll\54505737115000\KERNELBASE.dll Image path: C:\Windows\System32\KERNELBASE.dll Image name: KERNELBASE.dll Timestamp: Tue Oct 28 22:55:51 2014 (54505737) CheckSum: 00114D5C ImageSize: 00115000 File version: 6.3.9600.17415 Product version: 6.3.9600.17415 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: Kernelbase.dll OriginalFilename: Kernelbase.dll ProductVersion: 6.3.9600.17415 FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) FileDescription: Windows NT BASE API Client DLL LegalCopyright: © Microsoft Corporation. All rights reserved. 0:050> lmvm shcore start end module name 00007ffe`a84f0000 00007ffe`a85a2000 SHCore (pdb symbols) c:\windows\symbol_cache\shcore.pdb\A3AF7BB53B3F4A97B6B0CD20C2BEB7432\shcore.pdb Loaded symbol image file: SHCore.dll Mapped memory image file: c:\windows\symbol_cache\SHCore.dll\54C1D172b2000\SHCore.dll Image path: C:\Windows\System32\SHCore.dll Image name: SHCore.dll Timestamp: Thu Jan 22 23:43:30 2015 (54C1D172) CheckSum: 000BB0F2 ImageSize: 000B2000 File version: 6.3.9600.17666 Product version: 6.3.9600.17666 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: SHCORE OriginalFilename: SHCORE.dll ProductVersion: 6.3.9600.17666 FileVersion: 6.3.9600.17666 (winblue_r8.150122-1500) FileDescription: SHCORE LegalCopyright: © Microsoft Corporation. All rights reserved. 0:050> lmvm kernel32 start end module name 00007ffe`a9fd0000 00007ffe`aa10e000 kernel32 (pdb symbols) c:\windows\symbol_cache\kernel32.pdb\A49C2B8068D747D5B88373C92E68D42C2\kernel32.pdb Loaded symbol image file: kernel32.dll Mapped memory image file: c:\windows\symbol_cache\kernel32.dll\545054CA13e000\kernel32.dll Image path: C:\Windows\System32\kernel32.dll Image name: kernel32.dll Timestamp: Tue Oct 28 22:45:30 2014 (545054CA) CheckSum: 00140FEC ImageSize: 0013E000 File version: 6.3.9600.17415 Product version: 6.3.9600.17415 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: kernel32 OriginalFilename: kernel32 ProductVersion: 6.3.9600.17415 FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) FileDescription: Windows NT BASE API Client DLL LegalCopyright: © Microsoft Corporation. All rights reserved.