Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD Help

25 Jun 2010   #1

Windows 7 64Bit Home
 
 
BSOD Help

Hi, I Just joined after lurking the forums trying to figure out my BSOD problems. I hope someone could help me with this conundrum.

So chronologically I guess would be the best way to go about this.

I have had Win 7 since RC7100, and purchased my full copy on release. I have had no problems with Win 7, not to mention BSOD's.

But alas, 5 days ago I was replaying Stalker: Shadow of Chernobyl, and I BSOD. Got pissed off, I hadn't quick saved in a while, lol. But I was shocked because It was my first BSOD and I run my computer very clinically. I have never had any trouble playing any games.

So, I went to turn up my case fans, (my friends usually have to do this when playing games and they BSOD) but they were already on full. Checked my GPU-Z temps and fan speeds. Everything looked ok, so I reckoned it wasn't an over heated GFX card.

I left it at that, didn't think of anything else.

So I went to play stalker again, updated my drivers and after a while it did it again, and again, and again.

So I stopped playing Stalker.

Yesterday, I started replaying Mass Effect 2, and low and behold I BSOD, now on 2 separate games. I'm guessing its now a GFX driver issue or even a sound driver issue.

So I pulled out my phone to take a picture of the error code on the BSOD.

PAGE_FAULT_IN_NONPAGED_AREA 0x0000000050

So, at this time I'm freaking out, not knowing what's wrong with my machine.

so I googled 0x0000000050 and found this "This Stop error indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop error."

Windows Blue Screen Of Death error: STOP: 0x00000050

Now I'm FREAKING OUT lol.

So I realise I need to know what's wrong. I get memtest and run it for 6 hours 5 passes all clear. So my RAM is ok.

I am at a loss, I have no idea what to do next, here are my 10 dump files that I have.

Ho hum, looks like no gaming for a while lol.

Anyway,

Thanks in advance.

TheFrin


My System SpecsSystem Spec
.

25 Jun 2010   #2

Windows 7 Ultimate x64, Mint 9
 
 

Hello TheFrin.

You have 5 unique BSoDs there, thank you for all of them.

Since they were all caused by system files, it is possible you have a corrupted install.
Hit start, and bring up an elevated command prompt (right click run as admin) and type sfc /scannow. What does it say?

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\7zOEE0.tmp\062510-19593-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c41e50
Debug session time: Fri Jun 25 13:56:01.407 2010 (UTC - 7:00)
System Uptime: 1 days 21:06:25.608
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff8800aedfa08, fffff8800aedf270, fffff88001254a30}

Unable to load image \SystemRoot\system32\DRIVERS\SiWinAcc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsSnapshotScbInternal+160 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800aedfa08
Arg3: fffff8800aedf270
Arg4: fffff88001254a30

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800aedfa08 -- (.exr 0xfffff8800aedfa08)
ExceptionAddress: fffff88001254a30 (Ntfs!NtfsSnapshotScbInternal+0x0000000000000160)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff8800aedf270 -- (.cxr 0xfffff8800aedf270)
rax=527265776f506574 rbx=fffff88004d26c70 rcx=fffff8800aee0260
rdx=fffff88004d26c70 rsi=fffff8800aee0308 rdi=fffff8800aee0260
rip=fffff88001254a30 rsp=fffff8800aedfc40 rbp=0000000000000727
 r8=0000000000000000  r9=0000000000000002 r10=fffff8800aee0260
r11=fffff8800aee0078 r12=fffffa8005ae2070 r13=0000000000000000
r14=fffff8a004d26ed8 r15=fffff8a0169e6d60
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
Ntfs!NtfsSnapshotScbInternal+0x160:
fffff880`01254a30 48394860        cmp     qword ptr [rax+60h],rcx ds:002b:52726577`6f5065d4=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cac0e0
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsSnapshotScbInternal+160
fffff880`01254a30 48394860        cmp     qword ptr [rax+60h],rcx

FAULTING_IP: 
Ntfs!NtfsSnapshotScbInternal+160
fffff880`01254a30 48394860        cmp     qword ptr [rax+60h],rcx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012e8e73 to fffff88001254a30

