P Patrick Moderator, BSOD Academy Instructor Staff member Joined Jun 7, 2012 Posts 4,607 Jun 18, 2013 #1 Okay, so for 124's we can !errrec and for 9F's we can !irp, etc. On 24's, I've noticed it mentions the possibility to do a .cxr and then kb to obtain more info. First of all, what the hell does this mean? Second of all, how do I go about figuring this out? For example, here's a dump I am talking about - View attachment 061713-13884-01.rar Now, it says this: NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Click to expand... Okay, now (and this may seem like a stupid question, but just making sure), the stack is everything below STACK_TEXT:.. correct? And you read it from BOTTOM to TOP? Well, the stack text in the attached dump is: fffff880`03c5a120 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiObtainSystemCacheView+0x22e Click to expand... So since there is no NtfsExceptionFilter in the stack, I would assume this is not a dump in which we can perform the following commands noted in the dump? If so, regardless, can anyone show me in a dump with an exception filter, what you would do and what would be the outcome? Thanks.