Jump to content

home premium BOD

im1knight

By im1knight
in Windows Vista

 Share

Recommended Posts

im1knight

im1knight

Posted
Posted

I was just running a virus scan, and i got a blue screen of death out of nowhere. It also saved a super big DMP file on my system...325MB o.O Biggest one i ever saw..anyways...here is the info on the event log:

- System

- Provider

[ Name] Microsoft-Windows-WER-SystemErrorReporting

[ Guid] {ABCE23E7-DE45-4366-8631-84FA6C525952}

[ EventSourceName] BugCheck

- EventID 1001

[ Qualifiers] 16384

Version 0

Level 4

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2008-03-27T19:25:28.000Z

EventRecordID 7215

Correlation

- Execution

[ ProcessID] 0

[ ThreadID] 0

Channel System

Computer Kevin-PC

Security

- EventData

param1 0x00000050 (0xbefd8000, 0x00000001, 0x81c835f3, 0x00000000)

param2 C:\Windows\MEMORY.DMP

So what can seem to be the problem of this BOD? did i do something wrong? :unsure: and why is the DMP file so big? They were like 1 or 2MB big on my XP laptop....

Link to comment
Share on other sites

cluberti

cluberti

Posted
Posted

The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).

As to the bugcheck, it's a STOP 0x50, which means:

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA

The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.

From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.

Link to comment
Share on other sites
im1knight

im1knight

Posted
  • Author
Posted
The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).

As to the bugcheck, it's a STOP 0x50, which means:

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA

The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.

From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.

i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..?

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted
The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).

As to the bugcheck, it's a STOP 0x50, which means:

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA

The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.

From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.

i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..?

Are you using the latest version of the product and it's supporting files from Grisoft? What I'm suggesting is that you contact them (maybe an email to their support email address or something), or search for a newer version and update. Most virus scanning applications use a driver - either loaded in kernel or hooked into certain APIs from user-mode - to scan.

Link to comment
Share on other sites
im1knight

im1knight

Posted
  • Author
Posted
The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress).

As to the bugcheck, it's a STOP 0x50, which means:

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA

The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.

From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.

i was using AVG to scan for virus, and what do you mean by virus driver? and what should i do with the huge dump file..?

Are you using the latest version of the product and it's supporting files from Grisoft? What I'm suggesting is that you contact them (maybe an email to their support email address or something), or search for a newer version and update. Most virus scanning applications use a driver - either loaded in kernel or hooked into certain APIs from user-mode - to scan.

I am using the latest version of the product that is available. somebody told me to use a debugg tool from windows to see the inside of the dump...well i did what he said and this come out. ( hope this will make it easier to see the problem, but he didn't know where the problem is...)

PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: befd8000, memory referenced.

Arg2: 00000001, value 0 = read operation, 1 = write operation.

Arg3: 81c835f3, If non-zero, the instruction address which referenced the bad memory

address.

Arg4: 00000000, (reserved)

Debugging Details:

------------------

Page 924b9 not present in the dump file. Type ".hh dbgerr004" for details

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

WRITE_ADDRESS: befd8000 Paged pool

FAULTING_IP:

nt!memcpy+33

81c835f3 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: avgas.exe

CURRENT_IRQL: 0

TRAP_FRAME: a520bb7c -- (.trap 0xffffffffa520bb7c)

ErrCode = 00000002

eax=9245f051 ebx=befd6a6c ecx=3fffffeb edx=00000001 esi=9245f0a4 edi=befd8000

eip=81c835f3 esp=a520bbf0 ebp=a520bbf8 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202

nt!memcpy+0x33:

81c835f3 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] es:0023:befd8000=???????? ds:0023:9245f0a4=002d0044

Resetting default scope

LAST_CONTROL_TRANSFER: from 81c8fbf4 to 81ca9ff2

STACK_TEXT:

a520bb64 81c8fbf4 00000001 befd8000 00000000 nt!MmAccessFault+0x106

a520bb64 81c835f3 00000001 befd8000 00000000 nt!KiTrap0E+0xdc

a520bbf8 81d6c5f0 befd7fb0 9245f054 fffffffd nt!memcpy+0x33

a520bc28 81d4147d 9f316518 a520bc6c fffffffd nt!CmpGetValueKeyFromCache+0x119

a520bca8 81d3836d beb26dc0 00000000 00000001 nt!CmEnumerateValueKey+0x49c

a520bd44 81c8caea 00000000 00000000 00000001 nt!NtEnumerateValueKey+0x1f2

a520bd44 773d0f34 00000000 00000000 00000001 nt!KiFastCallEntry+0x12a

WARNING: Frame IP not in any known module. Following frames may be wrong.

065fc994 00000000 00000000 00000000 00000000 0x773d0f34

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!KiTrap0E+dc

81c8fbf4 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiTrap0E+dc

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 471ea816

FAILURE_BUCKET_ID: 0x50_W_nt!KiTrap0E+dc

BUCKET_ID: 0x50_W_nt!KiTrap0E+dc

Followup: MachineOwner

---------

well...the problem is invalid system memory was referenced as the says..but the key problem is how do i prevent this from happening again?

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

I hate to sound like a broken record, but the memory access appears to be coming from the antivirus product. You'll have to either ( a ) use a different antivirus product or ( b ) report the problem to Grisoft and get them to fix it if you want to continue using AVG.

Link to comment
Share on other sites
im1knight

im1knight

Posted
  • Author
Posted
I hate to sound like a broken record, but the memory access appears to be coming from the antivirus product. You'll have to either ( a ) use a different antivirus product or ( b ) report the problem to Grisoft and get them to fix it if you want to continue using AVG.

ok

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...