Suggestion(s) [color driver output based on timestamp]

[usasma]

I was wondering if there was a way to get the app to read the OS version from the dumps and then highlight drivers in RED based on the date selected for that OS/SP?

For example, I like to use July 1, 2009 for all Win7 dumps
But I'd like to use 28 April 2009 for Vista SP2 and SP1 - and November 1, 2006 for Vista

So, is there any way to make the app pick out the appropriate setting?
I'd like to see a default value coded into the app - but changeable in the Save and Run screen.
That way we can adjust for the more complex SP's (XP SP2 and Vista SP1 were drastic changes, while Win7 SP1 wasn't that big a deal)

As I'm not doing a lot of Vista or XP dumps right now it isn't a big issue.
But should we see an upsurge in Win8 dumps it may make things a bit easier for analysts.
I'm used to scanning the 98 driver list for older dates also - so it's not a big deal to me
****************************************************************
And another thought - can the app highlight missing Service Packs?
Maybe highlight that in RED in the 98 and template.txt files?
I tend to pick up on missing SP's in the systeminfo.txt report - and if that's not there I risk missing it when I run the app.
****************************************************************
Finally, how about getting the app to identify risky drivers by the description/information column in the DRT?
By that I mean, can it highlight in RED anything that has "BSOD" in the description (I've tried to standardize that in the DRT)? That would mean that anytime we ID a risky driver (like HotSpotShield recently came up) - we could put BSOD in the DRT description - and it would then highlight that driver for all analysts using the app
I just saw that there may be some difficuties with URL's included in the Information column (some URL's include "BSOD" in their links)


John and I would have to get together and agree on a criteria for listing this info (example: BSOD issues noted in Apr 2012 with 2011 drivers)

 

[writhziden]

Re: Suggestion(s)

I'll look into adding the functionality asked for. It may be a while since my current system is really slow when editing the apps. I'd prefer to wait until I get my Sony back.

No need to change the criteria in how bsod info is listed. If I search for " BSOD" or "]BSOD", it will show up in the list. Just make sure BSOD is always capitalized with either a space before it or [red] before it, as it appears to always be so far, and we'll be fine. :smile9:

Can we add Asus Charger Driver to the list of BSOD causes? I know there was a thread I helped in a month or two ago that it was likely causing 0x9F crashes.

[SOLVED] BSOD randomly 0x0000009F
​

 

[usasma]

Re: Suggestion(s)

No real rush for any of this. They're just ideas that I think will help other analysts.

I spent the last hour or so looking for and updating entries in the DRT, so you may want to have a look again.
In the past I was hesitant to say "BSOD " for fear of causing panic - but that fear appears to have been unfounded.
So I put "BSOD " in each one that I could find/recall.

I added "Likely [red]BSOD [/red]cause" to the Asus Charger entries (3 of them)
I also added it to the AsrAppCharger.sys (the AsRock version of the USB charger)

Here's what the code looks like in the table (I deliberately included the space after BSOD to make searching easier).

Likely [red]BSOD [/red]cause

I can change it or (I think that) Geoff can do a search and replace if something else is easier for you to use.

Here's a link to what it looks like so far: http://carrona.org/drivers/adv-search.php?id=BSOD+&cat=1
BTW - I've got many of these in my excluded drivers list (using future dates to ensure that they're highlighted)
Dunno if that will affect how you do the app - but I'm planning to put all of the BSOD entries into the excluded drivers as a temporary measure.

 

[writhziden]

Re: Suggestion(s)

The [red]BSOD works well, but the space after BSOD is not necessary. There are cases within the DRT with "BSODs" or "BSOD's" in which the "s" or "'s" cause the search to fail, so it is easier to search for the leading portion before the string "BSOD". The only case I missed so far is " w/BSOD" because all others have "[red]BSOD" or " BSOD" that work in a search.

 

[writhziden]

Re: Suggestion(s)

Here is what I am thinking: hard code into the apps a set date for different OS versions, but that date only comes into play if Vista or XP are involved. Like you, I forget to change the date sometimes when I run the apps, so I get that a lot of drivers are seen as out of date by the apps when running Vista or XP dumps. What I think would be a good solution to that is to check whether the date is newer than what is expected for Vista or XP for that kernel version build number, i.e. 2600 (Service Pack 3) for XP SP3 or 6002 (Service Pack 2) for Vista SP2.

That way, if a .dmp is run that has a date set at 2009 for an XP system, the apps will run a default of Aug. 2004 (or whatever date you think would be good for XP post SP2).

