BSOD after enabling Verifier.exe making debug difficult


  1. ataronchronon
    Posts : 4
    Windows 7 Professional 64bit
       New #1

    BSOD after enabling Verifier.exe making debug difficult


    Hi folks,

    I have a new (3 months old) work-issued laptop, running windows 7 and mandatory Symantec PGP (10.3). The laptop has caused trouble from new, with 2-3 BSODs per week, the most frequent manifestation being DRIVER_IRQL_NOT_LESS_OR_EQUAL

    Our IT support desk is offering nothing better than taking it for 2 days and re-imaging it, which would leave me without a work laptop for 2 days and a further 2 days of personal time getting myself setup again so I'm trying to debug myself rathern than waste 4 days on something that might not work.

    The most seen BSOD is DRIVER_IRQL_NOT_LESS_OR_EQUAL

    There's lots of good info here, I've used WinDbg to view my minidumps, but everything points to kernel and common wisdom here suggests it's not that.

    Now to my problem, I'm trying to isolate any driver error, but everytime I restart with Verifier.exe enabled I get a (dumpless) BSOD with an error:

    Code:
    The IO manager has detected a violation by a driver that is being verified...
...PGPwded.sys
    !

    PGPwded is a driver for PGP. Scouring the symantec forums, all I find is robust defense of their software, and a claim that the driver is not the cause of BSODs. Fine says I, and I set up Verify.exe to monitor all but the Symantec results, only I keep getting the same error regardless.

    Any suggestions for getting verify.exe to get around PGP (PGP is unavoidable).

    Sample Dump:

    Thanks!

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\temp\Dumps\033115-49826-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18738.amd64fre.win7sp1_gdr.150128-1513
Machine Name:
Kernel base = 0xfffff800`02e66000 PsLoadedModuleList = 0xfffff800`030aa890
Debug session time: Tue Mar 31 09:22:24.010 2015 (UTC + 1:00)
System Uptime: 5 days 13:00:24.502
Loading Kernel Symbols
...............................................................
................................................................
.......................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff800f0a12e40, 2, 0, fffff80002ee018d}

Probably caused by : ntkrnlmp.exe ( nt!KiCommitThreadWait+26d )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff800f0a12e40, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ee018d, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003114100
 fffff800f0a12e40 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiCommitThreadWait+26d
fffff800`02ee018d 4d8bb4c040ec2a00 mov     r14,qword ptr [r8+rax*8+2AEC40h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  svchost.exe

TRAP_FRAME:  fffff88022b34e70 -- (.trap 0xfffff88022b34e70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000001db1fc40 rbx=0000000000000000 rcx=0000000000000049
rdx=00000000000007ff rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ee018d rsp=fffff88022b35000 rbp=0000000000000001
 r8=fffff80002e66000  r9=0000000000000000 r10=ffffffffffffffef
r11=fffff880009b3180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!KiCommitThreadWait+0x26d:
fffff800`02ee018d 4d8bb4c040ec2a00 mov     r14,qword ptr [r8+rax*8+2AEC40h] ds:fffff800`f0a12e40=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002eda469 to fffff80002edaec0

STACK_TEXT:  
fffff880`22b34d28 fffff800`02eda469 : 00000000`0000000a fffff800`f0a12e40 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`22b34d30 fffff800`02ed90e0 : fffff880`22b35ab8 fffff800`02edda63 fffff880`00000004 fffffa80`1db1fb50 : nt!KiBugCheckDispatch+0x69
fffff880`22b34e70 fffff800`02ee018d : fffffa80`1db1fb50 fffffa80`1db1fb50 00000000`00000000 00000000`00000004 : nt!KiPageFault+0x260
fffff880`22b35000 fffff800`02edf60a : 00000000`00000000 00000000`00000001 fffffa80`00000049 00000000`00000000 : nt!KiCommitThreadWait+0x26d
fffff880`22b35090 fffff800`031d38df : ffff0000`00000002 fffff880`22b353e0 00000000`00000001 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x272
fffff880`22b35350 fffff800`031d3c56 : fffffa80`0d9e6501 fffff800`030101ee 00000000`00000001 fffffa80`1db1fb01 : nt!ObpWaitForMultipleObjects+0x294
fffff880`22b35820 fffff800`02eda153 : fffffa80`1db1fb50 00000000`0b6dfd38 fffff880`22b35a88 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe5
fffff880`22b35a70 00000000`76da186a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0b6dfd18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76da186a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiCommitThreadWait+26d
fffff800`02ee018d 4d8bb4c040ec2a00 mov     r14,qword ptr [r8+rax*8+2AEC40h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KiCommitThreadWait+26d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  54c996c8

