Device Guard VBS BSOD: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M amdppm.sys

R

ravenize

Well-known member
Joined
Feb 21, 2018
Posts
213
System is capable of device-guard... running driver verifier and disabling all HVCI incompatible kernel drivers results in the same BSOD at boot time, with the same module with the exact same code every time, pointing to microsoft signed amdppm.sys.

Code: 
On Thu 6/25/2020 7:50:50 AM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\062520-17640-01.dmp
This was probably caused by the following module: amdppm.sys (0xFFFFF80541442144)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80541442144, 0xFFFFEC8F311B0EE8, 0xFFFFEC8F311B0730)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\amdppm.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Processor Device Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.

Any idea what is going on here?
 

Attachments

Last edited:
x BlueRobot said:
I haven't checked the files yet, but I would suggest running Driver Verifier with the Code Integrity checks option enabled in addition to the options listed in the tutorial - Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 + Vista
Click to expand...


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80356772144, The address that the exception occurred at
Arg3: ffff810ba38aeee8, Exception Record Address
Arg4: ffff810ba38ae730, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : AV.Fault
Value: Write

Key : Analysis.CPU.Sec
Value: 3

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DEVICE

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 9

Key : Analysis.Memory.CommitPeak.Mb
Value: 84

Key : Analysis.System
Value: CreateObject


TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b


DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80356772144

BUGCHECK_P3: ffff810ba38aeee8

BUGCHECK_P4: ffff810ba38ae730

EXCEPTION_RECORD: ffff810ba38aeee8 -- (.exr 0xffff810ba38aeee8)
ExceptionAddress: fffff80356772144 (amdppm!WriteIoMemRaw+0x00000000000000a8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: ffffffffffffffff
Attempt to write to address ffffffffffffffff

CONTEXT: ffff810ba38ae730 -- (.cxr 0xffff810ba38ae730)
rax=ffffe601c9715c10 rbx=ffffe601c96743c0 rcx=0000000000000044
rdx=0000000000000020 rsi=ffffe601c9674310 rdi=0000000000000001
rip=fffff80356772144 rsp=ffff810ba38af128 rbp=0000000000000000
r8=0000000000000001 r9=0000000000000020 r10=ffffd4810d5c0008
r11=0000000000000020 r12=00000000000001c8 r13=0000000000000013
r14=0000000000000001 r15=0000000000000013
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
amdppm!WriteIoMemRaw+0xa8:
fffff803`56772144 46890411 mov dword ptr [rcx+r10],r8d ds:002b:ffffd481`0d5c004c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

WRITE_ADDRESS: fffff80059b873b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80059a3e3c8: Unable to get Flags value from nt!KdVersionBlock
fffff80059a3e3c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: ffffffffffffffff

EXCEPTION_STR: 0xc0000005

LOCK_ADDRESS: fffff80059a769e0 -- (!locks fffff80059a769e0)
Cannot get _ERESOURCE type

Resource @ nt!PiEngineLock (0xfffff80059a769e0) Available
1 total locks

PNP_TRIAGE_DATA:
Lock address : 0xfffff80059a769e0
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0