This may get rather complicated... We should discuss any better methods that people can come up with.

 

[usasma]

Re: Suggestion(s)

I removed the space after the "BSOD" (there were only 17 entries)

I'll have to think about the dates for XP/Vista - I hadn't thought of the different options that we have.

I'd definitely like to have other methods brought up also!

 

[writhziden]

Re: Suggestion(s)

What about something like this:



I could have the dates in the drop down boxes for each OS link to the appropriate text input for the dates.

 

[usasma]

Re: Suggestion(s)

Looks great!!!
But I'd put Win8 on top (to preserve some sort of chronological sequence).

 

[writhziden]

Re: Suggestion(s)

I re-arranged them to go with the drop down menus. XP, Vista, 7, 8

 

[usasma]

Re: Suggestion(s)

Great! Exactly what I had in mind!
Thanks!

 

[writhziden]

Re: Suggestion(s)

I started implementing this. The status is below. I ran into a couple snags:

1. Excluded driver dates will need to have a section to include the OS the date is associated with. Best method to do this to be determined...
   
   
2. Which OS version should the BSOD in the DRT description apply to? Should it override the date both on the main settings page and in the Excluded Drivers page?

Status:

1. FIXED Window sizes
2. FIXED Always on top option works again
3. ADDED XP, Vista, and 8 old driver after dates separate from 7 old driver date
4. ADDED Drop down for XP, Vista, 7, and 8 boxes now link to appropriate Old Driver After boxes
5. ADDED XP, Vista, and 8 Old Driver After dates save and load
6. ADDED Check box setting saves and loads for Missing Service Pack line in importantInfo, _98-debug, _88-debug, and template output
7. ADDED OS Version Check
8. ADDED Service Pack Check
9. ADDED Missing Service Pack output
10. ADDED Ability to use the OS Version for each Old Driver After to determine which OS date to use

 

[Laxer]

Re: Suggestion(s)

You guys need me for anything :grin1:

 

[usasma]

Re: Suggestion(s)

"Which OS version should the BSOD in the DRT apply to?"
We don't do enough Vista or XP dumps to determine if it's common with them.

So, for now, it'll be Win7 (I'd like to see it with Win8 also - as we're still using the "it's bad in Win7, so it must be bad in Win8" criteria).
But as we become more familiar with Win8 we may have to determine a way to sort them (and for further issues with Win 9 and above).
We'll need to talk w/Laxer and jcgriff2 to see what's best/easiest.

Another thought - how about a "redo the last set of reports in HTML" button. I find myself forgetting to generate the HTML at times. My solution now is to go back and rerun the very last dump in order to get the drivers (and I almost missed the repeating "Disk Hardware" error by just running one).

 

[jcgriff2]

Re: Suggestion(s)

The [red]BSOD works well, but the space after BSOD is not necessary. There are cases within the DRT with "BSODs" or "BSOD's" in which the "s" or "'s" cause the search to fail, so it is easier to search for the leading portion before the string "BSOD". The only case I missed so far is " w/BSOD" because all others have "[red]BSOD" or " BSOD" that work in a search.

Are there entries in the DRT that are causing you problems? The input can be changed via PHP as we have done in the past.

Example: If w/ is a problem (this is likely my fault - sorry), PHP can catch it and change it to with ; same with quote marks, apostrophes, etc...

However, I don't recommend applying such to URLs as if it is changed, it will break the link.

You guys need me for anything :grin1:

YES, please - with the above!

I started implementing this. The status is below. I ran into a couple snags:

1. Excluded driver dates will need to have a section to include the OS the date is associated with. Best method to do this to be determined...
   
   
2. Which OS version should the BSOD in the DRT description apply to? Should it override the date both on the main settings page and in the Excluded Drivers page?

Read More:

Status:

1. FIXED Window sizes
2. FIXED Always on top option works again
3. ADDED XP, Vista, and 8 old driver after dates separate from 7 old driver date
4. ADDED Drop down for XP, Vista, 7, and 8 boxes now link to appropriate Old Driver After boxes
5. ADDED XP, Vista, and 8 Old Driver After dates save and load
6. ADDED Check box setting saves and loads for Missing Service Pack line in importantInfo, _98-debug, _88-debug, and template output
7. ADDED OS Version Check
8. ADDED Service Pack Check
9. ADDED Missing Service Pack output
10. ADDED Ability to use the OS Version for each Old Driver After to determine which OS date to use

Sorry, Mike - I'm not following #1 or #2. The same driver name can appear in any OS.

