Bugcheck 0x133 + win32k.sys

jcgriff2 · Mar 7, 2019

Has anyone else noticed the seeming spike in 0x133 bugcheck BSODs naming "memory corruption" as the probable cause; missing symbols usually for win32k.sys (or other Microsoft Windows related driver) lately?

I for one have not solved one of these.

I see others out there with all kinds of theories and having OPs doing various hardware tests and today, I came upon a TSF thread where an ETL file trace was requested.

And... they all seem to have symbol errors.

This is the TSF dump that I came upon today - it is pretty near identical save for memory addresses of the others that I have seen:

Dump File Analysis Needed - Tech Support Forum

Code:

Microsoft (R) Windows Debugger Version 10.0.10075.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\AppData\Local\Temp\Temp1_Collection.zip\SysnativeFileCollectionApp\021319-6593-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802`3c4b7000 PsLoadedModuleList = 0xfffff802`3c8d2ad0
Debug session time: Wed Feb 13 11:33:52.378 2019 (UTC - 5:00)
System Uptime: 0 days 1:15:47.298
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
..............
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 133, {1, 1e00, fffff8023c9f9380, 0}

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: TickPeriods                                   ***
***                                                                   ***
*************************************************************************
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[HI]Probably caused by : memory_corruption[/HI]

Followup:     memory_corruption
---------

Processing initial command '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck'
0: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

[HI]DPC_WATCHDOG_VIOLATION (133)[/HI]
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above. The offending component can usually be
identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: fffff8023c9f9380
Arg4: 0000000000000000

Debugging Details:
------------------

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: TickPeriods                                   ***
***                                                                   ***
*************************************************************************

SYSTEM_SKU:  4LT63EA#ABU

BIOS_DATE:  07/20/2018

BASEBOARD_PRODUCT:  837D

BASEBOARD_VERSION:  KBC Version 02.2D.00

BUGCHECK_P1: 1

BUGCHECK_P2: 1e00

BUGCHECK_P3: fffff8023c9f9380

BUGCHECK_P4: 0

DPC_TIMEOUT_TYPE:  DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED

CPU_COUNT: 8

CPU_MHZ: 7c8

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 8e

CPU_STEPPING: a

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

BUGCHECK_STR:  0x133

PROCESS_NAME:  MemCompression

CURRENT_IRQL:  d

ANALYSIS_VERSION: 10.0.10075.9 amd64fre

TRAP_FRAME:  ffff98807e006e40 -- (.trap 0xffff98807e006e40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000005221000d rbx=0000000000000000 rcx=ffffe70000005460
rdx=0000200000000080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8023c672137 rsp=ffff98807e006fd0 rbp=0000000000000001
r8=0000200000000080  r9=0000000000000000 r10=ffffe70000005460
r11=0000000000000046 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!ExpInterlockedPopEntrySListFault:
fffff802`3c672137 498b08          mov     rcx,qword ptr [r8] ds:00002000`00000080=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8023c70d1d5 to fffff8023c66a440

STACK_TEXT:
fffff802`3f7bdba8 fffff802`3c70d1d5 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff802`3c9f9380 : nt!KeBugCheckEx
fffff802`3f7bdbb0 fffff802`3c5dadaf : 0000083f`2cd0a4da fffff802`3b0c8180 00000000`00000286 00000000`000470d3 : nt!KeAccumulateTicks+0x12edb5
fffff802`3f7bdc10 fffff802`3c42147c : 00000000`00000000 fffff802`3c4876e0 ffff9880`7e0063f0 fffff802`3c487790 : nt!KeClockInterruptNotify+0xcf
fffff802`3f7bdf30 fffff802`3c4f98b5 : fffff802`3c4876e0 fffff802`3c53aff7 ffff9272`11fe5500 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x1c
fffff802`3f7bdf60 fffff802`3c66be3a : ffff9880`7e0063f0 fffff802`3c4876e0 00000000`0010001f fffff802`3c4876e0 : nt!KiCallInterruptServiceRoutine+0xa5
fffff802`3f7bdfb0 fffff802`3c66c387 : ffff9880`7e006d98 ffff9880`7e0063f0 fffff802`3c4876e0 ffff9880`7e0065e0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
ffff9880`7e006370 fffff802`3c6ad2c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff9880`7e006500 fffff802`3c522e33 : ffff9880`7e006d98 ffff9880`7e006ae0 ffff9880`7e0065e0 00000000`00000002 : nt!KiPreprocessFault+0x18a050
ffff9880`7e0065b0 fffff802`3c67bd42 : ffffffff`ffffffd2 fffff802`3c536739 00000000`00000010 fffff802`3c421ae6 : nt!KiDispatchException+0x103
ffff9880`7e006c60 fffff802`3c678068 : fffff802`3c80e8f8 ffff9880`7e006ec0 fffff802`3c4876e0 ffff9880`7e007130 : nt!KiExceptionDispatch+0xc2
ffff9880`7e006e40 fffff802`3c672137 : fffff802`3c80e8f8 fffff802`3c5c3cf3 ffff80c0`08081008 ffff80c0`60301808 : nt!KiPageFault+0x428
ffff9880`7e006fd0 fffff802`3c5c3cf3 : ffff80c0`08081008 ffff80c0`60301808 00000000`00000000 ffff998e`468702b8 : nt!ExpInterlockedPopEntrySListFault
ffff9880`7e006fe0 fffff802`3c5c36a6 : fffff802`3c8f4980 ffff998e`00000046 00000000`00000046 fffffff6`00000000 : nt!MiGetPage+0xf3
ffff9880`7e0070b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiGetPageChain+0x186


STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff8023c528b73-fffff8023c528b74  2 bytes - nt!MiInsertDecayClusterTimer+13
[ 80 fa:00 e4 ]
    fffff8023c53a256-fffff8023c53a257  2 bytes - nt!MiTradeActivePage+52 (+0x116e3)
[ 80 fa:00 e4 ]
    fffff8023c59e4e1 - nt!MiWalkPageTables+221 (+0x6428b)
[ f6:80 ]
    fffff8023c59ee4e - nt!MiWalkPageTablesRecursively+51e (+0x96d)
[ f6:80 ]
    fffff8023c59ee9f-fffff8023c59eea4  6 bytes - nt!MiWalkPageTablesRecursively+56f (+0x51)
[ 68 df be 7d fb f6:08 18 30 60 c0 80 ]
    fffff8023c59eed2-fffff8023c59eed6  5 bytes - nt!MiWalkPageTablesRecursively+5a2 (+0x33)
[ d0 be 7d fb f6:10 30 60 c0 80 ]
    fffff8023c59f00a - nt!MiWalkPageTablesRecursively+6da (+0x138)
[ f6:80 ]
    fffff8023c59f0a9-fffff8023c59f0ae  6 bytes - nt!MiWalkPageTablesRecursively+779 (+0x9f)
[ 68 df be 7d fb f6:08 18 30 60 c0 80 ]
    fffff8023c59f0d6-fffff8023c59f0da  5 bytes - nt!MiWalkPageTablesRecursively+7a6 (+0x2d)
[ d0 be 7d fb f6:10 30 60 c0 80 ]
    fffff8023c5be6a5 - nt!MmAccessFault+75 (+0x1f5cf)
[ f6:80 ]
    fffff8023c5bf943-fffff8023c5bf947  5 bytes - nt!MiFastLockLeafPageTable+103 (+0x129e)
[ d0 be 7d fb f6:10 30 60 c0 80 ]
    fffff8023c5bf950-fffff8023c5bf954  5 bytes - nt!MiFastLockLeafPageTable+110 (+0x0d)
[ d7 be 7d fb f6:17 30 60 c0 80 ]
    fffff8023c5bf999-fffff8023c5bf99e  6 bytes - nt!MiFastLockLeafPageTable+159 (+0x49)
[ 68 df be 7d fb f6:08 18 30 60 c0 80 ]
    fffff8023c5bfa3a-fffff8023c5bfa3c  3 bytes - nt!MiFastLockLeafPageTable+1fa (+0xa1)
[ df be 7d:1f 30 60 ]
    fffff8023c5bff31 - nt!MiFastLockLeafPageTable+6f1 (+0x4f7)
[ f6:80 ]
    fffff8023c5c1ea4-fffff8023c5c1ea8  5 bytes - nt!MiCompletePrivateZeroFault+6b4 (+0x1f73)
[ d0 be 7d fb f6:10 30 60 c0 80 ]
    fffff8023c5c1ec5-fffff8023c5c1ec6  2 bytes - nt!MiCompletePrivateZeroFault+6d5 (+0x21)
[ 80 fa:00 e4 ]
    fffff8023c5c1ed1-fffff8023c5c1ed5  5 bytes - nt!MiCompletePrivateZeroFault+6e1 (+0x0c)
[ d0 be 7d fb f6:10 30 60 c0 80 ]
    fffff8023c5c29be-fffff8023c5c29c2  5 bytes - nt!MiAllocateWsle+30e (+0xaed)
[ d7 be 7d fb f6:17 30 60 c0 80 ]
    fffff8023c5c36c7-fffff8023c5c36c8  2 bytes - nt!MiGetPageChain+1a7 (+0xd09)
[ 80 fa:00 e4 ]
    fffff8023c5c3d48-fffff8023c5c3d49  2 bytes - nt!MiGetPage+148 (+0x681)
[ 80 fa:00 e4 ]
71 errors : !nt (fffff8023c528b73-fffff8023c5c3d49)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

