Page 1 of 3 123 Last
  1. #1
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Most Notable BSOD Kernel Dump Analysis posts

    Quote Originally Posted by Vir Gnarus View Post
    They are offsets from the function start. When you look at a callstack like this, it start from the bottom and goes like "this function called the function above me, which called the function above it, and so on and so forth." For each function listed, you have the three parts: the module name, the function name, and the offset, respectively, as followed:

    Code:
    USBPORT!USBPORT_AssertSig+0x25
    
       /\          /\          /\
      module  function name  offset
    Listed with kv or whatever, this portion of the output is the "Call Site" of the listing, which is basically just the name of the return address (RetAddr), complete with symbols to make it readable for humans to interpret what the function is and its intent. It can be read like an address on an envelope. The module name is the city, the function name is the street, and the offset is the address of the house. If you were to just say to someone asking for directions to your place "I live on such-n-such road" they have to scan down the whole road to find you. Otherwise if you add your address, the process of discovering your house is greatly alleviated.

    It's important to understand what is going on here in a callstack. Read up on my basic description of code flow in BSOD Method & Tips. I'll add it here for quick reference:

    The flow of which all operations are going. The basics of it is you have a thread, and in that thread you have an initial function responsible for a specific task. In order to accomplish it, it will need the assistance of other functions to do so.

    Much like a product being built by a company, you have it go through various hands and sometimes even various places before the finished product is made. Tack on also all the other personnel responsible for various indirect duties to supply the needs of those actually creating the product. If you had the same person/people doing all the tasks, then things slow to a crawl and you're lucky to even have a satisfactory result in the end.

    That's much like what goes on in your typical code flow. It is not enough to have a "one function to rule them all", that's just daft. Rather, you start with the initial function, like say, for drawing a popup window. There's a multitude of facets to this job, so the initial thread will call one function to do something, like DirectX telling it to draw the window, which DirectX will figure "ok, but with what?" and then pass that request to another, and then that to another, and then so on and so forth. How things fragment and flow through all this process of events is the essence of code flow.
    Once you understand that, it's easier to get an idea what's going on in a callstack. Let's use your example. Starting with nt!KxStartSystemThread at the bottom, this function sets up the thread to start doing work. Then when necessary, it calls into the function above it (nt!PspSystemThreadStartup) to continue it. This continues till what appears to be the real work starting (usbhub!UsbhHubWorker), as the rest is just initial setup. It's then performing various and sundry USB-related tasks for some USB I/O.

    It's important to understand that each function is not really calling the function above it from the offset specified in the call site nor from the address specified in the return address (which are both the same thing). Rather, it calls it from the beginning of the function. So, usbhub!UsbhHubWorker is not calling into usbhub!UsbhHubSSH_Worker at offset 0x2d, but is calling it straight into the beginning of the function. The offsets and return addresses are rather just displaying where things continues once and if the function returns. That means the function has done its job, and the flow code operation is now returning to the function below it in the callstack.

    I'm sure it's difficult to be able to interpret this process without any visuals, which I really can't provide any. The closest I can provide is to show some disassembly. Let's start with a simple idle loop from a kernel dump I have stored away:

    Code:
    Child-SP          RetAddr           Call Site
    fffffa60`01d8ece0 fffff800`01ca8b83 intelppm+0x29ed
    fffffa60`01d8ed10 fffff800`01ca88a1 nt!PoIdle+0x183
    fffffa60`01d8ed80 fffff800`01e75860 nt!KiIdleLoop+0x21
    fffffa60`01d8edb0 00000000`fffffa60 nt!zzz_AsmCodeRange_End+0x4
    fffffa60`01d6ad00 00000000`00000000 0xfffffa60
    Ignoring the first two frames (it's a little too complicated right now to explain), let's start at nt!KiIdleLoop+0x21. I'll whip out the disassembly window and copy and paste the entire name from module to offset, getting as followed:

    Code:
    ...
    
    nt!KiIdleLoop:
    fffff800`01ca8880 4883ec28        sub     rsp,28h
    fffff800`01ca8884 65488b1c2520000000 mov   rbx,qword ptr gs:[20h]
    fffff800`01ca888d eb20            jmp     nt!KiIdleLoop+0x2f (fffff800`01ca88af)
    fffff800`01ca888f 33c9            xor     ecx,ecx
    fffff800`01ca8891 440f22c1        mov     cr8,rcx
    fffff800`01ca8895 488d8b80380000  lea     rcx,[rbx+3880h]
    fffff800`01ca889c e85f010000      call    nt!PoIdle (fffff800`01ca8a00)
    fffff800`01ca88a1 fb              sti
    fffff800`01ca88a2 b902000000      mov     ecx,2
    fffff800`01ca88a7 440f22c1        mov     cr8,rcx
    fffff800`01ca88ab 80630700        and     byte ptr [rbx+7],0
    fffff800`01ca88af 803d9c881c0000  cmp     byte ptr [nt!HvlEnableIdleYield (fffff800`01e71152)],0
    fffff800`01ca88b6 7402            je      nt!KiIdleLoop+0x3a (fffff800`01ca88ba)
    fffff800`01ca88b8 f390            pause
    fffff800`01ca88ba fb              sti
    fffff800`01ca88bb 90              nop
    fffff800`01ca88bc 90              nop
    fffff800`01ca88bd fa              cli
    
    ...
    The bold is where the disassembly window highlights, telling me that nt!KiIdleLoop+0x21 points exactly to here. As you can tell, its position is 0x21 away from the beginning of the function. Now take notice of the call function right before it. That's the call to nt!PoIdle, which you can see in the callstack is the next function that was called into. What happened is nt!KiIdleLoop started, ran its course, then it eventually said "I need to call PoIdle cuz it needs to do something", so it called it as such. Now, did it call it at nt!PoIdle+0x183 like the callstack said? Nope. Rather, it says it called straight into the beginning of the PoIdle function, at address fffff800`01ca8a00. I'll verify:

    Code:
    ...
    
    
    nt!PoIdle:
    fffff800`01ca8a00 4883ec68        sub     rsp,68h
    fffff800`01ca8a04 f605ff09130002  test    byte ptr [nt!PpmIdlePolicy+0x2 (fffff800`01dd940a)],2
    fffff800`01ca8a0b 0f85b9010000    jne     nt!PoIdle+0x1ca (fffff800`01ca8bca)
    fffff800`01ca8a11 48895c2470      mov     qword ptr [rsp+70h],rbx
    fffff800`01ca8a16 4889742458      mov     qword ptr [rsp+58h],rsi
    fffff800`01ca8a1b 48897c2450      mov     qword ptr [rsp+50h],rdi
    fffff800`01ca8a20 488b39          mov     rdi,qword ptr [rcx]
    fffff800`01ca8a23 4885ff          test    rdi,rdi
    fffff800`01ca8a26 0f841d050600    je      nt! ?? ::FNODOBFM::`string'+0x31b79 (fffff800`01d08f49)
    fffff800`01ca8a2c 8b5f08          mov     ebx,dword ptr [rdi+8]
    fffff800`01ca8a2f f6c302          test    bl,2
    Blammo. First line of code in the function is where it pointed too, not the offset described in the callstack. Now what's going to happen here is that PoIdle will runs its stuff, until eventually it, too, needs to call another function. Let's check nt!PoIdle+0x183 which is what the callstack gave us as the call site:

    Code:
    ...
    
