Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring BSoD in 32 bit Vista


  • Please log in to reply
41 replies to this topic

#1 pwenk99

pwenk99

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 06 February 2009 - 09:59 PM

Greetings!

My motherboard died suddenly a few weeks ago. I was sure it was the mobo because I paid to have all the parts tested. I decided to buy a new mobo, a Gigabyte EP45C-UD3R, a new 750 watt corsair PS (my old PS barely cut it), a new 250 GB HD to do a fresh Vista install and make getting old files easier, and a wireless-n card because my old ASUS mobo had built in wireless.

I recycled my old CPU, an Intel Core 2 Duo 6600, 2GB DDR 800 RAM, Sound Blaster Fatal1ty sound card, and nVidia 8600 GTS.

The install went off without a hitch but quickly turned sour. I got many recurring BSoDs and finally did a second fresh Vista install before realizing I didn't update the chipset drivers, oopsy! :huh:

Everything worked fine after I installed new drivers for everything, the sound card was especially a pain because all I would get was static. Seriously I got a BSoD every 10 min before I updated every single driver. It was extremely frustrating!

Finally everything idled smoothly. I reinstalled all my old software etc. and did my routine checks for malware.

Surfing the web, e-mail, and other light duty applications worked fine, but as soon as I had several browser windows open, watching flash video, or playing games I would get a non-descript BSoD. It seems that when my comp is taxed it crashes.

I've done kapersky's online virus scan and use Malwarebyte's anti malware, they both come up clean. I've run CHKDSK and memtest86 and everything seems fine. When I reboot after I have a crash, Windows says I have a hardware problem that it cant narrow down. Something with the mobo, PCU, RAM, or video card.

The last crash dump didn't seem to record anything unfortunately so I don't know where to start.

I anxiously await your help.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 07 February 2009 - 07:02 AM

If all the drivers are installed (check Device Manager to be sure), then try this link to generate an analysis of the issue: http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/
Copy/paste the analysis into your next post and we'll see if it tells us anything.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 February 2009 - 12:02 AM

Here's the dump... FYI I removed the soundcard cause I had a hunch that was the issue. Worked fine for a bit then crashed agin.


Microsoft ® Windows Debugger Version 6.11.0001.402 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81e51000 PsLoadedModuleList = 0x81f68c70
Debug session time: Thu Feb 12 20:37:53.514 2009 (GMT-8)
System Uptime: 0 days 9:05:36.494
Loading Kernel Symbols
...............................................................
..........................................................Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
....Page 5b363 not present in the dump file. Type ".hh dbgerr004" for details
.Page 5b4b8 not present in the dump file. Type ".hh dbgerr004" for details
.
........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd300c). Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {80000003, 81eab66c, baf72844, 0}

Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5b363 not present in the dump file. Type ".hh dbgerr004" for details
Page 5b4b8 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd300c). Type ".hh dbgerr001" for details
Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5b363 not present in the dump file. Type ".hh dbgerr004" for details
Page 5b4b8 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd300c). Type ".hh dbgerr001" for details
Probably caused by : ntkrpamp.exe ( nt!KiTrap0D+2d8 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: 81eab66c, The address that the exception occurred at
Arg3: baf72844, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5b363 not present in the dump file. Type ".hh dbgerr004" for details
Page 5b4b8 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd300c). Type ".hh dbgerr001" for details
Page 5ddca not present in the dump file. Type ".hh dbgerr004" for details
Page 5b363 not present in the dump file. Type ".hh dbgerr004" for details
Page 5b4b8 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd300c). Type ".hh dbgerr001" for details

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP:
nt!KiTrap0D+2d8
81eab66c cc int 3

TRAP_FRAME: baf72844 -- (.trap 0xffffffffbaf72844)
ErrCode = 00000000
eax=00053d85 ebx=baf72970 ecx=849fd670 edx=baf729a0 esi=81f49920 edi=81f0511f
eip=81eab66d esp=baf728b8 ebp=baf728b8 iopl=0 nv up di ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000097
nt!KiTrap0D+0x2d9:
81eab66d eb12 jmp nt!KiTrap0D+0x2ed (81eab681)
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 1b

