Jump to content

BSOD with variables exit codes

Dreamtrap

By Dreamtrap
in Windows Vista

 Share

Recommended Posts

Dreamtrap

Dreamtrap

Posted
Posted

Hi guys,

I have a portable computer ACER8202 with WinXP SP2. I made format and installed a new freshcopy of XP SP2 (with all the drivers given by Acer in site and all updates from Microsoft until now). For some reasons (i don't know why) I was getting BSOD periodically with variables exit codes, all connected with "DRIVER_IRQ_NOT_LESS_OR_EQUAL" message. U can see some of them below:

1) 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x81fa4dae)

2) 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x823a4dae)

3) 0x00000019 (0x00000020, 0x8521f408, 0x8521f438, 0x08060008)

4) 0x000000c4 (0x000000b2, 0x8ebef200, 0x0000000c, 0x00000004)

5) 0x0000011d (0x00000000, 0x00000000, 0x00000000, 0x00000000)

I made again a format and installed the Ultimate Vista x86 Edition (in the same laptop), now with all the drivers for Vista given by Acer again. The same Blue Screens exist. I ran "verifier" from Windows but I couldn't find the reason of those conflicts. I suppose that there are incompatibilities with some drivers or is it in general a hardware problem ?

The full report after the crach looks like this (for one exit code when i'm running Vista):

----------------------------------------------------------------------

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6000.2.0.0.256.1

Locale ID: 1032

Additional information about the problem:

BCCode: a

BCP1: 00000000

BCP2: 00000002

BCP3: 00000001

BCP4: 823A4DAE

OS Version: 6_0_6000

Service Pack: 0_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\Mini111707-02.dmp

C:\Users\***\AppData\Local\Temp\WER-41979-0.sysdata.xml

C:\Users\***\AppData\Local\Temp\WERDDB1.tmp.version.txt

Read our privacy statement:

http://go.microsoft.com/fwlink/?link...3&clcid=0x0409

----------------------------------------------------------------------

Is there any idea on this? How can I face it? :angel

Thank you in advance!


cluberti

cluberti

Posted
Posted 

1) 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x81fa4dae)
2) 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x823a4dae)

Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL

The IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x0000000A. This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

These two mean a kernel-mode (hardware, antivirus, CD emulation, backup, or firewall most likely) driver did something in a way it shouldn't have when scheduling. This is bad, of course, causing a bugcheck.

3) 0x00000019 (0x00000020, 0x8521f408, 0x8521f438, 0x08060008)

Bug Check 0x19: BAD_POOL_HEADER

The BAD_POOL_HEADER bug check has a value of 0x00000019. This indicates that a pool header is corrupt.

This means that a driver corrupted the header of a kernel pool block, causing a bugcheck the next time it was accessed. Again, a driver is malfunctioning when you see this.

5) 0x0000011d (0x00000000, 0x00000000, 0x00000000, 0x00000000)

Bug Check 0x11A: EM_INITIALIZATION_FAILURE

The EM_INITIALIZATION_FAILURE bug check has a value of 0x0000011A.

Again, a driver failed during an initialization routine (seeing a pattern here??? ;)) - so, Windows isn't your problem, but a driver you're installing.

4) 0x000000c4 (0x000000b2, 0x8ebef200, 0x0000000c, 0x00000004)

Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION

The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4. This is the general bug check code for fatal errors found by Driver Verifier.

This one means that when you enabled verifier, a driver malfunctioned and the dump from this would have told us which driver - note that when you enable verifier, and a driver malfunctions, it is supposed to bugcheck - if you don't have the C4 dump, I'd suggest re-enabling verifier and causing another bugcheck and then uploading the .dmp file here so we can look at it.

Dreamtrap

Dreamtrap

Posted
  • Author
Posted (edited)
This one means that when you enabled verifier, a driver malfunctioned and the dump from this would have told us which driver - note that when you enable verifier, and a driver malfunctions, it is supposed to bugcheck - if you don't have the C4 dump, I'd suggest re-enabling verifier and causing another bugcheck and then uploading the .dmp file here so we can look at it.

Thanks for the info Cluberti. I uploaded one .dmp file from the last crush with STOP error 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x823a4dae) in .zip format.

Is it helpful for u?