Override which dates?
"..BSOD in the DRT description"??
--> are you looking to add a field in the DRT SQL?

 

[usasma]

1 - Excluded drivers are a tab in the app.
If you put a driver there and assign it a day in the future, then it'll be highlighted in RED whenever it occurs.
If you give it a date in the past, it'll highlight older versions, but not newer versions

Mikes already working on a change to the app that will allow "oldest driver dates" for XP, Vista, Win7, and Win8 (right now we just have one date to rule them all, one date to find them - one date to bring them all and in the darkness bind them :0)

2 - We have "BSOD" listed for at least 19 drivers in the DRT (in the Information section). These are drivers that we usually say "These are known to cause BSOD's on most systems". Mike is wondering if that applies to all OS's (which it doesn't - it's primarily for Win7, but we're starting to see a fair amount of "If it's bad for Win7, then it must be bad for Win8". To avoid conflicts in the future, you and I have to decide how we're going to format/annotate the entry in the DRT so that the app can get the bad drivers and highlight them in the output (and decide which by OS)

In other words, when you run a set of dumps, the app will highlight any drivers such as: ATK0110 ACPI Utility,.
AMD OverDrive, DaemonTools, Gigabyte EasyTune6, RivaTuner, etc. Y'know - all the bad one's that we've seen over the years
That way there won't be any accidentally missing them when they're buried in the output of 50 memory dumps - and it'll make the job easier for the analysts.

 

[usasma]

We've discussed in the past getting rid of the OS drivers parm file in favor of something based on the DRT.
The technical discussions passed me by, so I'm unsure of it's status.
Is now a good time to discuss having the app sort for "Windows Update" in the Source column - and then treat those as the OS drivers in the app?

I'll be adding the Win8 OS drivers to the DRT shortly. Do we also need to publish an updated PARMS file for the analysts?

 

[Laxer]

Mike do you want to query the DB directly?

I can set up a table that tracks all drivers that are "BSOD" in a new table if needed...

I finish up my DB Design course with Oracle this weekend and then I am off to SQL...

The backend of the DRT will likely be redone once I have finished everything and have time(I'm thinking winter break? :grin1:) to improve functionality and efficiency.

If I need to remove any syntax problems in the DRT let me know, I can remove them quickly and set up restrictions so you don't have a coding nightmare.

 

[jcgriff2]

1 - Excluded drivers are a tab in the app.
If you put a driver there and assign it a day in the future, then it'll be highlighted in RED whenever it occurs.
If you give it a date in the past, it'll highlight older versions, but not newer versions

Mikes already working on a change to the app that will allow "oldest driver dates" for XP, Vista, Win7, and Win8 (right now we just have one date to rule them all, one date to find them - one date to bring them all and in the darkness bind them :0)

You can select a date(s) you prefer, John. I myself don't use the coloring, even after adding the functionality to my apps back when.

These dates I have memorized - www.sysnative.com/0x1/Windows_OS_Driver_Base_Timestamps.html

2 - We have "BSOD" listed for at least 19 drivers in the DRT (in the Information section). These are drivers that we usually say "These are known to cause BSOD's on most systems". Mike is wondering if that applies to all OS's (which it doesn't - it's primarily for Win7, but we're starting to see a fair amount of "If it's bad for Win7, then it must be bad for Win8". To avoid conflicts in the future, you and I have to decide how we're going to format/annotate the entry in the DRT so that the app can get the bad drivers and highlight them in the output (and decide which by OS)

In other words, when you run a set of dumps, the app will highlight any drivers such as: ATK0110 ACPI Utility,.
AMD OverDrive, DaemonTools, Gigabyte EasyTune6, RivaTuner, etc. Y'know - all the bad one's that we've seen over the years
That way there won't be any accidentally missing them when they're buried in the output of 50 memory dumps - and it'll make the job easier for the analysts.

Is there an example of this generic phrase in the DRT?

I did a quick search of DRT & could not locate "These are known to cause BSOD's on most systems" -- or "most systems"

I did find OS specific phrases:

6 = "known BSOD issues with Win7)"
http://www.carrona.org/drivers/driver.php?id=AODDriver.sys
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=ASACPI.sys
http://www.carrona.org/drivers/driver.php?id=RTCore32.sys
http://www.carrona.org/drivers/driver.php?id=RTCore64.sys
http://www.carrona.org/drivers/driver.php?id=sptd.sys

72 total that say "known issues with Win7"

We've discussed in the past getting rid of the OS drivers parm file in favor of something based on the DRT.
The technical discussions passed me by, so I'm unsure of it's status.
Is now a good time to discuss having the app sort for "Windows Update" in the Source column - and then treat those as the OS drivers in the app?