LAST_CONTROL_TRANSFER: from 81e87590 to 81f1e0e3

STACK_TEXT:
baf72404 81e87590 0000008e 80000003 81eab66c nt!KeBugCheckEx+0x1e
baf727d4 81ea95da baf727f0 00000000 baf72844 nt!KiDispatchException+0x1a9
baf7283c 81ea9dac baf728b8 81eab66d badb0d00 nt!CommonDispatchException+0x4a
baf7283c 81eab66d baf728b8 81eab66d badb0d00 nt!KiTrap03+0xb8
baf728b8 81f0511f badb0d00 00000001 baf728d8 nt!KiTrap0D+0x2d9
baf72970 82069fd4 00000001 baf72aa8 00000001 nt!KeWaitForMultipleObjects+0x32d
baf72bfc 82069d43 00000001 00000001 00000000 nt!ObpWaitForMultipleObjects+0x256
baf72d48 81ea8a1a 00000001 0287fb7c 00000001 nt!NtWaitForMultipleObjects+0xcc
baf72d48 76e09a94 00000001 0287fb7c 00000001 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0287fbc8 00000000 00000000 00000000 00000000 0x76e09a94


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt!KiTrap0D+2d8
81eab66c cc int 3

SYMBOL_NAME: nt!KiTrap0D+2d8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b7fa

FAILURE_BUCKET_ID: 0x8E_nt!KiTrap0D+2d8

BUCKET_ID: 0x8E_nt!KiTrap0D+2d8

Followup: MachineOwner
---------



Thanks again!

#4 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 February 2009 - 12:29 AM

Happened again while I was running the Windows Experience Index... Here's the dump:


Microsoft ® Windows Debugger Version 6.11.0001.402 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81e10000 PsLoadedModuleList = 0x81f27c70
Debug session time: Thu Feb 12 21:05:51.822 2009 (GMT-8)
System Uptime: 0 days 0:26:55.574
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, 8202fbf6, 989a0c20, 0}

Page 5fa97 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details
Probably caused by : ntkrpamp.exe ( nt!IopCreateFile+63e )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8202fbf6, The address that the exception occurred at
Arg3: 989a0c20, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

Page 5fa97 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!IopCreateFile+63e
8202fbf6 8b4330 mov eax,dword ptr [ebx+30h]

TRAP_FRAME: 989a0c20 -- (.trap 0xffffffff989a0c20)
ErrCode = 00000000
eax=851ffa00 ebx=03855608 ecx=40200003 edx=401f0002 esi=10000000 edi=00000000
eip=8202fbf6 esp=989a0c94 ebp=989a0ce4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopCreateFile+0x63e:
8202fbf6 8b4330 mov eax,dword ptr [ebx+30h] ds:0023:03855638=????????
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: RaUI.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 81e46590 to 81edd0e3

STACK_TEXT:
989a07e0 81e46590 0000008e c0000005 8202fbf6 nt!KeBugCheckEx+0x1e
989a0bb0 81e685da 989a0bcc 00000000 989a0c20 nt!KiDispatchException+0x1a9
989a0c18 81e6858e 989a0ce4 8202fbf6 badb0d00 nt!CommonDispatchException+0x4a
989a0c30 8202e43e 00000008 000102d3 00000000 nt!Kei386EoiHelper+0x186
989a0ce4 82036fea 0012f5b0 00100080 0012f54c nt!ObOpenObjectByName+0x484
989a0d30 81e67a1a 0012f5b0 00100080 0012f54c nt!NtCreateFile+0x34
989a0d30 77449a94 0012f5b0 00100080 0012f54c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f5a8 00000000 00000000 00000000 00000000 0x77449a94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!IopCreateFile+63e
8202fbf6 8b4330 mov eax,dword ptr [ebx+30h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!IopCreateFile+63e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b7fa

FAILURE_BUCKET_ID: 0x8E_nt!IopCreateFile+63e

BUCKET_ID: 0x8E_nt!IopCreateFile+63e

Followup: MachineOwner
---------

Thanks!