PRIMARY_PROBLEM_CLASS:  MEMORY_CORRUPTION_LARGE

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:memory_corruption_large

FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}

Followup:     memory_corruption
---------

rax=0000000000020000 rbx=fffff8023b0c8180 rcx=0000000000000133
rdx=0000000000000001 rsi=0000000000000001 rdi=ffff998e4bcf5080
rip=fffff8023c66a440 rsp=fffff8023f7bdba8 rbp=0000000000000002
r8=0000000000001e00  r9=fffff8023c9f9380 r10=00007ffffffeffff
r11=fffff8023f7bdb20 r12=0000083f2cd09300 r13=0000000000000000
r14=fffff78000000300 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
nt!KeBugCheckEx:
fffff802`3c66a440 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff802`3f7bdbb0=0000000000000133
# Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 fffff802`3f7bdba8 fffff802`3c70d1d5 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff802`3c9f9380 : nt!KeBugCheckEx
01 fffff802`3f7bdbb0 fffff802`3c5dadaf : 0000083f`2cd0a4da fffff802`3b0c8180 00000000`00000286 00000000`000470d3 : nt!KeAccumulateTicks+0x12edb5
02 fffff802`3f7bdc10 fffff802`3c42147c : 00000000`00000000 fffff802`3c4876e0 ffff9880`7e0063f0 fffff802`3c487790 : nt!KeClockInterruptNotify+0xcf
03 fffff802`3f7bdf30 fffff802`3c4f98b5 : fffff802`3c4876e0 fffff802`3c53aff7 ffff9272`11fe5500 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x1c
04 fffff802`3f7bdf60 fffff802`3c66be3a : ffff9880`7e0063f0 fffff802`3c4876e0 00000000`0010001f fffff802`3c4876e0 : nt!KiCallInterruptServiceRoutine+0xa5
05 fffff802`3f7bdfb0 fffff802`3c66c387 : ffff9880`7e006d98 ffff9880`7e0063f0 fffff802`3c4876e0 ffff9880`7e0065e0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa (TrapFrame @ fffff802`3f7bde70)
06 ffff9880`7e006370 fffff802`3c6ad2c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37 (TrapFrame @ ffff9880`7e006370)
07 ffff9880`7e006500 fffff802`3c522e33 : ffff9880`7e006d98 ffff9880`7e006ae0 ffff9880`7e0065e0 00000000`00000002 : nt!KiPreprocessFault+0x18a050
08 ffff9880`7e0065b0 fffff802`3c67bd42 : ffffffff`ffffffd2 fffff802`3c536739 00000000`00000010 fffff802`3c421ae6 : nt!KiDispatchException+0x103
09 ffff9880`7e006c60 fffff802`3c678068 : fffff802`3c80e8f8 ffff9880`7e006ec0 fffff802`3c4876e0 ffff9880`7e007130 : nt!KiExceptionDispatch+0xc2
0a ffff9880`7e006e40 fffff802`3c672137 : fffff802`3c80e8f8 fffff802`3c5c3cf3 ffff80c0`08081008 ffff80c0`60301808 : nt!KiPageFault+0x428 (TrapFrame @ ffff9880`7e006e40)
0b ffff9880`7e006fd0 fffff802`3c5c3cf3 : ffff80c0`08081008 ffff80c0`60301808 00000000`00000000 ffff998e`468702b8 : nt!ExpInterlockedPopEntrySListFault
0c ffff9880`7e006fe0 fffff802`3c5c36a6 : fffff802`3c8f4980 ffff998e`00000046 00000000`00000046 fffffff6`00000000 : nt!MiGetPage+0xf3
0d ffff9880`7e0070b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiGetPageChain+0x186
start             end                 module name
ffffad5a`e9000000 ffffad5a`e9392000   win32kfull win32kfull.sys unavailable (00000000)
ffffad5a`e93a0000 ffffad5a`e960d000   win32kbase win32kbase.sys unavailable (00000000)
ffffad5a`e9610000 ffffad5a`e9658000   cdd      cdd.dll      unavailable (00000000)
ffffad5a`e9be0000 ffffad5a`e9c6b000   win32k   win32k.sys   unavailable (00000000)
fffff802`3c41f000 fffff802`3c4b6000   hal      hal.dll      ***** Invalid (FBE06E6E)
fffff802`3c4b7000 fffff802`3cf26000   nt       ntkrnlmp.exe ***** Invalid (A45BF00A)
fffff802`3d000000 fffff802`3d00b000   kd       kd.dll       Fri Feb 09 10:20:45 2035 (7A776DCD)
fffff802`3e000000 fffff802`3e012000   nsiproxy nsiproxy.sys Mon Sep 04 03:50:23 1972 (050877BF)
fffff802`3e020000 fffff802`3e02d000   npsvctrig npsvctrig.sys Mon Feb 23 01:11:04 2037 (7E4D1A78)
fffff802`3e030000 fffff802`3e040000   mssmbios mssmbios.sys ***** Invalid (A51D1A67)
fffff802`3e050000 fffff802`3e05a000   gpuenergydrv gpuenergydrv.sys ***** Invalid (DA1C403F)
fffff802`3e060000 fffff802`3e08c000   dfsc     dfsc.sys     ***** Invalid (E60CDDBC)
fffff802`3e090000 fffff802`3e0a8000   lltdio   lltdio.sys   ***** Invalid (F5108909)
fffff802`3e0b0000 fffff802`3e11b000   fastfat  fastfat.SYS  ***** Invalid (82EE518A)
fffff802`3e120000 fffff802`3e134000   bam      bam.sys      Fri Nov 13 20:53:16 1981 (1653310C)
fffff802`3e140000 fffff802`3e18e000   ahcache  ahcache.sys  Mon Jan 09 15:47:24 1995 (2F11A0DC)
fffff802`3e190000 fffff802`3e19e000   Accelerometer Accelerometer.sys Wed Aug 29 02:24:19 2018 (5B863C13)
fffff802`3e1a0000 fffff802`3e224000   Vid      Vid.sys      ***** Invalid (F42473AC)
fffff802`3e230000 fffff802`3e24e000   winhvr   winhvr.sys   ***** Invalid (BDDA6167)
fffff802`3e250000 fffff802`3e261000   CompositeBus CompositeBus.sys ***** Invalid (DD86440A)
fffff802`3e270000 fffff802`3e27d000   kdnic    kdnic.sys    Tue Sep 12 05:16:49 1972 (05131801)
fffff802`3e280000 fffff802`3e295000   umbus    umbus.sys    ***** Invalid (83197D71)
fffff802`3e2a0000 fffff802`3e2b5000   CAD      CAD.sys      Fri Sep 06 00:05:41 2019 (5D71DB15)
fffff802`3e2c0000 fffff802`3e2cc000   wmiacpi  wmiacpi.sys  ***** Invalid (F2622D42)
fffff802`3e2d0000 fffff802`3e3a8000   dxgmms2  dxgmms2.sys  ***** Invalid (DE16C166)
fffff802`3e3b0000 fffff802`3e413000   esif_lf  esif_lf.sys  Fri Apr 27 19:55:01 2018 (5AE3B855)
fffff802`3e420000 fffff802`3e448000   luafv    luafv.sys    ***** Invalid (A3C4F026)
fffff802`3e450000 fffff802`3e47d000   wcifs    wcifs.sys    ***** Invalid (A9AC8912)
fffff802`3e480000 fffff802`3e4f6000   cldflt   cldflt.sys   ***** Invalid (BACCC63E)
fffff802`3e500000 fffff802`3e51b000   storqosflt storqosflt.sys ***** Invalid (8CA43D00)
fffff802`3e520000 fffff802`3e53e000   WinUSB   WinUSB.SYS   Mon Sep 07 20:29:34 1992 (2AABF3EE)
fffff802`3e560000 fffff802`3e5f4000   csc      csc.sys      Thu May 23 03:54:40 2030 (71977CC0)
fffff802`44400000 fffff802`44539000   HTTP     HTTP.sys     ***** Invalid (C141036D)
fffff802`44540000 fffff802`44565000   bowser   bowser.sys   Sat Jul 13 23:21:06 1996 (31E867A2)
fffff802`44570000 fffff802`4458a000   mpsdrv   mpsdrv.sys   ***** Invalid (8C4ECA64)
fffff802`44590000 fffff802`44619000   mrxsmb   mrxsmb.sys   ***** Invalid (8D1D01BD)
fffff802`44620000 fffff802`44666000   mrxsmb20 mrxsmb20.sys ***** Invalid (937BEDAD)
fffff802`44670000 fffff802`44682000   vwifimp  vwifimp.sys  Thu Apr 29 20:19:44 1982 (172F45A0)
fffff802`44690000 fffff802`446de000   srvnet   srvnet.sys   Thu Sep 04 21:29:37 2036 (7D6B6801)
fffff802`446e0000 fffff802`447a4000   srv2     srv2.sys     ***** Invalid (A4440FCC)
fffff802`447b0000 fffff802`447d7000   Ndu      Ndu.sys      Wed Feb 23 18:31:19 1983 (18BABC47)
fffff802`447e0000 fffff802`448b6000   peauth   peauth.sys   Sun Oct 25 14:26:37 1998 (36336D5D)
fffff802`448c0000 fffff802`448d4000   tcpipreg tcpipreg.sys Sun Jun 12 03:39:48 2005 (42ABE6C4)
fffff802`448e0000 fffff802`448f2000   WdNisDrv WdNisDrv.sys Tue Apr 26 22:49:07 1983 (190CA7A3)
fffff802`44f00000 fffff802`44f8c000   nwifi    nwifi.sys    Fri Sep 10 17:00:46 2032 (75ECF27E)
fffff802`44f90000 fffff802`44fa3000   condrv   condrv.sys   Sun Mar 17 02:10:57 1996 (314BACF1)
fffff802`44fb0000 fffff802`44fdb000   winquic  winquic.sys  ***** Invalid (BFE89A0C)
fffff802`45800000 fffff802`458cc000   wdiwifi  wdiwifi.sys  ***** Invalid (D0815A78)
fffff802`458d0000 fffff802`458de000   vwifibus vwifibus.sys Fri Mar 25 00:51:11 2022 (623D4A3F)
fffff802`458e0000 fffff802`459a4000   RtsPer   RtsPer.sys   Thu Aug 04 05:11:14 2016 (57A306B2)
fffff802`459b0000 fffff802`459c3000   dptf_acpi dptf_acpi.sys Fri Apr 27 19:54:34 2018 (5AE3B83A)
fffff802`459d0000 fffff802`459f1000   i8042prt i8042prt.sys ***** Invalid (FB942A34)
fffff802`45a00000 fffff802`45a0e000   HpqKbFiltr HpqKbFiltr.sys Sat Oct 20 01:50:04 2018 (5BCAC20C)
fffff802`45a10000 fffff802`45ac5000   SynTP    SynTP.sys    Mon Oct 29 04:45:30 2018 (5BD6C8AA)
fffff802`45ad0000 fffff802`45ade000   USBD     USBD.SYS     ***** Invalid (C7E3B3E8)
fffff802`45ae0000 fffff802`45af3000   HIDPARSE HIDPARSE.SYS Sun Dec 27 00:38:28 2015 (567F7954)
fffff802`45b00000 fffff802`45b13000   kbdclass kbdclass.sys ***** Invalid (DB4B5540)
fffff802`45b20000 fffff802`45b33000   mouclass mouclass.sys ***** Invalid (80F98B92)
fffff802`45b40000 fffff802`45b80000   IntcAudioBus IntcAudioBus.sys Thu Oct 25 08:02:08 2018 (5BD1B0C0)
fffff802`45b90000 fffff802`45bf5000   portcls  portcls.sys  ***** Invalid (8DFE43A2)
fffff802`45c00000 fffff802`45c21000   drmk     drmk.sys     Sun Jun 11 00:38:03 2000 (394317AB)
fffff802`45c30000 fffff802`45ca6000   ks       ks.sys       Mon May 03 21:15:30 2027 (6BD926B2)
fffff802`45cb0000 fffff802`45cc9000   iaLPSS2i_GPIO2 iaLPSS2i_GPIO2.sys Thu Apr 19 03:53:24 2018 (5AD84AF4)
fffff802`45cd0000 fffff802`45cfd000   msgpioclx msgpioclx.sys Thu Dec 17 09:49:05 2009 (4B2A44E1)
fffff802`45d00000 fffff802`45d0f000   CmBatt   CmBatt.sys   ***** Invalid (DCC60961)
fffff802`45d10000 fffff802`45d20000   BATTC    BATTC.SYS    Thu Jun 17 17:32:25 2010 (4C1A9469)
fffff802`45d30000 fffff802`45d6e000   intelppm intelppm.sys Wed Feb 08 18:16:35 2012 (4F330253)
fffff802`45d70000 fffff802`45d7b000   acpipagr acpipagr.sys ***** Invalid (DD40CEB5)
fffff802`45d80000 fffff802`45d8a000   WirelessButtonDriver64 WirelessButtonDriver64.sys Wed Aug 29 03:02:49 2018 (5B864519)
fffff802`45d90000 fffff802`45d9b000   mshidkmdf mshidkmdf.sys Thu Oct 14 03:04:11 2027 (6CB05CEB)
fffff802`45da0000 fffff802`45ddb000   HIDCLASS HIDCLASS.SYS Sun Sep 30 14:58:36 1979 (1255155C)
fffff802`45de0000 fffff802`45ded000   UEFI     UEFI.sys     Wed Sep 17 07:19:54 2014 (54196E5A)
fffff802`45df0000 fffff802`45dfd000   NdisVirtualBus NdisVirtualBus.sys Thu Mar 27 17:31:46 1997 (333AE742)
fffff802`45e00000 fffff802`45e0c000   swenum   swenum.sys   ***** Invalid (8B90F92A)
fffff802`45e10000 fffff802`45e1e000   rdpbus   rdpbus.sys   Thu Jun 28 00:49:12 2035 (7B2E1A48)
fffff802`45e20000 fffff802`45eb3000   UsbHub3  UsbHub3.sys  Sat Jan 23 04:05:51 2010 (4B5ABBEF)
fffff802`45ec0000 fffff802`45ecf000   mouhid   mouhid.sys   Thu Jan 18 04:52:01 2007 (45AF4341)
fffff802`45ed0000 fffff802`4677d000   Netwtw06 Netwtw06.sys Wed Sep 05 10:36:41 2018 (5B8FE9F9)
fffff802`46780000 fffff802`467b1000   usbccgp  usbccgp.sys  ***** Invalid (82D4CB5C)
fffff802`467c0000 fffff802`467f2000   ibtusb   ibtusb.sys   Fri May 04 12:50:06 2018 (5AEC8F3E)
fffff802`46800000 fffff802`46899000   IntcDAud IntcDAud.sys Tue Sep 04 05:00:26 2018 (5B8E49AA)
fffff802`468b0000 fffff802`468be000   dump_dumpstorport dump_dumpstorport.sys Wed Jul 07 01:29:40 2021 (60E53BC4)
fffff802`468c0000 fffff802`46938000   USBXHCI  USBXHCI.SYS  ***** Invalid (DD7F1F39)
fffff802`46940000 fffff802`4697f000   ucx01000 ucx01000.sys Sat Jan 03 10:23:30 2037 (7E0A5F72)
fffff802`46980000 fffff802`469af000   iaLPSS2i_I2C iaLPSS2i_I2C.sys Thu Apr 19 03:52:58 2018 (5AD84ADA)
