Page 2 of 3 First 123 Last
  1. #21

    Join Date
    Mar 2012
    Posts
    469

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Yeah, SMART values are a bit of a pain to interpret. Some of them are setup in some very unusual ways, and it's rather vendor-specific. Good catch though, anything that can help clarify SMART is good in my book!


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Much more here than bugcheck 0x133 -

    http://www.sysnative.com/forums/show...ors-on-Windows

    A great read.
    x BlueRobot says thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  3. #23
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Bugcheck 0x116 -

    Quote Originally Posted by Vir Gnarus View Post
    As a reference to other analysts, make sure to check 3rd bugcheck argument for any possible error code that the driver (or DirectX?) may have reported. In this case, it's c000009a, or insufficient resources to complete the request API call, which is a common problem with 0x116 bugchecks. It could mean either a driver is leaking memory (pool memory), insufficient RAM, or some resource contention issue.

    I recommend if you find the latest crash a client experienced has this error code in the 3rd arg, ask them for a kernel dump. It'll contain the info you'll need to do most memory management analysis tasks, like !vm and !poolused.
    Great info!

    Thank you...

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  4. #24

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: Most Notable BSOD Kernel Dump Analysis posts

    BSOD New PC
    Just an average BSOD post, but it demonstrates:
    1) That the cause of the BSOD isn't necessarily correct - even if a 3rd party driver (that we know is a problem - Norton) is named.
    2) That the reports and older drivers scan is/are helpful in solving this sort of issue (it was due to the older Citrix drivers)
    3) That the use of Driver Verifier is helpful, and can even verify our suspicions (note the date of the dump in the initial post - 18 Jan, and I didn't suggest running DV).

    Another instance of a smart user solving their own problem!
    writhziden, jcgriff2 and koolkat77 say thanks for this.

  5. #25
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts


    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  6. #26
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Last edited by jcgriff2; 05-14-2013 at 05:44 PM.
    x BlueRobot says thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  7. #27
    Wrench97's Avatar
    Join Date
    Feb 2012
    Location
    S.E. Pennsylvania
    Posts
    2,599

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Ya know that being a Lano APU I wonder if it's actually the GPU section of the CPU that's throwing the error, do the 2 show up differently in the stacks?

  8. #28

    Join Date
    Mar 2012
    Posts
    469

    Re: Most Notable BSOD Kernel Dump Analysis posts

    You may be on to something. I've seen APU/GPU conflicts before. I'll make mention of it. Thanks!

