Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD | Possible driver error


  • Please log in to reply
3 replies to this topic

#1 cwills.tech

cwills.tech

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 24 January 2013 - 12:36 AM

I am working on a client computer, the problem is that the system will BSOD and when it restarts it will want to run startup repair. When it does it restarts and wants to run startup again. Doing this just ends in the same result over and over. If I choose to startup normally instead of running startup repair it will boot fine. Afterwords I run diagnostic test, malware scans, check system error logs but haven't really gotten anywhere with any of it. I found your site on analyzing and debugging system memory dumps. I am fairly sure that the error is coming from a video card driver error but I am not for certain. I am hoping that someone here can help.

OS: Windows Vista Home Premium Service Pack 2
System Model: HP-Pavilion GX759AA-ABA a6357c
VGA: NVIDIA GeForce 6150SE nForce 430

Here is the dump of the system memory file "MEMORY.DMP" debugged using the method described at your tutorial site.


Microsoft ® Windows Debugger Version 6.2.9200.20512 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Strife\Dropbox\Personal Clients Files\IdaLandis\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18686.x86fre.vistasp2_gdr.120824-0336
Machine Name:
Kernel base = 0x81c49000 PsLoadedModuleList = 0x81d60c70
Debug session time: Mon Jan 21 17:43:07.579 2013 (UTC - 5:00)
System Uptime: 0 days 0:00:09.250
Loading Kernel Symbols
...............................................................
...
Loading User Symbols

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, 8046cda4, 8a55b1a8, 0}

Probably caused by : hardware ( CI!_SEH_prolog4_GS+4 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8046cda4, The address that the exception occurred at
Arg3: 8a55b1a8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
CI!_SEH_prolog4_GS+4
8046cda4 8064ff3500 and byte ptr [edi+edi*8+35h],0

TRAP_FRAME: 8a55b1a8 -- (.trap 0xffffffff8a55b1a8)
ErrCode = 00000002
eax=8a55b244 ebx=8a55b310 ecx=00000001 edx=00000001 esi=8e200000 edi=00000000
eip=8046cda4 esp=8a55b21c ebp=8a55b294 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210206
CI!_SEH_prolog4_GS+0x4:
8046cda4 8064ff3500 and byte ptr [edi+edi*8+35h],0 ds:0023:00000035=??
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: System

CURRENT_IRQL: 0

MISALIGNED_IP:
CI!_SEH_prolog4_GS+4
8046cda4 8064ff3500 and byte ptr [edi+edi*8+35h],0

LOCK_ADDRESS: 81d7d600 -- (!locks 81d7d600)

Resource @ nt!PiEngineLock (0x81d7d600) Exclusively owned
Threads: 8409e828-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0x81d7d600
Thread Count : 1
Thread address: 0x8409e828
Thread wait : 0x250