Mini111707_01.zip

Edited by Dreamtrap
cluberti

cluberti

Posted
Posted

It's Kapersky - here's why:

// Here's the thread causing the trap and crash:
1: kd> .trap 0xffffffff9db4f730
ErrCode = 00000002
eax=00000002 ebx=84068a50 ecx=00000000 edx=00000000 esi=9db4f7e0 edi=00000000
eip=823a4dae esp=9db4f7a4 ebp=9db4f7b4 iopl=0		 nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000			 efl=00010246
hal!KeAcquireSpinLockRaiseToSynch+0xe:
823a4dae f00fba2900	  lock bts dword ptr [ecx],0   ds:0023:00000000=????????
1: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child			  
9db4f7a0 8d96b855 84068a50 84068a50 86dfe590 hal!KeAcquireSpinLockRaiseToSynch+0xe
9db4f7b4 8d96b667 00000000 9db4f7e0 9db4f820 tcpip!TcpIoControlEndpoint+0xb0
9db4f7c4 8d44c729 00000000 9db4f7e0 84068a50 tcpip!TcpTlEndpointIoControlEndpoint+0x81
9db4f820 8d443294 00068a50 86dfe578 86dfe502 tdx!TdxIssueQueryAddressRequest+0x1b7
9db4f83c 8d448a63 84068a50 86dfe538 86dfe502 tdx!TdxQueryInformationTransportAddress+0x5e
9db4f85c 8d44cdd9 8402ba02 86dfe538 86dfe5a8 tdx!TdxQueryInformationConnection+0x83
9db4f878 82027f83 865e6030 86dfe538 86dfe538 tdx!TdxTdiDispatchInternalDeviceControl+0x10b
9db4f914 82081dca 9db4f948 00000200 86690213 nt!IofCallDriver+0x63
9db4f9bc 82178f44 820f7780 9db4fbe0 00000000 nt!_vsnprintf+0x18
9db4f9f8 820715e8 0000000f 844ed030 00000000 nt!FsRtlAllocateExtraCreateParameterFromLookasideList+0x63
9db4fa44 823a7518 886d7000 00000002 86f1a788 nt!EtwTraceContextSwap+0x14a
9db4fa54 82090f86 9db4fa7c 8227dd83 00000000 hal!KfLowerIrql+0x64
9db4fa58 9db4fa7c 8227dd83 00000000 00000000 nt!KiDispatchInterrupt+0xf6
WARNING: Frame IP not in any known module. Following frames may be wrong.
9db4fa5c 8227dd83 00000000 00000000 00000000 0x9db4fa7c
9db4fa7c 86f1a788 886d7002 c0026688 9db4fab4 nt!ExCreateHandle+0x32
9db4fa80 886d7002 c0026688 9db4fab4 04cd1000 0x86f1a788
9db4fa84 c0026688 9db4fab4 04cd1000 886d7002 0x886d7002
9db4fa88 9db4fab4 04cd1000 886d7002 c0600130 0xc0026688
9db4fa8c 04cd1000 886d7002 c0600130 00000000 0x9db4fab4
9db4fb94 820bf348 8437fda0 820bf6d3 9db4476c 0x4cd1000
9db4fb9c 820bf6d3 9db4476c 9db4fc44 9db4fccc nt!NtFreeVirtualMemory+0x7de
9db4fc2c 82027f83 86fda910 840551c8 87126668 nt!NtFreeVirtualMemory+0xb49
00000000 00000000 00000000 00000000 00000000 nt!IofCallDriver+0x63

// The previous thread is missing lots of info, because it's a minidump - however, we can figure it out
// by walking the stack down manually:
1: kd> dds 9db4fbcc  
9db4fbcc  9db4fbe0
9db4fbd0  00000000
9db4fbd4  87126668
9db4fbd8  8005210c
9db4fbdc  00000000
9db4fbe0  00000000
9db4fbe4  01ffffff
9db4fbe8  87283e91
9db4fbec  8005210c
9db4fbf0  840551c8
9db4fbf4  0000008c
9db4fbf8  840551c8
9db4fbfc  00000000
9db4fc00  87126684
9db4fc04  871266d8
9db4fc08  87126668
9db4fc0c  86fda910
9db4fc10  8005210c
9db4fc14  8d42811e*** WARNING: Unable to verify timestamp for kl1.sys
*** ERROR: Module load completed but symbols could not be loaded for kl1.sys
 kl1+0x211e
9db4fc18  86fda910
9db4fc1c  87126668
9db4fc20  84030528
9db4fc24  86fda910
9db4fc28  9db4fc44
9db4fc2c  00000000
9db4fc30  82027f83 nt!IofCallDriver+0x63
9db4fc34  86fda910
9db4fc38  840551c8
9db4fc3c  87126668
9db4fc40  86fda910
9db4fc44  9db4fc64
9db4fc48  82188f53 nt!IopSynchronousServiceTail+0x1e0

1: kd> lmvm kl1
start	end		module name
8d426000 8d442000   kl1	  T (no symbols)		   
	Loaded symbol image file: kl1.sys
	Image path: \SystemRoot\system32\DRIVERS\kl1.sys
	Image name: kl1.sys
	Timestamp:		Sat Apr 28 08:50:13 2007 (46334305)
	CheckSum:		 00025339
	ImageSize:		0001C000
	Translations:	 0000.04b0 0000.04e0 0409.04b0 0409.04e0

The problem here is basically that the Kaspersky driver issued a listen request to tdx.sys, which generated a security inspection of the request. The inspection was never completed, so the tdx.sys object that was given the listen request is stuck in the "listen pending" state. When tdx.sys converts from a base endpoint to a listener, it makes a NULL out the endpoint handle before issuing the request. Since we're stuck pending, and the base endpoint handle was NULL'ed before the listen request was issued, a NULL value is then passed on which causes the bugcheck. It's a long debug, but above is the relevant parts.

I'm betting the Kapersky software is either not Vista compatible, or doesn't like your network card drivers if it is Vista compatible.

Dreamtrap

Dreamtrap

Posted
  • Author
Posted (edited)
I'm betting the Kapersky software is either not Vista compatible, or doesn't like your network card drivers if it is Vista compatible.

hhhmmm....I'm using Kaspersky v7.0.0.125 which is Vista compatible, and I use it also in WinXP Pro OS without any problems. I connect my laptop in the Internet through a Wireless Router of LinkSys. Laptop adapter is 'Intel® Pro/Wireless 3945ABG" and i have installed the last drivers from Intel Site (version 11.5.0.32 and release date 26/9/2007). I uploaded one more .dmp file with the last crash. I'm confused.... :wacko: Could you please check also these files?

Thanks for helping me! I appreciate it :rolleyes:

Mini112007_01.zip

Mini112007_02.zip

Edited by Dreamtrap
cluberti

cluberti

Posted
Posted

Hmmm - the first dump (the STOP 0xa) looks like a problem with the Logitech driver calling a debug, and the STOP 0x9F dump looks like the Intel wireless driver failed an IRP check by the power manager.

Are you sure the hardware in that box is OK? Otherwise, you have a LOT of bad drivers.

Dreamtrap

Dreamtrap

Posted
  • Author
Posted
Hmmm - the first dump (the STOP 0xa) looks like a problem with the Logitech driver calling a debug, and the STOP 0x9F dump looks like the Intel wireless driver failed an IRP check by the power manager.

Are you sure the hardware in that box is OK? Otherwise, you have a LOT of bad drivers.

No, i'm not so sure that the hardware in my laptop is working fine. But I haven't the tools to test and verify it.

Yes, it's true what u say about STOP 0xA. My laptop has an integrated camera from Logitech. I have installed the

latest driver from Acer Site compatible with Vista OS.

Reading your previous advise, I uninstall Kaspersky Anti-Virus and install the AVG Anti-Virus to identify the behavior

with this new antivirus software.

Meanwhile, Is there any program that u can suggest me to test my hardware (specially Wireless Adaptor and RAM)

to see if it's working fine?

Thanks again Cluberti! :rolleyes:

cluberti

cluberti

Posted
Posted
Meanwhile, Is there any program that u can suggest me to test my hardware (specially Wireless Adaptor and RAM)

to see if it's working fine?

Unfortunately, you'd probably be best checking with the laptop vendor. Memory test apps are a dime a dozen, but good hardware diagnostic apps usually come from the vendor themselves.

Dreamtrap

Dreamtrap

Posted
  • Author
Posted (edited)
Unfortunately, you'd probably be best checking with the laptop vendor. Memory test apps are a dime a dozen, but good hardware diagnostic apps usually come from the vendor themselves.

There is not a serious program coming from Acer in order to check my laptop. I have used MemTest and Memory Diagnostic Tool (from Windows) for memory,

but everything was fine. No errors occurred. Also, I must say that I have upgraded the memory from 1GB --> 2GB with new soDIMM modules, but BSOD remains.

As i wrote you, i will check the laptop performance and stability with AVG Antivirus. We will see...

With which programs did u debug .dmp files. I used WinDbg but i couldn't understand anything! :blushing:

If u have any new idea plz let me know. Thanks again! :)

Edited by Dreamtrap
cluberti

cluberti

Posted
Posted

I used windbg - to debug, you need to know a few things first:

1. Understand C/C++ and Intel x86 assembler - without understanding these, you'll have trouble reading and understanding the function names and assembly language seen in the .dmp file

2. Understand the book "Windows Internals, 4th Edition" - without understanding the innards of Windows and how it's supposed to work, recognizing "broken" becomes very difficult

3. Reading and understanding the concepts in the book "Advanced Windows Debugging" - again, unless you understand the basics of Windows and the debugger, you'll be lost quickly.

Dreamtrap

Dreamtrap

Posted
  • Author
Posted (edited)

Thanks Cluberti,

I think that the BSOD problems caused by Kaspersky Anti-virus. Now, i'm using AVG in combination with COMODO Firewall, and everything working perfect so far...

As far as it concerns the info about WinDbg, I visited your links and I realized that I should have known more about Assembly language and programming...

But, I'm not familiar on these topics...

So, thank you once more for helping me! :rolleyes:

Edited by Dreamtrap

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...