FAILURE_BUCKET_ID:  X64_0xA_nt!KiCommitThreadWait+26d

BUCKET_ID:  X64_0xA_nt!KiCommitThreadWait+26d

Followup: MachineOwner
---------
      My Computer
    Quote Quote

  3. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #2

    ataronchronon said:

    Now to my problem, I'm trying to isolate any driver error, but everytime I restart with Verifier.exe enabled I get a (dumpless) BSOD with an error:

    Code:
    The IO manager has detected a violation by a driver that is being verified...
...PGPwded.sys
    !
    Yes, it is a Storage filter service from Symantec.

    If it is caught by verifier, it is a driver that is failing to work properly and subject to cause BSODs. And Symantec software are very well known BSOD causers.

    But, before enabling verifier, can you let us see the crash dumps in normal situation?

    Disable Verifier now. Post it following the Blue Screen of Death (BSOD) Posting Instructions and attach the data with your reply post.
      My Computer
    Quote Quote

  4. ataronchronon
    Posts : 4
    Windows 7 Professional 64bit
    Thread Starter
       New #3

    Arc said:
    Yes, it is a Storage filter service from Symantec.

    If it is caught by verifier, it is a driver that is failing to work properly and subject to cause BSODs. And Symantec software are very well known BSOD causers.

    But, before enabling verifier, can you let us see the crash dumps in normal situation?

    Disable Verifier now. Post it following the Blue Screen of Death (BSOD) Posting Instructions and attach the data with your reply post.
    Thanks the reply Arc,

    Hopefully without sounding rude, I'm loathe to run that .exe as my work-installed anti-virus lit up when it saw the file. Is there a manual set of steps I can perform to collect the information you suggest?
      My Computer
    Quote Quote

  6. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #4

    ataronchronon said:
    Arc said:
    Yes, it is a Storage filter service from Symantec.

    If it is caught by verifier, it is a driver that is failing to work properly and subject to cause BSODs. And Symantec software are very well known BSOD causers.

    But, before enabling verifier, can you let us see the crash dumps in normal situation?

    Disable Verifier now. Post it following the Blue Screen of Death (BSOD) Posting Instructions and attach the data with your reply post.
    Thanks the reply Arc,

    Hopefully without sounding rude, I'm loathe to run that .exe as my work-installed anti-virus lit up when it saw the file. Is there a manual set of steps I can perform to collect the information you suggest?
    If any antivirus flags it, that is the problem with the antivirus, not of the tool.
      My Computer
    Quote Quote

  7. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #5

    The tool has work well on 10,000 of computers.
    I understand your concern but I have never know the tool to cause problems.
      My Computer
    Quote Quote

  8. ataronchronon
    Posts : 4
    Windows 7 Professional 64bit
    Thread Starter
       New #6

    Thanks guys.

    I've run the tool and reviewed the output, seems mostly reasonable.

    I appreciate any of you looking over it (now attached)

    Had 2 more BSODs today.
    One was Page Fault in non paged area (afd.sys), the other just said Memory Management or something like that with dxgmms1.sys named.
      My Computer
    Quote Quote

  10. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       New #7

    We are seeing various different bugcheck codes and various different failing modules including Intel IRST, Norton antivirus and Intel graphics. Some of the dumps are indicating to hardware failure, too.

