Issues with the DRT and BSOD Index

U

usasma

Retired Admin
Joined
Feb 20, 2012
Posts
2,126
I've been having problems with the app and it's finding/locating drivers that are in the DRT.
Most recently, I have had problems with npf.sys (I have had problems with others). It shows with a link in the links section - but when the app sorts it out as an older driver, it says that it's not in the DRT

Also today I just discovered that the links for STOP errors appear to be directed at the #Example entry (on the BSOD Index page) - not the #0x0000003B (for example) entry

Is anyone else having this problem?
 
usasma said:
I've been having problems with the app and it's finding/locating drivers that are in the DRT.
Most recently, I have had problems with npf.sys (I have had problems with others). It shows with a link in the links section - but when the app sorts it out as an older driver, it says that it's not in the DRT

Also today I just discovered that the links for STOP errors appear to be directed at the #Example entry (on the BSOD Index page) - not the #0x0000003B (for example) entry

Is anyone else having this problem?
Click to expand...

I have not seen any issues like that in the .dmps I have tested. Would you mind attaching some .dmps that you have had trouble with?

EDIT: I am able to reproduce the bugcheck link issue with .dmps I have from two months ago that worked fine two months ago. I am currently not sure if this is an issue with the apps or the html file being downloaded from your site. I will have to investigate to find out where the error is occurring and get back to you.

I will still need .dmps for the npf.sys issue you are seeing to investigate that problem.

EDIT2: I tracked down the HTML issue. Your HTML code now has extra spaces between lines that it did not have when I designed the HTML parser.
 
Last edited:
usasma said:
Thanks for looking at this Mike! Here's the dump that has both issues.View attachment 10720
It's a single dump and the entire reports folder is also included.
Click to expand...

I have solved the issue with the Bugcheck links.

I am unable to solve the issue with the DRT links in an adequate way yet. It would seem the data itself is at fault in the download I get. The following line specifically is giving my software fits:

Code: 
{Gw64.sys}}Adware by ClearThink -  [br]  [br] The kernel dump file name included a file prefix.  The full driver name from the dump - [br] [b][B][COLOR="#FF0000"]{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}[/COLOR][/B]Gw64.sys[/b] [br]  [br] The prefix is variable.[B][COLOR="#FF0000"]}[/COLOR][/B][b] *** DO NOT UPDATE - only remove ***[/b][br][br]Reported to be infectious (adware) [br]  [br] http://www.herdprotect.com/c5e48979-bd7f-4cf7-9b73-2482a67a4f37gw64.sys-ce06778ec8ef670244f072c209c1a7088535b06b.aspx [br]  [br] Google search - https://www.google.com/search?q=%7Bc5e48979-bd7f-4cf7-9b73-2482a67a4f37%7DGw64.sys&sourceid=ie7&rls=com.microsoft:en-US:IE-ContextMenu&ie=&oe=&gws_rd=ssl}0

The highlighted region in red is causing parser errors since the parsing is based on the '{' and '}' characters.


I ask that no changes be made on the DRT output or the description due to the above. I want to see if I can handle it on the software side of things instead since it is safer to make the apps more robust than to make changes to the DRT or the DRT .txt output.
 
Last edited:
writhziden said:
I am unable to solve the issue with the DRT links in an adequate way yet. It would seem the data itself is at fault in the download I get. The following line specifically is giving my software fits:

Code: 
{Gw64.sys}}Adware by ClearThink -  [br]  [br] The kernel dump file name included a file prefix.  The full driver name from the dump - [br] [b][B][COLOR="#FF0000"]{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}[/COLOR][/B]Gw64.sys[/b] [br]  [br] The prefix is variable.[B][COLOR="#FF0000"]}[/COLOR][/B][b] *** DO NOT UPDATE - only remove ***[/b][br][br]Reported to be infectious (adware) [br]  [br] http://www.herdprotect.com/c5e48979-bd7f-4cf7-9b73-2482a67a4f37gw64.sys-ce06778ec8ef670244f072c209c1a7088535b06b.aspx [br]  [br] Google search - https://www.google.com/search?q=%7Bc5e48979-bd7f-4cf7-9b73-2482a67a4f37%7DGw64.sys&sourceid=ie7&rls=com.microsoft:en-US:IE-ContextMenu&ie=&oe=&gws_rd=ssl}0

The highlighted region in red is causing parser errors since the parsing is based on the '{' and '}' characters.


I ask that no changes be made on the DRT output or the description due to the above. I want to see if I can handle it on the software side of things instead since it is safer to make the apps more robust than to make changes to the DRT or the DRT .txt output.
Click to expand...