    
    fffff800`01ca8b68 0f8456050600    je      nt! ?? ::FNODOBFM::`string'+0x31cf4 (fffff800`01d090c4)
    fffff800`01ca8b6e 83fb02          cmp     ebx,2
    fffff800`01ca8b71 0f845b050600    je      nt! ?? ::FNODOBFM::`string'+0x31d02 (fffff800`01d090d2)
    fffff800`01ca8b77 33d2            xor     edx,edx
    fffff800`01ca8b79 4a8b4cef28      mov     rcx,qword ptr [rdi+r13*8+28h]
    fffff800`01ca8b7e 42ff54ef20      call    qword ptr [rdi+r13*8+20h]
    fffff800`01ca8b83 85c0            test    eax,eax
    fffff800`01ca8b85 0f8851050600    js      nt! ?? ::FNODOBFM::`string'+0x31d0c (fffff800`01d090dc)
    fffff800`01ca8b8b 85db            test    ebx,ebx
    fffff800`01ca8b8d 0f859e050600    jne     nt! ?? ::FNODOBFM::`string'+0x31d61 (fffff800`01d09131)
    fffff800`01ca8b93 33c9            xor     ecx,ecx
    fffff800`01ca8b95 ff1505a60d00    call    qword ptr [nt!_imp_KeQueryPerformanceCounter (fffff800`01d831a0)]
    fffff800`01ca8b9b 492bc6          sub     rax,r14
    
    ...
    Notice again the call instruction before it? In this case it's a little more convoluted in that the address isn't a static address like before but it's one made by doing some math with some registers and junk and then using the resulting memory address' contents as a reference point. However if we did all of that math n stuff, we'd most likely come up with the start for the next function listed in the callstack, which is somewhere in the module intelppm. What's going to happen, then is that is for whatever reason the function in intelppm returns, the code flow will return to nt!PoIdle+0x183, then if for whatever reason the PoIdle function returns, everything will continue at nt!KiIdleLoop+0x21, and so on.

    You're probably wondering why intelppm doesn't have a function listed. That's because in my case, I do not have access to any symbols for intelppm. Because there are no symbols, no function names and whatnot can be displayed, so it just leaves me with intelppm with a very big offset, not an offset from the beginning of a function, but from the beginning of the entire module. So it's important to have symbols whenever possible. It's not impossible to go without em, but it makes things quite more difficulty because then you have to ascertain through disassembling and reading the code just what the function is actually doing. The function names there provided by the symbols are to help you discover what each function's responsibility is.


    I hope that kinda clarifies something about what's going on in a callstack. If you need more assistance I'll do what I can to help, but that should at least get things going for ya.
    Thank you, Isaac!
    MvdB, zigzag3143 and blueelvis say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Join Date
    Mar 2012
    Posts
    469

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Phew, er, thanks! I want to mention that this does not apply to all cases. Some functions can call into themselves (recursive), and there's other differences to consider like when dealing with leaf functions (name is kinda self-explanatory) and whatnot. However, again, what I've mentioned is the general idea.
    jcgriff2 says thanks for this.

  3. #3
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Quote Originally Posted by Vir Gnarus View Post
    As Shintaro and JC pointed out, it does look very consistent that we're dealing with the intel network driver here.

    Code:
    0: kd> !irp fffffa80101b3bd0 1
    Irp is active with 5 stacks 3 is current (= 0xfffffa80101b3d30)
     No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
    Flags = 00000000
    ThreadListEntry.Flink = fffffa80101b3bf0
    ThreadListEntry.Blink = fffffa80101b3bf0
    IoStatus.Status = c00000bb
    IoStatus.Information = 00000000
    RequestorMode = 00000000
    Cancel = 00
    CancelIrql = 0
    ApcEnvironment = 00
    UserIosb = 00000000
    UserEvent = 00000000
    Overlay.AsynchronousParameters.UserApcRoutine = 00000000
    Overlay.AsynchronousParameters.UserApcContext = 00000000
    Overlay.AllocationSize = 00000000 - 00000000
    CancelRoutine = 00000000   
    UserBuffer = 00000000
    &Tail.Overlay.DeviceQueueEntry = fffffa80101b3c48
    Tail.Overlay.Thread = 00000000
    Tail.Overlay.AuxiliaryBuffer = 00000000
    Tail.Overlay.ListEntry.Flink = fffff80003278b00
    Tail.Overlay.ListEntry.Blink = fffff80003278b00
    Tail.Overlay.CurrentStackLocation = fffffa80101b3d30
    Tail.Overlay.OriginalFileObject = 00000000
    Tail.Apc = 00000000
    Tail.CompletionKey = 00000000
         cmd  flg cl Device   File     Completion-Context
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
    >[ 16, 2]   0  0 fffffa8009a1e050 00000000 00000000-00000000    
               \Driver\NETwNs64
                Args: 00014400 00000000 00000004 00000002
     [ 16, 2]   0 e1 fffffa8009989350 00000000 fffff80003315200-fffffa80093194b0 Success Error Cancel pending
               \Driver\vwifibus    nt!PopSystemIrpCompletion
                Args: 00014400 00000000 00000004 00000002
     [  0, 0]   0  0 00000000 00000000 00000000-fffffa80093194b0    
    
                Args: 00000000 00000000 00000000 00000000
    It looks like it's held up by a c00000bb, or "request not supported" error. This is during a power IRP sent to it (16 major function code is POWER, 2 is minor function code SET_POWER). Obviously it appears the driver is having a difficult time dealing with setting the network card to power down because it can't understand the request (or it's sending a request that isn't supported?). Either way, the driver isn't that new (Dec 2011), so give it an update.

    If that doesn't fix the problem, probably best to turn on Driver Verifier, restart, and let it crash again. Select all checks except Force Pending I/O Requests, IRP Logging, and Low Resource Sim.
    RepairandRestore says thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  4. #4
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts


    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  5. #5
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Bugcheck: 0xdeaddead

    Quote Originally Posted by Vir Gnarus View Post
    Not only can this be caused by someone manually generating a crash using the keyboard combo, as Shintaro rightly stated, but drivers can force BSODs as well for whatever (dubious) reason through this method, in order to give a notice that something bad has happened with em internally and they need to crash Windows to get you to notice. In fact, taking gander at the callstack:

    Code:
    STACK_TEXT:   
    fffff800`00ba1e08 fffff880`078c00d2 : 00000000`deaddead 00000000`0f00004b 00000000`0125025b 00000000`30400000 : nt!KeBugCheckEx 
    fffff800`00ba1e10 00000000`deaddead : 00000000`0f00004b 00000000`0125025b 00000000`30400000 00000000`00000000 : NETwNs64+0x3c0d2 
    fffff800`00ba1e18 00000000`0f00004b : 00000000`0125025b 00000000`30400000 00000000`00000000 fffff880`00000479 : 0xdeaddead 
    fffff800`00ba1e20 00000000`0125025b : 00000000`30400000 00000000`00000000 fffff880`00000479 00000000`00000000 : 0xf00004b 
    fffff800`00ba1e28 00000000`30400000 : 00000000`00000000 fffff880`00000479 00000000`00000000 00000000`00000000 : 0x125025b 
    fffff800`00ba1e30 00000000`00000000 : fffff880`00000479 00000000`00000000 00000000`00000000 fffffa80`0cba87a0 : 0x30400000
    NETwNs64.sys shows up immediately before KeBugCheckEx. This kinda gives you a hint that this fella was responsible.
    Last edited by jcgriff2; 08-03-2013 at 07:34 PM.
    Shintaro says thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  6. #6
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts


    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  7. #7
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    From the !irp command Vir Gnarus showed us:

    Code:
      
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Windows\Minidump\010111-45801-01.dmp]
    
    Read More:
    BugCheck 9F, {3, fffffa80047d1a20, fffff80000b9c518, fffffa800752caa0} Probably caused by : pci.sys Followup: MachineOwner ---------


    Code:
     
    0: kd> !irp fffffa800752caa0
    Read More:
    Args: 00000000 00000000 00000000 00000000 >[ 16, 2] 0 0 fffffa80056f6050 00000000 00000000-00000000 Unable to load image \SystemRoot\system32\DRIVERS\NETwNs64.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for NETwNs64.sys *** ERROR: Module load completed but symbols could not be loaded for NETwNs64.sys \Driver\NETwNs64 Args: 00014400 00000000 00000004 00000002 [ 16, 2] 0 e1 fffffa800556d7a0 00000000 fffff80002ecaf70-fffffa8004bf3580 Success Error Cancel pending \Driver\vwifibus nt!PopSystemIrpCompletion Args: 00014400 00000000 00000004 00000002 [ 0, 0] 0 0 00000000 00000000 00000000-fffffa8004bf3580 Args: 00000000 00000000 00000000 00000000
    Code:
     
    0: kd> lmvm NETwNs64
    start             end                 module name
    fffff880`03e6f000 fffff880`045f1000   NETwNs64 T (no symbols)           
        Loaded symbol image file: NETwNs64.sys
        Image path: \SystemRoot\system32\DRIVERS\NETwNs64.sys
        Image name: NETwNs64.sys
        Timestamp:        Wed Jul 14 07:42:54 2010 (4C3DA2BE)
        CheckSum:         00782155
        ImageSize:        00782000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    
    NETwNs64.sys = Intel wifi - http://sysnative.com/drivers/driver.php?id=NETwNs64.sys

    The dump is from my system - just after midnight, Jan 1 2011.
    Attached Files Attached Files

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  8. #8
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts


    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  9. #9

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Infected drivers (haven't seen this very often): http://answers.microsoft.com/en-us/w...624463e5#_self

    Infected drivers are: crfjvnbv.sys and gmvvpcpj.sys
    The kmx... drivers are from CA Antivirus - I'll be adding them to the DRT after I finish this.

    Analysis:
    The following is for information purposes only.
    Code:
    **************************Sun Sep 30 17:46:59.396 2012 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\093012-60325-01.dmp]
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    System Uptime:0 days 0:00:46.285
    BugCheck Code: BugCheck F4, {3, 87f4f540, 87f4f6ac, 82c54df0}
    Probably caused by :wininit.exe
    BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
    PROCESS_NAME: wininit.exe
    BUGCHECK_STR:  0xF4_c0000005
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    FAILURE_BUCKET_ID: 0xF4_c0000005_IMAGE_wininit.exe
    CPUID:        "Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz"
    MaxSpeed:     2000
    CurrentSpeed: 1994
      BIOS Version                  A17
      BIOS Release Date             01/04/2010
      Manufacturer                  Dell Inc.
      Product Name                  Latitude D630                   
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sun Sep 30 07:52:16.272 2012 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\093012-51293-01.dmp]
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    System Uptime:0 days 0:00:46.160
    BugCheck Code: BugCheck F4, {3, 8669bd40, 8669beac, 82c5ddf0}
    Probably caused by :wininit.exe
    BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
    PROCESS_NAME: wininit.exe
    BUGCHECK_STR:  0xF4_c0000005
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    FAILURE_BUCKET_ID: 0xF4_c0000005_IMAGE_wininit.exe
    CPUID:        "Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz"
    MaxSpeed:     2000
    CurrentSpeed: 1994
      BIOS Version                  A17
      BIOS Release Date             01/04/2010
      Manufacturer                  Dell Inc.
      Product Name                  Latitude D630                   
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat Sep 29 21:26:58.131 2012 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\092912-50949-01.dmp]
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    System Uptime:0 days 0:00:46.035
    BugCheck Code: BugCheck F4, {3, 88113d40, 88113eac, 82c64df0}
    Probably caused by :wininit.exe
    BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
    PROCESS_NAME: wininit.exe
    BUGCHECK_STR:  0xF4_c0000005
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    FAILURE_BUCKET_ID: 0xF4_c0000005_IMAGE_wininit.exe
    CPUID:        "Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz"
    MaxSpeed:     2000
    CurrentSpeed: 1994
      BIOS Version                  A17
      BIOS Release Date             01/04/2010
      Manufacturer                  Dell Inc.
      Product Name                  Latitude D630                   
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat Sep 29 11:12:06.818 2012 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\092912-52385-01.dmp]
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    System Uptime:0 days 0:00:46.722
    BugCheck Code: BugCheck F4, {3, 8810ed40, 8810eeac, 82c68df0}
    Probably caused by :wininit.exe
    BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
    PROCESS_NAME: wininit.exe
    BUGCHECK_STR:  0xF4_c0000005
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    FAILURE_BUCKET_ID: 0xF4_c0000005_IMAGE_wininit.exe
    CPUID:        "Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz"
    MaxSpeed:     2000
    CurrentSpeed: 1994
      BIOS Version                  A17
      BIOS Release Date             01/04/2010
      Manufacturer                  Dell Inc.
      Product Name                  Latitude D630                   
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat Sep 29 10:13:09.864 2012 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\092912-53477-01.dmp]
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    System Uptime:0 days 0:00:46.768
    BugCheck Code: BugCheck F4, {3, 87fded40, 87fdeeac, 82c50df0}
    Probably caused by :wininit.exe
    BugCheck Info: CRITICAL_OBJECT_TERMINATION (f4)
    PROCESS_NAME: wininit.exe
    BUGCHECK_STR:  0xF4_c0000005
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    FAILURE_BUCKET_ID: 0xF4_c0000005_IMAGE_wininit.exe
    CPUID:        "Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz"
    MaxSpeed:     2000
    CurrentSpeed: 1994
      BIOS Version                  A17
      BIOS Release Date             01/04/2010
      Manufacturer                  Dell Inc.
      Product Name                  Latitude D630                   
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sun Sep 30 17:46:59.396 2012 (UTC - 4:00)**************************
    

    3rd Party Drivers:
    The following is for information purposes only.
    Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
    Code:
    **************************Sun Sep 30 17:46:59.396 2012 (UTC - 4:00)**************************
    VSTCNXT3.SYS                Wed Oct 15 20:29:13 2008 (48F68AD9)
    VSTAZL3.SYS                 Wed Oct 15 20:30:03 2008 (48F68B0B)
    VSTDPV3.SYS                 Wed Oct 15 20:32:04 2008 (48F68B84)
    netw5v32.sys                Thu Mar 26 12:10:37 2009 (49CBA8FD)
    b57nd60x.sys                Sun Apr 26 07:15:34 2009 (49F44256)
    GEARAspiWDM.sys             Mon May 18 08:16:53 2009 (4A1151B5)
    intelppm.sys                Mon Jul 13 19:11:03 2009 (4A5BBF07)
    intelide.sys                Mon Jul 13 19:11:19 2009 (4A5BBF17)
    oz776.sys                   Tue Sep  8 22:10:13 2009 (4AA70E85)
    amdxata.sys                 Fri Mar 19 12:19:01 2010 (4BA3A3F5)
    ElRawDsk.sys                Tue Oct 26 05:34:08 2010 (4CC6A090)
    KmxFile.sys                 Tue Mar 22 11:09:48 2011 (4D88BBBC)
    kmxagent.sys                Wed Mar 23 08:28:49 2011 (4D89E781)
    KmxAMRT.sys                 Mon Apr  4 17:12:49 2011 (4D9A3451)
    kmxfw.sys                   Sun Apr 24 15:05:24 2011 (4DB47474)
    KmxFilter.sys               Mon May  2 08:41:56 2011 (4DBEA694)
    kmxcfg.sys                  Thu May 12 16:58:46 2011 (4DCC4A06)
    MpFilter.sys                Fri Mar  9 03:43:34 2012 (4F59C2B6)
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat Sep 29 21:26:58.131 2012 (UTC - 4:00)**************************
    gmvvpcpj.sys                Wed Sep  2 17:37:57 2009 (4A9EE5B5)
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Sat Sep 29 11:12:06.818 2012 (UTC - 4:00)**************************
    crfjvnbv.sys                Wed Sep  2 17:37:57 2009 (4A9EE5B5)
    
    http://www.carrona.org/drivers/driver.php?id=VSTCNXT3.SYS
    http://www.carrona.org/drivers/driver.php?id=VSTAZL3.SYS
    http://www.carrona.org/drivers/driver.php?id=VSTDPV3.SYS
    http://www.carrona.org/drivers/driver.php?id=netw5v32.sys
    http://www.carrona.org/drivers/driver.php?id=b57nd60x.sys
    http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys
    http://www.carrona.org/drivers/driver.php?id=intelide.sys
    http://www.carrona.org/drivers/driver.php?id=oz776.sys
    http://www.carrona.org/drivers/driver.php?id=amdxata.sys
    http://www.carrona.org/drivers/driver.php?id=ElRawDsk.sys
    KmxFile.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    kmxagent.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    KmxAMRT.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    kmxfw.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    KmxFilter.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    kmxcfg.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    http://www.carrona.org/drivers/driver.php?id=MpFilter.sys
    gmvvpcpj.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    crfjvnbv.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
    jcgriff2 says thanks for this.

  10. #10
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Based on names, I wonder if they are dynamically allocated.

    Have you seen the same named drivers before?

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  11. #11

    Join Date
    Mar 2012
    Posts
    469

    Re: Most Notable BSOD Kernel Dump Analysis posts

    malware and AVs would most certainly do a random naming convention for their drivers in order to throw off their counterpart. This would be no exception.

  12. #12

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: Most Notable BSOD Kernel Dump Analysis posts

    I've never seen these drivers before.
    I posted it because it's rare to even see these drivers in a memory dump.
    I may have only seen it once or twice in my entire career!

  13. #13
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    I asked because I thought we may be headed toward entries like the SPTD variants.

    But given rarity, good idea to add them.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  14. #14

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: Most Notable BSOD Kernel Dump Analysis posts

    I'd agree - but we'd still have to keep an eye out for them becoming more common.

    I still remember pulling my hair out over the sptd variants,
    then figuring that it'd be nice to have them in the DRT,
    then realizing that the number of entries would eventually expand to fill many, many pages and would provide no real assistance to anyone!

    And now we're stuck with a table full of entries.
    Hmmm, I wonder if Laxer can setup a table that's automatically filled with all possible sptd variants - and let them all point to the DRT for clarification?
    We could insert that into the apps for any time they showed up (and, maybe, have a "whitelist" for those that belong to other programs).
    Last edited by usasma; 10-05-2012 at 05:46 PM.

  15. #15
    Wrench97's Avatar
    Join Date
    Feb 2012
    Location
    S.E. Pennsylvania
    Posts
    2,599

    Re: Most Notable BSOD Kernel Dump Analysis posts

    The White list may be shorter, perhaps a simple if loop to eliminate the ones on the white list.

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,617

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Quote Originally Posted by usasma
    Infected drivers (haven't seen this very often)
    Very common on infected computers. Since Microsoft Answers/Communities doesn't handle malware removal, you could refer people to the Security Arena when you see something that. In addition to walking the OP through the clean-up process, we would also check for outdated/vulnerable third-party software and provide appropriate advice for keeping the computer clean.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Join Date
    Feb 2012
    Posts
    2,086
    Blog Entries
    7

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Thanks Corrine! Great idea!