  9. #29
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Quote Originally Posted by mgrzeg View Post
    You can find the WRusr on the stack, but I'm not sure if it's directly connected to the problem. Just as usasma said - remove WebRoot and see if it helps.
    Code:
    0:002> !teb
    TEB at 7efd7000
        ExceptionList:        0497ed90
        StackBase:            04980000
        StackLimit:           0497d000
        SubSystemTib:         00000000
        FiberData:            00001e00
        ArbitraryUserPointer: 00000000
        Self:                 7efd7000
        EnvironmentPointer:   00000000
        ClientId:             0000098c . 00000a94
        RpcHandle:            00000000
        Tls Storage:          7efd702c
        PEB Address:          7efde000
        LastErrorValue:       0
        LastStatusValue:      c0000034
        Count Owned Locks:    0
        HardErrorMode:        0
    0:002> dds 0497d000 04980000
    [CUT]
    0497ecd4  ????????
    0497ecd8  0497ed04
    0497ecdc  7775013d ntdll!NtWaitForMultipleObjects+0x15
    0497ece0  720e87a9 WRusr+0x187a9
    0497ece4  00000002
    0497ece8  0497ed54
    0497ecec  00000001
    0497ecf0  00000000
    0497ecf4  00000000
    0497ecf8  00000002
    0497ecfc  00000000
    0497ed00  00000000
    0497ed04  0497eda0
    0497ed08  757615e9 KERNELBASE!WaitForMultipleObjectsEx+0x100
    0497ed0c  00000002
    0497ed10  0497ed54
    0497ed14  00000001
    0497ed18  00000000
    0497ed1c  00000000
    0497ed20  8b622535
    0497ed24  00000002
    0497ed28  0497edcc
    0497ed2c  0497edc8
    0497ed30  00000024
    0497ed34  00000001
    0497ed38  00000000
    0497ed3c  00000000
    0497ed40  00000000
    0497ed44  00000000
    0497ed48  00000000
    0497ed4c  00000000
    0497ed50  00000000
    0497ed54  0000010c
    0497ed58  000000e8
    0497ed5c  00730079
    0497ed60  004f0057
    0497ed64  00360057
    0497ed68  005c0034
    0497ed6c  00650057
    0497ed70  00460072
    0497ed74  00750061
    0497ed78  0074006c
    0497ed7c  0065002e
    0497ed80  00000002
    0497ed84  00000000
    0497ed88  0497ed20
    0497ed8c  00000000
    0497ed90  0497ee60
    0497ed94  75786ff0 KERNELBASE!_except_handler4
    0497ed98  fa8d402d
    0497ed9c  00000000
    0497eda0  0497ede8
    0497eda4  76ff1a2c kernel32!WaitForMultipleObjectsExImplementation+0xe0
    0497eda8  0497ed54
    0497edac  0497edc8
    0497edb0  00000000
    0497edb4  ffffffff
    0497edb8  00000000
    0497edbc  00170000
    0497edc0  000000e8
    0497edc4  00000000
    0497edc8  0000010c
    0497edcc  000000e8
    0497edd0  006f0064
    0497edd4  00730077
    0497edd8  0053005c
    0497eddc  00730079
    0497ede0  004f0057
    0497ede4  00360057
    0497ede8  0497ee04
    0497edec  76ff4220 kernel32!WaitForMultipleObjects+0x18
    0497edf0  00000002
    0497edf4  7efde000
    0497edf8  00000000
    0497edfc  ffffffff
    0497ee00  00000000
    0497ee04  0497ee70
    0497ee08  770180c4 kernel32!WerpReportFaultInternal+0x186
    0497ee0c  00000002
    0497ee10  0497ee38
    0497ee14  00000000
    0497ee18  ffffffff
    0497ee1c  8b6226dd
    0497ee20  00000000
    0497ee24  00000000
    0497ee28  0497ef34
    0497ee2c  0000000c
    0497ee30  00000000
    0497ee34  00000001
    0497ee38  0000010c
    0497ee3c  000000e8
    0497ee40  00000000
    0497ee44  00170000
    0497ee48  80004005
    0497ee4c  000000e8
    0497ee50  000000ec
    0497ee54  0000010c
    0497ee58  0497ee1c
    0497ee5c  8b622625
    0497ee60  0497ef10
    0497ee64  77094123 kernel32!_except_handler4
    0497ee68  f8f44855
    0497ee6c  00000000
    0497ee70  0497ee84
    0497ee74  77017f83 kernel32!WerpReportFault+0x70
    0497ee78  0497ef34
    0497ee7c  00000001
    0497ee80  00000001
    0497ee84  0497ee94
    0497ee88  77017878 kernel32!BasepReportFault+0x20
    0497ee8c  0497ef34
    0497ee90  00000001
    0497ee94  0497ef20
    0497ee98  770177f7 kernel32!UnhandledExceptionFilter+0x1af
    0497ee9c  0497ef34
    0497eea0  00000001
    0497eea4  8b62278d
    0497eea8  00000000
    0497eeac  770c030c kernel32!BasepUEFLock
    0497eeb0  00000003
    0497eeb4  00000000
    0497eeb8  00000000
    0497eebc  00000000
    0497eec0  00000000
    0497eec4  00000000
    0497eec8  00000000
    0497eecc  00000000
    0497eed0  00000000
    0497eed4  00000000
    0497eed8  00000000
    0497eedc  00000000
    0497eee0  00000000
    0497eee4  00000000
    0497eee8  00000000
    0497eeec  00000000
    0497eef0  00000000
    0497eef4  00000001
    0497eef8  00000000
    0497eefc  00000000
    0497ef00  00000006
    0497ef04  00000000
    0497ef08  0497eea4
    0497ef0c  00000000
    0497ef10  0497f28c
    0497ef14  77094123 kernel32!_except_handler4
    0497ef18  f8f4b095
    0497ef1c  fffffffe
    0497ef20  0497f25c
    0497ef24  00efc6af mbamgui+0x3c6af
    0497ef28  00000000
    0497ef2c  00efd218 mbamgui+0x3d218
    0497ef30  0497f35c
    0497ef34  0497ef3c
    0497ef38  0497ef8c
    0497ef3c  40000015
    0497ef40  00000001
    0497ef44  00000000
    0497ef48  00efb525 mbamgui+0x3b525
    0497ef4c  00000000
    0497ef50  00000000
    0497ef54  00000000