Those were the 2 characters we thought would be safe to use because we never envisioned the brackets being used in any DRT field.
 
jcgriff2 said:
Read More:

Those were the 2 characters we thought would be safe to use because we never envisioned the brackets being used in any DRT field.
Click to expand...
Yep, I remember discussing that with you on at least one occasion and agreeing it was unlikely to show up in the DRT info. I was a bit surprised to see it as part of a description, but I have found a way to more robustly get the information needed from the DRT even with those symbols showing up in a description. The parsing is fixed now. :-}
 
Finally got a chance to test the new .exe - tested it with the same dump I uploaded here
The only change was the _writhziden_ prefix on the dump file.

It seems to take much longer (several seconds) for the single dump to run.
EDIT: I've recently noticed an increase in the lag for the context menu in Microsoft Excel on my system - ?might be related?

And it appears that I'll have to be more careful with what I stuff into the info fields in the DRT.
Here's the output that I got for the npf.sys driver:
Code: 
[COLOR=RED][B]npf.sys                      Fri Jun 25 12:50:58 2010 (4C24DE72)[/B][/COLOR]
NetGroup Packet Filter Driver, part of the WinPcap packet capture library (list of programs that use it: [url=http://www.winpcap.org/misc/links.htm]WinPcap · Links[/url] )     [br]          [br]    Also believed to be associated with Netgear's "NETGEARGenie", related to Netgear's router firmware     [br]          [br]     If Netgear, you will likely find wpcap.dll and packet.dll in \system32}WinPcap - [url=http://www.winpcap.org/contact.htm]WinPcap · Commercial and Community Support[/url]     [br][br]     Netgear "tftp2.exe" firmware upgrade instructions -      [br]     [url=http://kb.netgear.com/app/answers/detail/a_id/19841/~/reinstall-the-firmware-on-a-router-without-the-setup-cd-recovery-tool]NETGEAR Support | Answer | Reinstall the firmware on a router without the setup CD recovery tool[/url]     [br]          [br]     Netgear firmware related BSOD thread - [url=http://www.techsupportforum.com/forums/f299/bsod-win7-laptop-when-entering-sleep-mode-939698.html][SOLVED] BSOD Win7 Laptop - when entering Sleep mode - Tech Support Forum[/url] 
[url=http://www.carrona.org/drivers/driver.php?id=npf.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR="BLUE"]npf.sys[/COLOR][/B][/url]

Also, the link to the STOP error is correct now.

Thanks Mike!
 
Last edited:
usasma said:
It seems to take much longer (several seconds) for the single dump to run.
EDIT: I've recently noticed an increase in the lag for the context menu in Microsoft Excel on my system - ?might be related?
Click to expand...

I just tested both versions of the executable. Processing time is nearly identical for both. I did notice the apps take longer to run the first time they run the .dmp, regardless of which version is used, but that seems more due to the kernel debugging software than the blue screen apps.

Did you try processing the .dmp additional times to see if it was slow every time you process it?
 
Last edited:
Thanks Mike.

@Carrona - I am not facing any issue of the npf.sys popping in the drivers not found (_95-Debug.txt and 3rdPartyDriversDate.txt) even with the older executables of the SysnativeBSODProcessingApps. Although there is the issue of the BSOD index links converted to other link (which is fixed in the new version provided by Mike).

Furthermore, regarding loading time, I did not face any loading time (the average was around 30 seconds) and like Mike said, on the first run, the apps took a lot of time to run but subsequently, the time was reduced to around 30 seconds.
 
Last edited:
blueelvis said:
usasma, is it possible that we are discussing the same problem I was facing regarding duplicate drivers appearing? Check below link -

https://www.sysnative.com/forums/bsod-processing-apps-download-%7C-information-%7C-discussions/12168-same-driver-present-in-95-debug-multiple-times.html

EDIT :- Mike, would you be so kind to post on how you resolved the problem regarding the curly braces(as in coding)? It would help me for sure :)
Click to expand...

The problem reported with npf.sys was actually due to the parser erroneously flagging 3rd party drivers as Windows/System drivers due to the curly braces showing up in descriptions. I resolved that by checking whether the curly braces surrounded a 0 or 1 in the parsing, which indicates whether a driver is 3rd party or Windows/System respectively. i.e.