STACK_TEXT:  
fffff880`0aedfc40 fffff880`012e8e73 : fffff8a0`04d26b40 fffff880`0aee04c0 fffff880`04d26c70 fffffa80`03b00604 : Ntfs!NtfsSnapshotScbInternal+0x160
fffff880`0aedfc70 fffff880`01257aa9 : fffffa80`05567350 00000000`000007ff fffff880`0aee01c0 fffff880`0aecf000 : Ntfs!NtfsCommonCleanup+0x843
fffff880`0aee0080 fffff800`02a83d4a : fffff880`0aee01c0 fffff880`012545d3 fffff880`0aed9000 fffffa80`05567358 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`0aee00b0 fffff880`01257662 : fffff880`01257a90 fffff880`0aee01c0 fffff880`0aee0500 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0aee0190 fffff880`012f9244 : fffff880`0aee0260 fffff880`0aee0260 fffff880`0aee0260 fffffa80`05ae2070 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`0aee0200 fffff880`0117d23f : fffff880`0aee0260 fffffa80`04376b80 fffffa80`04376fb0 fffffa80`071b9010 : Ntfs!NtfsFsdCleanup+0x144
fffff880`0aee0470 fffff880`0117b6df : fffffa80`042dc6f0 00000000`00000000 fffffa80`040ebe00 fffffa80`04376b80 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0aee0500 fffff880`011db02e : fffffa80`04376b80 00000000`00000001 fffffa80`0522c660 00000000`00000000 : fltmgr!FltpDispatch+0xcf
fffff880`0aee0560 fffffa80`04376b80 : 00000000`00000001 fffffa80`0522c660 00000000`00000000 fffffa80`04376b80 : SiWinAcc+0x102e
fffff880`0aee0568 00000000`00000001 : fffffa80`0522c660 00000000`00000000 fffffa80`04376b80 fffff800`02d8b9af : 0xfffffa80`04376b80
fffff880`0aee0570 fffffa80`0522c660 : 00000000`00000000 fffffa80`04376b80 fffff800`02d8b9af fffffa80`071b9010 : 0x1
fffff880`0aee0578 00000000`00000000 : fffffa80`04376b80 fffff800`02d8b9af fffffa80`071b9010 00000000`00000000 : 0xfffffa80`0522c660


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsSnapshotScbInternal+160

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc14f

STACK_COMMAND:  .cxr 0xfffff8800aedf270 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsSnapshotScbInternal+160

BUCKET_ID:  X64_0x24_Ntfs!NtfsSnapshotScbInternal+160

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\7zOE7F.tmp\062210-20576-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a10000 PsLoadedModuleList = 0xfffff800`02c4de50
Debug session time: Tue Jun 22 15:38:14.177 2010 (UTC - 7:00)
System Uptime: 0 days 0:28:12.377
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff880039043a0, 0, fffff80002d75927, 0}


Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectByHandleWithTag+e7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff880039043a0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002d75927, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

OVERLAPPED_MODULE: Address regions for 'nvlddmkm' and 'nvlddmkm.sys' overlap

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb80e0
 fffff880039043a0 

FAULTING_IP: 
nt!ObReferenceObjectByHandleWithTag+e7
fffff800`02d75927 488b03          mov     rax,qword ptr [rbx]

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  RapportLaunSer

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88007afb950 -- (.trap 0xfffff88007afb950)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000100000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002d75927 rsp=fffff88007afbae0 rbp=fffff88007afbc00
 r8=fffff88003904000  r9=00000000000000e8 r10=fffff80002d7bd00
r11=fffff88007afbc18 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!ObReferenceObjectByHandleWithTag+0xe7:
fffff800`02d75927 488b03          mov     rax,qword ptr [rbx] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002b00e54 to fffff80002a80600

