Microsoft-Windows-WER-Diag

5 events across 1 channel

Event ID	Title	Channel
1	Possible disk corruption detected for executable image %1, causing application …	Operational
2	Possible heap corruption detected (exception code %1).	Operational
3	Possible crash in an unloaded dll detected.	Operational
4	Crash on launch is detected.	Operational
5	CFG violation is detected.	Operational

Event ID 1 — Possible disk corruption detected for executable image %1, causing application %2 to stop working with exception %3, status code %4.

Provider: Microsoft-Windows-WER-Diag
Channel: Operational

Message

Possible disk corruption detected for executable image %1, causing application %2 to stop working with exception %3, status code %4. Initiating further diagnostics.

Fields

Name	Description
`CorruptedFilePath`	—
`CrashedAppName`	—
`ExceptionCode`	—
`ExceptionStatusCode`	—

Event ID 2 — Possible heap corruption detected (exception code %1).

Provider: Microsoft-Windows-WER-Diag
Channel: Operational

Message

Possible heap corruption detected (exception code %1). Initiating further diagnostics.

Fields

Name	Description
`ExceptionCode`	—

Event ID 3 — Possible crash in an unloaded dll detected.

Provider: Microsoft-Windows-WER-Diag
Channel: Operational

Message

Possible crash in an unloaded dll detected. Initiating further diagnostics.

Fields

Name	Description
`ProcessId`	—
`ModuleNameLength`	—
`ModuleName`	—

Event ID 4 — Crash on launch is detected.

Provider: Microsoft-Windows-WER-Diag
Channel: Operational

Message

Crash on launch is detected. Initiating further diagnostics.

Fields

Name	Description
`ProcessId`	—
`ModuleName`	—
`StartTime`	—
`CrashTimeFromStart`	—

Event ID 5 — CFG violation is detected.

Provider: Microsoft-Windows-WER-Diag
Channel: Operational

Message

CFG violation is detected.

Fields

Name	Description
`AppPath`	—
`ProcessId`	—
`ProcessStartTime`	—
`Is64Bit`	—
`CallReturnAddress`	—
`CallReturnModName`	—
`CallReturnModOffset`	—
`CallReturnInstructionBytesLength`	—
`CallReturnInstructionBytes`	—
`CallReturnBaseAddress`	—
`CallReturnRegionSize`	—
`CallReturnState`	—
`CallReturnProtect`	—
`CallReturnType`	—
`TargetAddress`	—
`TargetModName`	—
`TargetModOffset`	—
`TargetInstructionBytesLength`	—
`TargetInstructionBytes`	—
`TargetBaseAddress`	—
`TargetRegionSize`	—
`TargetState`	—
`TargetProtect`	—
`TargetType`	—