Code: 
drivername.sys}}This is a drivername}http://www.thisIsADriverLink.com[B][COLOR="#FF0000"]}0{[/COLOR][/B]
 
Hey Mike ^_^,

It seems a new issue has cropped up. I just analysed a couple of dumps and got the "npf.sys" listed as a driver in 3rdPartyDriver.txt . Below is the output -
Code: 
**************************Sun Feb  8 19:45:42.921 2015 (UTC + 5:30)**************************
GEARAspiWDM.sys              Fri May  4 01:26:17 2012 (4FA2E2E1)
clwvd.sys                    Fri Aug  3 16:19:32 2012 (501BACBC)
WirelessButtonDriver64.sys   Thu Aug 30 08:41:29 2012 (503ED9E1)
Accelerometer.sys            Wed Feb 27 01:38:10 2013 (512D162A)
hpdskflt.sys                 Wed Feb 27 01:38:12 2013 (512D162C)
[COLOR=#FF0000][B][U]npf.sys                      Fri Mar  1 07:01:24 2013 (513004EC)
[/U][/B][/COLOR]SynTP.sys                    Sat Jul 27 00:16:37 2013 (51F2C40D)
Smb_driver_Intel.sys         Sat Jul 27 00:19:06 2013 (51F2C4A2)
Rt630x64.sys                 Thu Aug 15 11:53:59 2013 (520C73FF)
iaStorA.sys                  Fri Aug 16 22:52:01 2013 (520E5FB9)
dump_iaStorA.sys             Fri Aug 16 22:52:01 2013 (520E5FB9)
TeeDriverx64.sys             Mon Aug 19 22:53:31 2013 (52125493)
RtsPer.sys                   Wed Aug 21 12:53:24 2013 (52146AEC)
intelppm.sys                 Thu Aug 22 14:16:35 2013 (5215CFEB)
iwdbus.sys                   Fri Sep 27 03:08:04 2013 (5244A93C)
igdkmd64.sys                 Tue Oct  8 04:26:37 2013 (52533C25)
RTKVHD64.sys                 Tue Nov  5 17:09:41 2013 (5278D8FD)
netr28x.sys                  Tue Nov 26 14:02:39 2013 (52945CA7)
rtbth.sys                    Fri Nov 29 08:43:06 2013 (52980642)
dtsoftbus01.sys              Fri Feb 21 15:19:36 2014 (53072130)
avgrkx64.sys                 Thu Jun 19 00:33:17 2014 (53A1E275)
avgdiska.sys                 Thu Jun 19 00:33:29 2014 (53A1E281)
avgloga.sys                  Fri Jul 18 19:23:20 2014 (53C926D0)
avgldx64.sys                 Fri Aug 29 01:17:21 2014 (53FF8749)
avgwfpa.sys                  Thu Sep 25 00:33:37 2014 (54231589)
avgmfx64.sys                 Mon Oct  6 01:11:36 2014 (54319EF0)
avgidsha.sys                 Wed Nov 19 02:12:01 2014 (546BAF19)
nvvad64v.sys                 Thu Nov 20 21:03:54 2014 (546E09E2)
VBoxUSBMon.sys               Mon Nov 24 16:36:09 2014 (54731121)
VBoxNetAdp.sys               Mon Nov 24 16:36:09 2014 (54731121)
VBoxNetFlt.sys               Mon Nov 24 16:36:09 2014 (54731121)
VBoxDrv.sys                  Mon Nov 24 16:37:17 2014 (54731165)
idmwfp.sys                   Fri Nov 28 21:06:54 2014 (54789696)
avgidsdrivera.sys            Tue Dec  9 01:54:21 2014 (548608F5)
nvlddmkm.sys                 Sat Jan 10 03:52:06 2015 (54B0548E)
NvStreamKms.sys              Mon Jan 12 23:26:42 2015 (54B40ADA)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Feb  8 18:57:29.763 2015 (UTC + 5:30)**************************
cpuz138_x64.sys              Thu Oct 23 20:33:05 2014 (544918A9)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Feb  7 00:20:19.738 2015 (UTC + 5:30)**************************
ssudbus.sys                  Thu Jan  2 15:21:22 2014 (52C5369A)
ssudmdm.sys                  Thu Jan  2 15:21:26 2014 (52C5369E)
VBoxDDR0.r0                  Mon Nov 24 16:36:09 2014 (54731121)
VBoxDD2R0.r0                 Mon Nov 24 16:36:09 2014 (54731121)
VMMR0.r0                     Mon Nov 24 16:37:16 2014 (54731164)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Feb  5 17:45:35.056 2015 (UTC + 5:30)**************************
wdcsam64.sys                 Wed Apr 16 14:09:08 2008 (4805BB2C)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Feb  5 09:16:19.443 2015 (UTC + 5:30)**************************
aswMonFlt.sys                Thu Nov  6 18:23:07 2014 (545B6F33)
aswRvrt.sys                  Thu Nov  6 18:23:22 2014 (545B6F42)
aswVmm.sys                   Thu Nov  6 18:23:31 2014 (545B6F4B)
aswRdr2.sys                  Thu Nov  6 18:24:02 2014 (545B6F6A)
aswHwid.sys                  Thu Nov  6 18:25:01 2014 (545B6FA5)
aswSP.sys                    Thu Nov  6 18:39:55 2014 (545B7323)
aswStm.sys                   Thu Nov  6 18:41:00 2014 (545B7364)
aswSnx.sys                   Fri Nov 21 16:47:12 2014 (546F1F38)
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=clwvd.sys
http://www.carrona.org/drivers/driver.php?id=WirelessButtonDriver64.sys
http://www.carrona.org/drivers/driver.php?id=Accelerometer.sys
http://www.carrona.org/drivers/driver.php?id=hpdskflt.sys
http://www.carrona.org/drivers/driver.php?id=npf.sys
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys
http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=RtsPer.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=netr28x.sys
http://www.carrona.org/drivers/driver.php?id=rtbth.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
http://www.carrona.org/drivers/driver.php?id=avgdiska.sys
http://www.carrona.org/drivers/driver.php?id=avgloga.sys
http://www.carrona.org/drivers/driver.php?id=avgldx64.sys
http://www.carrona.org/drivers/driver.php?id=avgwfpa.sys
http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
http://www.carrona.org/drivers/driver.php?id=avgidsha.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetFlt.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=idmwfp.sys
http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
http://www.carrona.org/drivers/driver.php?id=cpuz138_x64.sys
http://www.carrona.org/drivers/driver.php?id=ssudbus.sys
http://www.carrona.org/drivers/driver.php?id=ssudmdm.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDDR0.r0
http://www.carrona.org/drivers/driver.php?id=VBoxDD2R0.r0
http://www.carrona.org/drivers/driver.php?id=VMMR0.r0
http://www.carrona.org/drivers/driver.php?id=wdcsam64.sys
http://www.carrona.org/drivers/driver.php?id=aswMonFlt.sys
http://www.carrona.org/drivers/driver.php?id=aswRvrt.sys
http://www.carrona.org/drivers/driver.php?id=aswVmm.sys
http://www.carrona.org/drivers/driver.php?id=aswRdr2.sys
http://www.carrona.org/drivers/driver.php?id=aswHwid.sys
http://www.carrona.org/drivers/driver.php?id=aswSP.sys
http://www.carrona.org/drivers/driver.php?id=aswStm.sys
http://www.carrona.org/drivers/driver.php?id=aswSnx.sys
 
