Process Monitor Crashes with Exception code: 0xc0000005 RRS feed

  • Question

  • I am trying to capture data to solve an app issue. Process Monitor seems to crash after about 90 minutes with teh following info:

    Faulting application name: Procmon64.exe, version:, time stamp: 0x5f6395d1
    Faulting module name: ntdll.dll, version: 10.0.14393.3630, time stamp: 0x5e8d4386
    Exception code: 0xc0000005
    Fault offset: 0x0000000000065573
    Faulting process id: 0x12b4
    Faulting application start time: 0x01d6a031aa85c566
    Faulting application path: E:\ProcessMonitor\Procmon64.exe
    Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report Id: 4e4549af-41a1-4778-8957-98c9fa24c033
    Faulting package full name: 
    Faulting package-relative application ID: 

    A minidump file does not get produced. Relevant info:

    Windows Server 2016

    Process Monitor v3.60

    It appears that it had passed the 199 event limit as the first 5 PML files had been overwritten

    Process Monitor is started with this command from a bat file in a remote desktop session: start E:\ProcessMonitor\Procmon64.exe /BackingFile G:\ProcMonLogs\\%logdir%\CS-DLY-LS-SUNDAY.PML /AcceptEula /Profiling /Quiet /NoFilter

    It is interesting to note that I had run this on the same server for 3.5 hours without issue as a test. The only difference was the day and time and the user ID used for the Remote desktop session.

    Any insight would be greatly appreciated.


    Monday, October 12, 2020 10:47 AM

All replies

  • Did you rebooted the server between the two temptatives??

    I would only do that to start from a clean base..

    BY the way if you have captured the dump send it to, so Mark can have a look at it.


    Monday, October 12, 2020 1:03 PM
  • Hello JoeRSmith,

    Welcome to the TechNet Forum.

    Could you, please, tell me if you are using Role (or third party software) such as IDMU (Identity Management for Unix) on your server?

    Avis de non-responsabilité:
    Mon opinion ne peut pas coïncider avec la position officielle de Microsoft.

    Bien cordialement, Andrei ...


    • Edited by SQx Monday, October 12, 2020 3:21 PM updated
    Monday, October 12, 2020 3:18 PM