STACK_TEXT:
ffff810b`a38af128 fffff803`56772275 : 00000000`00000000 fffff803`56791e9d 00000000`00000000 00000000`00000000 : amdppm!WriteIoMemRaw+0xa8
ffff810b`a38af130 fffff803`56772365 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe601`c96867d0 : amdppm!WriteGenAddr+0x6d
ffff810b`a38af160 fffff803`5679da42 : 00000000`00000000 00000000`000000d4 ffffe601`c9674310 00000000`00000000 : amdppm!WriteGenAddrMaybeHidden+0x1d
ffff810b`a38af190 fffff803`56796f84 : ffffe601`c9715c10 fffff803`5677f000 00000000`0007f077 00000000`00000000 : amdppm!InitAcpiCpc+0x2ce
ffff810b`a38af200 fffff803`5679009d : 000019fe`36979b18 000019fe`36979b18 ffff810b`a38af400 ffffe601`c96867d0 : amdppm!ProcLibDeviceStart+0x870
ffff810b`a38af340 fffff800`5a41fc27 : ffffe601`c67c2e58 ffff810b`a38af400 ffffe601`c67c2e58 ffffe601`c9686550 : amdppm!EvtDevicePrepareHardware+0xad
ffff810b`a38af380 fffff800`5a3b8892 : 00000000`00000000 fffff800`5a3ab130 00000000`00000000 ffff810b`a38af4a0 : Wdf01000!FxPnpDevicePrepareHardware::InvokeClient+0x27 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpcallbacks.cpp @ 347]
ffff810b`a38af3d0 fffff800`5a41ed01 : 00000000`00000000 ffffe601`c96864e0 ffff810b`a38af4a0 ffffe601`c67c28b0 : Wdf01000!FxPrePostCallback::InvokeStateful+0x5a [minkernel\wdf\framework\shared\irphandlers\pnp\cxpnppowercallbacks.cpp @ 467]
ffff810b`a38af410 fffff800`5a41d891 : ffffe601`c67c2800 ffffe601`c67c28b0 ffff810b`a38af510 00000000`00000108 : Wdf01000!FxPkgPnp::pnpPrepareHardware+0xfd [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 3601]
ffff810b`a38af460 fffff800`5a41d44b : ffffe601`c67c2801 00000000`00000100 ffffe601`c67c28b0 00000000`00000000 : Wdf01000!FxPkgPnp::pnpEventHardwareAvailable+0x51 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1399]
ffff810b`a38af4a0 fffff800`5a41f1be : ffffe601`c67c28b0 00000000`00000004 ffffe601`c67c28b0 00000000`00000004 : Wdf01000!FxPkgPnp::pnpEnterNewState+0x177 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1234]
ffff810b`a38af530 fffff800`5a41ef6e : 00000000`00000000 ffffe601`c67c2a10 ffffe601`c67c29e8 00000000`0000000c : Wdf01000!FxPkgPnp::pnpProcessEventInner+0x1e6 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1152]
ffff810b`a38af5b0 fffff800`5a426ece : 00000000`00000000 ffffe601`c67c28b0 00000000`0000001b 00000000`00000288 : Wdf01000!FxPkgPnp::pnpProcessEvent+0x19a [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 933]
ffff810b`a38af640 fffff800`5a3a3c53 : ffffe601`c67c28b0 00000000`0000001b 00000000`00000288 00000000`00000000 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 2025]
ffff810b`a38af670 fffff800`5a3aac82 : ffffe601`c9663460 ffffe601`c96864e0 ffffe601`c8152c00 ffffe601`c8152c00 : Wdf01000!FxPkgPnp::Dispatch+0xb3 [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 765]
ffff810b`a38af6e0 fffff800`596adeb9 : ffff810b`a38af860 ffffe601`c8152c00 00000000`00000001 ffffe601`c80b6840 : Wdf01000!FxDevice::DispatchWithLock+0x112 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
ffff810b`a38af740 fffff800`59d2b556 : ffffe601`c4cc7570 ffffe601`c80b6840 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x59
ffff810b`a38af780 fffff800`596f4dce : ffffe601`c4cc7570 00000000`00000000 ffffe601`c80b6840 fffff800`00000000 : nt!PnpAsynchronousCall+0xea
ffff810b`a38af7c0 fffff800`5976b8ac : 00000000`00000000 ffffe601`c4cc7570 fffff800`59759200 fffff800`59759200 : nt!PnpSendIrp+0x5e
ffff810b`a38af830 fffff800`59d2a838 : 00000000`00000000 00000000`00000000 ffffe601`c80b6840 00000000`00000000 : nt!PnpStartDevice+0x88
ffff810b`a38af8c0 fffff800`59d2a707 : ffffe601`c4c913f0 00000000`00000000 00000000`00000001 fffff800`59759686 : nt!PnpStartDeviceNode+0xec
ffff810b`a38af950 fffff800`59d16888 : ffffe601`c4c913f0 ffff810b`a38afa18 00000000`00000001 00000000`00000001 : nt!PipProcessStartPhase1+0x6f
ffff810b`a38af9a0 fffff800`59d9d0f8 : ffffe601`c8623b00 ffff810b`a38afb01 ffff810b`a38afab0 fffff800`00000000 : nt!PipProcessDevNodeTree+0x3b0
ffff810b`a38afa60 fffff800`5977097e : 00000001`00000003 ffffe601`c8623bc0 ffffd481`00000000 ffffe601`c8623bc0 : nt!PiProcessStartSystemDevices+0x60
ffff810b`a38afab0 fffff800`59697945 : ffffe601`c65bd040 ffffe601`c4c8ecb0 fffff800`59a75280 ffffe601`c4c8ecb0 : nt!PnpDeviceActionWorker+0x45e
ffff810b`a38afb70 fffff800`59732135 : ffffe601`c65bd040 00000000`00000080 ffffe601`c4ccc300 00000000`00000001 : nt!ExpWorkerThread+0x105
ffff810b`a38afc10 fffff800`597dd9a8 : fffff800`57bfb180 ffffe601`c65bd040 fffff800`597320e0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff810b`a38afc60 00000000`00000000 : ffff810b`a38b0000 ffff810b`a38aa000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME: amdppm!WriteIoMemRaw+a8

