Since the dump file is way too big, please see the following debugger output:
*Exception Analysis **
KEY_VALUES_STRING: 1
Key : AV.Dereference Value: NullClassPtr Key : AV.Fault Value: Read Key : Analysis.CPU.mSec Value: 10249 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on *** Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 158759 Key : Analysis.Init.CPU.mSec Value: 2343 Key : Analysis.Init.Elapsed.mSec Value: 77675 Key : Analysis.Memory.CommitPeak.Mb Value: 203 Key : Analysis.System Value: CreateObject Key : Timeline.OS.Boot.DeltaSec Value: 414907 Key : Timeline.Process.Start.DeltaSec Value: 148407 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 Key : WER.Process.Version Value: 2.3.449.0ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
eax=0825f80c ebx=0825f7dc ecx=0825f7dc edx=1a5d9e38 esi=12dab250 edi=00000000
eip=0048909b esp=0825f798 ebp=0825f7a4 iopl=0 nv up ei ng nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010282
GWCtlSrv!glasswire::EventLog::`default constructor closure’+0xc961e:
0048909b 8b7704 mov esi,dword ptr [edi+4] ds:002b:00000004=???
Resetting default scopeEXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0048909b (GWCtlSrv!glasswire::EventLog::`default constructor closure’+0x000c961e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000004
Attempt to read from address 00000004PROCESS_NAME: GWCtlSrv.exe
READ_ADDRESS: 00000004
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000004
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0825f7a4 0048d205 00000000 cdf6cb5e 14b75c60 GWCtlSrv!glasswire::EventLog::default constructor closure'+0xc961e 0825f7f4 0048cbf3 0825f80c cdf6c486 14b75c88 GWCtlSrv!glasswire::EventLog::default constructor closure’+0xcd788
0825f82c 004869fd 14b75c60 0825f84c cdf6c4d6 GWCtlSrv!glasswire::EventLog::default constructor closure'+0xcd176 0825f87c 00b73e7c cdf6c46e 061f8298 01d5b388 GWCtlSrv!glasswire::EventLog::default constructor closure’+0xc6f80
0825f8c4 00b78053 06fca290 00b77b6d cdf6c442 GWCtlSrv!glasswire::EventLog::default constructor closure'+0x7b43ff 0825f8e8 76c04f9f 06fca290 e533f471 76c04f60 GWCtlSrv!glasswire::EventLog::default constructor closure’+0x7b85d6
0825f920 75d500f9 061f8298 75d500e0 0825f98c ucrtbase!thread_start<unsigned int (__stdcall*)(void *),1>+0x3f
0825f930 77927bbe 061f8298 2d6002f5 00000000 kernel32!BaseThreadInitThunk+0x19
0825f98c 77927b8e ffffffff 77948d04 00000000 ntdll!__RtlUserThreadStart+0x2f
0825f99c 00000000 76c04f60 061f8298 00000000 ntdll!_RtlUserThreadStart+0x1bSYMBOL_NAME: gwctlsrv!glasswire::EventLog::`default constructor closure’+c961e
MODULE_NAME: GWCtlSrv
IMAGE_NAME: GWCtlSrv.exe
STACK_COMMAND: ~14s ; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_CLASS_PTR_READ_c0000005_GWCtlSrv.exe!glasswire::EventLog::default_constructor_closure
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
IMAGE_VERSION: 2.3.449.0
FAILURE_ID_HASH: {d65516ff-4bff-04dd-941c-3cf311ce9882}
Followup: MachineOwner