fffff802`469b0000 fffff802`469c9000   SpbCx    SpbCx.sys    ***** Invalid (C254B7DB)
fffff802`469d0000 fffff802`46a02000   TeeDriverx64 TeeDriverx64.sys Tue Oct 03 02:21:12 2017 (59D32C58)
fffff802`46a10000 fffff802`46aa8000   rt640x64 rt640x64.sys Tue Nov 14 00:51:10 2017 (5A0A844E)
fffff802`46ab0000 fffff802`46acd000   BTHUSB   BTHUSB.sys   Tue Jul 26 11:42:35 2033 (7791366B)
fffff802`46ad0000 fffff802`46c02000   bthport  bthport.sys  ***** Invalid (B4C88041)
fffff802`46c40000 fffff802`46c64000   dump_stornvme dump_stornvme.sys ***** Invalid (F9EA4619)
fffff802`46c80000 fffff802`46c94000   hidi2c   hidi2c.sys   Sat Dec 09 13:37:21 1972 (05879F61)
fffff802`46ca0000 fffff802`46d6b000   IntcOED  IntcOED.sys  Thu Oct 25 08:03:24 2018 (5BD1B10C)
fffff802`46d70000 fffff802`46dbe000   usbvideo usbvideo.sys Sat Jul 02 14:45:18 2033 (7771BD3E)
fffff802`46dc0000 fffff802`46dcf000   ksthunk  ksthunk.sys  ***** Invalid (D43D6B7C)
fffff802`46dd0000 fffff802`46ddc000   MTConfig MTConfig.sys Thu Jul 18 20:33:37 2013 (51E88961)
fffff802`46de0000 fffff802`46df2000   SynRMIHID SynRMIHID.sys Mon Oct 29 04:50:36 2018 (5BD6C9DC)
fffff802`46e20000 fffff802`46e3d000   dump_dumpfve dump_dumpfve.sys Fri Dec 11 15:20:41 2015 (566B3019)
fffff802`46e50000 fffff802`46e6c000   Microsoft_Bluetooth_Legacy_LEEnumerator Microsoft.Bluetooth.Legacy.LEEnumerator.sys Thu Jul 06 13:17:06 1995 (2FFC1A92)
fffff802`46e70000 fffff802`46ea8000   rfcomm   rfcomm.sys   ***** Invalid (DA6A3E24)
fffff802`46eb0000 fffff802`46ed2000   BthEnum  BthEnum.sys  Sat Mar 17 17:52:22 2012 (4F650796)
fffff802`46ee0000 fffff802`46f06000   bthpan   bthpan.sys   Tue Jun 03 00:29:52 2031 (738700C0)
fffff802`46f10000 fffff802`4715c000   CHDRT64ISST CHDRT64ISST.sys Mon Dec 17 00:56:09 2018 (5C173A79)
fffff802`47160000 fffff802`47176000   monitor  monitor.sys  Fri Jan 28 12:41:04 2005 (41FA7930)
fffff802`47180000 fffff802`47191000   dptf_cpu dptf_cpu.sys Fri Apr 27 19:54:39 2018 (5AE3B83F)
fffff802`471a0000 fffff802`471b4000   mmcss    mmcss.sys    ***** Invalid (D143BB7E)
fffff802`471c0000 fffff802`47f91000   igdkmd64 igdkmd64.sys Thu Sep 20 15:49:09 2018 (5BA3F9B5)
fffff802`47fa0000 fffff802`47fec000   WUDFRd   WUDFRd.sys   ***** Invalid (EDDA0F84)
fffff80c`49e00000 fffff80c`49e10000   WppRecorder WppRecorder.sys ***** Invalid (E5178B49)
fffff80c`49e20000 fffff80c`49e44000   acpiex   acpiex.sys   Mon Jun 16 22:07:59 1975 (0A439B7F)
fffff80c`49e60000 fffff80c`49fee000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Wed Dec 26 23:46:12 2001 (3C2AA794)
fffff80c`4a000000 fffff80c`4a027000   tm       tm.sys       ***** Invalid (F1AC5A2F)
fffff80c`4a030000 fffff80c`4a048000   PSHED    PSHED.dll    Tue Nov 07 10:06:38 2034 (79FB7D7E)
fffff80c`4a050000 fffff80c`4a05b000   BOOTVID  BOOTVID.dll  Fri Nov 24 18:09:33 1995 (30B650AD)
fffff80c`4a060000 fffff80c`4a0d0000   FLTMGR   FLTMGR.SYS   Thu Jul 24 00:42:54 1975 (0A74874E)
fffff80c`4a0e0000 fffff80c`4a1e9000   clipsp   clipsp.sys   Thu Nov 29 20:37:56 2018 (5C009474)
fffff80c`4a1f0000 fffff80c`4a1fe000   cmimcext cmimcext.sys Thu Aug 19 18:55:44 2010 (4C6DB670)
fffff80c`4a200000 fffff80c`4a20c000   ntosext  ntosext.sys  Fri Mar 03 22:05:50 2028 (6D6B5A0E)
fffff80c`4a210000 fffff80c`4a2e3000   CI       CI.dll       ***** Invalid (F2318608)
fffff80c`4a2f0000 fffff80c`4a3a7000   cng      cng.sys      ***** Invalid (A7D172D6)
fffff80c`4a3b0000 fffff80c`4a481000   Wdf01000 Wdf01000.sys ***** Invalid (AF1CEDD2)
fffff80c`4a490000 fffff80c`4a4a3000   WDFLDR   WDFLDR.SYS   Thu Jan 31 16:00:20 2008 (47A236E4)
fffff80c`4a4b0000 fffff80c`4a4bf000   SleepStudyHelper SleepStudyHelper.sys ***** Invalid (D42ABCCC)
fffff80c`4a4c0000 fffff80c`4a522000   msrpc    msrpc.sys    ***** Invalid (824F01ED)
fffff80c`4a530000 fffff80c`4a55b000   ksecdd   ksecdd.sys   ***** Invalid (C0930B22)
fffff80c`4a560000 fffff80c`4a571000   werkernel werkernel.sys Sat Aug 14 07:55:58 1971 (030A7CCE)
fffff80c`4a580000 fffff80c`4a5ea000   CLFS     CLFS.SYS     Fri Aug 19 17:07:32 2011 (4E4ED094)
fffff80c`4a600000 fffff80c`4a60c000   WMILIB   WMILIB.SYS   Tue Apr 19 22:19:11 2033 (7710989F)
fffff80c`4a610000 fffff80c`4a61b000   msisadrv msisadrv.sys Sun Nov 07 01:38:33 2004 (418DC2E9)
fffff80c`4a620000 fffff80c`4a68b000   pci      pci.sys      Sat Mar 30 03:50:00 1991 (27F44328)
fffff80c`4a690000 fffff80c`4a6d0000   tpm      tpm.sys      ***** Invalid (90D84F30)
fffff80c`4a700000 fffff80c`4a743000   intelpep intelpep.sys ***** Invalid (83F72A94)
fffff80c`4a750000 fffff80c`4a766000   WindowsTrustedRT WindowsTrustedRT.sys ***** Invalid (BD0B79F0)
fffff80c`4a770000 fffff80c`4a77b000   WindowsTrustedRTProxy WindowsTrustedRTProxy.sys Tue May 14 12:37:30 2013 (5192684A)
fffff80c`4a780000 fffff80c`4a794000   pcw      pcw.sys      ***** Invalid (C6C870F7)
fffff80c`4a7a0000 fffff80c`4a7b2000   vdrvroot vdrvroot.sys ***** Invalid (8ED5F3A9)
fffff80c`4a7c0000 fffff80c`4a7ee000   pdc      pdc.sys      ***** Invalid (E48D33A9)
fffff80c`4a7f0000 fffff80c`4a809000   CEA      CEA.sys      ***** Invalid (9B4697B8)
fffff80c`4a810000 fffff80c`4a83f000   partmgr  partmgr.sys  Mon Jun 19 19:20:15 1995 (2FE6062F)
fffff80c`4a840000 fffff80c`4a84b000   intelide intelide.sys Thu Aug 03 04:11:27 1995 (302084AF)
fffff80c`4a850000 fffff80c`4a863000   PCIIDEX  PCIIDEX.SYS  ***** Invalid (B7DB6905)
fffff80c`4a870000 fffff80c`4a913000   spaceport spaceport.sys Sat Oct 15 02:22:49 1983 (19EE4A39)
fffff80c`4a920000 fffff80c`4a939000   volmgr   volmgr.sys   ***** Invalid (91784A41)
fffff80c`4a940000 fffff80c`4a9a3000   volmgrx  volmgrx.sys  Tue Dec 25 16:43:09 2012 (50DA1DED)
fffff80c`4a9b0000 fffff80c`4a9ba000   pciide   pciide.sys   ***** Invalid (D18FF38A)
fffff80c`4a9c0000 fffff80c`4a9df000   mountmgr mountmgr.sys ***** Invalid (A8481DD2)
fffff80c`4a9e0000 fffff80c`4a9ed000   atapi    atapi.sys    ***** Invalid (D41830F3)
fffff80c`4a9f0000 fffff80c`4aa26000   ataport  ataport.SYS  ***** Invalid (CE11765E)
fffff80c`4aa30000 fffff80c`4aa5d000   storahci storahci.sys ***** Invalid (E94316B7)
fffff80c`4aa60000 fffff80c`4aafb000   storport storport.sys Sun Dec 23 08:22:26 2007 (476E6112)
fffff80c`4ab00000 fffff80c`4ab24000   stornvme stornvme.sys ***** Invalid (F9EA4619)
fffff80c`4ab80000 fffff80c`4abae000   cdrom    cdrom.sys    Sat May 06 17:45:03 2017 (590E43DF)
fffff80c`4abb0000 fffff80c`4abc5000   filecrypt filecrypt.sys Sun Aug 13 10:30:12 2034 (798A13F4)
fffff80c`4abd0000 fffff80c`4abda000   Null     Null.SYS     Tue Jan 24 04:50:47 1989 (23DC46F7)
fffff80c`4abe0000 fffff80c`4abea000   Beep     Beep.SYS     ***** Invalid (E2569389)
fffff80c`4abf0000 fffff80c`4af2f000   dxgkrnl  dxgkrnl.sys  ***** Invalid (B964EF01)
fffff80c`4af30000 fffff80c`4af46000   watchdog watchdog.sys ***** Invalid (8D7A0DF0)
fffff80c`4af50000 fffff80c`4af66000   BasicDisplay BasicDisplay.sys ***** Invalid (D39D4B86)
fffff80c`4af70000 fffff80c`4af81000   BasicRender BasicRender.sys Sat Jul 21 21:02:48 2012 (500B5138)
fffff80c`4af90000 fffff80c`4afac000   Npfs     Npfs.SYS     Sat Jul 09 15:56:34 1994 (2E1F00F2)
fffff80c`4afb0000 fffff80c`4afc1000   Msfs     Msfs.SYS     Fri Oct 24 02:27:06 2008 (49016ABA)
fffff80c`4afd0000 fffff80c`4aff7000   tdx      tdx.sys      ***** Invalid (AFDABF6D)
fffff80c`4b000000 fffff80c`4b010000   TDI      TDI.SYS      ***** Invalid (E9708B47)
fffff80c`4b020000 fffff80c`4b071000   netbt    netbt.sys    Mon Aug 06 03:08:11 2035 (7B61A55B)
fffff80c`4b080000 fffff80c`4b093000   afunix   afunix.sys   ***** Invalid (CE69FF46)
fffff80c`4b0a0000 fffff80c`4b146000   afd      afd.sys      ***** Invalid (E7A7D654)
fffff80c`4b150000 fffff80c`4b16a000   vwififlt vwififlt.sys ***** Invalid (B1239F86)
fffff80c`4b170000 fffff80c`4b19b000   pacer    pacer.sys    ***** Invalid (BD6E6BA5)
fffff80c`4b1a0000 fffff80c`4b1b4000   netbios  netbios.sys  ***** Invalid (BA5B5FB4)
fffff80c`4b1c0000 fffff80c`4b1dc000   serial   serial.sys   Sat Jul 13 22:24:48 2002 (3D30E0F0)
fffff80c`4b1e0000 fffff80c`4b25a000   rdbss    rdbss.sys    ***** Invalid (EEC03A75)
fffff80c`4b2b0000 fffff80c`4b301000   mssecflt mssecflt.sys Fri Jun 07 08:17:10 2013 (51B1CF46)
fffff80c`4b310000 fffff80c`4b32a000   SgrmAgent SgrmAgent.sys ***** Invalid (F7CA286D)
fffff80c`4b330000 fffff80c`4b3f8000   ACPI     ACPI.sys     ***** Invalid (A49A6357)
fffff80c`4b400000 fffff80c`4b454000   WdFilter WdFilter.sys Wed Apr 16 02:44:02 1980 (135AC3B2)
fffff80c`4b460000 fffff80c`4b6ed000   Ntfs     Ntfs.sys     Fri May 05 16:56:23 2006 (445BBBF7)
fffff80c`4b6f0000 fffff80c`4b6fd000   Fs_Rec   Fs_Rec.sys   ***** Invalid (CFF89B5E)
fffff80c`4b700000 fffff80c`4b853000   ndis     ndis.sys     Tue Jan 16 01:38:02 2024 (65A6244A)
fffff80c`4b860000 fffff80c`4b8f5000   NETIO    NETIO.SYS    ***** Invalid (C0E588AF)
fffff80c`4b900000 fffff80c`4b932000   ksecpkg  ksecpkg.sys  ***** Invalid (CD0C90B8)
fffff80c`4b940000 fffff80c`4bc1b000   tcpip    tcpip.sys    Tue Feb 07 05:38:50 2023 (63E22A3A)
fffff80c`4bc20000 fffff80c`4bc98000   fwpkclnt fwpkclnt.sys ***** Invalid (DF926DC9)
fffff80c`4bca0000 fffff80c`4bcd0000   wfplwfs  wfplwfs.sys  ***** Invalid (8AE4C0AC)
fffff80c`4bce0000 fffff80c`4bda8000   fvevol   fvevol.sys   Wed Sep 15 11:15:15 1993 (2C973183)
fffff80c`4bdb0000 fffff80c`4bdbb000   hpdskflt hpdskflt.sys Wed Aug 29 02:24:14 2018 (5B863C0E)
fffff80c`4bdc0000 fffff80c`4bdcb000   volume   volume.sys   ***** Invalid (CB3F72CF)
fffff80c`4bdd0000 fffff80c`4be3d000   volsnap  volsnap.sys  ***** Invalid (AC1C69A4)
fffff80c`4be40000 fffff80c`4be8f000   rdyboost rdyboost.sys Sun Aug 26 18:38:42 2018 (5B832BF2)
fffff80c`4be90000 fffff80c`4beb5000   mup      mup.sys      ***** Invalid (D5074BA1)
fffff80c`4bec0000 fffff80c`4bed1000   iorate   iorate.sys   ***** Invalid (A096CD2D)
fffff80c`4bee0000 fffff80c`4beee000   tbs      tbs.sys      Wed Dec 03 00:21:40 2036 (7DE0F3E4)
fffff80c`4bef0000 fffff80c`4bf0c000   disk     disk.sys     ***** Invalid (EB969297)
fffff80c`4bf10000 fffff80c`4bf7f000   CLASSPNP CLASSPNP.SYS Thu May 11 08:48:53 1995 (2FB207B5)
fffff80c`4bfa0000 fffff80c`4bfbc000   crashdmp crashdmp.sys ***** Invalid (FEF3C415)
fffff80c`4bfc0000 fffff80c`4bfda000   mslldp   mslldp.sys   ***** Invalid (A36249FA)
fffff80c`4bfe0000 fffff80c`4cb2e000   iaStorA  iaStorA.sys  Tue Sep 26 11:32:50 2017 (59CA7322)
fffff80c`4cb30000 fffff80c`4cb4c000   EhStorClass EhStorClass.sys ***** Invalid (F26184EB)
fffff80c`4cb50000 fffff80c`4cb6a000   fileinfo fileinfo.sys ***** Invalid (85B4F747)
fffff80c`4cb70000 fffff80c`4cbae000   Wof      Wof.sys      Mon Nov 14 18:36:29 1988 (237F6DFD)
fffff80c`4cbb0000 fffff80c`4cbcb000   rspndr   rspndr.sys   ***** Invalid (C42F95A5)
fffff80c`4cbd0000 fffff80c`4cbe8000   ndisuio  ndisuio.sys  Sat Apr 21 15:59:03 1979 (117F9087)