MODULE_NAME: amdppm

IMAGE_NAME: amdppm.sys

IMAGE_VERSION: 10.0.18362.693

STACK_COMMAND: .cxr 0xffff810ba38ae730 ; kb

BUCKET_ID_FUNC_OFFSET: a8

FAILURE_BUCKET_ID: AV_amdppm!WriteIoMemRaw

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {05b9e458-6c10-43a8-4dc2-664f23edafb4}

Followup: MachineOwner
---------
Click to expand...

Should I also enable all three of these?

bcdedit /bootdebug {bootmgr} on
bcdedit /bootdebug on
bcdedit /debug on

or just the latter? or will this for example cause too much noise in the dump, compared to your tutorial?
 
Last edited:
In my ignorance can you please help me to understand a little what they mean here

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.
Click to expand...

why do they referr to exception code 0x80000003, when the exception code is 1000007e? how are they related and can you clarify how I can locate the association in the dump, if it exists or how to factor it out? thanks
 
xilolee said:
You can read it as "if the first argument, arg1, is 0x80000003, we suggest the following".
Click to expand...

Here it is, I ran the driver verifier as you suggested, while using autoruns to disable all drivers with code integrity issues that dgreadieness tool suggested are incompatible with device guard, then I rebooted and looks like I got the exact same error

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80ed04d2144, The address that the exception occurred at
Arg3: ffffa488e4d32ee8, Exception Record Address
Arg4: ffffa488e4d32730, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : AV.Fault
Value: Write

Key : Analysis.CPU.Sec
Value: 3

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DEVICE

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 9

Key : Analysis.Memory.CommitPeak.Mb
Value: 78

Key : Analysis.System
Value: CreateObject


TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b


DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80ed04d2144

BUGCHECK_P3: ffffa488e4d32ee8

BUGCHECK_P4: ffffa488e4d32730

EXCEPTION_RECORD: ffffa488e4d32ee8 -- (.exr 0xffffa488e4d32ee8)
ExceptionAddress: fffff80ed04d2144 (amdppm!WriteIoMemRaw+0x00000000000000a8)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: ffffffffffffffff
Attempt to write to address ffffffffffffffff

CONTEXT: ffffa488e4d32730 -- (.cxr 0xffffa488e4d32730)
rax=ffffe4062d11d920 rbx=ffffe4062ce220c0 rcx=0000000000000044
rdx=0000000000000020 rsi=ffffe4062ce22010 rdi=0000000000000001
rip=fffff80ed04d2144 rsp=ffffa488e4d33128 rbp=0000000000000000
r8=0000000000000001 r9=0000000000000020 r10=ffffbd0060180008
r11=0000000000000020 r12=00000000000001c8 r13=0000000000000013
r14=0000000000000001 r15=0000000000000013
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
amdppm!WriteIoMemRaw+0xa8:
fffff80e`d04d2144 46890411 mov dword ptr [rcx+r10],r8d ds:002b:ffffbd00`6018004c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

WRITE_ADDRESS: fffff8000d6273b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8000d4de3c8: Unable to get Flags value from nt!KdVersionBlock
fffff8000d4de3c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: ffffffffffffffff

EXCEPTION_STR: 0xc0000005

LOCK_ADDRESS: fffff8000d5169e0 -- (!locks fffff8000d5169e0)
Cannot get _ERESOURCE type