STACK_TEXT:  
fffff880`07afb7e8 fffff800`02b00e54 : 00000000`00000050 fffff880`039043a0 00000000`00000000 fffff880`07afb950 : nt!KeBugCheckEx
fffff880`07afb7f0 fffff800`02a7e6ee : 00000000`00000000 fffff880`039043a0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x42877
fffff880`07afb950 fffff800`02d75927 : 00000000`00000000 fffffa80`0536f440 fffffa80`07403400 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`07afbae0 fffff800`02d7bd69 : 00000000`00000000 fffff800`00100000 00000000`00000000 00000000`00000001 : nt!ObReferenceObjectByHandleWithTag+0xe7
fffff880`07afbbb0 fffff800`02a7f853 : fffffa80`0536f440 00000000`ffffffff 00000000`00000000 00000000`00000000 : nt!NtWaitForSingleObject+0x69
fffff880`07afbc20 00000000`76f4fefa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0124fda8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f4fefa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ObReferenceObjectByHandleWithTag+e7
fffff800`02d75927 488b03          mov     rax,qword ptr [rbx]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ObReferenceObjectByHandleWithTag+e7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0x50_nt!ObReferenceObjectByHandleWithTag+e7

BUCKET_ID:  X64_0x50_nt!ObReferenceObjectByHandleWithTag+e7

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\7zOE9F.tmp\062310-20108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c43e50
Debug session time: Wed Jun 23 10:04:00.478 2010 (UTC - 7:00)
System Uptime: 0 days 6:12:00.679
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002e27ffb, 1, f}

Probably caused by : ntkrnlmp.exe ( nt!CmpCallCallBacks+eb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002e27ffb, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 000000000000000f, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!CmpCallCallBacks+eb
fffff800`02e27ffb f044017710      lock add dword ptr [rdi+10h],r14d

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  000000000000000f

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cae0e0
 000000000000000f 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0x1E_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  dwm.exe

CURRENT_IRQL:  0

EXCEPTION_RECORD:  fffff88005cb0ae8 -- (.exr 0xfffff88005cb0ae8)
ExceptionAddress: fffff80002e27ffb (nt!CmpCallCallBacks+0x00000000000000eb)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 000000000000000f
Attempt to write to address 000000000000000f

TRAP_FRAME:  fffff88005cb0b90 -- (.trap 0xfffff88005cb0b90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a010204180 rbx=0000000000000000 rcx=00000000000007ff
rdx=00000000000004f1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e27ffb rsp=fffff88005cb0d20 rbp=fffff88005cb1310
 r8=0000000000000801  r9=00000000000004ef r10=fffff80002bf2420
r11=0000000000000011 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!CmpCallCallBacks+0xeb:
fffff800`02e27ffb f044017710      lock add dword ptr [rdi+10h],r14d ds:00000000`00000010=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ab0929 to fffff80002a76600

STACK_TEXT:  
fffff880`05cb0318 fffff800`02ab0929 : 00000000`0000001e ffffffff`c0000005 fffff800`02e27ffb 00000000`00000001 : nt!KeBugCheckEx
fffff880`05cb0320 fffff800`02a75c42 : fffff880`05cb0ae8 00000000`00000000 fffff880`05cb0b90 00000000`00000000 : nt!KiDispatchException+0x1b9
fffff880`05cb09b0 fffff800`02a747ba : 00000000`00000001 00000000`00000000 00000000`41735300 00000000`000007ff : nt!KiExceptionDispatch+0xc2
fffff880`05cb0b90 fffff800`02e27ffb : 00000000`000004ef 00000000`00000000 00000000`00000000 00000000`000007ff : nt!KiPageFault+0x23a
fffff880`05cb0d20 fffff800`02d96b1b : fffffa80`0000001c fffff880`05cb0f50 fffff8a0`00058001 fffff880`0000001d : nt!CmpCallCallBacks+0xeb
fffff880`05cb0df0 fffff800`02d70a64 : fffff800`02d50ae0 00000000`00000000 fffffa80`04321010 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x2c227
fffff880`05cb10c0 fffff800`02d75b76 : fffffa80`04321010 fffff880`05cb1240 00000000`00000240 fffffa80`036f2f30 : nt!ObpLookupObjectName+0x585
fffff880`05cb11c0 fffff800`02d54bec : fffffa80`06ff7af0 00000000`00000000 fffffa80`065fd400 fffffa80`00000000 : nt!ObOpenObjectByName+0x306
fffff880`05cb1290 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmOpenKey+0x28a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!CmpCallCallBacks+eb
fffff800`02e27ffb f044017710      lock add dword ptr [rdi+10h],r14d

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!CmpCallCallBacks+eb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!CmpCallCallBacks+eb