LAST_CONTROL_TRANSFER: from 81c70928 to 81d16abf

STACK_TEXT:
8a55ad68 81c70928 0000008e c0000005 8046cda4 nt!KeBugCheckEx+0x1e
8a55b138 81c947fa 8a55b154 00000000 8a55b1a8 nt!KiDispatchException+0x1a9
8a55b1a0 81c947ae 8a55b294 8046cda4 badb0d00 nt!CommonDispatchException+0x4a
8a55b218 80535670 804e9cf8 00000054 805358fc nt!KiExceptionExit+0x186
8a55b294 81de3fed 867fc6a8 8e200000 00957c60 CI!CipValidateFileHash+0xc
8a55b2b0 81de3e5b 867fc6a8 8e200000 00958000 nt!SeValidateImageHeader+0x4d
8a55b32c 81e7a6c1 867fc6a8 8684b450 00000001 nt!MiValidateImageHeader+0x1a4
8a55b44c 81e7afb6 8a55b4a0 00000008 8a55b5b8 nt!MmCreateSection+0x763
8a55b4c0 81c93c3a 8a55b5e8 00000008 8a55b5b8 nt!NtCreateSection+0x177
8a55b4c0 81c91831 8a55b5e8 00000008 8a55b5b8 nt!KiFastCallEntry+0x12a
8a55b554 81dd5b33 8a55b5e8 00000008 8a55b5b8 nt!ZwCreateSection+0x11
8a55b614 81dd5a02 8000002c 81d60c70 8409e828 nt!MmCheckSystemImage+0x52
8a55b65c 81dd5898 8a55b888 00000000 8a55b680 nt!MiCreateSectionForDriver+0x8f
8a55b684 81dd459c 8a55b6f0 8a55b888 00000000 nt!MiObtainSectionForDriver+0x96
8a55b700 81db45e5 8a55b888 00000000 00000000 nt!MmLoadSystemImage+0x1c2
8a55b8f4 81daccea 00000000 8a55b900 8a55b924 nt!IopLoadDriver+0x385
8a55b938 81e1c473 8a263208 00000001 8a2631f4 nt!PipCallDriverAddDeviceQueryRoutine+0x309
8a55b974 81e1c8a0 8a55ba98 8a55b9c8 8a253200 nt!RtlpCallQueryRegistryRoutine+0x25b
8a55ba0c 81dab4f2 40000000 80000040 8a55ba40 nt!RtlQueryRegistryValues+0x418
8a55baf0 81daaa25 00000000 8a55bd38 81d7b550 nt!PipCallDriverAddDevice+0x2ff
8a55bcec 81c55724 840a34d0 8686dab8 8a55bd38 nt!PipProcessDevNodeTree+0x15c
8a55bd44 81ceeda2 00000000 00000000 8409e828 nt!PnpDeviceActionWorker+0x229
8a55bd7c 81e1efe6 00000000 ffec67dc 00000000 nt!ExpWorkerThread+0xfd
8a55bdc0 81c87f0e 81ceeca5 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
CI!_SEH_prolog4_GS+4
8046cda4 8064ff3500 and byte ptr [edi+edi*8+35h],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: CI!_SEH_prolog4_GS+4

FOLLOWUP_NAME: MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: hardware

IMAGE_NAME: hardware

FAILURE_BUCKET_ID: IP_MISALIGNED_CI.dll

BUCKET_ID: IP_MISALIGNED_CI.dll

Followup: MachineOwner
---------

0: kd> .reload
Loading Kernel Symbols
...............................................................
...
Loading User Symbols

0: kd>
Loading Kernel Symbols
...............................................................
...
Loading User Symbols

0: kd> g
^ No runnable debuggees error in 'g'


If anymore information is required please just ask. I have a belarc advisor page saved for the client. As well as all of the available minidump files that were available. Thought none of them really looked like the date was relevant to the error. Thought I'm not sure, I have not really investigated into those files as of now.

Thanks in advance for any help,
Colten

BC AdBot (Login to Remove)

 


#2 cwills.tech

cwills.tech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 24 January 2013 - 12:38 AM

I also want to add that the debugger was run on my home rig, not on the client computer. I copied over the MEMORY.DMP file over to flash drive and ran it here at home. I don't know if this makes any sort of difference.

#3 cwills.tech

cwills.tech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 24 January 2013 - 12:42 AM

ALSO, one more thing, apologies but these things keep coming to me.
This is actually my second time to the clients house. They were having this same issue before. It seems as though after I boot the computer normally without running startup repair, that the system will consistently boot fine with no startup errors, just straight into windows. And last time I left the computer was booting fine, no BSODs, consistent smooth startup. Same deal this time, but I have a hunch that the problem will come back once again. They said last time it was about two or three days and then the computer started back with the BSODs and startup errors on boot.

Pretty sure that is all.

Thanks again.

#4 cwills.tech

cwills.tech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 31 January 2013 - 02:23 PM

235 views and no replies?

Please if anyone can help me out, or even has an idea, I would greatly appreciate the input.

I have to go back to the clients house tomorrow and I would really like to get it straightened out.

Thanks again,
Colten




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users