Resource @ nt!PiEngineLock (0xfffff8000d5169e0) Available
1 total locks

PNP_TRIAGE_DATA:
Lock address : 0xfffff8000d5169e0
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0

STACK_TEXT:
ffffa488`e4d33128 fffff80e`d04d2275 : 00000000`00000000 fffff80e`d04f1e9d 00000000`00000000 00000000`00000000 : amdppm!WriteIoMemRaw+0xa8
ffffa488`e4d33130 fffff80e`d04d2365 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe406`2cf09310 : amdppm!WriteGenAddr+0x6d
ffffa488`e4d33160 fffff80e`d04fda42 : 00000000`00000000 00000000`000000d4 ffffe406`2ce22010 00000000`00000000 : amdppm!WriteGenAddrMaybeHidden+0x1d
ffffa488`e4d33190 fffff80e`d04f6f84 : ffffe406`2d11d920 fffff80e`d04df000 00000000`0007f077 00000000`00000000 : amdppm!InitAcpiCpc+0x2ce
ffffa488`e4d33200 fffff80e`d04f009d : 00001bf9`d30f6fd8 00001bf9`d30f6fd8 ffffa488`e4d33400 ffffe406`2cf09310 : amdppm!ProcLibDeviceStart+0x870
ffffa488`e4d33340 fffff800`0b857c27 : ffffe406`2cf08e58 ffffa488`e4d33400 ffffe406`2cf08e58 ffffa488`e4d33510 : amdppm!EvtDevicePrepareHardware+0xad
ffffa488`e4d33380 fffff800`0b7f0892 : 00000000`00000000 fffff800`0b7e3130 ffffa488`e4d334a0 ffffa488`e4d33460 : Wdf01000!FxPnpDevicePrepareHardware::InvokeClient+0x27 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpcallbacks.cpp @ 347]
ffffa488`e4d333d0 fffff800`0b856d01 : 00000000`00000000 ffffe406`2cf09020 ffffa488`e4d334a0 ffffe406`2cf088b0 : Wdf01000!FxPrePostCallback::InvokeStateful+0x5a [minkernel\wdf\framework\shared\irphandlers\pnp\cxpnppowercallbacks.cpp @ 467]
ffffa488`e4d33410 fffff800`0b855891 : ffffe406`2cf08800 ffffe406`2cf088b0 ffffa488`e4d33510 00000000`00000108 : Wdf01000!FxPkgPnp::pnpPrepareHardware+0xfd [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 3601]
ffffa488`e4d33460 fffff800`0b85544b : ffffe406`2cf08801 00000000`00000100 ffffe406`2cf088b0 00000000`00000000 : Wdf01000!FxPkgPnp::pnpEventHardwareAvailable+0x51 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1399]
ffffa488`e4d334a0 fffff800`0b8571be : 00000000`00000002 ffffe406`2cf088b0 ffffe406`2cf088b0 00000000`00000004 : Wdf01000!FxPkgPnp::pnpEnterNewState+0x177 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1234]
ffffa488`e4d33530 fffff800`0b856f6e : 00000000`00000000 ffffe406`2cf08a10 ffffe406`2cf089e8 00000000`0000000c : Wdf01000!FxPkgPnp::pnpProcessEventInner+0x1e6 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1152]
ffffa488`e4d335b0 fffff800`0b85eece : 00000000`00000000 ffffe406`2cf088b0 00000000`0000001b 00000000`00000288 : Wdf01000!FxPkgPnp::pnpProcessEvent+0x19a [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 933]
ffffa488`e4d33640 fffff800`0b7dbc53 : ffffe406`2cf088b0 00000000`0000001b 00000000`00000288 00000000`00000000 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 2025]
ffffa488`e4d33670 fffff800`0b7e2c82 : ffffe406`2c5078a0 ffffe406`2cf09020 ffffe406`2cc11620 00000000`00000000 : Wdf01000!FxPkgPnp::Dispatch+0xb3 [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 765]
ffffa488`e4d336e0 fffff800`0d14deb9 : ffffa488`e4d33860 ffffe406`2cc11620 00000000`00000001 ffffe406`2cbf93e0 : Wdf01000!FxDevice::DispatchWithLock+0x112 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
ffffa488`e4d33740 fffff800`0d7cb556 : ffffe406`2a1ec870 ffffe406`2cbf93e0 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x59
ffffa488`e4d33780 fffff800`0d194dce : ffffe406`2a1ec870 00000000`00000000 ffffe406`2cbf93e0 fffff800`00000000 : nt!PnpAsynchronousCall+0xea
ffffa488`e4d337c0 fffff800`0d20b8ac : 00000000`00000000 ffffe406`2a1ec870 fffff800`0d1f9200 fffff800`0d1f9200 : nt!PnpSendIrp+0x5e
ffffa488`e4d33830 fffff800`0d7ca838 : 00000000`00000000 00000000`00000000 ffffe406`2cbf93e0 00000000`00000000 : nt!PnpStartDevice+0x88
ffffa488`e4d338c0 fffff800`0d7ca707 : ffffe406`2c2319a0 00000000`00000000 00000000`00000001 fffff800`0d1f9686 : nt!PnpStartDeviceNode+0xec
ffffa488`e4d33950 fffff800`0d7b6888 : ffffe406`2c2319a0 ffffa488`e4d33a18 00000000`00000001 00000000`00000001 : nt!PipProcessStartPhase1+0x6f
ffffa488`e4d339a0 fffff800`0d83d0f8 : ffffe406`2d197500 ffffa488`e4d33b01 ffffa488`e4d33ab0 fffff800`00000000 : nt!PipProcessDevNodeTree+0x3b0
ffffa488`e4d33a60 fffff800`0d21097e : 00000001`00000003 ffffe406`2d197570 ffffbd00`00000000 ffffe406`2d197570 : nt!PiProcessStartSystemDevices+0x60
ffffa488`e4d33ab0 fffff800`0d137945 : ffffe406`2c60a0c0 ffffe406`2a102a60 fffff800`0d515280 ffffe406`2a102a60 : nt!PnpDeviceActionWorker+0x45e
ffffa488`e4d33b70 fffff800`0d1d2135 : ffffe406`2c60a0c0 00000000`00000080 ffffe406`2a0b9380 00000000`00000001 : nt!ExpWorkerThread+0x105
ffffa488`e4d33c10 fffff800`0d27d9a8 : ffffbd00`5f440180 ffffe406`2c60a0c0 fffff800`0d1d20e0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffa488`e4d33c60 00000000`00000000 : ffffa488`e4d34000 ffffa488`e4d2e000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME: amdppm!WriteIoMemRaw+a8

