Hi,
The latest attached DMP file is of the
CRITICAL_OBJECT_TERMINATION (f4) bug check.
This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
BugCheck F4, {
3, fffffa800890e040, fffffa800890e320, fffff80003fa2db0}
^^ 3 = Process that ended as opposed to Thread.
Code:
1: kd> !process fffffa800890e040 3
GetPointerFromAddress: unable to read from fffff80003ed0000
PROCESS fffffa800890e040
SessionId: none Cid: 0148 Peb: 7fffffd6000 ParentCid: 0004
DirBase: 199a2a000 ObjectTable: fffff8a000285f90 HandleCount: <Data Not Accessible>
[COLOR=#ff0000][I][B] Image: smss.exe[/B][/I][/COLOR]
VadRoot fffffa800a9180c0 Vads 16 Clone 0 Private 117. Modified 261. Locked 0.
DeviceMap fffff8a0000088f0
Token fffff8a000190040
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (21, 50, 345) (84KB, 200KB, 1380KB)
PeakWorkingSetSize 320
VirtualSize 5 Mb
PeakVirtualSize 18 Mb
PageFaultCount 1503
MemoryPriority BACKGROUND
BasePriority 11
CommitCharge 144
^^ The process in question was smss.exe, which is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the main system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes, and setting system variables.
We have little to no information other than this, so detective work will be necessary.
-----------------
1. Uninstall DeepFreeze.
2. Uninstall ISODrive.
3.
Code:
1: kd> lmvm ssport
start end module name
fffff880`048b1000 fffff880`048b9000 SSPORT (deferred)
Image path: SSPORT.sys
Image name: SSPORT.sys
Timestamp: Thu Aug 11 19:07:32 [COLOR=#ff0000][U][I][B]2005[/B][/I][/U][/COLOR]
^^ Samsung printer driver dated from 2005 which is
way too old to work with Windows 7. Check for a W7 driver for your printer -
Download Center: Download Software, Firmware, Drivers & Manuals | Samsung
If not available, uninstall the printer software and disconnect the printer.
4. If you're still crashing after all of the above, please enable Driver Verifier:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 -
Restore Point - Create in Windows 8
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is
NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do
not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
Using Driver Verifier to identify issues with Windows drivers for advanced users
Regards,
Patrick
,