#5 pheonix

pheonix

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:07:39 PM

Posted 14 February 2009 - 04:36 AM

It might be advantageous if you unplug some unecessary hardware and try to see if the problem is resolved, start with the wireless card and any other peripherals that don't need to be connected. Then, slowly add removed items after you verify that they are not the cause of the problem. This is good temprorarily - until the experts have time to analyse your logs :huh:

Dave

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 14 February 2009 - 09:55 AM

The first error is in ntkrpamp.exe while it was running within Chrome.exe
The second error is in ntkrpamp.exe while it was running within RaUI.exe

Chrome.exe is most likely your Internet browser.
RaUI.exe is most likely your Edimax Wireless Utility.

As both are associated with your connectivity, I'd have to suspect the Edimax program first.
Uninstall it and then reinstall a freshly downloaded copy to test it.

There are some strange issues listed in your dump files, could you zip them up and upload them in your next post?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 February 2009 - 04:30 PM

I uninstalled and reinstalled the utility as advised. So far so good. My wireless adapter card is an Encore Electronics ENLWI-N and it seems that people have had issued with random hangs because of this card, according to the newegg.com reviews section.

Here's a media fire link to my dump file:

Dump file

It was 82mb zipped so I couldn't upload it directly. So sorry.

Thanks again for the help!

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 14 February 2009 - 05:25 PM

Not a problem, thanks for uploading it. I'm downloading it now and will post back after I've tried running it/them in my debugger.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 14 February 2009 - 05:41 PM

The PEB is paged out error refers to user-mode data that's not available in the dump file. There's a bunch of stuff that's paged out, so that was of concern to me (just in case it was needed).
But, because we're looking at driver issues, the problem being reported is most likely in the kernel-mode data (and that's present).

IMO this is more of a concern in errors like the STOP 0xC000021A rather than the STOP 0x0000008e errors that you're experiencing - but user mode errors are still possible g (just less likely).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 February 2009 - 06:17 PM

Forgive my noobishness but what would be the best recommended action to troubleshoot and/or repair said kernel-mode data.

Again, thanks for your help.

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 15 February 2009 - 07:36 AM

There's no problem with asking questions, that's why we're here. FWIW - I'm still learning a lot of this - so questions help me to learn also!

The reason that the PEB is paged out is because there wasn't enough room for everything in the memory space being used in your RAM. So the Windows Memory Manager paged them out to make room for other process or kernel-mode info. "Paging out" is taking the stuff (measured in pages) that's in the physical RAM and moving it to the virtual memory provided in your pagefile. This is a normal operation.

When the system crashes, it writes information to the physical RAM. If the system is configured to write a complete memory dump (as yours was), then the memory dump will occupy all of the RAM (I don't know if this is the "cause" of the PEB error). When this happens, the computer will then save the dump file information into the dump file when the system is rebooted.

A couple of things about memory:
- each running process is able to address 4gB of virtual memory (this is NOT physical memory (RAM)).
- although each process is able to address 4gB of virtual memory - it doesn't have to use this much (and most don't)
- of that 4gB of virtual memory, user-mode threads can use 2gB and kernel mode threads can use 2gB (in special circumstances you can up the user-mode stuff to 3gB, but the kernel-mode stuff decreases to 1gB).
- the Windows Memory Manager handles the conversion between virtual memory and physical memory (RAM, ReadyBoost devices, and the pagefile)

Here's the explanation that I found: http://msdn.microsoft.com/en-us/library/cc267325.aspx

And here's how to fix it: http://msdn.microsoft.com/en-us/library/cc901409.aspx

Frankly, there's not really any need to do anything about this right now.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 February 2009 - 09:10 PM

Well... I uninstalled the network app and installed an updated driver only for my wireless-n card.

Still getting BSOD. Dam!

But they now come with new and exciting flavors!

The first one I got said: IRQL-NOT-LESS-OR-EQUAL

And the second one gave me an Nvlddmkm.sys error

Ive uploaded my latest dump file for your perusal: Dump file

Thanks again!

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 19 February 2009 - 07:29 AM

Memory dumps take a "snapshot" of the system as it existed when the crash occurred.
If a program does something that takes a while to cause a crash, that program may not show up in the memory dump.