    0497ef58  00000000
    0497ef5c  00000000
    0497ef60  00000000
    0497ef64  00000000
    0497ef68  00000000
    0497ef6c  00000000
    0497ef70  00000000
    0497ef74  00000000
    0497ef78  00000000
    0497ef7c  00000000
    0497ef80  00000000
    0497ef84  00000000
    0497ef88  00000000
    0497ef8c  00010001
    0497ef90  00000000
    0497ef94  0497eff4
    0497ef98  75761ac0 KERNELBASE!GetModuleHandleForUnicodeString+0xad
    0497ef9c  8b62274d
    0497efa0  00000000
    0497efa4  725942d8 mbamnet+0x1742d8
    0497efa8  00000002
    0497efac  00000000
    0497efb0  00000000
    0497efb4  00000000
    0497efb8  00000000
    0497efbc  76fe0000 kernel32!_imp__DebugBreak <PERF> (kernel32+0x0)
    0497efc0  0497ef9c
    0497efc4  00000000
    0497efc8  0497f440
    0497efcc  75786ff0 KERNELBASE!_except_handler4
    0497efd0  fa8d406d
    0497efd4  fffffffe
    0497efd8  75761ac0 KERNELBASE!GetModuleHandleForUnicodeString+0xad
    0497efdc  7578739e KERNELBASE!_SEH_epilog4_GS+0xa
    0497efe0  75761cfb KERNELBASE!BasepGetModuleHandleExW+0x233
    0497efe4  8b623cc5
    0497efe8  00000000
    0497efec  028f1f58
    0497eff0  72420000 mbamnet
    0497eff4  001a0018
    0497eff8  725942d8 mbamnet+0x1742d8
    0497effc  0497f470
    0497f000  00000000
    0497f004  00000000
    0497f008  00000000
    0497f00c  02080000
    0497f010  0497f22c
    0497f014  02080000
    0497f018  0497002b
    0497f01c  00000053
    0497f020  76fe002b kernel32!_imp__DebugBreak <PERF> (kernel32+0x2b)
    0497f024  0000002b
    0497f028  00efd218 mbamgui+0x3d218
    0497f02c  770c030c kernel32!BasepUEFLock
    0497f030  00000003
    0497f034  00000000
    0497f038  00000000
    0497f03c  0497ef8c
    0497f040  0497f29c
    0497f044  00efb525 mbamgui+0x3b525
    0497f048  00000023
    0497f04c  00000202
    0497f050  0497f260
    0497f054  0000002b
    0497f058  00000000
    0497f05c  00000000
    0497f060  00000000
    0497f064  00000000
    0497f068  00000000
    0497f06c  00000000
    0497f070  00000000
    0497f074  00000000
    0497f078  00000000
    0497f07c  00000000
    0497f080  00000000
    0497f084  00000000
    0497f088  00000000
    0497f08c  00000000
    0497f090  00000000
    0497f094  00000000
    0497f098  00000000
    0497f09c  00000000
    0497f0a0  00000000
    0497f0a4  00000000
    0497f0a8  00000000
    0497f0ac  00000000
    0497f0b0  00000000
    0497f0b4  00000000
    0497f0b8  00000000
    0497f0bc  00000000
    0497f0c0  00000000
    0497f0c4  00000000
    0497f0c8  8b623861
    0497f0cc  0497f520
    0497f0d0  76ff3362 kernel32!_BaseDllInitialize+0x92
    0497f0d4  00000002
    0497f0d8  00000000
    0497f0dc  0497f5b0
    0497f0e0  0497f534
    0497f0e4  76ff3377 kernel32!_BaseDllInitialize+0x2cf
    0497f0e8  00000000
    0497f0ec  00000000
    0497f0f0  01092ce0
    0497f0f4  00000000
    0497f0f8  76fe0000 kernel32!_imp__DebugBreak <PERF> (kernel32+0x0)
    0497f0fc  00000000
    0497f100  00000000
    0497f104  00000000
    0497f108  00000000
    0497f10c  00000000
    0497f110  00000000
    0497f114  00000000
    0497f118  00000000
    0497f11c  00000000
    0497f120  00000000
    0497f124  00000000
    0497f128  00000000
    0497f12c  00000000
    0497f130  00000000
    0497f134  00000000
    0497f138  00000000
    0497f13c  00000044
    0497f140  02a94188
    0497f144  02c10000
    0497f148  02a94fe0
    0497f14c  00000000
    0497f150  00000000
    0497f154  00000000
    0497f158  00000000
    0497f15c  00000187
    0497f160  0497f24c
    0497f164  00000044
    0497f168  00000044
    0497f16c  77762c8f ntdll!RtlpAllocateHeap+0xc78
    0497f170  02a94190
    0497f174  00000000
    0497f178  77763cc3 ntdll!RtlpAllocateHeap+0xe73
    0497f17c  7314e5e2
    0497f180  00000002
    0497f184  02c103a4
    0497f188  02c10000
    0497f18c  02c10150
    0497f190  00000000
    0497f194  00000000
    0497f198  02c12a48
    0497f19c  00000000
    0497f1a0  02c12a94
    0497f1a4  00000000
    0497f1a8  00000187
    0497f1ac  00000000
    0497f1b0  02c12a48
    0497f1b4  0000014b
    0497f1b8  02a87ec8
    0497f1bc  00000000
    0497f1c0  000001cb
    0497f1c4  00000000
    0497f1c8  00000080
    0497f1cc  00000000
    0497f1d0  00000000
    0497f1d4  00000000
    0497f1d8  00000000
    0497f1dc  00000000
    0497f1e0  02000002
    0497f1e4  02c1ff90
    0497f1e8  57000453
    0497f1ec  00000000
    0497f1f0  00000000
    0497f1f4  00000000
    0497f1f8  000007ff
    0497f1fc  00000000
    0497f200  1f000c13
    0497f204  02c1d1c0
    0497f208  00000001
    0497f20c  00000000
    0497f210  0000000a
    0497f214  0000000c
    0497f218  02a94190
    0497f21c  02a94190
    0497f220  7774fbca ntdll!ZwQueryVirtualMemory+0x12
    0497f224  7575ef1f KERNELBASE!VirtualQueryEx+0x1d
    0497f228  ffffffff
    0497f22c  00efd218 mbamgui+0x3d218
    0497f230  00000000
    0497f234  0497f274
    0497f238  0000001c
    0497f23c  0497f254
    0497f240  0497f258
    0497f244  7575efeb KERNELBASE!VirtualQuery+0x15
    0497f248  0497f29c
    0497f24c  00efda8b mbamgui+0x3da8b
    0497f250  0000001e
    0497f254  0497f29c
    0497f258  8b7704ef