Unloaded modules:
fffff802`3e540000 fffff802`3e551000   MSKSSRV.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff80c`4bfd0000 fffff80c`4bfdf000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000F000
fffff80c`4ab30000 fffff80c`4ab55000   dump_stornvm
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00025000
fffff80c`4ab60000 fffff80c`4ab7e000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001E000
fffff802`46e00000 fffff802`46e4d000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`45ec0000 fffff802`45ecc000   WdmCompanion
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff802`46c10000 fffff802`46c2f000   WinUSB.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001F000
fffff802`46c30000 fffff802`46c7d000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`46800000 fffff802`46864000   esif_lf.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00064000
fffff802`47fa0000 fffff802`47fb2000   dptf_cpu.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00012000
fffff802`46870000 fffff802`468bd000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`3e090000 fffff802`3e0ac000   dam.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001C000
fffff80c`4a6e0000 fffff80c`4a6f1000   WdBoot.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff80c`4bee0000 fffff80c`4bef0000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00010000
start             end                 module name
fffff802`3e190000 fffff802`3e19e000   Accelerometer Accelerometer.sys Wed Aug 29 02:24:19 2018 (5B863C13)
fffff80c`4b330000 fffff80c`4b3f8000   ACPI     ACPI.sys     ***** Invalid (A49A6357)
fffff80c`49e20000 fffff80c`49e44000   acpiex   acpiex.sys   Mon Jun 16 22:07:59 1975 (0A439B7F)
fffff802`45d70000 fffff802`45d7b000   acpipagr acpipagr.sys ***** Invalid (DD40CEB5)
fffff80c`4b0a0000 fffff80c`4b146000   afd      afd.sys      ***** Invalid (E7A7D654)
fffff80c`4b080000 fffff80c`4b093000   afunix   afunix.sys   ***** Invalid (CE69FF46)
fffff802`3e140000 fffff802`3e18e000   ahcache  ahcache.sys  Mon Jan 09 15:47:24 1995 (2F11A0DC)
fffff80c`4a9e0000 fffff80c`4a9ed000   atapi    atapi.sys    ***** Invalid (D41830F3)
fffff80c`4a9f0000 fffff80c`4aa26000   ataport  ataport.SYS  ***** Invalid (CE11765E)
fffff802`3e120000 fffff802`3e134000   bam      bam.sys      Fri Nov 13 20:53:16 1981 (1653310C)
fffff80c`4af50000 fffff80c`4af66000   BasicDisplay BasicDisplay.sys ***** Invalid (D39D4B86)
fffff80c`4af70000 fffff80c`4af81000   BasicRender BasicRender.sys Sat Jul 21 21:02:48 2012 (500B5138)
fffff802`45d10000 fffff802`45d20000   BATTC    BATTC.SYS    Thu Jun 17 17:32:25 2010 (4C1A9469)
fffff80c`4abe0000 fffff80c`4abea000   Beep     Beep.SYS     ***** Invalid (E2569389)
fffff80c`4a050000 fffff80c`4a05b000   BOOTVID  BOOTVID.dll  Fri Nov 24 18:09:33 1995 (30B650AD)
fffff802`44540000 fffff802`44565000   bowser   bowser.sys   Sat Jul 13 23:21:06 1996 (31E867A2)
fffff802`46eb0000 fffff802`46ed2000   BthEnum  BthEnum.sys  Sat Mar 17 17:52:22 2012 (4F650796)
fffff802`46ee0000 fffff802`46f06000   bthpan   bthpan.sys   Tue Jun 03 00:29:52 2031 (738700C0)
fffff802`46ad0000 fffff802`46c02000   bthport  bthport.sys  ***** Invalid (B4C88041)
fffff802`46ab0000 fffff802`46acd000   BTHUSB   BTHUSB.sys   Tue Jul 26 11:42:35 2033 (7791366B)
fffff802`3e2a0000 fffff802`3e2b5000   CAD      CAD.sys      Fri Sep 06 00:05:41 2019 (5D71DB15)
ffffad5a`e9610000 ffffad5a`e9658000   cdd      cdd.dll      unavailable (00000000)
fffff80c`4ab80000 fffff80c`4abae000   cdrom    cdrom.sys    Sat May 06 17:45:03 2017 (590E43DF)
fffff80c`4a7f0000 fffff80c`4a809000   CEA      CEA.sys      ***** Invalid (9B4697B8)
fffff802`46f10000 fffff802`4715c000   CHDRT64ISST CHDRT64ISST.sys Mon Dec 17 00:56:09 2018 (5C173A79)
fffff80c`4a210000 fffff80c`4a2e3000   CI       CI.dll       ***** Invalid (F2318608)
fffff80c`4bf10000 fffff80c`4bf7f000   CLASSPNP CLASSPNP.SYS Thu May 11 08:48:53 1995 (2FB207B5)
fffff802`3e480000 fffff802`3e4f6000   cldflt   cldflt.sys   ***** Invalid (BACCC63E)
fffff80c`4a580000 fffff80c`4a5ea000   CLFS     CLFS.SYS     Fri Aug 19 17:07:32 2011 (4E4ED094)
fffff80c`4a0e0000 fffff80c`4a1e9000   clipsp   clipsp.sys   Thu Nov 29 20:37:56 2018 (5C009474)
fffff802`45d00000 fffff802`45d0f000   CmBatt   CmBatt.sys   ***** Invalid (DCC60961)
fffff80c`4a1f0000 fffff80c`4a1fe000   cmimcext cmimcext.sys Thu Aug 19 18:55:44 2010 (4C6DB670)
fffff80c`4a2f0000 fffff80c`4a3a7000   cng      cng.sys      ***** Invalid (A7D172D6)
fffff802`3e250000 fffff802`3e261000   CompositeBus CompositeBus.sys ***** Invalid (DD86440A)
fffff802`44f90000 fffff802`44fa3000   condrv   condrv.sys   Sun Mar 17 02:10:57 1996 (314BACF1)
fffff80c`4bfa0000 fffff80c`4bfbc000   crashdmp crashdmp.sys ***** Invalid (FEF3C415)
fffff802`3e560000 fffff802`3e5f4000   csc      csc.sys      Thu May 23 03:54:40 2030 (71977CC0)
fffff802`3e060000 fffff802`3e08c000   dfsc     dfsc.sys     ***** Invalid (E60CDDBC)
fffff80c`4bef0000 fffff80c`4bf0c000   disk     disk.sys     ***** Invalid (EB969297)
fffff802`459b0000 fffff802`459c3000   dptf_acpi dptf_acpi.sys Fri Apr 27 19:54:34 2018 (5AE3B83A)
fffff802`47180000 fffff802`47191000   dptf_cpu dptf_cpu.sys Fri Apr 27 19:54:39 2018 (5AE3B83F)
fffff802`45c00000 fffff802`45c21000   drmk     drmk.sys     Sun Jun 11 00:38:03 2000 (394317AB)
fffff802`46e20000 fffff802`46e3d000   dump_dumpfve dump_dumpfve.sys Fri Dec 11 15:20:41 2015 (566B3019)
fffff802`468b0000 fffff802`468be000   dump_dumpstorport dump_dumpstorport.sys Wed Jul 07 01:29:40 2021 (60E53BC4)
fffff802`46c40000 fffff802`46c64000   dump_stornvme dump_stornvme.sys ***** Invalid (F9EA4619)
fffff80c`4abf0000 fffff80c`4af2f000   dxgkrnl  dxgkrnl.sys  ***** Invalid (B964EF01)
fffff802`3e2d0000 fffff802`3e3a8000   dxgmms2  dxgmms2.sys  ***** Invalid (DE16C166)
fffff80c`4cb30000 fffff80c`4cb4c000   EhStorClass EhStorClass.sys ***** Invalid (F26184EB)
fffff802`3e3b0000 fffff802`3e413000   esif_lf  esif_lf.sys  Fri Apr 27 19:55:01 2018 (5AE3B855)
fffff802`3e0b0000 fffff802`3e11b000   fastfat  fastfat.SYS  ***** Invalid (82EE518A)
fffff80c`4abb0000 fffff80c`4abc5000   filecrypt filecrypt.sys Sun Aug 13 10:30:12 2034 (798A13F4)
fffff80c`4cb50000 fffff80c`4cb6a000   fileinfo fileinfo.sys ***** Invalid (85B4F747)
fffff80c`4a060000 fffff80c`4a0d0000   FLTMGR   FLTMGR.SYS   Thu Jul 24 00:42:54 1975 (0A74874E)
fffff80c`4b6f0000 fffff80c`4b6fd000   Fs_Rec   Fs_Rec.sys   ***** Invalid (CFF89B5E)
fffff80c`4bce0000 fffff80c`4bda8000   fvevol   fvevol.sys   Wed Sep 15 11:15:15 1993 (2C973183)
fffff80c`4bc20000 fffff80c`4bc98000   fwpkclnt fwpkclnt.sys ***** Invalid (DF926DC9)
fffff802`3e050000 fffff802`3e05a000   gpuenergydrv gpuenergydrv.sys ***** Invalid (DA1C403F)
fffff802`3c41f000 fffff802`3c4b6000   hal      hal.dll      ***** Invalid (FBE06E6E)
fffff802`45da0000 fffff802`45ddb000   HIDCLASS HIDCLASS.SYS Sun Sep 30 14:58:36 1979 (1255155C)
fffff802`46c80000 fffff802`46c94000   hidi2c   hidi2c.sys   Sat Dec 09 13:37:21 1972 (05879F61)
fffff802`45ae0000 fffff802`45af3000   HIDPARSE HIDPARSE.SYS Sun Dec 27 00:38:28 2015 (567F7954)
fffff80c`4bdb0000 fffff80c`4bdbb000   hpdskflt hpdskflt.sys Wed Aug 29 02:24:14 2018 (5B863C0E)
fffff802`45a00000 fffff802`45a0e000   HpqKbFiltr HpqKbFiltr.sys Sat Oct 20 01:50:04 2018 (5BCAC20C)
fffff802`44400000 fffff802`44539000   HTTP     HTTP.sys     ***** Invalid (C141036D)
fffff802`459d0000 fffff802`459f1000   i8042prt i8042prt.sys ***** Invalid (FB942A34)
fffff802`45cb0000 fffff802`45cc9000   iaLPSS2i_GPIO2 iaLPSS2i_GPIO2.sys Thu Apr 19 03:53:24 2018 (5AD84AF4)
fffff802`46980000 fffff802`469af000   iaLPSS2i_I2C iaLPSS2i_I2C.sys Thu Apr 19 03:52:58 2018 (5AD84ADA)
fffff80c`4bfe0000 fffff80c`4cb2e000   iaStorA  iaStorA.sys  Tue Sep 26 11:32:50 2017 (59CA7322)
fffff802`467c0000 fffff802`467f2000   ibtusb   ibtusb.sys   Fri May 04 12:50:06 2018 (5AEC8F3E)
fffff802`471c0000 fffff802`47f91000   igdkmd64 igdkmd64.sys Thu Sep 20 15:49:09 2018 (5BA3F9B5)
fffff802`45b40000 fffff802`45b80000   IntcAudioBus IntcAudioBus.sys Thu Oct 25 08:02:08 2018 (5BD1B0C0)
fffff802`46800000 fffff802`46899000   IntcDAud IntcDAud.sys Tue Sep 04 05:00:26 2018 (5B8E49AA)
fffff802`46ca0000 fffff802`46d6b000   IntcOED  IntcOED.sys  Thu Oct 25 08:03:24 2018 (5BD1B10C)
fffff80c`4a840000 fffff80c`4a84b000   intelide intelide.sys Thu Aug 03 04:11:27 1995 (302084AF)
fffff80c`4a700000 fffff80c`4a743000   intelpep intelpep.sys ***** Invalid (83F72A94)
fffff802`45d30000 fffff802`45d6e000   intelppm intelppm.sys Wed Feb 08 18:16:35 2012 (4F330253)
fffff80c`4bec0000 fffff80c`4bed1000   iorate   iorate.sys   ***** Invalid (A096CD2D)
fffff802`45b00000 fffff802`45b13000   kbdclass kbdclass.sys ***** Invalid (DB4B5540)
fffff802`3d000000 fffff802`3d00b000   kd       kd.dll       Fri Feb 09 10:20:45 2035 (7A776DCD)
fffff802`3e270000 fffff802`3e27d000   kdnic    kdnic.sys    Tue Sep 12 05:16:49 1972 (05131801)
fffff802`45c30000 fffff802`45ca6000   ks       ks.sys       Mon May 03 21:15:30 2027 (6BD926B2)
fffff80c`4a530000 fffff80c`4a55b000   ksecdd   ksecdd.sys   ***** Invalid (C0930B22)
fffff80c`4b900000 fffff80c`4b932000   ksecpkg  ksecpkg.sys  ***** Invalid (CD0C90B8)
fffff802`46dc0000 fffff802`46dcf000   ksthunk  ksthunk.sys  ***** Invalid (D43D6B7C)
fffff802`3e090000 fffff802`3e0a8000   lltdio   lltdio.sys   ***** Invalid (F5108909)
fffff802`3e420000 fffff802`3e448000   luafv    luafv.sys    ***** Invalid (A3C4F026)
fffff80c`49e60000 fffff80c`49fee000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Wed Dec 26 23:46:12 2001 (3C2AA794)
fffff802`46e50000 fffff802`46e6c000   Microsoft_Bluetooth_Legacy_LEEnumerator Microsoft.Bluetooth.Legacy.LEEnumerator.sys Thu Jul 06 13:17:06 1995 (2FFC1A92)
fffff802`471a0000 fffff802`471b4000   mmcss    mmcss.sys    ***** Invalid (D143BB7E)
fffff802`47160000 fffff802`47176000   monitor  monitor.sys  Fri Jan 28 12:41:04 2005 (41FA7930)
fffff802`45b20000 fffff802`45b33000   mouclass mouclass.sys ***** Invalid (80F98B92)
fffff802`45ec0000 fffff802`45ecf000   mouhid   mouhid.sys   Thu Jan 18 04:52:01 2007 (45AF4341)