MODULE_NAME: amdppm

IMAGE_NAME: amdppm.sys

IMAGE_VERSION: 10.0.18362.693

STACK_COMMAND: .cxr 0xffffa488e4d32730 ; kb

BUCKET_ID_FUNC_OFFSET: a8

FAILURE_BUCKET_ID: AV_amdppm!WriteIoMemRaw

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {05b9e458-6c10-43a8-4dc2-664f23edafb4}

Followup: MachineOwner
---------
Click to expand...
 
x BlueRobot said:
I haven't checked the files yet, but I would suggest running Driver Verifier with the Code Integrity checks option enabled in addition to the options listed in the tutorial - Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 + Vista
Click to expand...
MrPepka said:
See - Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista
Send MEMORY.DMP from C:\Windows via web cloud like Drive Google, Dropbox or OneDrive
Click to expand...


I must create a system restore each time because with secure boot enabled in group policy, windows boots but microsoft keyboard and mouse will not function when bypassing secureboot/uefi bios settings to bypass the BSOD... I'll do whatever it takes to get to the bottom of it.

Do you recommend I enable a complete dump instead?

Here is the dump if it will be useful:
 

Attachments

Last edited:
In Driver Verifier, try to add amdppm.sys and wdf01000.sys for verification
 
Ok, will do that shortly. Every time I load windbg it reverts my symbol cache settings and i am forced to delete the folder under c: and re-download symbols, any way to fix that?
 
Rich (BB code): 
0: kd> .cxr 0xffffa488e4d32730
rax=ffffe4062d11d920 rbx=ffffe4062ce220c0 rcx=0000000000000044
rdx=0000000000000020 rsi=ffffe4062ce22010 rdi=0000000000000001
rip=fffff80ed04d2144 rsp=ffffa488e4d33128 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000020 r10=ffffbd0060180008
r11=0000000000000020 r12=00000000000001c8 r13=0000000000000013
r14=0000000000000001 r15=0000000000000013
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
amdppm!WriteIoMemRaw+0xa8:
fffff80e`d04d2144 46890411        mov     dword ptr [rcx+r10],r8d ds:002b:ffffbd00`6018004c=????????

Rich (BB code): 
0: kd> !error ffffffffc0000005
Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

All the dump files are crashing on the exact same function call with the same error.

ravenize said:
while using autoruns to disable all drivers with code integrity issues that dgreadieness tool suggested are incompatible with device guard, then I rebooted and looks like I got the exact same error
Click to expand...

Which drivers did it mention?
 
x BlueRobot said:
Rich (BB code): 
Which drivers did it mention?
Click to expand...

Code: 
gwdrv.sys #glasswire fresh
vboxnetlwf.sys #virtualbox fresh
vboxdrv.sys #virtualbox fresh
vboxnetadp6.sys #virtualbox fresh
aicharger.sys #asus ai charger, (2012)
lvbflt64.sys #logitech cam drivers from (2012)
sbiedrv.sys #sandboxie (fresh, latest open source release from github)
pbfilter.sys #peerblock (2014)

After updating to Windows 10 2004, they updated windows security centers ability to detect bad drivers directly, it listed two drivers that dgreadiness tool does not, wdcsam64_prewin8.sys (2018) western digital driver, and zemana antimalware driver (zamguard64.sys, 2020)

After removing ALL incompatible drivers and their programs and successfully enabling code integrity in windows security control panel, got the same BSOD on reboot.

here is the dump with driver verifier enabled and set as requested by ops here

Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8093557334c, The address that the exception occurred at
Arg3: ffffc8025687cef8, Exception Record Address
Arg4: ffffc8025687c730, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Write

    Key  : Analysis.CPU.Sec
    Value: 3

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DEVICE

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 9

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 79

    Key  : Analysis.System
    Value: CreateObject


TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b


DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8093557334c

BUGCHECK_P3: ffffc8025687cef8

BUGCHECK_P4: ffffc8025687c730

EXCEPTION_RECORD:  ffffc8025687cef8 -- (.exr 0xffffc8025687cef8)
ExceptionAddress: fffff8093557334c (amdppm!WriteIoMemRawEx+0x0000000000000070)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: ffffffffffffffff
Attempt to write to address ffffffffffffffff

CONTEXT:  ffffc8025687c730 -- (.cxr 0xffffc8025687c730)
rax=ffffaf01ab680f40 rbx=0000000000000001 rcx=0000000000000020
rdx=0000000000000001 rsi=ffffaf01ab67ee00 rdi=ffffaf01ab3beb40
rip=fffff8093557334c rsp=ffffc8025687d130 rbp=fffff8093557f228
r8=ffff9c8193060008  r9=0000000000000044 r10=0000000000000020
r11=0000000000000020 r12=0000000000000013 r13=fffff80935580b01
r14=0000000000000000 r15=0000000000000013
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
amdppm!WriteIoMemRawEx+0x70:
fffff809`3557334c 43891401        mov     dword ptr [r9+r8],edx ds:002b:ffff9c81`9306004c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

WRITE_ADDRESS: fffff80215517388: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8021542c2a8: Unable to get Flags value from nt!KdVersionBlock
fffff8021542c2a8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  ffffffffffffffff

EXCEPTION_STR:  0xc0000005

LOCK_ADDRESS:  fffff80215461b00 -- (!locks fffff80215461b00)
Cannot get _ERESOURCE type

Resource @ nt!PiEngineLock (0xfffff80215461b00)    Available
1 total locks

PNP_TRIAGE_DATA:
    Lock address  : 0xfffff80215461b00
    Thread Count  : 0
    Thread address: 0x0000000000000000
    Thread wait   : 0x0

STACK_TEXT:
ffffc802`5687d130 fffff809`3557313f : ffffc802`5687d158 00000000`00000000 00000000`00000000 00000000`00050282 : amdppm!WriteIoMemRawEx+0x70
ffffc802`5687d160 fffff809`35573234 : ffffaf01`ab67efa0 fffff809`3557f1f8 ffffaf01`ab67ee00 00000000`00000000 : amdppm!WriteGenAddrEx+0x6b
ffffc802`5687d190 fffff809`35590e8f : 00000000`00000000 ffffaf01`ab680f40 00000000`00000000 00000000`00000000 : amdppm!WriteGenAddrMaybeHiddenEx+0x18
ffffc802`5687d1c0 fffff809`355983f6 : 00000000`0007f077 ffffc802`5687d2e9 00000000`00000000 00000000`00000000 : amdppm!InitAcpiCpc+0x317
ffffc802`5687d220 fffff809`3558f852 : ffffaf01`ab3be850 000050fe`54c417a8 ffffc802`5687d4b0 ffffaf01`ab3beb40 : amdppm!ProcLibDeviceStart+0x886
ffffc802`5687d350 fffff802`15cdc047 : ffffaf01`ab3d6ef8 ffffc802`5687d4b0 ffffaf01`ab3d6900 fffff802`15cfc248 : amdppm!EvtDevicePrepareHardware+0xd2
ffffc802`5687d390 fffff802`15c76ed1 : ffffaf01`ab3d6ef8 fffff802`15c88b43 00000000`00000000 00000000`00000000 : Wdf01000!FxPnpDevicePrepareHardware::InvokeClient+0x27 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpcallbacks.cpp @ 447]
ffffc802`5687d3e0 fffff802`15cdb247 : 00000000`00000000 ffffaf01`ab3be850 ffffc802`5687d4b0 ffffaf01`ab3d6900 : Wdf01000!FxPrePostCallback::InvokeStateful+0x69 [minkernel\wdf\framework\shared\irphandlers\pnp\cxpnppowercallbacks.cpp @ 275]
ffffc802`5687d420 fffff802`15cd9e41 : ffffaf01`ab3d6900 ffffaf01`ab3d6900 ffffc802`5687d520 ffffc802`5687d4f0 : Wdf01000!FxPkgPnp::PnpPrepareHardware+0xdf [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 3604]
ffffc802`5687d470 fffff802`15cd99fa : 00000000`00000101 00000000`00000100 00000000`00000108 ffffaf01`ab3bcff0 : Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x51 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1399]
ffffc802`5687d4b0 fffff802`15cdb6d1 : ffffaf01`ab3d6900 00000000`000000c0 ffffaf01`ab3d6900 00000000`00000001 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x15e [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1234]
ffffc802`5687d540 fffff802`15cdb49a : ffffaf01`ab3d6900 00000000`00000000 ffffaf01`ab3d6a60 ffffaf01`ab3d6a38 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1d1 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1152]
ffffc802`5687d5b0 fffff802`15ce29be : 00000000`00000000 ffffaf01`ab3d6900 00000000`0000001b 00000000`00000000 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x182 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 933]
ffffc802`5687d640 fffff802`15c6cbaf : ffffaf01`ab3d6900 00000000`0000001b ffffaf01`ab3be850 00000000`00000000 : Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 2025]
ffffc802`5687d670 fffff802`15c6a866 : ffffaf01`a7de99b0 00000000`00000000 ffffaf01`a7bcd040 ffffaf01`a7bcd040 : Wdf01000!FxPkgPnp::Dispatch+0xaf [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 765]
ffffc802`5687d6e0 fffff802`14a63d25 : 00000000`00000001 ffffaf01`a7ac7f00 fffff802`14b76660 ffffaf01`a7de99b0 : Wdf01000!FxDevice::DispatchWithLock+0x156 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1447]
ffffc802`5687d740 fffff802`14f75a8e : ffffaf01`a3bc5400 ffffaf01`a7ac7f00 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffffc802`5687d780 fffff802`14b0d5ca : ffffaf01`a3bc5400 00000000`00000000 ffffaf01`a7ac7f00 fffff802`00000000 : nt!PnpAsynchronousCall+0xea
ffffc802`5687d7c0 fffff802`14b7612c : 00000000`00000000 ffffaf01`a3bc5400 fffff802`14b76660 fffff802`14b76660 : nt!PnpSendIrp+0x9e
ffffc802`5687d830 fffff802`14f44a54 : ffffaf01`a5d95a60 00000000`00000000 ffffaf01`a7ac7f00 00000000`00000001 : nt!PnpStartDevice+0x88
ffffc802`5687d8c0 fffff802`14f44923 : ffffaf01`a5d95a60 00000000`00000000 00000000`00000001 fffff802`14b76b02 : nt!PnpStartDeviceNode+0xec
ffffc802`5687d950 fffff802`14f484df : ffffaf01`a5d95a60 ffffc802`5687da18 00000000`00000000 00000000`00000001 : nt!PipProcessStartPhase1+0x73
ffffc802`5687d9a0 fffff802`14fde93c : ffffaf01`a5d84100 ffffc802`5687db01 ffffc802`5687dab0 fffff802`00000000 : nt!PipProcessDevNodeTree+0x3ff
ffffc802`5687da60 fffff802`14b78d4c : 00000001`00000003 ffffaf01`a5d841c0 00000000`00000000 ffffaf01`a5d841c0 : nt!PiProcessStartSystemDevices+0x60
ffffc802`5687dab0 fffff802`14a50f25 : ffffaf01`a77df240 ffffaf01`a1f24a20 fffff802`15460440 ffffaf01`00000000 : nt!PnpDeviceActionWorker+0x4cc
ffffc802`5687db70 fffff802`14b63715 : ffffaf01`a77df240 00000000`00000080 ffffaf01`a1f02080 000f8067`b8bbbdff : nt!ExpWorkerThread+0x105
ffffc802`5687dc10 fffff802`14c02078 : ffff9c81`92cc0180 ffffaf01`a77df240 fffff802`14b636c0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffc802`5687dc60 00000000`00000000 : ffffc802`5687e000 ffffc802`56878000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME:  amdppm!WriteIoMemRawEx+70

MODULE_NAME: amdppm

IMAGE_NAME:  amdppm.sys

IMAGE_VERSION:  10.0.19041.208

STACK_COMMAND:  .cxr 0xffffc8025687c730 ; kb

BUCKET_ID_FUNC_OFFSET:  70

FAILURE_BUCKET_ID:  AV_amdppm!WriteIoMemRawEx

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {b967e674-8d22-35dd-426e-01888346a4a7}

Followup:     MachineOwner
---------

Used:

â–Ş Special Pool
â–Ş Force IRQL checking
â–Ş Pool Tracking
â–Ş Deadlock Detection
â–Ş Security Checks (new as of Windows 7)
â–Ş Miscellaneous Checks
â–Ş Power framework delay fuzzing (new as of Windows 8)
â–Ş DDI compliance checking (new as of Windows 8)
â–Ş Code Integrity Checks

All non MS drivers, but also included Microsofts amdppm.sys and wdf01000.sys for verification.

After removing all the conflicting drivers and their programs, verifier no longer detected any errors on boot, but I continued to get the same old BSOD and dumps without verifier initiating,

Carefully read: after this I disabled UEFI and booted without secureboot, with verifier still enabled with all aformentioned settings, windows booted without issue. The BSOD only occurs with VBS/Code Integrity/Secure launch enabled.

Bcdedit debug is automatically disabled by secureboot.
 
Last edited:
Could you use this DGReadiness script again and attach new logs (after removing incompatible drivers)?
 
Have you enabled NX Protector and SMM Mitigation in the BIOS?
 
MrPepka said:
Could you use this DGReadiness script again and attach new logs (after removing incompatible drivers)?
Click to expand...

x BlueRobot said:
The log stated that there were no incompatible drivers. Did you run the script after removing the drivers?

Could you please run the file collection tool in these posting instructions - Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista

It will collect a number of useful diagnostics logs.
Click to expand...

I did a system restore so I am not sure if you are not sure, I will re-upload a new fresh one time run log shortly.

I ran it to see if it found any leftover incompatibilities that the 2004 update feature misses; though I did a restore point before sending that log file. I could undo the restore point and run it one last time to see wheat it says for you.

MrPepka said:
Have you enabled NX Protector and SMM Mitigation in the BIOS?
Click to expand...

NX is enabled in the bios and dep is set always in windows, SMM, I see no options, it may be hidden; IMMOU is enabled, Virtualization, SR-IOV, and NX
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top