    0497f25c  0497f29c
    0497f260  00efb525 mbamgui+0x3b525
    0497f264  00000003
    0497f268  40000015
    0497f26c  00000001
    0497f270  00eff92a mbamgui+0x3f92a
    0497f274  8b77042f
    0497f278  00efd218 mbamgui+0x3d218
    0497f27c  770c030c kernel32!BasepUEFLock
    0497f280  0497f35c
    0497f284  0497f274
    0497f288  00000020
    0497f28c  0497f31c
    0497f290  00efccc0 mbamgui+0x3ccc0
    0497f294  8f12ef63
    0497f298  fffffffe
    0497f29c  0497f2a4
    0497f2a0  00efd254 mbamgui+0x3d254
    0497f2a4  0497f32c
    0497f2a8  7703003f kernel32!UnhandledExceptionFilter+0x127
    0497f2ac  0497f35c
    0497f2b0  8b623b81
    0497f2b4  00000000
    0497f2b8  0497f35c
    0497f2bc  00000000
    0497f2c0  0497f2cc
    0497f2c4  00f00e00 mbamgui+0x40e00
    0497f2c8  00f2e318 mbamgui+0x6e318
    0497f2cc  0497f304
    0497f2d0  00efdb9f mbamgui+0x3db9f
    0497f2d4  0000000c
    0497f2d8  00efdb88 mbamgui+0x3db88
    0497f2dc  00000011
    0497f2e0  00000000
    0497f2e4  0497f45c
    0497f2e8  00000000
    0497f2ec  0497f2dc
    0497f2f0  00000001
    0497f2f4  0497f388
    0497f2f8  00efccc0 mbamgui+0x3ccc0
    0497f2fc  8f12efd3
    0497f300  00000001
    0497f304  00000000
    0497f308  00000000
    0497f30c  00000006
    0497f310  00000000
    0497f314  0497f2b0
    0497f318  00000024
    0497f31c  0497f388
    0497f320  77094123 kernel32!_except_handler4
    0497f324  f8f4b095
    0497f328  fffffffe
    0497f32c  0497f900
    0497f330  777a74df ntdll!__RtlUserThreadStart+0x62
    0497f334  0497f35c
    0497f338  777a73bc ntdll!_EH4_CallFilterFunc+0x12
    0497f33c  00000000
    0497f340  0497f900
    0497f344  7775c530 ntdll! ?? ::FNODOBFM::`string'+0xb5e
    0497f348  0497f370
    0497f34c  777a7261 ntdll!_except_handler4+0x8e
    0497f350  00000000
    0497f354  00000000
    0497f358  00000000
    0497f35c  0497f45c
    0497f360  0497f4ac
    0497f364  7775c540 ntdll! ?? ::FNODOBFM::`string'+0xb6e
    0497f368  00000001
    0497f36c  00f6d80e
    0497f370  0497f394
    0497f374  7778b459 ntdll!ExecuteHandler2+0x26
    0497f378  fffffffe
    0497f37c  0497f8f0
    0497f380  0497f4ac
    0497f384  0497f430
    0497f388  0497f8a4
    0497f38c  7778b46d ntdll!ExecuteHandler2+0x3a
    0497f390  0497f8f0
    0497f394  0497f444
    0497f398  7778b42b ntdll!ExecuteHandler+0x24
    0497f39c  0497f45c
    0497f3a0  0497f8f0
    0497f3a4  0497f4ac
    0497f3a8  0497f430
    0497f3ac  777a71d5 ntdll!_except_handler4
    0497f3b0  00000000
    0497f3b4  0497f45c
    0497f3b8  0497f8f0
    0497f3bc  7778b3ce ntdll!RtlDispatchException+0x127
    0497f3c0  0497f45c
    0497f3c4  0497f8f0
    0497f3c8  0497f4ac
    0497f3cc  0497f430
    0497f3d0  777a71d5 ntdll!_except_handler4
    0497f3d4  00000000
    0497f3d8  0497f45c
    0497f3dc  00000000
    0497f3e0  fffffffe
    0497f3e4  77763cc3 ntdll!RtlpAllocateHeap+0xe73
    0497f3e8  77763cee ntdll!RtlAllocateHeap+0x23a
    0497f3ec  00000214
    0497f3f0  00000220
    0497f3f4  028f1f52
    0497f3f8  028f1f50
    0497f3fc  00000000
    0497f400  00000214
    0497f404  72420000 mbamnet
    0497f408  00000178
    0497f40c  00000180
    0497f410  01108d7a
    0497f414  01108d78
    0497f418  0497f5b0
    0497f41c  00000000
    0497f420  00000002
    0497f424  01000214
    0497f428  0497f370
    0497f42c  00d48b12
    0497f430  00000000
    0497f434  0000004d
    0497f438  04980000
    0497f43c  0497e000
    0497f440  0097f48c
    0497f444  0497f7e4
    0497f448  77740133 ntdll!KiUserExceptionDispatcher+0xf
    0497f44c  0097f45c
    0497f450  0497f4ac
    0497f454  0497f45c
    0497f458  0497f4ac
    0497f45c  e06d7363
    0497f460  00000001
    0497f464  00000000
    0497f468  7575c41f KERNELBASE!RaiseException+0x58
    0497f46c  00000003
    0497f470  19930520
    0497f474  0497f880
    0497f478  00f21cd8 mbamgui+0x61cd8
    0497f47c  02c1f790
    0497f480  0497f880
    0497f484  00000008
    0497f488  0061001f
    0497f48c  0000000e
    0497f490  00000003
    0497f494  00000000
    0497f498  00000018
    0497f49c  02c1f4d0
    0497f4a0  0497f7f8
    0497f4a4  00efa032 mbamgui+0x3a032
    0497f4a8  02c10000
    0497f4ac  0001003f
    0497f4b0  00000000
    0497f4b4  00000000
    0497f4b8  00000000
    0497f4bc  00000000
    0497f4c0  00000000
    0497f4c4  00000000
    0497f4c8  0000027f
    0497f4cc  00000000
    0497f4d0  0000ffff
    0497f4d4  00000000
    0497f4d8  00000000
    0497f4dc  00000000
    0497f4e0  00000000
    0497f4e4  00000000
    0497f4e8  00000000
    0497f4ec  00000000
    0497f4f0  00000000
    0497f4f4  00000000
    0497f4f8  00000000
    0497f4fc  00000000
    0497f500  00000000
    0497f504  00000000
    0497f508  00000000
    0497f50c  00000000
    0497f510  00000000
    0497f514  00000000
    0497f518  00000000
    0497f51c  00000000
    0497f520  00000000
    0497f524  00000000
    0497f528  00000000
    0497f52c  00000000
    0497f530  00000000
    0497f534  00000001
    0497f538  0000002b
    0497f53c  00000053
    0497f540  0000002b
    0497f544  0000002b
    0497f548  00000000
    0497f54c  00000000
    0497f550  00000008
    0497f554  00000000