fffff80c`4a9c0000 fffff80c`4a9df000   mountmgr mountmgr.sys ***** Invalid (A8481DD2)
fffff802`44570000 fffff802`4458a000   mpsdrv   mpsdrv.sys   ***** Invalid (8C4ECA64)
fffff802`44590000 fffff802`44619000   mrxsmb   mrxsmb.sys   ***** Invalid (8D1D01BD)
fffff802`44620000 fffff802`44666000   mrxsmb20 mrxsmb20.sys ***** Invalid (937BEDAD)
fffff80c`4afb0000 fffff80c`4afc1000   Msfs     Msfs.SYS     Fri Oct 24 02:27:06 2008 (49016ABA)
fffff802`45cd0000 fffff802`45cfd000   msgpioclx msgpioclx.sys Thu Dec 17 09:49:05 2009 (4B2A44E1)
fffff802`45d90000 fffff802`45d9b000   mshidkmdf mshidkmdf.sys Thu Oct 14 03:04:11 2027 (6CB05CEB)
fffff80c`4a610000 fffff80c`4a61b000   msisadrv msisadrv.sys Sun Nov 07 01:38:33 2004 (418DC2E9)
fffff80c`4bfc0000 fffff80c`4bfda000   mslldp   mslldp.sys   ***** Invalid (A36249FA)
fffff80c`4a4c0000 fffff80c`4a522000   msrpc    msrpc.sys    ***** Invalid (824F01ED)
fffff80c`4b2b0000 fffff80c`4b301000   mssecflt mssecflt.sys Fri Jun 07 08:17:10 2013 (51B1CF46)
fffff802`3e030000 fffff802`3e040000   mssmbios mssmbios.sys ***** Invalid (A51D1A67)
fffff802`46dd0000 fffff802`46ddc000   MTConfig MTConfig.sys Thu Jul 18 20:33:37 2013 (51E88961)
fffff80c`4be90000 fffff80c`4beb5000   mup      mup.sys      ***** Invalid (D5074BA1)
fffff80c`4b700000 fffff80c`4b853000   ndis     ndis.sys     Tue Jan 16 01:38:02 2024 (65A6244A)
fffff80c`4cbd0000 fffff80c`4cbe8000   ndisuio  ndisuio.sys  Sat Apr 21 15:59:03 1979 (117F9087)
fffff802`45df0000 fffff802`45dfd000   NdisVirtualBus NdisVirtualBus.sys Thu Mar 27 17:31:46 1997 (333AE742)
fffff802`447b0000 fffff802`447d7000   Ndu      Ndu.sys      Wed Feb 23 18:31:19 1983 (18BABC47)
fffff80c`4b1a0000 fffff80c`4b1b4000   netbios  netbios.sys  ***** Invalid (BA5B5FB4)
fffff80c`4b020000 fffff80c`4b071000   netbt    netbt.sys    Mon Aug 06 03:08:11 2035 (7B61A55B)
fffff80c`4b860000 fffff80c`4b8f5000   NETIO    NETIO.SYS    ***** Invalid (C0E588AF)
fffff802`45ed0000 fffff802`4677d000   Netwtw06 Netwtw06.sys Wed Sep 05 10:36:41 2018 (5B8FE9F9)
fffff80c`4af90000 fffff80c`4afac000   Npfs     Npfs.SYS     Sat Jul 09 15:56:34 1994 (2E1F00F2)
fffff802`3e020000 fffff802`3e02d000   npsvctrig npsvctrig.sys Mon Feb 23 01:11:04 2037 (7E4D1A78)
fffff802`3e000000 fffff802`3e012000   nsiproxy nsiproxy.sys Mon Sep 04 03:50:23 1972 (050877BF)
fffff802`3c4b7000 fffff802`3cf26000   nt       ntkrnlmp.exe ***** Invalid (A45BF00A)
fffff80c`4b460000 fffff80c`4b6ed000   Ntfs     Ntfs.sys     Fri May 05 16:56:23 2006 (445BBBF7)
fffff80c`4a200000 fffff80c`4a20c000   ntosext  ntosext.sys  Fri Mar 03 22:05:50 2028 (6D6B5A0E)
fffff80c`4abd0000 fffff80c`4abda000   Null     Null.SYS     Tue Jan 24 04:50:47 1989 (23DC46F7)
fffff802`44f00000 fffff802`44f8c000   nwifi    nwifi.sys    Fri Sep 10 17:00:46 2032 (75ECF27E)
fffff80c`4b170000 fffff80c`4b19b000   pacer    pacer.sys    ***** Invalid (BD6E6BA5)
fffff80c`4a810000 fffff80c`4a83f000   partmgr  partmgr.sys  Mon Jun 19 19:20:15 1995 (2FE6062F)
fffff80c`4a620000 fffff80c`4a68b000   pci      pci.sys      Sat Mar 30 03:50:00 1991 (27F44328)
fffff80c`4a9b0000 fffff80c`4a9ba000   pciide   pciide.sys   ***** Invalid (D18FF38A)
fffff80c`4a850000 fffff80c`4a863000   PCIIDEX  PCIIDEX.SYS  ***** Invalid (B7DB6905)
fffff80c`4a780000 fffff80c`4a794000   pcw      pcw.sys      ***** Invalid (C6C870F7)
fffff80c`4a7c0000 fffff80c`4a7ee000   pdc      pdc.sys      ***** Invalid (E48D33A9)
fffff802`447e0000 fffff802`448b6000   peauth   peauth.sys   Sun Oct 25 14:26:37 1998 (36336D5D)
fffff802`45b90000 fffff802`45bf5000   portcls  portcls.sys  ***** Invalid (8DFE43A2)
fffff80c`4a030000 fffff80c`4a048000   PSHED    PSHED.dll    Tue Nov 07 10:06:38 2034 (79FB7D7E)
fffff80c`4b1e0000 fffff80c`4b25a000   rdbss    rdbss.sys    ***** Invalid (EEC03A75)
fffff802`45e10000 fffff802`45e1e000   rdpbus   rdpbus.sys   Thu Jun 28 00:49:12 2035 (7B2E1A48)
fffff80c`4be40000 fffff80c`4be8f000   rdyboost rdyboost.sys Sun Aug 26 18:38:42 2018 (5B832BF2)
fffff802`46e70000 fffff802`46ea8000   rfcomm   rfcomm.sys   ***** Invalid (DA6A3E24)
fffff80c`4cbb0000 fffff80c`4cbcb000   rspndr   rspndr.sys   ***** Invalid (C42F95A5)
fffff802`46a10000 fffff802`46aa8000   rt640x64 rt640x64.sys Tue Nov 14 00:51:10 2017 (5A0A844E)
fffff802`458e0000 fffff802`459a4000   RtsPer   RtsPer.sys   Thu Aug 04 05:11:14 2016 (57A306B2)
fffff80c`4b1c0000 fffff80c`4b1dc000   serial   serial.sys   Sat Jul 13 22:24:48 2002 (3D30E0F0)
fffff80c`4b310000 fffff80c`4b32a000   SgrmAgent SgrmAgent.sys ***** Invalid (F7CA286D)
fffff80c`4a4b0000 fffff80c`4a4bf000   SleepStudyHelper SleepStudyHelper.sys ***** Invalid (D42ABCCC)
fffff80c`4a870000 fffff80c`4a913000   spaceport spaceport.sys Sat Oct 15 02:22:49 1983 (19EE4A39)
fffff802`469b0000 fffff802`469c9000   SpbCx    SpbCx.sys    ***** Invalid (C254B7DB)
fffff802`446e0000 fffff802`447a4000   srv2     srv2.sys     ***** Invalid (A4440FCC)
fffff802`44690000 fffff802`446de000   srvnet   srvnet.sys   Thu Sep 04 21:29:37 2036 (7D6B6801)
fffff80c`4aa30000 fffff80c`4aa5d000   storahci storahci.sys ***** Invalid (E94316B7)
fffff80c`4ab00000 fffff80c`4ab24000   stornvme stornvme.sys ***** Invalid (F9EA4619)
fffff80c`4aa60000 fffff80c`4aafb000   storport storport.sys Sun Dec 23 08:22:26 2007 (476E6112)
fffff802`3e500000 fffff802`3e51b000   storqosflt storqosflt.sys ***** Invalid (8CA43D00)
fffff802`45e00000 fffff802`45e0c000   swenum   swenum.sys   ***** Invalid (8B90F92A)
fffff802`46de0000 fffff802`46df2000   SynRMIHID SynRMIHID.sys Mon Oct 29 04:50:36 2018 (5BD6C9DC)
fffff802`45a10000 fffff802`45ac5000   SynTP    SynTP.sys    Mon Oct 29 04:45:30 2018 (5BD6C8AA)
fffff80c`4bee0000 fffff80c`4beee000   tbs      tbs.sys      Wed Dec 03 00:21:40 2036 (7DE0F3E4)
fffff80c`4b940000 fffff80c`4bc1b000   tcpip    tcpip.sys    Tue Feb 07 05:38:50 2023 (63E22A3A)
fffff802`448c0000 fffff802`448d4000   tcpipreg tcpipreg.sys Sun Jun 12 03:39:48 2005 (42ABE6C4)
fffff80c`4b000000 fffff80c`4b010000   TDI      TDI.SYS      ***** Invalid (E9708B47)
fffff80c`4afd0000 fffff80c`4aff7000   tdx      tdx.sys      ***** Invalid (AFDABF6D)
fffff802`469d0000 fffff802`46a02000   TeeDriverx64 TeeDriverx64.sys Tue Oct 03 02:21:12 2017 (59D32C58)
fffff80c`4a000000 fffff80c`4a027000   tm       tm.sys       ***** Invalid (F1AC5A2F)
fffff80c`4a690000 fffff80c`4a6d0000   tpm      tpm.sys      ***** Invalid (90D84F30)
fffff802`46940000 fffff802`4697f000   ucx01000 ucx01000.sys Sat Jan 03 10:23:30 2037 (7E0A5F72)
fffff802`45de0000 fffff802`45ded000   UEFI     UEFI.sys     Wed Sep 17 07:19:54 2014 (54196E5A)
fffff802`3e280000 fffff802`3e295000   umbus    umbus.sys    ***** Invalid (83197D71)
fffff802`46780000 fffff802`467b1000   usbccgp  usbccgp.sys  ***** Invalid (82D4CB5C)
fffff802`45ad0000 fffff802`45ade000   USBD     USBD.SYS     ***** Invalid (C7E3B3E8)
fffff802`45e20000 fffff802`45eb3000   UsbHub3  UsbHub3.sys  Sat Jan 23 04:05:51 2010 (4B5ABBEF)
fffff802`46d70000 fffff802`46dbe000   usbvideo usbvideo.sys Sat Jul 02 14:45:18 2033 (7771BD3E)
fffff802`468c0000 fffff802`46938000   USBXHCI  USBXHCI.SYS  ***** Invalid (DD7F1F39)
fffff80c`4a7a0000 fffff80c`4a7b2000   vdrvroot vdrvroot.sys ***** Invalid (8ED5F3A9)
fffff802`3e1a0000 fffff802`3e224000   Vid      Vid.sys      ***** Invalid (F42473AC)
fffff80c`4a920000 fffff80c`4a939000   volmgr   volmgr.sys   ***** Invalid (91784A41)
fffff80c`4a940000 fffff80c`4a9a3000   volmgrx  volmgrx.sys  Tue Dec 25 16:43:09 2012 (50DA1DED)
fffff80c`4bdd0000 fffff80c`4be3d000   volsnap  volsnap.sys  ***** Invalid (AC1C69A4)
fffff80c`4bdc0000 fffff80c`4bdcb000   volume   volume.sys   ***** Invalid (CB3F72CF)
fffff802`458d0000 fffff802`458de000   vwifibus vwifibus.sys Fri Mar 25 00:51:11 2022 (623D4A3F)
fffff80c`4b150000 fffff80c`4b16a000   vwififlt vwififlt.sys ***** Invalid (B1239F86)
fffff802`44670000 fffff802`44682000   vwifimp  vwifimp.sys  Thu Apr 29 20:19:44 1982 (172F45A0)
fffff80c`4af30000 fffff80c`4af46000   watchdog watchdog.sys ***** Invalid (8D7A0DF0)
fffff802`3e450000 fffff802`3e47d000   wcifs    wcifs.sys    ***** Invalid (A9AC8912)
fffff80c`4a3b0000 fffff80c`4a481000   Wdf01000 Wdf01000.sys ***** Invalid (AF1CEDD2)
fffff80c`4b400000 fffff80c`4b454000   WdFilter WdFilter.sys Wed Apr 16 02:44:02 1980 (135AC3B2)
fffff80c`4a490000 fffff80c`4a4a3000   WDFLDR   WDFLDR.SYS   Thu Jan 31 16:00:20 2008 (47A236E4)
fffff802`45800000 fffff802`458cc000   wdiwifi  wdiwifi.sys  ***** Invalid (D0815A78)
fffff802`448e0000 fffff802`448f2000   WdNisDrv WdNisDrv.sys Tue Apr 26 22:49:07 1983 (190CA7A3)
fffff80c`4a560000 fffff80c`4a571000   werkernel werkernel.sys Sat Aug 14 07:55:58 1971 (030A7CCE)
fffff80c`4bca0000 fffff80c`4bcd0000   wfplwfs  wfplwfs.sys  ***** Invalid (8AE4C0AC)
ffffad5a`e9be0000 ffffad5a`e9c6b000   win32k   win32k.sys   unavailable (00000000)
ffffad5a`e93a0000 ffffad5a`e960d000   win32kbase win32kbase.sys unavailable (00000000)
ffffad5a`e9000000 ffffad5a`e9392000   win32kfull win32kfull.sys unavailable (00000000)
fffff80c`4a750000 fffff80c`4a766000   WindowsTrustedRT WindowsTrustedRT.sys ***** Invalid (BD0B79F0)
fffff80c`4a770000 fffff80c`4a77b000   WindowsTrustedRTProxy WindowsTrustedRTProxy.sys Tue May 14 12:37:30 2013 (5192684A)
fffff802`3e230000 fffff802`3e24e000   winhvr   winhvr.sys   ***** Invalid (BDDA6167)
fffff802`44fb0000 fffff802`44fdb000   winquic  winquic.sys  ***** Invalid (BFE89A0C)
fffff802`3e520000 fffff802`3e53e000   WinUSB   WinUSB.SYS   Mon Sep 07 20:29:34 1992 (2AABF3EE)
fffff802`45d80000 fffff802`45d8a000   WirelessButtonDriver64 WirelessButtonDriver64.sys Wed Aug 29 03:02:49 2018 (5B864519)
fffff802`3e2c0000 fffff802`3e2cc000   wmiacpi  wmiacpi.sys  ***** Invalid (F2622D42)
fffff80c`4a600000 fffff80c`4a60c000   WMILIB   WMILIB.SYS   Tue Apr 19 22:19:11 2033 (7710989F)
fffff80c`4cb70000 fffff80c`4cbae000   Wof      Wof.sys      Mon Nov 14 18:36:29 1988 (237F6DFD)
fffff80c`49e00000 fffff80c`49e10000   WppRecorder WppRecorder.sys ***** Invalid (E5178B49)
fffff802`47fa0000 fffff802`47fec000   WUDFRd   WUDFRd.sys   ***** Invalid (EDDA0F84)