I'll be adding the Win8 OS drivers to the DRT shortly. Do we also need to publish an updated PARMS file for the analysts?

AFAIK, the apps use the MS Driver file from carrona.org - ms-dump.txt

www.carrona.org/drivers/files/

What do you mean by sorting the drivers.... in the Source Column? To identify them...?

Windows OS drivers are flagged as Windows drivers by a 1 byte field in the SQL table, which is picked up by Mike as I recall.

Mike do you want to query the DB directly?

I can set up a table that tracks all drivers that are "BSOD" in a new table if needed...

I finish up my DB Design course with Oracle this weekend and then I am off to SQL...

The backend of the DRT will likely be redone once I have finished everything and have time(I'm thinking winter break? :grin1:) to improve functionality and efficiency.

If I need to remove any syntax problems in the DRT let me know, I can remove them quickly and set up restrictions so you don't have a coding nightmare.

I'll leave that decision up to Mike.

If direct SQL query, will carrona.org SQL start throwing "too many connections" errors?

 

[Laxer]

It shoudn't... mySQL usually handles multiple connections/sessions quite well...

A read ONLY account could be set up for the app... there is no harm in potentially disclosing this if set up correctly on my end :grin1:

 

[writhziden]

I will try to address all above. Right now, the apps treat all descriptions with "]BSOD", "w/BSOD", or " BSOD" as Windows 7 and Windows 8 drivers that should be highlighted in red at all times unless specifically added to the Excluded Drivers tab. What I would like to see going forward is a description with which OS versions that the problems occur in, i.e.

Known [red]BSOD[/red] maker in winXP, winVista, win7, and win8.

With that, I can search for "winXP", "winVista", "win7", and/or "win8" strings. I'd prefer that all are the same case since this is easier if it is case sensitive. Just let me know what convention you choose.


As for ms-dump.txt: we can probably do away with it. I currently use dump.txt and search for OS drivers through that and then also use ms-dump.txt in case a Windows driver is missing from dump.txt, as was the case with mcupdate_GenuineIntel.dll, mcupdate_AuthenticAMD.dll, and mcupdate.dll for a long time. I don't think we have had that happen since those three, so ms-dump.txt can be considered deprecated.

There is no need for a separate database for BSOD drivers if the descriptions can be cleaned up for easier reading in the apps with which OS Version each applies to.


As for the current state of the apps:

1. FIXED Window sizes
2. FIXED Always on top option works again
3. FIXED Excluded Driver list no longer is overwritten
4. FIXED XP SP3 is now seen by the apps instead of printing that 1, 2, and 3 are missing
5. FIXED kernel version output is no longer corrupted
6. FIXED Debug time between updates of OS Version is no longer displayed in the console
7. FIXED "Getting Driver Reference Table..." now displays properly in console version
8. CHANGED How Excluded Driver list is stored and updated
9. ADDED XP, Vista, and 8 old driver after dates separate from 7 old driver date
10. ADDED Drop down for XP, Vista, 7, and 8 boxes now link to appropriate Old Driver After boxes
11. ADDED XP, Vista, and 8 Old Driver After dates save and load
12. ADDED Check box setting saves and loads for Missing Service Pack line in importantInfo, _98-debug, _88-debug, and template output
13. ADDED OS Version Check
14. ADDED Service Pack Check
15. ADDED Missing Service Pack output
16. ADDED Ability to use the OS Version for each Old Driver After to determine which OS date to use
17. ADDED View Previous HTML button
18. ADDED Functionality for View Previous HTML button
19. ADDED OS Options for Excluded Drivers tab
20. ADDED Save and load capability with OS Options on Excluded Drivers tab
21. ADDED Functionality for OS options in Excluded Drivers tab
22. ADDED DRT BSOD Descriptions now used to determine if drivers should be highlighted in red and considered as needing updating or removal.
    This can be overridden through the Excluded Drivers tab
23. ADDED OS Version lists are updated when Excluded Driver list is appended
24. ADDED Better update method for OS Version in Excluded Driver list

I'm in the process of updating the help file, and then I will release the latest version.