    0497f558  00000003
    0497f55c  0497f794
    0497f560  0497f7e4
    0497f564  7575c41f KERNELBASE!RaiseException+0x58
    0497f568  00000023
    0497f56c  00000212
    0497f570  0497f794
    0497f574  0000002b
    0497f578  0000027f
    0497f57c  00000000
    0497f580  00000000
    0497f584  00000000
    0497f588  00000000
    0497f58c  00000000
    0497f590  00001f80
    0497f594  0000ffff
    0497f598  00000000
    [CUT]
    0:002> lmvm WRusr
    start    end        module name
    720d0000 720fc000   WRusr    T (no symbols)           
        Loaded symbol image file: WRusr.dll
        Image path: C:\Windows\System32\WRusr.dll
        Image name: WRusr.dll
        Timestamp:        Fri Jun 07 01:37:56 2013 (51B11D54)
        CheckSum:         000303E0
        ImageSize:        0002C000
        File version:     8.0.2.150
        Product version:  8.0.2.150
        File flags:       8 (Mask 3F) Private
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    0:002> ~* kbn
       0  Id: 98c.990 Suspend: 1 Teb: 7efdd000 Unfrozen
     # ChildEBP RetAddr  Args to Child              
    00 00d0f774 7588790d 00d0f7b4 000100a4 00000000 user32!NtUserGetMessage+0x15
    01 00d0f790 00ec40d0 00d0f7b4 000100a4 00000000 user32!GetMessageW+0x33
    WARNING: Stack unwind information not available. Following frames may be wrong.
    02 00d0f7d4 00ec3eb0 8f300f67 00000000 00000000 mbamgui+0x40d0
    03 00d0f9d4 00ef807d 00ec0000 00000000 01090e08 mbamgui+0x3eb0
    04 00d0fa64 76ff33aa 7efde000 00d0fab0 77769ef2 mbamgui+0x3807d
    05 00d0fa70 77769ef2 7efde000 7753ed1e 00000000 kernel32!BaseThreadInitThunk+0xe
    06 00d0fab0 77769ec5 00ef80d0 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
    07 00d0fac8 00000000 00ef80d0 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
       1  Id: 98c.a8c Suspend: 1 Teb: 7efda000 Unfrozen
     # ChildEBP RetAddr  Args to Child              
    00 03ebdb88 75757a56 000000e0 00000000 00000000 ntdll!ZwFsControlFile+0x15
    01 03ebdbcc 00ecb48a 000000e0 00000000 00000000 KERNELBASE!ConnectNamedPipe+0x5d
    WARNING: Stack unwind information not available. Following frames may be wrong.
    02 03ebdbd8 00000000 00000008 00000000 03ebfc24 mbamgui+0xb48a
    #  2  Id: 98c.a94 Suspend: 0 Teb: 7efd7000 Unfrozen
     # ChildEBP RetAddr  Args to Child              
    00 0497ed04 757615e9 00000002 0497ed54 00000001 ntdll!NtWaitForMultipleObjects+0x15
    01 0497eda0 76ff1a2c 0497ed54 0497edc8 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100
    02 0497ede8 76ff4220 00000002 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
    03 0497ee04 770180c4 00000002 0497ee38 00000000 kernel32!WaitForMultipleObjects+0x18
    04 0497ee70 77017f83 0497ef34 00000001 00000001 kernel32!WerpReportFaultInternal+0x186
    05 0497ee84 77017878 0497ef34 00000001 0497ef20 kernel32!WerpReportFault+0x70
    06 0497ee94 770177f7 0497ef34 00000001 8b62278d kernel32!BasepReportFault+0x20
    07 0497ef20 00efc6af 00000000 00efd218 0497f35c kernel32!UnhandledExceptionFilter+0x1af
    WARNING: Stack unwind information not available. Following frames may be wrong.
    08 0497f25c 00efb525 00000003 40000015 00000001 mbamgui+0x3c6af
    09 0497f29c 00efd254 0497f32c 7703003f 0497f35c mbamgui+0x3b525
    0a 0497f2a4 7703003f 0497f35c 8b623b81 00000000 mbamgui+0x3d254
    0b 0497f32c 777a74df 0497f35c 777a73bc 00000000 kernel32!UnhandledExceptionFilter+0x127
    0c 0497f334 777a73bc 00000000 0497f900 7775c530 ntdll!__RtlUserThreadStart+0x62
    0d 0497f348 777a7261 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12
    0e 0497f370 7778b459 fffffffe 0497f8f0 0497f4ac ntdll!_except_handler4+0x8e
    0f 0497f394 7778b42b 0497f45c 0497f8f0 0497f4ac ntdll!ExecuteHandler2+0x26
    10 0497f3b8 7778b3ce 0497f45c 0497f8f0 0497f4ac ntdll!ExecuteHandler+0x24
    11 0497f444 77740133 0097f45c 0497f4ac 0497f45c ntdll!RtlDispatchException+0x127
    12 0497f444 7575c41f 0097f45c 0497f4ac 0497f45c ntdll!KiUserExceptionDispatcher+0xf
    13 0497f7e4 00ef857e e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58
    14 0497f81c 00ec6f84 0497f880 00f21cd8 8b770e83 mbamgui+0x3857e
    15 0497f8b4 76ff33aa 00000000 0497f900 77769ef2 mbamgui+0x6f84
    16 0497f8c0 77769ef2 00000000 7314eeae 00000000 kernel32!BaseThreadInitThunk+0xe
    17 0497f900 77769ec5 00ec6ab0 00000000 00000000 ntdll!__RtlUserThreadStart+0x70
    18 0497f918 00000000 00ec6ab0 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b
       3  Id: 98c.a98 Suspend: 1 Teb: 7efaf000 Unfrozen
     # ChildEBP RetAddr  Args to Child              
    00 054bfdc8 75763bc8 00000000 054bfe0c 8abe36a5 ntdll!NtDelayExecution+0x15
    01 054bfe30 75764498 000927c0 00000000 00000000 KERNELBASE!SleepEx+0x65
    02 054bfe40 00ec7475 000927c0 8aab08e3 00000000 KERNELBASE!Sleep+0xf
    WARNING: Stack unwind information not available. Following frames may be wrong.
    03 00000000 00000000 00000000 00000000 00000000 mbamgui+0x7475
    Optionally, you can create full dump using procdump:
    procdump -ma -e -x "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe"
    and try to analyze it in WinDbg


