im1knight Posted March 27, 2008 Share Posted March 27, 2008 I was just running a virus scan, and i got a blue screen of death out of nowhere. It also saved a super big DMP file on my system...325MB o.O Biggest one i ever saw..anyways...here is the info on the event log:- System - Provider [ Name] Microsoft-Windows-WER-SystemErrorReporting [ Guid] {ABCE23E7-DE45-4366-8631-84FA6C525952} [ EventSourceName] BugCheck - EventID 1001 [ Qualifiers] 16384 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2008-03-27T19:25:28.000Z EventRecordID 7215 Correlation - Execution [ ProcessID] 0 [ ThreadID] 0 Channel System Computer Kevin-PC Security - EventData param1 0x00000050 (0xbefd8000, 0x00000001, 0x81c835f3, 0x00000000) param2 C:\Windows\MEMORY.DMP So what can seem to be the problem of this BOD? did i do something wrong? and why is the DMP file so big? They were like 1 or 2MB big on my XP laptop.... Link to comment Share on other sites More sharing options...
cluberti Posted March 28, 2008 Share Posted March 28, 2008 The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).As to the bugcheck, it's a STOP 0x50, which means:Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREAThe PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists. Link to comment Share on other sites More sharing options...
im1knight Posted March 28, 2008 Author Share Posted March 28, 2008 The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).As to the bugcheck, it's a STOP 0x50, which means:Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREAThe PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..? Link to comment Share on other sites More sharing options...
cluberti Posted March 29, 2008 Share Posted March 29, 2008 The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).As to the bugcheck, it's a STOP 0x50, which means:Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREAThe PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..?Are you using the latest version of the product and it's supporting files from Grisoft? What I'm suggesting is that you contact them (maybe an email to their support email address or something), or search for a newer version and update. Most virus scanning applications use a driver - either loaded in kernel or hooked into certain APIs from user-mode - to scan. Link to comment Share on other sites More sharing options...
im1knight Posted March 30, 2008 Author Share Posted March 30, 2008 The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).As to the bugcheck, it's a STOP 0x50, which means:Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREAThe PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..?Are you using the latest version of the product and it's supporting files from Grisoft? What I'm suggesting is that you contact them (maybe an email to their support email address or something), or search for a newer version and update. Most virus scanning applications use a driver - either loaded in kernel or hooked into certain APIs from user-mode - to scan.I am using the latest version of the product that is available. somebody told me to use a debugg tool from windows to see the inside of the dump...well i did what he said and this come out. ( hope this will make it easier to see the problem, but he didn't know where the problem is...)PAGE_FAULT_IN_NONPAGED_AREA (50)Invalid system memory was referenced. This cannot be protected by try-except,it must be protected by a Probe. Typically the address is just plain bad or itis pointing at freed memory.Arguments:Arg1: befd8000, memory referenced.Arg2: 00000001, value 0 = read operation, 1 = write operation.Arg3: 81c835f3, If non-zero, the instruction address which referenced the bad memory address.Arg4: 00000000, (reserved)Debugging Details:------------------Page 924b9 not present in the dump file. Type ".hh dbgerr004" for detailsPEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for detailsPEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for detailsWRITE_ADDRESS: befd8000 Paged poolFAULTING_IP: nt!memcpy+3381c835f3 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]MM_INTERNAL_CODE: 0DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULTBUGCHECK_STR: 0x50PROCESS_NAME: avgas.exeCURRENT_IRQL: 0TRAP_FRAME: a520bb7c -- (.trap 0xffffffffa520bb7c)ErrCode = 00000002eax=9245f051 ebx=befd6a6c ecx=3fffffeb edx=00000001 esi=9245f0a4 edi=befd8000eip=81c835f3 esp=a520bbf0 ebp=a520bbf8 iopl=0 nv up ei pl nz na po nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202nt!memcpy+0x33:81c835f3 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] es:0023:befd8000=???????? ds:0023:9245f0a4=002d0044Resetting default scopeLAST_CONTROL_TRANSFER: from 81c8fbf4 to 81ca9ff2STACK_TEXT: a520bb64 81c8fbf4 00000001 befd8000 00000000 nt!MmAccessFault+0x106a520bb64 81c835f3 00000001 befd8000 00000000 nt!KiTrap0E+0xdca520bbf8 81d6c5f0 befd7fb0 9245f054 fffffffd nt!memcpy+0x33a520bc28 81d4147d 9f316518 a520bc6c fffffffd nt!CmpGetValueKeyFromCache+0x119a520bca8 81d3836d beb26dc0 00000000 00000001 nt!CmEnumerateValueKey+0x49ca520bd44 81c8caea 00000000 00000000 00000001 nt!NtEnumerateValueKey+0x1f2a520bd44 773d0f34 00000000 00000000 00000001 nt!KiFastCallEntry+0x12aWARNING: Frame IP not in any known module. Following frames may be wrong.065fc994 00000000 00000000 00000000 00000000 0x773d0f34STACK_COMMAND: kbFOLLOWUP_IP: nt!KiTrap0E+dc81c8fbf4 85c0 test eax,eaxSYMBOL_STACK_INDEX: 1SYMBOL_NAME: nt!KiTrap0E+dcFOLLOWUP_NAME: MachineOwnerMODULE_NAME: ntIMAGE_NAME: ntkrpamp.exeDEBUG_FLR_IMAGE_TIMESTAMP: 471ea816FAILURE_BUCKET_ID: 0x50_W_nt!KiTrap0E+dcBUCKET_ID: 0x50_W_nt!KiTrap0E+dcFollowup: MachineOwner---------well...the problem is invalid system memory was referenced as the says..but the key problem is how do i prevent this from happening again? Link to comment Share on other sites More sharing options...
cluberti Posted March 31, 2008 Share Posted March 31, 2008 I hate to sound like a broken record, but the memory access appears to be coming from the antivirus product. You'll have to either ( a ) use a different antivirus product or ( b ) report the problem to Grisoft and get them to fix it if you want to continue using AVG. Link to comment Share on other sites More sharing options...
im1knight Posted March 31, 2008 Author Share Posted March 31, 2008 I hate to sound like a broken record, but the memory access appears to be coming from the antivirus product. You'll have to either ( a ) use a different antivirus product or ( b ) report the problem to Grisoft and get them to fix it if you want to continue using AVG.ok Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now