Unloaded modules:
fffff802`3e540000 fffff802`3e551000   MSKSSRV.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff80c`4bfd0000 fffff80c`4bfdf000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000F000
fffff80c`4ab30000 fffff80c`4ab55000   dump_stornvm
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00025000
fffff80c`4ab60000 fffff80c`4ab7e000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001E000
fffff802`46e00000 fffff802`46e4d000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`45ec0000 fffff802`45ecc000   WdmCompanion
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff802`46c10000 fffff802`46c2f000   WinUSB.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001F000
fffff802`46c30000 fffff802`46c7d000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`46800000 fffff802`46864000   esif_lf.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00064000
fffff802`47fa0000 fffff802`47fb2000   dptf_cpu.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00012000
fffff802`46870000 fffff802`468bd000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004D000
fffff802`3e090000 fffff802`3e0ac000   dam.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001C000
fffff80c`4a6e0000 fffff80c`4a6f1000   WdBoot.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff80c`4bee0000 fffff80c`4bef0000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00010000
Bugcheck code 00000133
Arguments 00000000`00000001 00000000`00001e00 fffff802`3c9f9380 00000000`00000000

MrPepka · Mar 7, 2019

When i search way on debug BSOD 0x133 with parameter 0x1 i came across this page:
Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012
But then i did not know how to create ETL file. Good job!

axe0 · Mar 7, 2019

0x133 with parameter 1 =1, I always have had symbol errors with this crash.

