Debugged Minidump file from BSOD


  1. cpgdallas
    Posts : 6
    Windows 7 64-bit
       New #1

    Debugged Minidump file from BSOD


    Before I try to update all the drivers...

    User said his moluse stopped working right before the crash. At first I assumed it the beginning of the crash but with the VISTA_DRIVER_FAULT message I'm wondering if the mouse driver is the cause.

    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff88001739c63, Address of the instruction which caused the bugcheck
    Arg3: fffff880219eb1b0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    Debugging Details:
    ------------------

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    FAULTING_IP:
    NETIO!memcmp+53
    fffff880`01739c63 483b040a cmp rax,qword ptr [rdx+rcx]
    CONTEXT: fffff880219eb1b0 -- (.cxr 0xfffff880219eb1b0)
    rax=007600650064005c rbx=0000000000000000 rcx=fffffa8008e17600
    rdx=006405f1f77f8a68 rsi=fffff880219ec060 rdi=fffff880219ebcc0
    rip=fffff88001739c63 rsp=fffff880219ebb98 rbp=fffffa8009b9ce68
    r8=000000000000006a r9=0000000000000003 r10=fffffa8009b9ce70
    r11=fffff880219ec068 r12=fffff880219ebcc8 r13=fffffa8009b9ce20
    r14=fffffa8009b9ce68 r15=fffff880219ebe60
    iopl=0 nv up ei pl nz na po nc
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
    NETIO!memcmp+0x53:
    fffff880`01739c63 483b040a cmp rax,qword ptr [rdx+rcx] ds:002b:00640072`00610068=????????????????
    Resetting default scope
    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
    BUGCHECK_STR: 0x3B
    PROCESS_NAME: svchost.exe
    CURRENT_IRQL: 2
    LAST_CONTROL_TRANSFER: from fffff8800173d536 to fffff88001739c63
    STACK_TEXT:
    fffff880`219ebb98 fffff880`0173d536 : fffff880`219ebbd8 fffff880`219ebbd0 00020000`00020001 00020001`00020000 : NETIO!memcmp+0x53
    fffff880`219ebba0 fffff880`0173d2cd : fffff880`c0000022 fffffa80`00000000 00000000`00000000 fffffa80`08d53010 : NETIO!CompareBlobs+0x46
    fffff880`219ebbd0 fffff880`017432a1 : 0000c0a8`836e0800 00000000`00000000 fffffa80`06702340 00000000`00000000 : NETIO!MatchValues+0x10d
    fffff880`219ebc20 fffff880`017459c5 : fffff880`219ebcc0 00000000`000000e0 fffffa80`0af02180 00000000`000007ff : NETIO!CheckEqualConditionEnumMatch+0x51
    fffff880`219ebc50 fffff880`01745a69 : 00000000`00000000 fffff880`219ec060 fffff880`219ebdf0 00000000`00000000 : NETIO!CheckSpecialCasesConditionEnumMatch+0x35
    fffff880`219ebc90 fffff880`01743003 : 6e83a8c0`2fdb1180 00000000`000007ff fffff880`219ebe78 fffff880`0173d646 : NETIO!MatchConditionContains+0x79
    fffff880`219ebd90 fffff880`017430a9 : fffffa80`00000000 00000000`00000000 fffffa80`04a38a50 fffffa80`04946850 : NETIO!FilterMatchEnum+0x174
    fffff880`219ebdf0 fffff880`0174294a : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`048aa070 : NETIO!IndexListEnum+0x6f
    fffff880`219ebe60 fffff880`01743816 : 00000000`00000000 fffff880`219ebf80 fffff880`21020003 00000000`0000006a : NETIO!FeEnumLayer+0xaa
    fffff880`219ebec0 fffff880`019023c8 : 00000000`00000024 00000000`00000000 fffff880`219ec120 00000000`00000002 : NETIO!KfdEnumLayer+0x26
    fffff880`219ebf00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!FindPermittedPorts+0x1d8

    FOLLOWUP_IP:
    NETIO!memcmp+53
    fffff880`01739c63 483b040a cmp rax,qword ptr [rdx+rcx]
    SYMBOL_STACK_INDEX: 0
    SYMBOL_NAME: NETIO!memcmp+53
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: NETIO
    IMAGE_NAME: NETIO.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381
    STACK_COMMAND: .cxr 0xfffff880219eb1b0 ; kb
    FAILURE_BUCKET_ID: X64_0x3B_NETIO!memcmp+53
    BUCKET_ID: X64_0x3B_NETIO!memcmp+53
    Followup: MachineOwner
    ---------
      My Computer
    Quote Quote

  3. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       New #2



    We do need the DMP file as it contains the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.