So we troubleshoot them by "fixing" each error that does come up (and make the assumption that it's not a Windows problem causing it).
So there's basically 4 possibilities with each analysis:
- the memory dump identified the problem and it was fixed
- the memory dump didn't identify the problem and a 3rd party reference was dealt with
- the memory dump didn't identify the problem and Windows is responsible.
- the memory dump didn't identify the problem and there's a hardware issue.

Recurring memory dumps (after we try a fix) indicates that the problem wasn't fixed.
What's recurring? - that's a judgment call based on how close the dumps are in time and what problems are involved in the dump file.

This is basically just "playing the odds" - we fix the most likely things and will eventually stumble upon the correct "fix"

I'll run the analysis and will post it later on.

Edited by usasma, 19 February 2009 - 07:49 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:39 AM

Posted 19 February 2009 - 07:44 AM

Here's what we've got now: GameClient.exe was using Nvlddmkm.sys when it caused an access violation (c0000005) in memory.
Also note (from the Stack text) that dxgkrnl(.sys) is involved immediately before the Nvlddmkm.sys execution.
So, we've got 3 possibilities:
- Direct X is corrupted (dxgkrnl.sys)
- nVidia drivers are corrupted (nvlddmkm.sys)
- GameClient.exe is corrupted/bad (my #1 suspect)

I get different results when searching for GameClient.exe - so you'll have to determine what program is using it on your system. To do this I'd suggest using this free utility to list all of your startups: http://www.microsoft.com/technet/sysintern...s/Autoruns.mspx
Once installed just scroll down the list looking for gamecenter.exe in the Image Path column. If it doesn't tell you exactly, please post back with the entire path so we can do some research.

So, I'd suggest these steps:
1 - leave Direct X alone for the time being - but ensure that your Windows Updates are up-to-date.
2 - Drivers can list the most updated version yet still can be corrupted. Download a fresh copy of your video drivers from http://www.nvidia.com Then uninstall the current drivers from the Control Panel...Programs and Features applet. Reboot (dismissing any prompts to detect your video adapter) and then install the freshly downloaded drivers.
3 - Either stop GameCenter.exe from running, or uninstall the program that it's associated with. It depends on what it belongs to if I'd recommend reinstalling it later on (after the BSOD's are gone).

Here's the dump file analysis:

Microsoft Windows Debugger Version 6.10.0003.233 AMD64
Copyright Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\FUBAR\Downloads\MEMORY\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81e44000 PsLoadedModuleList = 0x81f5bc70
Debug session time: Wed Feb 18 20:33:32.406 2009 (GMT-5)
System Uptime: 0 days 1:01:33.184
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, 8b681174, 9b0a6658, 0}

*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details
Probably caused by : nvlddmkm.sys ( nvlddmkm+73174 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8b681174, The address that the exception occurred at
Arg3: 9b0a6658, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nvlddmkm+73174
8b681174 ff5204 call dword ptr [edx+4]

TRAP_FRAME: 9b0a6658 -- (.trap 0xffffffff9b0a6658)
ErrCode = 00000000
eax=9b0a6770 ebx=9b0a6b14 ecx=8710e1b1 edx=418baaa8 esi=84a19b38 edi=8710e1b1
eip=8b681174 esp=9b0a66cc ebp=9b0a67dc iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nvlddmkm+0x73174:
8b681174 ff5204 call dword ptr [edx+4] ds:0023:418baaac=????????
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: GameClient.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 81e7a590 to 81f110e3

STACK_TEXT:
9b0a6218 81e7a590 0000008e c0000005 8b681174 nt!KeBugCheckEx+0x1e
9b0a65e8 81e9c5da 9b0a6604 00000000 9b0a6658 nt!KiDispatchException+0x1a9
9b0a6650 81e9c58e 9b0a67dc 8b681174 badb0d00 nt!CommonDispatchException+0x4a
9b0a66fc 8b6873af 8600b000 9b0a6724 82b3c040 nt!Kei386EoiHelper+0x186
WARNING: Stack unwind information not available. Following frames may be wrong.
9b0a67dc 8b61b56c 8710e1b0 9b0a6b14 ab633d88 nvlddmkm+0x793af
9b0a67fc 82b3d737 8600b000 9b0a6b14 ab633d88 nvlddmkm+0xd56c
9b0a6818 82b3f89b 8710e1b0 9b0a6b14 ab633d88 dxgkrnl!DXGADAPTER::DdiPresent+0x35
9b0a69b0 82b41856 00000000 8000f740 00000000 dxgkrnl!DXGCONTEXT::SubmitPresent+0x312
9b0a6ba4 82b41bc4 a2e156c8 00000000 19b9ff5b dxgkrnl!DXGCONTEXT::Present+0x1956
9b0a6d58 81e9ba1a 51e7f017 0aacfdc4 77b09a94 dxgkrnl!DxgkPresent+0x271
9b0a6d58 77b09a94 51e7f017 0aacfdc4 77b09a94 nt!KiFastCallEntry+0x12a
0aacfdc4 00000000 00000000 00000000 00000000 0x77b09a94