BUCKET_ID:  X64_0x1E_c0000005_nt!CmpCallCallBacks+eb

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\7zOE2E.tmp\062110-22666-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a50000 PsLoadedModuleList = 0xfffff800`02c8de50
Debug session time: Mon Jun 21 05:31:06.099 2010 (UTC - 7:00)
System Uptime: 2 days 1:07:41.300
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F7, {21f89382a0ee, 21fa9382a0ee, ffffde056c7d5f11, 0}

Probably caused by : win32k.sys ( win32k!SetWakeBit+f8 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 000021f89382a0ee, Actual security check cookie from the stack
Arg2: 000021fa9382a0ee, Expected security check cookie
Arg3: ffffde056c7d5f11, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_MISSING_GSFRAME

SECURITY_COOKIE:  Expected 000021fa9382a0ee found 000021f89382a0ee

BUGCHECK_STR:  0xF7_ONE_BIT

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  csrss.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002b55405 to fffff80002ac0600

STACK_TEXT:  
fffff880`03483338 fffff800`02b55405 : 00000000`000000f7 000021f8`9382a0ee 000021fa`9382a0ee ffffde05`6c7d5f11 : nt!KeBugCheckEx
fffff880`03483340 fffff800`02ac50fa : fffffa80`04769350 00000000`00000000 fffff800`02c65f70 fffff880`03483400 : nt!_report_gsfailure+0x25
fffff880`03483380 fffff800`02ac4771 : fffffa80`075de5e0 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KiDeferredReadyThread+0x31a
fffff880`03483400 fffff960`000fb30c : fffff960`00000000 fffff900`00000002 fffff900`c2cfc800 fffffa80`0410fc68 : nt!KeSetEvent+0x1e1
fffff880`03483470 fffff960`000c8485 : fffff900`c2d126f0 fffff900`c2de0690 00000000`00000012 fffff900`c0819300 : win32k!SetWakeBit+0xf8
fffff880`034834a0 fffff960`000c8181 : fffff900`c1ff9f00 fffff900`c2de0690 00000000`0000011b fffff900`c30b5ce0 : win32k!WakeSomeone+0x221
fffff880`034834e0 fffff960`00126505 : fffff900`c2d77010 fffff900`c2cfc93c fffff900`c26fb650 00000000`00000001 : win32k!PostInputMessage+0x1f5
fffff880`03483560 fffff960`001290e7 : fffffa80`0a8ab071 fffff900`c2cfc93c 00000000`000001e9 00000000`0000018f : win32k!PostRawMouseInput+0x2ad
fffff880`034835d0 fffff960`00127b49 : fffff900`c2cfc93c 00000000`0a8ab071 fffff900`c2cfc8b0 00000000`0a8ab071 : win32k!xxxMoveEventAbsolute+0x17f
fffff880`03483660 fffff960`001279a0 : fffff900`c2cfc8b0 0000018f`000001e9 00000000`00000000 00000000`00200286 : win32k!ProcessMouseInput+0x195
fffff880`034836d0 fffff800`02a9d009 : 00000000`00000001 00000000`00000000 00000000`20707249 00000000`00000001 : win32k!InputApc+0x7c
fffff880`03483700 fffff800`02ac795d : fffffa80`06135060 00000000`00000000 fffff960`00127924 00000000`00000000 : nt!KiDeliverApc+0x211
fffff880`03483780 fffff800`02ac3c4b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x3dd
fffff880`03483810 fffff960`000c87f0 : fffff900`00000002 fffffa80`05c23820 fffff900`00000001 fffff880`0000000d : nt!KeWaitForMultipleObjects+0x271
fffff880`03483ac0 fffff960`000c970c : 00000000`00000000 fffff900`c01d5010 fffff960`0030f340 fffff900`c01eadd0 : win32k!xxxMsgWaitForMultipleObjects+0x108
fffff880`03483b40 fffff960`00084634 : fffffa80`00000001 fffffa80`0000000c fffffa80`06135060 fffff6fc`4001a2b0 : win32k!xxxDesktopThread+0x254
fffff880`03483bc0 fffff960`00103fa6 : fffffa80`00000001 fffff960`0030f340 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x64
fffff880`03483bf0 fffff800`02abf853 : fffffa80`06135060 00000000`00000004 000007ff`fffac000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`03483c20 000007fe`fd613d3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0236fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd613d3a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!SetWakeBit+f8
fffff960`000fb30c 488b5c2430      mov     rbx,qword ptr [rsp+30h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  win32k!SetWakeBit+f8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdc4376

