BSOD after clean (?) reinstallation of Windows 7 x64

Hi,

NTFS_FILE_SYSTEM (24)

This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.

Code: 
1: kd> .bugcheck
Bugcheck code 00000024
Arguments 00000000`001904fb fffff880`0829fae8 fffff880`0829f340 fffff880`04f03452

Code: 
1: kd> .exr fffff880`0829fae8
ExceptionAddress: fffff88004f03452 (luafv!LuafvPreWrite+0x000000000000003e)
   ExceptionCode: c0000005 (Access violation)

Access violation was the reason for the crash, specifically in luafv.sys.

Code: 
1: kd> .cxr fffff880`0829f340
rax=fffff8800829fdc8 rbx=fffdf8a0024a85e0 rcx=0000000000007666
rdx=fffff8800829fdc8 rsi=0000000000000001 rdi=fffffa8007061710
rip=fffff88004f03452 rsp=fffff8800829fd20 rbp=fffffa800ad274a0
 r8=fffff8800829fda0  r9=0000000000000000 r10=fffffa80072e7d80
r11=0000000000000000 r12=fffff8800829fda0 r13=fffff8800829ffd8
r14=fffffa800ad27010 r15=fffff8800829fe80
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
luafv!LuafvPreWrite+0x3e:
fffff880`04f03452 66390b          cmp     word ptr [rbx],cx ds:002b:fffdf8a0`024a85e0=????

comparing cx with rbx.

Code: 
1: kd> !pte fffdf8a0024a85e0
                                           VA fffdf8a0024a85e0
PXE at FFFFF6FB7DBEDF88    PPE at FFFFF6FB7DBF1400    PDE at FFFFF6FB7E280090    PTE at FFFFF6FC50012540
Unable to get PXE FFFFF6FB7DBEDF88
WARNING: noncanonical VA, accesses will fault !

rbx contains an invalid virtual address, this is the reason the access violation occurred.


You either have a bad drive or bad RAM.

Run Memtest first to test the RAM for no less than 8 passes:

Memtest86+:

Download Memtest86+ here:

Memtest86+ - Advanced Memory Diagnostic Tool

Which should I download?

You can either download the pre-compiled .ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).

Do note that some older generation motherboards do not support USB-based booting, therefore your only option is CD (or Floppy if you really wanted to).

How Memtest works (you don't need to read, it's only for those interested in the specifics):

Memtest uses algorithms (specifically two), namely moving inversion & what is deemed Modulo-X. Essentially, the first algorithm fills the memory with a pattern. Starting at the low address, it checks to see if the pattern was changed (it should not have been), writes the patterns complement, increments the address, and repeats. Starting at the highest address (as opposed to the lowest), it follows the same checklist.

The reason for the second algorithm is due to a few limitations, with the first being that not all adjacent cells are being tested for interaction due to modern chips being 4 to 16 bits wide regarding data storage. With that said, patterns are used to go ahead and ensure that all adjacent cells have at least been written with all possible one and zero combinations.

The second is that caching, buffering and out of order execution will interfere with the moving inversions algorithm. However, the second algorithm used is not affected by this. For starting offsets of 0-20, the algorithm will write every 20th location with a pattern, write all other locations with the patterns complement, repeat the previous one (or more) times, and then check every 20th location for the previously mentioned pattern.

Now that you know how Memtest actually works, it's important to know that the tests it goes through all mean something different. It goes from Test 0 through Test 12, many of which use either one or the other algorithm discussed above, among many other things.

Any other questions, they can most likely be answered by reading this great guide here:

FAQ : please read before posting

If no errors with Memtest, run Chkdsk + Seatools to test the hard disk:

Chkdsk (there are various ways to run Chkdsk):

Method 1:

Start > Search bar > Type cmd (right click run as admin to execute Elevated CMD)

Elevated CMD should now be opened, type the following:

chkdsk x: /r

x implies your drive letter, so if your hard drive in question is letter c, it would be:

chkdsk c: /r

Restart system and let chkdsk run.

Method 2:


Open the "Computer" window
Right-click on the drive in question
Select the "Tools" tab
In the Error-checking area, click <Check Now>.

If you'd like to get a log file that contains the chkdsk results, do the following:

Press Windows Key + R and type powershell.exe in the run box

Paste the following command and press enter afterwards:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

This will output a .txt file on your Desktop containing the results of the chkdsk.

If chkdsk turns out okay, run Seatools -

SeaTools | Seagate

You can run it via Windows or DOS. Do note that the only difference is simply the environment you're running it in. In Windows, if you are having what you believe to be driver related issues that may cause conflicts or a false positive, it may be a wise decision to choose the most minimal testing environment (DOS). I always recommend running Seatools in DOS if absolutely possible.

-- Run all tests EXCEPT: Fix All and anything Advanced.
 
Hi, So chkdsk/seagate tools gave nothing suspicious, I need to do the ramtest overnight... thank you for the quick reply Patrick, I'll post the results tomorrow to say whether or not my ram is bad.
 
Interesting, I for sure thought it would have been one or the other. This is good news, actually. This tells us it's hopefully software. Please enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users
 
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)

This is the general bug check code for fatal errors found by Driver Verifier.

Code: 
2: kd> k
Child-SP          RetAddr           Call Site
fffff880`0648b698 fffff800`0315e4ec nt!KeBugCheckEx
fffff880`0648b6a0 fffff800`03173bf4 nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0648b6e0 fffff800`02f2b890 nt!VfCheckUserHandle+0x1b4
fffff880`0648b7c0 fffff800`02fbad29 nt! ?? ::NNGAKEGL::`string'+0x2027e
fffff880`0648b890 fffff800`02cd0e53 nt!NtSetEvent+0x75
fffff880`0648b8f0 fffff800`02ccd410 nt!KiSystemServiceCopyEnd+0x13
fffff880`0648ba88 fffff880`043e6430 nt!KiServiceLinkage
fffff880`0648ba90 fffff980`15f64001 rzpmgrk+0x1430
fffff880`0648ba98 fffff980`15f64000 0xfffff980`15f64001
fffff880`0648baa0 00000000`00000800 0xfffff980`15f64000
fffff880`0648baa8 fffffa80`0b84d700 0x800
fffff880`0648bab0 00000000`00000000 0xfffffa80`0b84d700

The Razer Overlay driver performed an incorrect reference, therefore verifier flagged it and threw the bug check with 0xC4 as the code. Update any/all Razer drivers, or stop using Overlay if possible. If not using Overlay isn't possible, doesn't help, and updating the drivers don't help, uninstall the Razer drivers and restart to have Windows install default mouse drivers.
 
Alright I completely uninstalled Razer Synapse but I'm still running Driver Verifier (who knows maybe there are other drivers that can cause my PC to BS) I noticed something weird in the drivers list tho, even after the successful uninstall of razer synapse there are still 2 drivers remaining on that list : http://i.imgur.com/bmz20ad.jpg Should I care about that or nah?
 
Not entirely sure what those drivers are linked to. You can leave them, but if they start to cause trouble, just rename them from .sys to .old, and then restart the computer to break them from loading.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top