I have recently reread the blog post MrPepka links and decided to try the approach for solving the crash using an event trace file, sadly no user has yet provided a trace file.

MrPepka · Mar 7, 2019

It turns out that you have to ask users for etl files in order to solve problem

philc43 · Mar 15, 2019

MrPepka said:
It turns out that you have to ask users for etl files in order to solve problem

Not always. If you have the kernel dump you can check to see if the etl file is available from within the dump.

In WinDBG run the command: !wmitrace.strdump

Check the output to determine the logger ID for the circular kernel context logger (this is usually running by default). Once you have this ID run a new command to extract the embedded data to a .etl file that you specify in the command indicating where to save the output. In my example below I used a C:\Temp folder and named the file LogData1.etl

!wmitrace.logsave 0x02 C:\Temp\LogData1.etl

where 0x02 is the ID determined from the first command.

From my experience these files do not always help but they can sometimes show up drivers with long DPC duration times when you run the file through the Windows Performance Analyzer.

jcgriff2 · Mar 16, 2019

Even though I hit the ground running 12 years ago after learning a little about BSODs, I find that there is always more to learn.

Thank you, Phil. . .

John

MrPepka · Mar 16, 2019

philc43 said:
Not always. If you have the kernel dump you can check to see if the etl file is available from within the dump.

In WinDBG run the command: !wmitrace.strdump

Check the output to determine the logger ID for the circular kernel context logger (this is usually running by default). Once you have this ID run a new command to extract the embedded data to a .etl file that you specify in the command indicating where to save the output. In my example below I used a C:\Temp folder and named the file LogData1.etl

!wmitrace.logsave 0x02 C:\Temp\LogData1.etl

where 0x02 is the ID determined from the first command.

From my experience these files do not always help but they can sometimes show up drivers with long DPC duration times when you run the file through the Windows Performance Analyzer.

OK, but what if the logger (such as Circular Kernel Context Logger) is not available? How can you guide OP to enable this logger in the system so that his ID is visible in the dump?

axe0 · Mar 16, 2019

Unless I'm misinterpreting your question, CKCL is available and enabled by default since Windows Vista.

I took the liberty to test a couple of things

Code:

2: kd> !wmitrace.strdump
(WmiTrace) StrDump Generic
LoggerContext Array @ 0xFFFF890F32295398 [64 Elements]
Logger Id 0x02 @ [COLOR=rgb(255, 0, 0)]0xFFFF890F38BF0A80 [/COLOR]Named 'Circular Kernel Context Logger'
Logger Id 0x03 @ 0xFFFF890F325B7B40 Named 'Eventlog-Security'
Logger Id 0x04 @ 0xFFFF890F324AAB40 Named 'AppModel'
Logger Id 0x05 @ 0xFFFF890F324A9300 Named 'Audio'
Logger Id 0x06 @ 0xFFFF890F37503340 Named 'ScreenOnPowerStudyTraceSession'
Logger Id 0x07 @ 0xFFFF890F32499480 Named 'DefenderApiLogger'
Logger Id 0x08 @ 0xFFFF890F325D1040 Named 'DefenderAuditLogger'
Logger Id 0x09 @ 0xFFFF890F325D0040 Named 'DiagLog'
Logger Id 0x0a @ 0xFFFF890F325CF040 Named 'EventLog-Application'
Logger Id 0x0b @ 0xFFFF890F325B6040 Named 'EventLog-System'
Logger Id 0x0c @ 0xFFFF890F32676980 Named 'FaceRecoTel'
Logger Id 0x0d @ 0xFFFF890F32675980 Named 'FaceUnlock'
Logger Id 0x0e @ 0xFFFF890F32674980 Named 'LwtNetLog'
Logger Id 0x0f @ 0xFFFF890F326724C0 Named 'NtfsLog'
Logger Id 0x10 @ 0xFFFF890F38C66040 Named '8696EAC4-1288-4288-A4EE-49EE431B0AD9'
Logger Id 0x11 @ 0xFFFF890F32668980 Named 'UBPM'
Logger Id 0x12 @ 0xFFFF890F32666B40 Named 'WdiContextLog'
Logger Id 0x13 @ 0xFFFF890F32664B40 Named 'WiFiSession'
Logger Id 0x14 @ 0xFFFF890F3640B740 Named 'SleepStudyTraceSession'
Logger Id 0x15 @ 0xFFFF890F36AE5040 Named 'UserNotPresentTraceSession'
Logger Id 0x16 @ 0xFFFF890F386334C0 Named 'WindowsUpdate_trace_log'
Logger Id 0x17 @ 0xFFFF890F370CB2C0 Named 'WFP-IPsec Diagnostics'
Logger Id 0x18 @ 0xFFFF890F37DA53C0 Named 'SHS-09292017-224320-3-1'
Logger Id 0x19 @ 0xFFFF890F37279740 Named 'Diagtrack-Listener'
Logger Id 0x1a @ 0xFFFF890F37318B00 Named 'MpWppTracing-09292017-224321-00000003-ffffffff'

2: kd> dt nt!_WMI_LOGGER_CONTEXT [COLOR=rgb(255, 0, 0)]0xFFFF890F38BF0A80[/COLOR]
+0x000 LoggerId : 2
+0x004 BufferSize : 0x1000
+0x008 MaximumEventSize : 0xfb8
+0x00c LoggerMode : 0x2800480
+0x010 AcceptNewEvents : 0n0
+0x014 EventMarker : [2] 0xc0130000
+0x01c ErrorMarker : 0xc00d0000
+0x020 SizeMask : 0xffff
+0x028 GetCpuClock : 0xfffff803`065017e0 int64 nt!EtwpGetCycleCount+0
+0x030 LoggerThread : (null)
+0x038 LoggerStatus : 0n0
+0x03c FailureReason : 0
+0x040 BufferQueue : _ETW_BUFFER_QUEUE
+0x050 OverflowQueue : _ETW_BUFFER_QUEUE
+0x060 GlobalList : _LIST_ENTRY [ 0xffff890f`390b5038 - 0xffff890f`363cd038 ]
+0x070 ProviderBinaryList : _LIST_ENTRY [ 0xffff890f`38bf0af0 - 0xffff890f`38bf0af0 ]
+0x080 BatchedBufferList : (null)
+0x080 CurrentBuffer : _EX_FAST_REF
+0x088 LoggerName : _UNICODE_STRING "Circular Kernel Context Logger"
+0x098 LogFileName : _UNICODE_STRING ""
+0x0a8 LogFilePattern : _UNICODE_STRING ""
+0x0b8 NewLogFileName : _UNICODE_STRING ""
+0x0c8 ClockType : 3
+0x0cc LastFlushedBuffer : 0
+0x0d0 FlushTimer : 0
+0x0d4 FlushThreshold : 0
+0x0d8 ByteOffset : _LARGE_INTEGER 0x0
+0x0e0 MinimumBuffers : 8
+0x0e4 BuffersAvailable : 0n4
+0x0e8 NumberOfBuffers : 0n8
+0x0ec MaximumBuffers : 8
+0x0f0 EventsLost : 0
+0x0f4 PeakBuffersCount : 0n8
+0x0f8 BuffersWritten : 0
+0x0fc LogBuffersLost : 0
+0x100 RealTimeBuffersDelivered : 0
+0x104 RealTimeBuffersLost : 0
+0x108 SequencePtr : (null)
+0x110 LocalSequence : 0
+0x114 InstanceGuid : _GUID {54dea73a-ed1f-42a4-af71-3e63d056f174}
+0x124 MaximumFileSize : 0
+0x128 FileCounter : 0n0
+0x12c PoolType : 200 ( NonPagedPoolNx )
+0x130 ReferenceTime : _ETW_REF_CLOCK
+0x140 CollectionOn : 0n1
+0x144 ProviderInfoSize : 0
+0x148 Consumers : _LIST_ENTRY [ 0xffff890f`38bf0bc8 - 0xffff890f`38bf0bc8 ]
+0x158 NumConsumers : 0
+0x160 TransitionConsumer : (null)
+0x168 RealtimeLogfileHandle : (null)
+0x170 RealtimeLogfileName : _UNICODE_STRING ""
+0x180 RealtimeWriteOffset : _LARGE_INTEGER 0x0
+0x188 RealtimeReadOffset : _LARGE_INTEGER 0x0
+0x190 RealtimeLogfileSize : _LARGE_INTEGER 0x0
+0x198 RealtimeLogfileUsage : 0
+0x1a0 RealtimeMaximumFileSize : 0xa00000
+0x1a8 RealtimeBuffersSaved : 0
+0x1b0 RealtimeReferenceTime : _ETW_REF_CLOCK
+0x1c0 NewRTEventsLost : 0 ( EtwRtEventNoLoss )
+0x1c8 LoggerEvent : _KEVENT
+0x1e0 FlushEvent : _KEVENT
+0x1f8 FlushTimeOutTimer : _KTIMER
+0x238 LoggerDpc : _KDPC
+0x278 LoggerMutex : _KMUTANT
+0x2b0 LoggerLock : _EX_PUSH_LOCK
+0x2b8 BufferListSpinLock : 0
+0x2b8 BufferListPushLock : _EX_PUSH_LOCK
+0x2c0 ClientSecurityContext : _SECURITY_CLIENT_CONTEXT
+0x308 TokenAccessInformation : (null)
+0x310 SecurityDescriptor : _EX_FAST_REF
+0x318 StartTime : _LARGE_INTEGER 0x01d33939`f056739d
+0x320 LogFileHandle : (null)
+0x328 BufferSequenceNumber : 0n1490
+0x330 Flags : 0x10027
+0x330 Persistent : 0y1
+0x330 AutoLogger : 0y1
+0x330 FsReady : 0y1
+0x330 RealTime : 0y0
+0x330 Wow : 0y0
+0x330 KernelTrace : 0y1
+0x330 NoMoreEnable : 0y0
+0x330 StackTracing : 0y0
+0x330 ErrorLogged : 0y0
+0x330 RealtimeLoggerContextFreed : 0y0
+0x330 PebsTracing : 0y0
+0x330 PmcCounters : 0y0
+0x330 PageAlignBuffers : 0y0
+0x330 StackLookasideListAllocated : 0y0
+0x330 SecurityTrace : 0y0
+0x330 SpareFlags1 : 0y0
+0x330 SystemLoggerIndex : 0y00000001 (0x1)
+0x330 StackCaching : 0y0
+0x330 SpareFlags2 : 0y0000000 (0)
+0x334 RequestFlag : 0
+0x334 DbgRequestNewFile : 0y0
+0x334 DbgRequestUpdateFile : 0y0
+0x334 DbgRequestFlush : 0y0
+0x334 DbgRequestDisableRealtime : 0y0
+0x334 DbgRequestDisconnectConsumer : 0y0
+0x334 DbgRequestConnectConsumer : 0y0
+0x334 DbgRequestNotifyConsumer : 0y0
+0x334 DbgRequestUpdateHeader : 0y0
+0x334 DbgRequestDeferredFlush : 0y0
+0x334 DbgRequestDeferredFlushTimer : 0y0
+0x334 DbgRequestFlushTimer : 0y0
+0x334 DbgRequestUpdateDebugger : 0y0
+0x334 DbgSpareRequestFlags : 0y00000000000000000000 (0)
+0x338 HookIdMap : _RTL_BITMAP
+0x348 StackCache : (null)
+0x350 PmcData : (null)
+0x358 WinRtProviderBinaryList : _LIST_ENTRY [ 0xffff890f`38bf0dd8 - 0xffff890f`38bf0dd8 ]
+0x368 ScratchArray : (null)
+0x370 DisallowedGuids : _DISALLOWED_GUIDS
+0x380 RelativeTimerDueTime : 0n0
+0x388 PeriodicCaptureStateGuids : _PERIODIC_CAPTURE_STATE_GUIDS
+0x398 PeriodicCaptureStateTimer : (null)
+0x3a0 PeriodicCaptureStateTimerState : 0 ( EtwpPeriodicTimerUnset )
+0x3a8 SoftRestartContext : (null)
+0x3b0 SiloState : 0xffff890f`32295000 _ETW_SILODRIVERSTATE
+0x3b8 CompressionWorkItem : _WORK_QUEUE_ITEM
+0x3d8 CompressionWorkItemState : 0n0
+0x3e0 CompressionLock : _EX_PUSH_LOCK
+0x3e8 CompressionTarget : (null)
+0x3f0 CompressionWorkspace : (null)
+0x3f8 CompressionOn : 0n0
+0x3fc CompressionRatioGuess : 0
+0x400 PartialBufferCompressionLevel : 0
+0x404 CompressionResumptionMode : 0 ( EtwCompressionModeRestart )
+0x408 PlaceholderList : _SINGLE_LIST_ENTRY
+0x410 CompressionDpc : _KDPC
+0x450 LastBufferSwitchTime : _LARGE_INTEGER 0x0
+0x458 BufferWriteDuration : _LARGE_INTEGER 0x0
+0x460 BufferCompressDuration : _LARGE_INTEGER 0x0