    And apparently that is the first place to look at, because of the versatility of the bugchecks and probable causes. Let us check the testable hardware.

    Test your RAM modules for possible errors. Run memtest86+ for at least 8 consecutive passes.

    If it start showing errors/red lines, stop testing. A single error is enough to determine that something is going bad there.

    Stress test the Graphics Card (NVIDIA Quadro K1100M) using Furmark.Take a screenshot of the furmark window before closing it. Upload the screenshot for us. Also let us know if you have experienced any crash/BSOD and/or artifacts during the test.

    Stress test the CPU. It saves the result as a .txt file in the prime95's folder. Upload the file for us.

    Is the computer hot? Report us the heat of the computer after a couple of hours of your normal usage. Upload a screenshot of the summery tab of Speccy. Alternatively, you can publish a Speccy snapshot too: Speccy - Publish Snapshot of your System Specs .
    ___________________________________________
    Code:
    BugCheck 50, {ffffffffffffff89, 1, fffff800031aa38b, 0}


Could not read faulting driver name
Probably caused by : hardware ( nt!NtDeviceIoControlFile+4b )

Followup: MachineOwner
---------
    Code:
    BugCheck D1, {450, 7, 0, fffff88006bab08a}

*** WARNING: Unable to verify timestamp for igdkmd64.sys
*** ERROR: Module load completed but symbols could not be loaded for igdkmd64.sys
Probably caused by : igdkmd64.sys ( igdkmd64+c408a )

Followup: MachineOwner
---------
    Code:
    fffff880`22b34010  fffff880`044e31e0Unable to load image \SystemRoot\System32\Drivers\dump_iaStorA.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for dump_iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iaStorA.sys
 dump_iaStorA+0x921e0
    Code:
    BugCheck 1000007E, {ffffffffc0000005, fffff88001ce1e4d, fffff880123f9358, fffff880123f8bb0}

*** WARNING: Unable to verify timestamp for Teefer.sys
*** ERROR: Module load completed but symbols could not be loaded for Teefer.sys
Probably caused by : Teefer.sys ( Teefer+3f9e )

Followup: MachineOwner
---------
      My Computer
    Quote Quote

  11. ataronchronon
    Posts : 4
    Windows 7 Professional 64bit
    Thread Starter
       New #8

    Thanks for the help Arc, it's much appreciated - you put my companies IT support to shame!

    I'll start with the testing this evening, I need to get a day's work done today.

    re: the temperature, I'll certainly poll it over the day. I have thought before that the fan usage is excessive for seemingly innocuous tasks.
      My Computer
    Quote Quote

 

  Related Discussions
So i enabled Driver Verifier and got a BSOD. I disabled it and looked at another post from November regarding ScpVBus.sys. I had the exact same BSOD for the exact same reason. If you are looking at this Arc you know what im talking about ScpVBus is Scarlet.Crush Productions SCP Driver. (It tricks...
I have an asus desktop pc and am having severe problems typing as the cursor appears to be disappearing when I am in mid flow typing. I have asked the supplier for mouse drivers which they don't seem able to supply and i have tried the mouse pointer options in control panel. This is happening in...
BSOD after enabling driver verifier
in BSOD Help and Support

Hi, so since my computer was randomly freezing up for no apparent reason, I did some research and enabled driver verifier which then led me to a BSOD instead of just freezing (which I believe is the effect I want to achieve). In any case, I got a dump file and I have no idea how to analyze it....
Hi running Windows 7 64 bit home premium. Enabled driver verifier as I was getting BSOD, cannot boot into Windows because of the STOP error 0x0000000A IRQL not less or equal, have loaded system defaults and still no joy. AMD 1090T X6 with 8GB 2x4Gb of crucial tactical tracer elite RAM SPD at...
Hi, I need some advice. I'm helping my brother to set up a dual-boot of Win7 & Win7. The reason for this strange setup is because my brother wants to have his own Win7 system, separately from his son who keeps causing trouble with trojans/viruses & online games. I have several questions before...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 00:59.
Find Us