FAILURE_BUCKET_ID:  X64_0xF7_ONE_BIT_MISSING_GSFRAME_win32k!SetWakeBit+f8

BUCKET_ID:  X64_0xF7_ONE_BIT_MISSING_GSFRAME_win32k!SetWakeBit+f8

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\7zOE4E.tmp\062210-19281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a4a000 PsLoadedModuleList = 0xfffff800`02c87e50
Debug session time: Tue Jun 22 15:08:40.393 2010 (UTC - 7:00)
System Uptime: 0 days 0:10:10.594
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck BE, {fffff880001c9110, 4a0121, fffff880066f9b90, b}

Probably caused by : win32k.sys ( win32k!DrvUpdateGraphicsDeviceList+198 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory.  The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff880001c9110, Virtual address for the attempted write.
Arg2: 00000000004a0121, PTE contents.
Arg3: fffff880066f9b90, (reserved)
Arg4: 000000000000000b, (reserved)

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xBE

PROCESS_NAME:  dwm.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880066f9b90 -- (.trap 0xfffff880066f9b90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a004640980 rbx=0000000000000000 rcx=00000000000007ff
rdx=00000000000004f1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e6bffb rsp=fffff880066f9d20 rbp=fffff880066fa310
 r8=0000000000000801  r9=00000000000004ef r10=fffff80002c36420
r11=0000000000000011 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!CmpCallCallBacks+0xeb:
fffff800`02e6bffb f044017710      lock add dword ptr [rdi+10h],r14d ds:00000000`00000010=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002b3aa22 to fffff80002aba600

STACK_TEXT:  
fffff880`066f9a28 fffff800`02b3aa22 : 00000000`000000be fffff880`001c9110 00000000`004a0121 fffff880`066f9b90 : nt!KeBugCheckEx
fffff880`066f9a30 fffff800`02ab86ee : 00000000`00000001 00000000`00000000 00000000`41735300 00000000`000007ff : nt! ?? ::FNODOBFM::`string'+0x423be
fffff880`066f9b90 fffff800`02e6bffb : 00000000`000004ef 00000000`00000000 00000000`00000000 00000000`000007ff : nt!KiPageFault+0x16e
fffff880`066f9d20 fffff800`02ddab1b : fffffa80`0000001c fffff880`066f9f50 fffff8a0`00058001 fffff880`0000001d : nt!CmpCallCallBacks+0xeb
fffff880`066f9df0 fffff800`02db4a64 : fffff800`02d94ae0 00000000`00000000 fffffa80`05778010 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x2c227
fffff880`066fa0c0 fffff800`02db9b76 : fffffa80`05778010 fffff880`066fa240 00000000`00000240 fffffa80`0370cf30 : nt!ObpLookupObjectName+0x585
fffff880`066fa1c0 fffff800`02d98bec : fffffa80`0635a010 00000000`00000000 fffffa80`063eeb00 fffffa80`00000000 : nt!ObOpenObjectByName+0x306
fffff880`066fa290 fffff800`02d9be12 : fffff880`066fa8e8 fffff8a0`82000000 fffff880`066fa620 00000000`00000000 : nt!CmOpenKey+0x28a
fffff880`066fa3e0 fffff800`02ab9853 : fffff8a0`002bd060 fffff880`066fa500 00000000`001a0000 00000000`000001a8 : nt!NtOpenKey+0x12
fffff880`066fa420 fffff800`02ab5df0 : fffff800`02d75c45 00000000`00000000 00000000`00000000 fffff960`0034d6c0 : nt!KiSystemServiceCopyEnd+0x13
fffff880`066fa5b8 fffff800`02d75c45 : 00000000`00000000 00000000`00000000 fffff960`0034d6c0 fffff880`066fa8e8 : nt!KiServiceLinkage
fffff880`066fa5c0 fffff800`02d757e3 : 00000000`00000000 400001c0`400000c0 00000000`00000000 00000000`021fe9b0 : nt!RtlpGetRegistryHandle+0x131
fffff880`066fa8a0 fffff960`000ad164 : 00000000`00000000 00000000`00000004 00000000`00000000 00000000`00000000 : nt!RtlQueryRegistryValues+0x37
fffff880`066fa970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!DrvUpdateGraphicsDeviceList+0x198


