Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Learning BSODs; Have a BSOD with adm.exe process.

09 Mar 2015   #1
denixx

Windows 7 Ultimate x64
 
 
Learning BSODs; Have a BSOD with adm.exe process.

Hi guys!
I have started learning BSODs, and my first catch was a friend's laptop, here was one interesting minidump yesterday.
I've asked for a minidump file, and executed "!analyze -v"
PROCESS_NAME: adm.exe
Should I complain Acronis Drive Monitor, which I installed myself to her laptop? I've already opened a topic at Acronis forum, which refers ADM: https://forum.acronis.com/forum/85802 .
So, just asking if I can get some more info from minidump. Need assistance
A minidump itself is in attachment. UPD1: attached a zip, missed it when created a post
Thanks.
Code:
3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800da2b328
Arg3: fffff8800da2ab80
Arg4: fffff880016ca2da

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800da2b328 -- (.exr 0xfffff8800da2b328)
ExceptionAddress: fffff880016ca2da (Ntfs!NtfsFlushVolume+0x000000000000044a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff8800da2ab80 -- (.cxr 0xfffff8800da2ab80;r)
rax=fffef8a003585010 rbx=fffff8a005376040 rcx=fffff8a00267b910
rdx=fffff8a004451710 rsi=fffffa80064783b0 rdi=fffff8a005376010
rip=fffff880016ca2da rsp=fffff8800da2b560 rbp=fffff8800da2b8e0
 r8=fffff8a00267b910  r9=fffff8a00267b930 r10=fffff8800da2b5f0
r11=fffff8800da2b510 r12=0000000000000000 r13=fffffa8008966180
r14=0000000000000702 r15=0000000000000705
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
Ntfs!NtfsFlushVolume+0x44a:
fffff880`016ca2da f083401401      lock add dword ptr [rax+14h],1 ds:002b:fffef8a0`03585024=????????
Last set context:
rax=fffef8a003585010 rbx=fffff8a005376040 rcx=fffff8a00267b910
rdx=fffff8a004451710 rsi=fffffa80064783b0 rdi=fffff8a005376010
rip=fffff880016ca2da rsp=fffff8800da2b560 rbp=fffff8800da2b8e0
 r8=fffff8a00267b910  r9=fffff8a00267b930 r10=fffff8800da2b5f0
r11=fffff8800da2b510 r12=0000000000000000 r13=fffffa8008966180
r14=0000000000000702 r15=0000000000000705
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
Ntfs!NtfsFlushVolume+0x44a:
fffff880`016ca2da f083401401      lock add dword ptr [rax+14h],1 ds:002b:fffef8a0`03585024=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  adm.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032f8100
GetUlongFromAddress: unable to read from fffff800032f81c0
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsFlushVolume+44a
fffff880`016ca2da f083401401      lock add dword ptr [rax+14h],1

FAULTING_IP: 
Ntfs!NtfsFlushVolume+44a
fffff880`016ca2da f083401401      lock add dword ptr [rax+14h],1

BUGCHECK_STR:  0x24

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff8800166d7c8 to fffff880016ca2da

STACK_TEXT:  
fffff880`0da2b560 fffff880`0166d7c8 : fffffa80`064783b0 fffffa80`08966180 fffffa80`08f37a01 fffff880`0da2b700 : Ntfs!NtfsFlushVolume+0x44a
fffff880`0da2b690 fffff880`0165ab9f : fffffa80`064783b0 fffff880`014cd000 fffffa80`06a5c840 fffffa80`0a407001 : Ntfs!NtfsVolumeDasdIo+0x1b8
fffff880`0da2b740 fffff880`0165c398 : fffffa80`064783b0 fffffa80`0aabd710 fffff880`0da2b801 fffffa80`08f37900 : Ntfs!NtfsCommonRead+0x5bf
fffff880`0da2b8b0 fffff880`0147abcf : fffffa80`0aabdab0 fffffa80`0aabd710 fffffa80`08f37990 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`0da2b960 fffff880`014796df : fffffa80`06a56de0 00000000`00000001 fffffa80`06a56d00 fffffa80`0aabd710 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0da2b9f0 fffff800`033caecb : 00000000`00000000 fffffa80`0a407070 00000000`00000001 fffffa80`0aabd710 : fltmgr!FltpDispatch+0xcf
fffff880`0da2ba50 fffff800`033aafe3 : fffffa80`0a407070 fffffa80`0a407070 fffffa80`0a407070 fffff800`0323be80 : nt!IopSynchronousServiceTail+0xfb
fffff880`0da2bac0 fffff800`030c1113 : ffffffff`ffffffff 00000000`00000364 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631
fffff880`0da2bbb0 00000000`73d02e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008ec08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73d02e09


