BSoD DRIVER_VERIFIER_DETECTED_VIOLATION with parameter 0x4100B when i disable computer but without dumps

M

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst
Staff member
Joined
Feb 17, 2019
Posts
534
So far, I have given you tips and advice on how to fight BSoD, and now I come alone with advice, but for myself. What is going on? Namely, switching off the computer I encounter a blue screen with error code 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION). The first parameter for me is 0x4100B, so I already know the reason for the blue screen. I'm thinking, "Phi,
now it's just enough to analyze the crash dump and the case. "But here's the problem.But even though the blue screen informs me that the files are saved, there really are not any crash dumps. In the event log is also nothing about this blue screen as if it never was.
Does anyone know why this is happening? The paging file is on the same disk and partition as the OS, is larger than RAM, and is managed by the system, and the Windows Error Reporting service is set to Manual.
 

Attachments

UPDATE:

Today I tested whether crash dumps at the time of the blue screen is recorded with NotMyFault. After the appearance of the blue screen and the information that the files were saved, I restarted the computer and ... crash dumps was recorded normally along with the log in the event log. So, just saving the crash dumps works correctly,
the problem with their recording appears when the blue screen pops up when the computer is turned off, so maybe something needs to be set in the system?
 
Since you're not getting a dump file you're unable to see the string pointed to by the 2nd parameter of the bugcheck, correct? Do you have a computer you can use as a debugger and connect to the computer that is crashing as the debuggee? As shown in this video, for example.

If you're not getting any indication that the system crashed or that dump file creation failed in the logs I would think that means the failure is happening in such a way as to make disk I/O suddenly stop working. If that's the case, the only chance of looking at what's going on is breaking into the computer as the bugcheck happens, I believe. You might even be able to dump the memory of the debuggee to the debugger computer.
 
Last edited:
I come back to the topic
Unfortunately, but I do not have how to conduct the debugging shown in the video. But I got a few ideas:
1. Maybe you can delay turning off the drive (or SATA controller) when you turn off your computer?
2. Or making the blue screen always show guilty driver on the screen (the KiBugCheckDriver function is responsible,
you know when you can not attach?)
 
An easy thing that might be worth trying is setting the system to use a single core temporarily. That should slow things down and prevent some parallel processing - perhaps giving things time to finish prior to drive I/O shutting down.
 
Did not help. The computer turned off and the blue screen jumped out immediately, but the memory dropped out. I noticed that the progress bar earlier was 100%, and now it reaches 15% and stands.
Can not somehow be forced by the registry editor to make the blue screen always display the guilty driver? I do not see any chance for memory dumps to be created when shutting down the computer because in my opinion, the failure always occurs when the SATA controller is turned off (even if it takes a while, and so only after turning off this controller the income
 
Could you please provide the following value for the registry key:

Code: 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl
 
I do not know what exactly the registry key is about, but please
 

Attachments

  • Regedit.png
    Regedit.png
    994.7 KB · Views: 3
I just wanted to check that dump file settings were correct, and it seem that they are.
 
And this. Memory dumps are created correctly if the blue screen comes to the system (I checked it with NotMyFault). Whereas when it comes to it when switching off the computer, these crash dumps do not form.
Presumably, the failure occurs after turning off the SATA controller because I wanted the blue screen to constantly display the name of the controller on the screen (I know that it is responsible for the KiBugCheckDriver function)
 
In that case try disabling Fast Startup and see if it makes a difference.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top