2: kd> !wmitrace.logger 0x02
(WmiTrace) LogDump for Logger Id 0x02
Logger Id 0x02 @ 0xFFFF890F38BF0A80 Named 'Circular Kernel Context Logger'
CollectionOn = 1
LoggerMode = 0x02800480 ( secure buf system )
HybridShutdown = persist
BufferSize = 4 KB
BuffersAvailable = 4
MinimumBuffers = 8
NumberOfBuffers = 8
MaximumBuffers = 8
EventsLost = 0
LogBuffersLost = 0
RealTimeBuffersLost = 0
LastFlushedBuffer = 0
MaximumFileSize = 0
FlushTimer = 0 sec
PoolType = NonPaged
SequenceNumber = 1490
ClockType = CPU Cycle
EventsLogged = 0

Buffer Address Cpu RefCnt State
=======================================================================================
Buffer 1: [COLOR=rgb(255, 0, 0)]ffff890f390b5000 [/COLOR], 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 2: ffff890f390b4000 , 2: 15 General Logging, Offset: 2352 , 57% Used
Buffer 3: ffff890f38bc7000 , 0: 15 General Logging, Offset: 4040 , 98% Used
Buffer 4: ffff890f390c9000 , 2: 0 Free List , Offset: 4056 , 99% Used
Buffer 5: ffff890f3633c000 , 1: 15 General Logging, Offset: 960 , 23% Used
Buffer 6: ffff890f368e3000 , 3: 15 General Logging, Offset: 2912 , 71% Used
Buffer 7: ffff890f390ad000 , 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 8: ffff890f363cd000 , 2: 0 Free List , Offset: 4040 , 98% Used

2: kd> !wmitrace.buffer [COLOR=rgb(255, 0, 0)]ffff890f390b5000[/COLOR]
Buffer @ ffff890f390b5000 -- 0x1000 (4 K)
RefCount = 0
Logger = 'Circular Kernel Context Logger' (2)
Processor = 2
State = 0x0
SavedOffset = 4024
CurrentOffset = 4224
Offset = 72
TimeStamp = 0
Seq = 1489
BufferFlag = 0x0
BufferType = 0
System64 @ +00048 ( 200) 723586735260 (1848.0ce8) ImageLoad
System64 @ +00110 ( 200) 723586756000 (1848.0ce8) ImageLoad
System64 @ +001d8 ( 200) 723586778380 (1848.0ce8) ImageLoad
System64 @ +002a0 ( 192) 723586800300 (1848.0ce8) ImageLoad
System64 @ +00360 ( 192) 723586822520 (1848.0ce8) ImageLoad
System64 @ +00420 ( 200) 723586843760 (1848.0ce8) ImageLoad
System64 @ +004e8 ( 192) 723586864180 (1848.0ce8) ImageLoad
System64 @ +005a8 ( 200) 723586884260 (1848.0ce8) ImageLoad
System64 @ +00670 ( 200) 723586906380 (1848.0ce8) ImageLoad
System64 @ +00738 ( 200) 723586927640 (1848.0ce8) ImageLoad
System64 @ +00800 ( 192) 723586948800 (1848.0ce8) ImageLoad
System64 @ +008c0 ( 192) 723586970380 (1848.0ce8) ImageLoad
System64 @ +00980 ( 192) 723586991520 (1848.0ce8) ImageLoad
System64 @ +00a40 ( 200) 723587013840 (1848.0ce8) ImageLoad
System64 @ +00b08 ( 200) 723587035760 (1848.0ce8) ImageLoad
System64 @ +00bd0 ( 192) 723587057140 (1848.0ce8) ImageLoad
System64 @ +00c90 ( 208) 723587078800 (1848.0ce8) ImageLoad
System64 @ +00d60 ( 200) 723587100400 (1848.0ce8) ImageLoad
System64 @ +00e28 ( 200) 723587120900 (1848.0ce8) ImageLoad
System64 @ +00ef0 ( 200) 723587141060 (1848.0ce8) ImageLoad

============== ===== ========== ========== ============
Header Count EventSize HeaderSize AvgEvntSize
============== ===== ========== ========== ============
System64 20 3952 640 197
============== ===== ========== ========== ============
Total 20 3952 640 197

// Don't wrap the path into quotes!
2: kd> !wmitrace.logsave 0x02 "G:\Kernel Dumps\log.etl"
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = '"G:\Kernel'
Failed to Open Save File '"G:\Kernel'
2: kd> !wmitrace.logsave 0x02 "G:\log.etl"
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = '"G:\log.etl"'
Failed to Open Save File '"G:\log.etl"'

// Don't use spaces in the path, I got a file called 'kernel' when running this in G:\
2: kd> !wmitrace.logsave 0x02 G:\Kernel Dumps\log.etl
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = 'G:\Kernel'
Logger Id 0x02 @ 0xFFFF890F38BF0A80 Named 'Circular Kernel Context Logger'
CollectionOn = 1
LoggerMode = 0x02800480 ( secure buf system )
HybridShutdown = persist
BufferSize = 4 KB
BuffersAvailable = 4
MinimumBuffers = 8
NumberOfBuffers = 8
MaximumBuffers = 8
EventsLost = 0
LogBuffersLost = 0
RealTimeBuffersLost = 0
LastFlushedBuffer = 0
MaximumFileSize = 0
FlushTimer = 0 sec
PoolType = NonPaged
SequenceNumber = 1490
ClockType = CPU Cycle
EventsLogged = 0

Buffer Address Cpu RefCnt State
=======================================================================================
Buffer 1: ffff890f390b5000 , 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 2: ffff890f390b4000 , 2: 15 General Logging, Offset: 2352 , 57% Used
Buffer 3: ffff890f38bc7000 , 0: 15 General Logging, Offset: 4040 , 98% Used
Buffer 4: ffff890f390c9000 , 2: 0 Free List , Offset: 4056 , 99% Used
Buffer 5: ffff890f3633c000 , 1: 15 General Logging, Offset: 960 , 23% Used
Buffer 6: ffff890f368e3000 , 3: 15 General Logging, Offset: 2912 , 71% Used
Buffer 7: ffff890f390ad000 , 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 8: ffff890f363cd000 , 2: 0 Free List , Offset: 4040 , 98% Used
Saved 8 Buffers

// This isn't working either
2: kd> !wmitrace.logsave 0x02 [COLOR=rgb(255, 0, 0)]%userprofile%[/COLOR]\desktop\log.etl
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = '%userprofile%\desktop\log.etl'
Failed to Open Save File '%userprofile%\desktop\log.etl'

// This works
2: kd> !wmitrace.logsave 0x02 C:\Users\martijn\Desktop\log.etl
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = 'C:\Users\marti\Desktop\log.etl'
Logger Id 0x02 @ 0xFFFF890F38BF0A80 Named 'Circular Kernel Context Logger'
CollectionOn = 1
LoggerMode = 0x02800480 ( secure buf system )
HybridShutdown = persist
BufferSize = 4 KB
BuffersAvailable = 4
MinimumBuffers = 8
NumberOfBuffers = 8
MaximumBuffers = 8
EventsLost = 0
LogBuffersLost = 0
RealTimeBuffersLost = 0
LastFlushedBuffer = 0
MaximumFileSize = 0
FlushTimer = 0 sec
PoolType = NonPaged
SequenceNumber = 1490
ClockType = CPU Cycle
EventsLogged = 0

Buffer Address Cpu RefCnt State
=======================================================================================
Buffer 1: ffff890f390b5000 , 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 2: ffff890f390b4000 , 2: 15 General Logging, Offset: 2352 , 57% Used
Buffer 3: ffff890f38bc7000 , 0: 15 General Logging, Offset: 4040 , 98% Used
Buffer 4: ffff890f390c9000 , 2: 0 Free List , Offset: 4056 , 99% Used
Buffer 5: ffff890f3633c000 , 1: 15 General Logging, Offset: 960 , 23% Used
Buffer 6: ffff890f368e3000 , 3: 15 General Logging, Offset: 2912 , 71% Used
Buffer 7: ffff890f390ad000 , 2: 0 Free List , Offset: 4024 , 98% Used
Buffer 8: ffff890f363cd000 , 2: 0 Free List , Offset: 4040 , 98% Used
Saved 8 Buffers

The end result is a log.etl file (see attached zip) of 212KB, the CKCL only records the last 0.5 to 3 seconds and has a 4MB buffer space which is why the ETL file is quite small.

MrPepka · Mar 16, 2019

Yes, but I had a situation where the dmp file did not contain the Circular logger ID even though it was enabled in the system

axe0 · Mar 16, 2019

If you still have the dump file, could you share it?

MrPepka · Mar 16, 2019

Yes, of course. The dumps I'm talking about are here:
https://www.sysnative.com/forums/attachments/030519-8218-01-zip.44653/
They come from this topic:
BSOD - Windows 10 x64
OP says it has Circular Kernel Context Logger enabled, but there is no information in the dump

axe0 · Mar 16, 2019

No surprise, they are mini kernel dumps. Mini kernel dumps contain not more than the following

the stop code and parameters,
the list of loaded device drivers,
the data structures that describe the current process and thread (called the EPROCESS and ETHREAD), not always though
the kernel stack for the thread that caused the crash,
additional memory considered potentially relevant by crash dump heuristics, such as the pages referenced by processor registers that contain memory addresses and secondary dump data added by drivers.

MrPepka · Mar 16, 2019

Yes, but in other minidumps you can see the ID of other loggers like in those:
https://www.sysnative.com/forums/attachments/sysnativefilecollectionapp-zip.44689/
With this topic:
[SOLVED] - ntoskrnl.exe+1aa0a0 issue - Windows 10 BSOD
And how do you explain it?

axe0 · Mar 16, 2019

With minidumps you just have to have a bit of luck that they contain a bit of extra data.

Bugcheck 0x133 + win32k.sys

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

axe0

Administrator,
BSOD Academy Instructor,
Security Analyst

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

philc43

BSOD Forum Moderator, BSOD Academy Instructor, BSOD Kernel Dump Expert

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

axe0

Administrator,
BSOD Academy Instructor,
Security Analyst

Attachments

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

axe0

Administrator,
BSOD Academy Instructor,
Security Analyst

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

axe0

Administrator,
BSOD Academy Instructor,
Security Analyst

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

axe0

Administrator,
BSOD Academy Instructor,
Security Analyst

Bugcheck 0x133 + win32k.sys

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Sysnative Staff, BSOD Kernel Dump Senior Analyst

BSOD Forum Moderator, BSOD Academy Instructor, BSOD Kernel Dump Expert

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Attachments

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Administrator,
BSOD Academy Instructor,
Security Analyst

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst