Windows 8.1, MEMORY DUMP: Dump file analysis assistance

digitalsundog

Reputable
Jan 21, 2015
4
0
4,510
Hey All,

I've completed my first build and am in the process of stabilizing my system. I've come across a MEMORY.DMP file and would appreciate some assistance in analyzing it. I've installed WinDbg to look into the .DMP file. Some research I've done leads me to think it may be related to a Microsoft Security Essentials .exe file. Am I reading this log output correctly?

I should note that running Windows Memory Diagnostics resulted in a hardware problem warning related to my RAM was detected.

My system spec's:
OS: Windows 8.1 Pro
MB: ASUS X99 Deluxe
CPU: Intel i7-5820K
GPU: EVGA GeForce GTX 980
PSU: EVGA SuperNOVA 1000 P2
RAM: 2 x Crucial 32GB Kit (8GBx4) DDR4 2133 MT/s


MEMORY.DMP log file:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041793, The subtype of the bugcheck.
Arg2: fffff6804f432ff8
Arg3: 0000000000000140
Arg4: 000000000000013f

Debugging Details:
------------------

Page 10f3d2 not present in the dump file. Type ".hh dbgerr004" for details

BUGCHECK_STR: 0x1a_41793

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: MsMpEng.exe

CURRENT_IRQL: 0

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER: from fffff8024f7ff07c to fffff8024f7d3fa0

STACK_TEXT:
ffffd000`2907b608 fffff802`4f7ff07c : 00000000`0000001a 00000000`00041793 fffff680`4f432ff8 00000000`00000140 : nt!KeBugCheckEx
ffffd000`2907b610 fffff802`4f6f10b2 : ffffe000`09e4def0 ffffe000`0eebf080 00000000`00000000 ffffe000`53646156 : nt! ?? ::FNODOBFM::`string'+0x1abcc
ffffd000`2907b8a0 fffff802`4f6edf5d : ffffe000`0ed6b190 00000000`00000010 e0000a97`00000000 ffffd000`00000000 : nt!MiDeleteVad+0xc22
ffffd000`2907b9a0 fffff802`4f7df7b3 : 00000000`00000001 0000009e`00000000 ffffe000`0a977750 ffffe000`0a977750 : nt!NtFreeVirtualMemory+0x89d
ffffd000`2907bb00 00007ffe`ef83ad6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000009e`85c9e258 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`ef83ad6a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+1abcc
fffff802`4f7ff07c cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+1abcc

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 53085af2

BUCKET_ID_FUNC_OFFSET: 1abcc

FAILURE_BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41793_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {2bb49b32-09fa-a96d-8b93-292cf7a50b3f}

Followup: MachineOwner
---------



Replies appreciated.
Cheers!