Crash when saving boot logging capture RRS feed

  • Question

  • We're seeing a crash in Process Monitor v3.50 (latest at time of writing) when attempting to save a boot logging capture. At a certain point while saving the PML files, while the progress dialogue is being displayed, the process will silently crash. The Event Viewer shows procmon64.exe exiting with exception code 0xc0000005 (STATUS_ACCESS_VIOLATION). I've retrieved a minidump of the crash and it does look like a bad pointer read from loading it into WinDbg and running a quick !analyze, as it crashes trying to read the address 0xffffffffffffffff. I haven't spent any further time digging into the issue as the stack trace pretty clearly shows the issue occurring within the ProcMon64 module and there's no public symbols available.

    Are any Sysinternals tools developers watching this forum and able to assist with a potential fix? I'm happy to provide the minidump privately to assist with troubleshooting.

    Saturday, January 5, 2019 7:53 AM


All replies

  • I should have mentioned that the crash happens reliably on both:

    1. Attempting to save a new bootlog on a subsequent boot.

    2. Re-attempting to save the same bootlog trace on starting Process Monitor again.

    The affected system is running Windows 10 x64 v1803.

    Saturday, January 5, 2019 7:56 AM
  • Hi Nexiom

    can you drop me an email to and I will provide you with a location to upload the dump file

    MarkC (MSFT)

    • Marked as answer by nexiom Thursday, October 3, 2019 7:05 AM
    Thursday, January 10, 2019 7:08 PM
  • Just belatedly advising for anyone reading this that I could reliably reproduce the crash right up until MarkC generously offered to help. I haven't seen the issue since.
    Thursday, October 3, 2019 7:06 AM