STACK_COMMAND: kb

FOLLOWUP_IP:
nvlddmkm+73174
8b681174 ff5204 call dword ptr [edx+4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nvlddmkm+73174

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nvlddmkm

IMAGE_NAME: nvlddmkm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 496eb9f7

FAILURE_BUCKET_ID: 0x8E_nvlddmkm+73174

BUCKET_ID: 0x8E_nvlddmkm+73174

Followup: MachineOwner
---------


Edited by usasma, 19 February 2009 - 07:50 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#15 pwenk99

pwenk99
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 20 February 2009 - 11:12 PM

Ok I reinstalled nvidia drivers, and deleted gameclient.exe which was a beta test for an MMO. I've had 3 BSODs since then...

The first happened very soon after Vista booted and I checked my e-mail. The reported error was IRQL NOT LESS THAN OR EQUAL (or something to that effect)

The second was while playing Team Fortress 2 for about 15 min. (The debug report said the fault was because of the game)

The third was while watching flash video online. The BSOD stated the error was MEMORY_MANAGEMENT

Here is the debug report:


Microsoft ® Windows Debugger Version 6.11.0001.402 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81e1c000 PsLoadedModuleList = 0x81f33c70
Debug session time: Fri Feb 20 19:38:46.585 2009 (GMT-8)
System Uptime: 1 days 1:35:38.108
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols

Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41287, 24, 0, 0}

Probably caused by : ntkrpamp.exe ( nt!KiTrap0E+dc )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041287, The subtype of the bugcheck.
Arg2: 00000024
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x1a_41287

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: 8833fc7c -- (.trap 0xffffffff8833fc7c)
ErrCode = 00000010
eax=00000002 ebx=00000000 ecx=00000000 edx=00000000 esi=81f1b080 edi=c000009a
eip=82049a7e esp=8833fcf0 ebp=8833fd7c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
nt!PfTLoggingWorker+0x67:
82049a7e 83f804 cmp eax,4
Resetting default scope

LAST_CONTROL_TRANSFER: from 81e76b54 to 81ec10f5

STACK_TEXT:
8833f9f8 81e76b54 00000000 00000024 00000000 nt!MmAccessFault+0x10a
8833f9f8 81e89935 00000000 00000024 00000000 nt!KiTrap0E+0xdc
8833fadc 81ea25f0 c0410248 83b5a7fc 00000000 nt!MiUpdateWsle+0x1a
8833fb24 81ea0a31 00000000 82049a7e c0410248 nt!MiResolveTransitionFault+0x92f
8833fbe8 81ec2093 82049a7e 00000000 00000000 nt!MiDispatchFault+0xa98
8833fc64 81e76b54 00000008 82049a7e 00000000 nt!MmAccessFault+0x10ac
8833fc64 82049a7e 00000008 82049a7e 00000000 nt!KiTrap0E+0xdc
8833fd7c 81ff1b18 81f1b080 505bb482 00000000 nt!PfTLoggingWorker+0x67
8833fdc0 81e4aa2e 82049a17 81f1b080 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiTrap0E+dc
81e76b54 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiTrap0E+dc

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b7fa

FAILURE_BUCKET_ID: 0x1a_41287_VRF_nt!KiTrap0E+dc

BUCKET_ID: 0x1a_41287_VRF_nt!KiTrap0E+dc

Followup: MachineOwner
---------

Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users