    m.g.
    Last edited by jcgriff2; 06-11-2013 at 07:22 PM.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  10. #30
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Definitely a "most notable" post on \system32, \syswow64 & \sysnative -

    . . .by Sysnative Forums Admin niemiro

    Quote Originally Posted by niemiro View Post
    Hello again :)

    Don't worry about posting multiple times in a row. In actual fact I prefer it, as then I get a notification of your new post vs. no notification for an edit.


    As promised, a little talk on redirection. First, let's discuss file system redirection. We will come onto registry later. If you don't understand any part of this, feel completely free to ask me about it. Also, I do not know what you do and do not know, so I have included pretty much everything. It will also help future readers.


    System32 vs. SysWOW64 vs. Sysnative

    Finally, although you may already know this, I would like to briefly talk about these folders. All three of them exist on a 64bit computer under %SystemRoot% (C:\Windows)(although you will not be able to find Sysnative using explorer.exe), however, only System32 exists on a 32bit computer.

    The names of these folder are slightly counterintuitive, however, it is done for compatibility reasons with old programs.

    On a 32bit computer, everything is nice and simple. There is only one set of Windows files, and they are compiled for a 32bit architecture. They are stored under winsxs with the prefix x86_ and the active version of each file is linked into the System32 folder.

    On a 64bit computer, everything is not quite so nice and simple. First, Microsoft realised that many programs had hardcoded the path C:\Windows\System32 rather than using some form of expansion variable such as an environmental variable. This meant that they couldn't just move everything to System64, as then all those old programs would break. The System32 name had to stick, or at least be redirected.

    But there is another difficulty. Microsoft also wished for legacy 32bit programs to still work on the 64bit architecture. To achieve this, they implemented something called WOW64. Now all of a sudden, two sets of each Windows file exists: the 64bit files (winsxs prefix of amd64_) and the 32bit files (winsxs prefix of wow64_ [or occasionally x86_ - technicality]).