blueelvis said:
Hey Mike ^_^,

It seems a new issue has cropped up. I just analysed a couple of dumps and got the "npf.sys" listed as a driver in 3rdPartyDriver.txt .
Read More:
Click to expand...

It's supposed to be listed there since it is a 3rd party driver. Unless you meant something else?
 
@blueelvis - I don't think that these are similar. The duplication of NTIOLib_X64.sys drivers was (IMO) due to a poor design by MSI that loaded the same driver multiple times.
The problem that I was referring to was having a driver listed more than once in the output because the user had updated that driver.

Or, was this something different?
 
usasma said:
@blueelvis - I don't think that these are similar. The duplication of NTIOLib_X64.sys drivers was (IMO) due to a poor design by MSI that loaded the same driver multiple times.
The problem that I was referring to was having a driver listed more than once in the output because the user had updated that driver.

Or, was this something different?
Click to expand...
I was not referring the NTIOLib_X64.sys drivers found multiple times in the 3rdPartyDrivers.txt file. It was about the same drivers (like AsusHID.sys etc) being repeated in the _95-Debug.txt files multiple times (generally 2 times).

That thread is solved and hopefully this thread would also be solved after the new update :)

-Pranav
 
writhziden said:
blueelvis said:
usasma, is it possible that we are discussing the same problem I was facing regarding duplicate drivers appearing? Check below link -

https://www.sysnative.com/forums/bsod-processing-apps-download-%7C-information-%7C-discussions/12168-same-driver-present-in-95-debug-multiple-times.html

EDIT :- Mike, would you be so kind to post on how you resolved the problem regarding the curly braces(as in coding)? It would help me for sure :)
Click to expand...

The problem reported with npf.sys was actually due to the parser erroneously flagging 3rd party drivers as Windows/System drivers due to the curly braces showing up in descriptions. I resolved that by checking whether the curly braces surrounded a 0 or 1 in the parsing, which indicates whether a driver is 3rd party or Windows/System respectively. i.e.

Code: 
drivername.sys}}This is a drivername}http://www.thisIsADriverLink.com[B][COLOR="#FF0000"]}0{[/COLOR][/B]
Click to expand...

A genius yet simple solution! :thumbsup2:
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top