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFlushVolume+44a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  52e1be8a

IMAGE_VERSION:  6.1.7601.18378

STACK_COMMAND:  .cxr 0xfffff8800da2ab80 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsFlushVolume+44a

BUCKET_ID:  X64_0x24_Ntfs!NtfsFlushVolume+44a

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x24_ntfs!ntfsflushvolume+44a

FAILURE_ID_HASH:  {cb5a5752-c266-1f6d-f1c4-60df87156d60}

Followup: MachineOwner



My System SpecsSystem Spec
.
09 Mar 2015   #2
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Welcome
Maybe I can help. One dmp is not enough to assume anything. Sometimes several dmps will agree indicating that you have the true cause. Usually the more dmps that you have the more causes you will see. You have to know a bit about reading the dmps to ascertain the correct cause. In your situation and the process indicating Acronis, there is a good chance that the true cause may lie elsewhere. Follow our posting instructions, give us your dmps, hopefully more than one and we can discuss. You can take the lead if that is your wish.
Blue Screen of Death (BSOD) Posting Instructions
Bottom line do not assume that you know the actual cause based upon one dmp.
My System SpecsSystem Spec
09 Mar 2015   #3
denixx

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by richc46 View Post
Welcome
One dmp is not enough to assume anything. Sometimes several dmps will agree indicating that you have the true cause. Usually the more dmps that you have the more causes you will see. You have to know a bit about reading the dmps to ascertain the correct cause. In your situation and the process indicating Acronis, there is a good chance that the true cause may lie elsewhere. Follow our posting instructions, give us your dmps, hopefully more than one and we can discuss. You can take the lead if that is your wish.
Blue Screen of Death (BSOD) Posting Instructions
Bottom line do not assume that you know the actual cause based upon one dmp.
Yeah, I agree with you.
I've updated my post and attached a dmp. (at this time I have only this one)
Here is a thread at Acronis forum, which says ADM might be a reason: https://forum.acronis.com/forum/41439

Also I will try to get archive with all needed information collected by dm log collector.
At this time I've asked my friend to remove ADM, waiting for response from her.

(And here is a small issue with dm log collector - it creates file in current user's profile folder in Desktop directory, but I have cut my Desktop folder to another disk drive, so it's path oficially "D:\Docs\Desktop" and Windows knows it. But log collector created a file in "C:\Users\denixx\Desktop")
My System SpecsSystem Spec
.

09 Mar 2015   #4
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Possibly ADM might be the cause. Make a system restore point and remove the problem software, and then see if you continue to get BSODs, if not you lucked out. If ADM is not the cause then restore everything with S Restore.
My System SpecsSystem Spec
09 Mar 2015   #5
denixx

Windows 7 Ultimate x64
 
 

About Desktop folder - I've looked right values in registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
Can't say exact one - they have the same value in my case.
My System SpecsSystem Spec
09 Mar 2015   #6
denixx

Windows 7 Ultimate x64
 
 

If it is still needed, I've attached collected info. I think ADM was removed today at 18:59 GMT+2 (Event[58465]).
Will look how it will behave.
My System SpecsSystem Spec
Reply

 Learning BSODs; Have a BSOD with adm.exe process.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Random BSODs not associated with any particular process, 124?
I've been getting seemingly random BSODs for the last 6 months since adding a new CPU (4770k with H100i water cooler), motherboard (MSI Z97 Gaming 5), GPU (R9 280X) and RAM (Corsair Vengeance Pro 16gb DDR3 2400mhz) to my PC. The BSODs seem to occurred regardless of what I'm doing, could be just...
BSOD Help and Support
open explorer, starts new process, close it, process remains active
Hi, I've got a quicklaunch shortcut to: %windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E} That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that...
General Discussion
Windows 7 + Process Explorer + Patch: [Opening error process]
Hi fooks, I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be. I have bought last year a little notebook with Windows 7 Home Premium on it. On this machine i am the Administrator, and there are no other people on that, or guestaccounts made. On...
Installation & Setup
Help: learning BSOD/debugging
Ok so when i open Windbg file i get this and multiple messages about my debugger not having full symbol information, and or i specified unqualified symbols. and so on. heres a screenshot. Also may i ask what symbols are? I will not attempt to help anyone until i learn more, and watch others solve...
BSOD Help and Support
5-6 full re-installs, still BSODs under process load on Aspire One
Hey everybody, This is my first post and I am trying out 7 on my Acer Aspire One netbook. I know its not very powerful, but it is running 7 nicely (when it does run..) In any case, I am dual booting 7 and XP from this 1.6 atom, 1gb ram netbook. The install always goes smoothly and so do most...
BSOD Help and Support
3 Free Win 7 E-Learning Clinics from Microsoft Learning
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App