Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Bugcheck 8e While Runn Client App


  • Please log in to reply
3 replies to this topic

#1 egoots

egoots

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 26 August 2008 - 02:21 PM

While running a ClientTestApp user application on a laptop computer, the following Blue Screen error can be consistently reproduced. I have access to the ClientTestApp source code and it does not have any device driver related connections. Its a graphical drawing program... If anything, there might be some user mode errors but it shouldnt cause a blue screen.

Given that the program is graphically related I suspect something related to the graphics card, but I cannot see any evidence of this in the the WinDbg analysis below.


The following is the WinDbg output details -- any suggestions on tracking this down would be appreciated:


Microsoft ® Windows Debugger Version 6.8.0004.0 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Ed\My Documents\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Documents and Settings\Ed\My Documents\dev\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Sun Aug 24 13:43:06.140 2008 (GMT-7)
System Uptime: 0 days 0:13:23.873
Loading Kernel Symbols
....................................................................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, bf8e5e91, b72d7c98, 0}


PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
Probably caused by : win32k.sys ( win32k!UserGetRedirectedWindowOrigin+28 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8e5e91, The address that the exception occurred at
Arg3: b72d7c98, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!UserGetRedirectedWindowOrigin+28
bf8e5e91 8b5040 mov edx,dword ptr [eax+40h]

TRAP_FRAME: b72d7c98 -- (.trap 0xffffffffb72d7c98)
ErrCode = 00000000
eax=00000000 ebx=00000001 ecx=00000b20 edx=0000000b esi=e4ad2988 edi=00000005
eip=bf8e5e91 esp=b72d7d0c ebp=b72d7d0c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!UserGetRedirectedWindowOrigin+0x28:
bf8e5e91 8b5040 mov edx,dword ptr [eax+40h] ds:0023:00000040=????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: ClientTestApp.exe

LAST_CONTROL_TRANSFER: from 804fe7e3 to 804f9f13

STACK_TEXT:
b72d7860 804fe7e3 0000008e c0000005 bf8e5e91 nt!KeBugCheckEx+0x1b
b72d7c28 80541415 b72d7c44 00000000 b72d7c98 nt!KiDispatchException+0x3b1
b72d7c90 805413c6 b72d7d0c bf8e5e91 badb0d00 nt!CommonDispatchException+0x4d
b72d7c98 bf8e5e91 badb0d00 0000000b 00000000 nt!Kei386EoiHelper+0x18a
b72d7d0c bf816709 0c0106ca b72d7d40 0013f188 win32k!UserGetRedirectedWindowOrigin+0x28
b72d7d50 805409ac 0c0106ca e4ad2988 00000004 win32k!GreGetRandomRgn+0xde
b72d7d50 7c90eb94 0c0106ca e4ad2988 00000004 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0013f1a0 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!UserGetRedirectedWindowOrigin+28
bf8e5e91 8b5040 mov edx,dword ptr [eax+40h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!UserGetRedirectedWindowOrigin+28

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47e0e106

FAILURE_BUCKET_ID: 0x8E_win32k!UserGetRedirectedWindowOrigin+28

BUCKET_ID: 0x8E_win32k!UserGetRedirectedWindowOrigin+28

Followup: MachineOwner
---------

BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:17 AM

Posted 26 August 2008 - 05:28 PM

While I have no idea what the Client Test App is or does, it appears that either it, or a driver on the system doesn't access memory properly. Since it doesn't occur without the Client Test App - then I wonder if it's this that's causing it.

There are some issues with the dump log also - the PEB is paged out statement. While this doesn't affect kernel dumps, it does mean that we won't be able to get user level information out of the system (and, if it's a user mode process that's causing the crash, we won't be able to find it out).

That being said, this is either (IMO):
1) An issue with Client Test App
2) An issue with a driver on the system
3) An issue with the system's memory (less likely, but possible).

Could this copy of Client Test App be corrupted? Can you try another, fresh copy?

Also, try enabling Driver Verifier for unsigned drivers. Here's an article that discusses it: http://support.microsoft.com/kb/244617
Once you get a dump file with Driver Verifier enabled, you should go in and disable it (delete the settings) - otherwise there will be a performance impact on your system (and this is the reason why we don't use it for all drivers - it'll slow the system to a crawl!)

Finally, try this free, bootable memory test: http://www.memtest86.com/ Let the test run for a minimum of 3 passes (overnight is better). You can stop the test if errors start occurring as it indicates a problem with your physical memory then.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 egoots

egoots
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 26 August 2008 - 05:56 PM

Thanks for the reply.

To answer some questions (preliminarily):

- PEB is paged out because the laptop is remote from me and I the user only performed a Kernel Memory Dump not a full memory. I transferred this remote file to my computer where I performed the analysis.
I am trying to get them to provide a Full memory dump for re-analysis.

You suggest 1 of 3 issues

1) An issue with Client Test App

- I simply do not understand how a Client User mode application can cause a blue screen like this to occur. Even if it is accessing memory where it shouldnt, it should cause a user mode exception not a Kernel mode blue screen, shouldnt it?



2) An issue with a driver on the system

- This seems most likely to me although I cant see that info from the dump analysis (yet?).


3) An issue with the system's memory (less likely, but possible).

- I was just informed that this person has another laptop which is exactly the same as the first and the error re-occurs... so memory corruption seems unlikely.


Could this copy of Client Test App be corrupted? Can you try another, fresh copy?

- It could be... and this will be tried. I have also been informed that this Client Test app is successfully running on a number of other machines and has never blue screened.

I will try to get a driver verifier run in as well as a full memory dump and see what comes of it.

Thanks for the advice. I will post with follow up details as I get them.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:17 AM

Posted 26 August 2008 - 06:51 PM

It depends on how the Client Test App is written (I have no knowledge of it). But, for example, the Client Test App has to access the drive to save information - and in doing so it uses the file system driver (and other kernel level drivers) to do this. As I understand it, the Windows API's provide a limited means of traversing the user/kernel boundary (but I'm really not very experienced with it). If it couldn't do this, then you couldn't access devices to communicate outside of the system (video drivers, disk drivers, printer drivers, NIC drivers, etc).

Running Driver Verifier on the unsigned drivers usually gives good results (verifying all drivers will slow the system to a crawl). With Driver Verifier it seems (IME) that an immediate crash on reboot will result in a good identification of the offending driver. If the system doesn't crash immediately, then the dump file may give clues but won't necessarily identify the offending driver.

FWIW - I'm self-taught when it comes to crash dump analysis, so excuse my ignorance about the PEB stuff. I just don't do that during my usual operations.

That being said, since this occurs with another, identical laptop - then I'd have to suspect that it's an incompatibility between the Client Test App and a driver on the systems. Since it doesn't occur on other machines, I'd have to suspect that it's something that unique to those systems. I'd first try disabling all of the manufacturer's "special" drivers (like all the added Toshiba drivers on a Toshiba laptop (I have lot's of issues with their Bluetooth drivers whenever I try to use them)).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users