  18. #18
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Been a long time since I've seen bugcheck 0xa0 - Hibernation File

    http://www.techsupportforum.com/foru...le-670528.html

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  19. #19
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    Bugcheck 0x119 - http://www.sysnative.com/forums/show...0794#post30794

    Bad Fence IDs

    Analysts: - see below:

    Quote Originally Posted by Vir Gnarus View Post
    There's an offchance we're dealing with a bug in the graphics drivers. Despite them being relatively new, it's possible a new bug got introduced. Check to see if there isn't a more updated version of the graphics drivers, or try even rolling back the drivers to an older date. You may also want to try completely uninstalling the drivers and reinstalling the graphics drivers at latest version (perhaps try a beta version as well if available).

    As Wrench is correct, this was dealing with some bad fence id handling. Commonly bad fence ids are due to driver bugs more than hardware problems. This one does seem quite like a driver bug because the fence id the driver reported to DirectX was waaay off, and doesn't even look like a valid number, so it's clear this wasn't just the driver servicing fence ids out of order. Rather, it's probably a value from somewhere else that wrote over the otherwise valid fence id. The consistency of this crash leads me to suspect moreso that it's a driver problem and not a hardware issue. However if not matter of driver changes seems to fix this, then I guess you'll have to write it off as a bad video card and replace the PC. I take it you have warranty for this new system, to replacing it shouldn't be costly.

    Analysts:

    If you haven't figured from the correspondence between me and cluberti mentioned in the main post in this thread, Args 2-4 of the bugcheck are the fence ids. Not sure if Arg 3 is the fence id it expected or the most recent previous fence id (with Arg 4 being the one before it) but Arg 2 is certainly the latest and the one to cause the crash. Value looks pretty off-the-wall, so I'm expecting the value got overwritten somehow, most likely by driver bug.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

  20. #20
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    15,955
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Most Notable BSOD Kernel Dump Analysis posts

    I never knew about the hex --> DEC conversion on this.

    Quote Originally Posted by AustrAlien View Post
    Quote Originally Posted by Guevara_CF View Post
    005 Reallocation Sector Count 036 036 00000000-0A43 036
    0A43 in hex converts to decimal 2627.
    • This is the number of failed sectors currently counted on the hard drive ... and it is a large number!
      The hard drive is failing badly and needs to be replaced. There is no doubt about this and further testing is not necessary.
      • It cannot be fixed/repaired.

    The Reallocation Sector Count:
    When the hard drive finds a read/write/verification error, it marks that sector as "reallocated" and transfers data to a special reserved area (spare area). This process is also known as remapping, and reallocated sectors are called "remaps". The raw value normally represents a count of the bad sectors that have been found and remapped. Thus, the higher the attribute value, the more sectors the drive has had to reallocate. This allows a drive with bad sectors to continue operation; however, a drive which has had any reallocations at all is significantly more likely to fail in the near future.
    Reference: S.M.A.R.T.

    The HDDScan report that you posted for your second hard drive is the same as the one posted for your first hard drive.
    • Please post the report for your second hard drive so we can check the S.M.A.R.T. values for you.

    http://www.techsupportforum.com/foru...ml#post3947728
    Vir Gnarus and x BlueRobot say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

Page 1 of 3 123 Last

Similar Threads

  1. BSOD Kernel Dump Analysis Debugging Information
    By jcgriff2 in forum BSOD Kernel Dump Analysis Debugging Information
    Replies: 0
    Last Post: 11-28-2012, 01:06 AM
  2. BSOD on win7 Kernel problem?
    By rosendahl in forum BSOD, Crashes, Kernel Debugging
    Replies: 6
    Last Post: 10-14-2012, 10:09 AM
  3. BSOD Kernel/iaStor?
    By jackwebster in forum BSOD, Crashes, Kernel Debugging
    Replies: 19
    Last Post: 08-05-2012, 05:32 PM
  4. Hello, here to help with crash dump analysis!
    By Patrick in forum Introductions - New Members
    Replies: 13
    Last Post: 07-04-2012, 04:30 PM

Log in

Log in