#attempted execute of noexecute memory - blue screen error on the first start up of the day

looking at event viewer “dcom” is an error my computer likes to get apparently

<@&787033266225938472>

Hello!

Assuming that you can boot into Windows successfully, could you please provide me with the recent crash dumps stored in C:\Windows\Minidump\?

i have to be somewhere pretty soon but lemme see if I can get them real quick

Alright

Considering that a) you are using Windows 11 and b) the nature of this bug check being related to SMEP (supervisor mode execution prevention), this is likely a result of HVCI (known as memory integrity) being enabled. I advise you to experiment with memory integrity disabled.

don’t think I can get them in time, sorry! I’ll be back in fourish hours

That's okay

Feel free to ping me when you have returned

@ruby quartz

I’ve been trying to send the mini dumps over for the past couple of minutes but all the uploads appear to fail?

You have to take ownership of the files first. The ownership of the crash dumps is usually assigned to NT AUTHORITY\SYSTEM, and thus you need to change that

Alongside granting yourself access too

Alternatively, you can copy the crash dumps onto your desktop, then drag and drop the newly copied files into Discord. That works too.

it keeps on saying it cant find the item (trying your alternative)

Hm, yeah you probably have to take ownership of the files then

Do you know your way around the file properties? I can show you if you don't

i dont

I have to get an example file here to demonstrate

alright

Okay, you have to do this file by file, you can't perform this on multiple at the same time unfortunately

Unless you know of the DACL command in command prompt, which admittedly I don't know either lol

not a clue sadly enough lmao

Right click one of the crash dumps in the directory and click on properties

Next, I want you to click on the "Security" tab at the top

We're attempting to take ownership, so we will need to go to the "Advanced" settings, a button for which exists at the bottom of the "Security" tab

A new dialog should have appeared by now. At the top where it says "Owner: <name>," there is also the ability to change it. Click on "Change" and a new dialog should appear

In this new dialog, type in your Windows username. In my case, I would type in Niko as that is the name of my account

it just says the information in the security tabs isnt available

Can you screenshot the whole dialog

sure

I see Windows wants to be challenging today

Well for one, I presume you have administrative access, correct?

yep

Okay then, this is going to be a little more annoying

Windows 11 loves to play games

Let me figure out what that one command was, it won't take very long at all

Okay

These commands will need to be executed with administrative privileges in order:

icacls <file name, replace this with the minidump file location> /setowner <your Windows username>
icacls <file name, replace this with the minidump file location> /grant <your Windows username>:F

@craggy smelt

And it does require the full path to the minidump, so you'll need that and the name

sounds good, i assume i copy the path from the file?

Well, copy the name of the file, but you'll also need the C:\Windows\Minidump\ in front of it

icacls <C:\Windows\Minidump\041223-11484-01> /setowner kjkb

does that look right for the first part? i dont wanna do smth wrong lmao

icacls <C:\Windows\Minidump\041223-11484-01> /setowner kjkb

icacls <C:\Windows\Minidump\041223-11484-01> /grant kjkb:F

@ruby quartz gonna quickly ping you for this, sorry if you don’t like pings!

icacls C:\Windows\Minidump\041223-11484-01.dmp /setowner kjkb
icacls C:\Windows\Minidump\041223-11484-01.dmp /grant kjkb:F

thanks !

hmm it cant find the file, lemme double check if i got the right file

There's a chance it's incorrect

Either that or it won't let you take ownership of the file for some unknown reason

?

Looks correct to me

Dump files have their own format

I will be going to bed here in a moment, so if you'd like me to analyze them tonight, you can send them over

Otherwise you'll have to wait until tomorrow at around 4 PM EST

Alright. I will let you know when I get home tomorrow. If you would like, I can assist you during certain times of the day while I'm at school. Though, don't expect me to be much help then.

Of course! I'll do my best to finish this up for you later today (it is 1:30 AM)

Well, that was disappointing. I apologize for practically lying.

Don’t forget the crash dumps though, as I do need these to understand the crashes.

Just a friendly reminder lol