    The next point of note is the wow64 files. Contrary to much of the misinformation currently available on the internet, these 32bit copies of the files do not actually contain full sets of the code. In fact, they are merely redirection shells. When a legacy 32bit application makes a call to a Windows .dll, it is sent a reference to the 32bit copy of the .dll file. However, this 32bit copy of the .dll does not actually process the call. Instead, it converts all of the 32bit data types from the 32bit application to 64bit, calls the 64bit copy of the .dll with this converted data which does the actual processing, and then takes the returned 64bit datatypes from the 64bit .dll, converts them back to 32bit before returning them to the application as though the 64bit .dll had never been invoked. This is what is actually going on.

    So where are the active versions of these wow64 files linked? Well, they're linked in a new folder called SysWOW64. And then the truly 64bit copies of the files are stored in the System32 folder to maintain compatibility with legacy applications for the reasons already given. But this leads to another problem: what happens if a 32bit legacy application directly calls C:\Windows\System32\example.dll? Well then it gets sent a 64bit .dll file, which won't work. So to solve this, 32bit applications which directly call System32 get silently redirected to the 32bit copy in SysWOW64.

    But this doesn't completely solve the problem. What if a 32bit application explicitly wants to access the 64bit copy of the file directly? Well, Microsoft have provided several different solutions to this problem any one of which can be used, but perhaps the simplest is the virtual Sysnative folder. This folder isn't real. It doesn't contain anything, it's just a link to another folder. And for 32bit applications, it links to the 64bit System32. So Sysnative may be used to bypass normal System32 direction and actually get access to System32. This is why you won't be able to find this folder in explorer.exe: it doesn't really exist. But there's another reason too. This sort of redirection doesn't make sense in 64bit. 64bit applications can already access the 64bit copies of the files through System32, and they can access the 32bit copies of the files through SysWOW64. So there's no need for Sysnative, so Sysnative doesn't work in 64bit applications.

    Wow, that's long and confusing. What about a nice summary?

    In summary:
    System32 holds 32bit copies of files on 32bit computers, and 64bit copies of files on a 64bit computer.
    SysWOW64 holds wow64/32bit copies of files on a 64bit computer, and doesn't exist on a 32bit computer.
    Sysnative is a virtual redirection directory which doesn't exist except under legacy 32bit applications on a 64bit computer.

    32bit application on 32bit computer:
    System32 --> no redirection --> System32
    SysWOW64 --> doesn't exist
    Sysnative --> doesn't exist

    64bit application on 64bit computer:
    System32 --> no redirection --> System32
    SysWOW64 --> no redirection --> SysWOW64
    Sysnative --> doesn't exist

    32bit application on 64bit computer:
    System32 --> redirection --> SysWOW64
    SysWOW64 --> no redirection --> SysWOW64
    Sysnative --> redirection --> System32



    So, hopefully you understand a little more about the System32, SysWOW64, and Sysnative folders, and why they were created as they are.


    So, now let's say you want to access C:\Windows\System32\example.dll (no redirection, actually in System32).
    On a 32bit computer, it's very simple: Just access C:\Windows\System32\example.dll. On a 64bit app on a 64bit computer, again just access C:\Windows\System32\example.dll. But on a 32bit app on a 64bit computer, you must access C:\Windows\Sysnative\example.dll.


    So, if you are writing a permanently 32bit app, and you want to access the real C:\Windows\System32\example.dll, you must first check whether the system is 32bit or 64bit. If it is 32bit, you directly access C:\Windows\System32\example.dll, and if it's 64bit you change the request and access C:\Windows\Sysnative\example.dll.




    What about the registry? Well, a very similar thing occurs. This time, if you want to access the other architecture of a registry value you have a magical registry key called Wow6432Node. But things are a little different this time.

    The 64bit copy of the key on 64bit OS or 32bit copy of the key on 32bit OS is stored where it should be, e.g. HKEY_LOCAL_MACHINE\Software. However, for 64bit OS, the 32bit copy of the key is stored at HKEY_LOCAL_MACHINE\Software\Wow6432Node.

    Normally, a 32bit app on a 64bit computer which tries to access HKEY_LOCAL_MACHINE\Software is silently redirected to HKEY_LOCAL_MACHINE\Software\Wow6432Node. A 64bit app on a 64bit computer can access either HKEY_LOCAL_MACHINE\Software or HKEY_LOCAL_MACHINE\Wow6432Node directly, with no redirection. But there's a problem. What about 32bit app on 64bit computer accessing 64bit key? There's no second magic key for that. Hmmmmm... This situation is a bit like having System32 and SysWOW64, but no Sysnative. Big hmmmmmm.

    Fortunately, there's a solution. We can ask Windows not to redirect us. You can use (in C#) RegistryKey.OpenBaseKey with HKEY_LOCAL_MACHINE\Software, and with view (RegistryView Enumeration (Microsoft.Win32)) set to either Registry32 or Registry64 to access exactly what you want.