    If you are overclocking STOP

    You may be able to get the DMP files without crashing by booting into safe mode (F8) with networking.

    To enable us to assist you with your computer's BSOD symptoms, upload the contents of your "\Windows\Minidump" folder.

    The procedure:
    * Copy the contents of \Windows\Minidump to another (temporary) location somewhere on your machine.
    * Zip up the copy.
    * Attach the ZIP archive to your post using the "paperclip" (file attachments) button.
    *If the files are too large please upload them to a file sharing service like "Rapidshare" and put a link to them in your reply.

    To ensure minidumps are enabled:
    * Go to Start, in the Search Box type: sysdm.cpl, press Enter.
    * Under the Advanced tab, click on the Startup and Recovery Settings... button.
    * Ensure that Automatically restart is unchecked.
    * Under the Write Debugging Information header select Small memory dump (256 kB) in the dropdown box (the 256kb varies).
    * Ensure that the Small Dump Directory is listed as %systemroot%\Minidump.
    * OK your way out.
    * Reboot if changes have been made.
      My Computer
    Quote Quote

  4. cpgdallas
    Posts : 6
    Windows 7 64-bit
    Thread Starter
       New #3

    File attached.
      My Computer
    Quote Quote

  6. zigzag3143
    Posts : 28,845
    Win 8 Release candidate 8400
       New #4

    cpgdallas said:
    File attached.

    It is much easier to find patterns, etc, when there are more than one crash.

    We prefer you wait until you have at least two so that if one is corrupt the other probably wont be.



    In your case it points to netio.sys which is usually caused by your malware app. I would suggest you remove it and replace with Microsoft Security Essentials

    Microsoft Security Essentials - Free Antivirus for Windows
      My Computer
    Quote Quote

  7. cpgdallas
    Posts : 6
    Windows 7 64-bit
    Thread Starter
       New #5

    Thank you.


    zigzag3143 said:
    cpgdallas said:
    File attached.

    It is much easier to find patterns, etc, when there are more than one crash.

    We prefer you wait until you have at least two so that if one is corrupt the other probably wont be.



    In your case it points to netio.sys which is usually caused by your malware app. I would suggest you remove it and replace with Microsoft Security Essentials

    Microsoft Security Essentials - Free Antivirus for Windows
    MSE installed and fully updated.
    OS had two updates waiting:
    1. Update for Microsoft .NET Framework 4 on XP
    2. The 2007 Microsoft Office Suite SP3

    The antivirus that came with the computer still on the computer but running or registered. Plan on uninstalling that Wednesday.
      My Computer
    Quote Quote

 

  Related Discussions
I had the BSOD problem for some time and then the problem simply stopped. I was calm for few months until today... Here's the minidump file, I hope you can help me guys. Microsoft services
Hey all, I have the following minidump file from my system directory.. I experience BSODs when I put my Win7 32bit laptop to sleep (not often, but very unpredictable).. I tried using win bg but even with symbols, I'm get some ntls___.exe errror.:confused: I've uploaded the dump..if anyone...
BSOD w/ Minidump file
in BSOD Help and Support

I'm having trouble with my Win 7 32 bit BSODing. It appears that whenever it goes to sleep, the computer fails to wake up and blue screens. I've updated the bios and the graphics drivers. I'm not 100% confident that the sleep function is the root cause of the BSOD, but it will happen every...
BSOD with minidump file
in BSOD Help and Support

My computer is Dell XPS 1645. It crashed (BSOD )sometime before i reformated it. But now, after i reformated, and install a few software inside, it still BSOD. Can help me to find out what is the reason of BSOD? Thanks. window 7 ultimate -64bit -before is original but will crash, now install...
BSOD Minidump file help!
in BSOD Help and Support

I have 7 64-Bit and often when I boot my pc It says that " windows desktop manager has stopped working and closed ". Sometimes I get bluescreen when I get to desktop. Today I started my pc and It said Loading windows and then came black background and only the cursor showing, and then It said that...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:40.
Find Us