    And in C++ (and I assume via P/Invoke C# also), for those few exceptionally rare times when you cannot ask Windows not to redirect you, can you globally and temporarily disable redirection entirely using Wow64DisableWow64FsRedirection function (Windows) and Wow64RevertWow64FsRedirection function (Windows).

    You should not need to use these.

    There is only one scenario I know of where all of these techniques fail, and that involves a very specific and extremely complex operation on the Volume Shadow Copy Service, where you simply have to drop a 64bit exe on the 64bit computer, and run that.

    I hope this helps, but suspect it will only confuse further

    Richard
    From: http://www.sysnative.com/forums/prog...html#post58098
    Last edited by jcgriff2; 11-05-2013 at 10:21 PM.
    niemiro and x BlueRobot say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  11. #31

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Very informative post. I'd expect no less from Richard, though : )
    niemiro says thanks for this.

  12. #32
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Re: AtihdW86.sys - AMD High Definition Audio Function Driver

    Same thread worked on by Patrick -

    Quote Originally Posted by januberrie View Post
    Hi Patrick! I think I fixed it. Ok, long story short, trying to install in safe mode resulted in the exact same BSOD. After talking to people, going places and hitting my head against the wall so hard it grew a lump I realized that the driver AtihdW86.sys was an HDMI audio driver, and I just needed my graphics to work first. Then I found that I had multiple instances of AMD Install manager (all were corrupt). I couldn't use control panel or even Revo uninstaller to get rid of them. I went into the registry and C drive and manually deleted ALL AMD stuff (except things for my cpu). I then did a custom install leaving out the Audio driver and tada!! two days passed and not a single error and Audio works perfectly (even though it didn't before). Hope that fixes things, at least for a while. Thanks so much for your help!!!!
    Quote Originally Posted by dennis7742 View Post
    Bless you both! You saved my life and got me back up and running immediatly instead of waiting another 24 hours for response from a level 2 engineer because the original help desk looked everywhere but here for a solution - and it was as close as a "Find AtihdW86.sys file on Windows media" search away. All I did was login to 8.1 in safe mode, go to device manager and remove both AMD High Definition Audio Device drivers, rebooted, and bango, back in business. I'm DEFINITELY no longer relying on otherwise good utility software like WinZip Utilities to tell me I have "ancient" drivers on my system and to upgrade. That's where all my misery started...

    Kind regards,
    Dennis King
    Web Presence Shop
    [SOLVED] Windows 8 BSOD - AtihdW86.sys

    Last edited by jcgriff2; 01-27-2014 at 07:53 PM.
    Patrick and niemiro say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  13. #33

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Thank you, John! I am honored

  14. #34
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Interesting & informative 0x101 related post by Patrick -

    http://www.sysnative.com/forums/bsod...html#post75179
    Patrick and blueelvis say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  15. #35
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Patrick says thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  16. #36

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Ooh, just noticed! Thanks, John.

    FWIW, I wrote a more detailed article regarding TZ's on my blog for anyone interested in the subject - Debugging and reverse engineering: Thermal Zones

  17. #37
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Saw this image & could not resist posting it. Pretty neat the way they used BSOD screens for the logo!

    Most Notable BSOD Kernel Dump Analysis posts-windows_8_logo_bsos_1600x306-png

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  18. #38
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Seems a 0x124 WHEA caused by UltraMon - http://www.sysnative.com/forums/bsod...ows-7-x64.html

    Nice work, Patrick.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  19. #39

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Thanks, John. Although it however does not appear we're quite out of the woods yet with that thread given they got an 0xA a week or so later. They must have had a combination of issues, such as UltraMon causing one problem, and then whatever it is now.

    In any case, it's definitely always a good idea (as you know) to check software for an 0x124 as it's not always a hardware problem/hardware bug check. The kind of software you want to look for is the kind of software that has a direct correlation with hardware, such as UltraMon in that case. Works with the GPU and completely overwrites Windows' basic multi-monitor features. I've never seen drivers newer than 2008 for UltraMon, so it's either an abandoned project or everybody has the same pirated version.

  20. #40
    Wrench97's Avatar
    Join Date
    Feb 2012
    Location
    S.E. Pennsylvania
    Posts
    2,599

    Re: Most Notable BSOD Kernel Dump Analysis posts

    2012 is latest version reportedly to support Win 8> https://www.realtimesoft.com/ultramon/download.asp

Page 2 of 3 First 123 Last

Similar Threads

  1. BSOD Kernel Dump Analysis Debugging Information
    By jcgriff2 in forum BSOD Kernel Dump Analysis Debugging Information
    Replies: 0
    Last Post: 11-28-2012, 01:06 AM
  2. BSOD on win7 Kernel problem?
    By rosendahl in forum BSOD, Crashes, Kernel Debugging
    Replies: 6
    Last Post: 10-14-2012, 10:09 AM
  3. BSOD Kernel/iaStor?
    By jackwebster in forum BSOD, Crashes, Kernel Debugging
    Replies: 19
    Last Post: 08-05-2012, 05:32 PM
  4. Hello, here to help with crash dump analysis!
    By Patrick in forum Introductions - New Members
    Replies: 13
    Last Post: 07-04-2012, 04:30 PM

Log in

Log in