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!DrvUpdateGraphicsDeviceList+198
fffff960`000ad164 440fb71d38fe2c00 movzx   r11d,word ptr [win32k!gProtocolType (fffff960`0037cfa4)]

SYMBOL_STACK_INDEX:  d

SYMBOL_NAME:  win32k!DrvUpdateGraphicsDeviceList+198

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdc4376

FAILURE_BUCKET_ID:  X64_0xBE_win32k!DrvUpdateGraphicsDeviceList+198

BUCKET_ID:  X64_0xBE_win32k!DrvUpdateGraphicsDeviceList+198

Followup: MachineOwner
---------
~Lordbob
My System SpecsSystem Spec
25 Jun 2010   #3

Microsoft Window 7 Professional 32 bit
 
 

If the scan didn't find any problem, then I would suggest your to run check disk and diagnostic. Because Bugcheck 24 usually points to hard drive. In addition, NTFS.sys is a hard drive controller driver.
Disk Check
HD Diagnostic
Bugcheck
Code:
BugCheck 24, {1904fb, fffff8800aedfa08, fffff8800aedf270, fffff88001254a30}

Unable to load image \SystemRoot\system32\DRIVERS\SiWinAcc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsSnapshotScbInternal+160 )

Followup: MachineOwner
---------
Also, I saw one of the minidump file point to the SiWinAcc.sys, which is Silicon Image driver - comes with package for the SIxxxx drivers, and yes, I checked the loaded drivers and saw that they kind of out of date, please update them if you can:
Silicon Image - Support
Code:
fffff880`010e7000 fffff880`01101000   SI3132   SI3132.sys   Thu Oct 04 01:39:29 2007 (4703E1E1)
fffff880`0177c000 fffff880`01784000   SiRemFil SiRemFil.sys Thu Jun 21 02:42:10 2007 (46798312)
fffff880`011da000 fffff880`011e3000   SiWinAcc SiWinAcc.sys Fri Jun 15 07:02:02 2007 (4671D6FA)
Also:
Code:
ASACPI   ASACPI.sys   Mon Mar 28 09:30:36 2005 (42476C4C)
It's pretty out of date, read this article to know what to do:
BSOD + Minidumps, please help

~Tuan
My System SpecsSystem Spec
.


25 Jun 2010   #4

Windows 7 64Bit Home
 
 

For the moment is says:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.


There is a system repair pending which requires reboot to complete. Restart
Windows and run sfc again.

C:\Windows\system32>

So I'm going to do that.

brb

New Scan:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>

@ Tuan, Thanks I'm going to update all of that now.

~TheFrin
My System SpecsSystem Spec
25 Jun 2010   #5

Windows 7 64Bit Home
 
 

@ Lordbob, The most recent scan is in the post above, I edited it in before, so I'm bumping it now. ;p

@ Tuan, Those are the most up to date Silicon Image Drivers I can find (Download Asus M2N32-SLI Deluxe Silicon Image 3132 Serial ATA Driver 1.0.5.0 Driver for Windows XP - Softpedia)

The Silicon Image support site was no use to me unfortunately, when I looked for what I thought I needed, its either brought up white papers, or firmware.

I was able to update the ASACPI.sys so I will see how that goes.

Im going to restart and run a Disk Check, and see how that goes.

Thanks for the help so far guys.

TheFrin
My System SpecsSystem Spec
25 Jun 2010   #6

Windows 7 Ultimate x64, Mint 9
 
 

Ok, so you had some corrupted system files. I figured. If those are fixed, then you might be set, but keep us up to date.

~Lordbob
My System SpecsSystem Spec
26 Jun 2010   #7

Windows 7 64Bit Home
 
 

I thought I may aswell go and have a game of something, So I threw Mass Effect 2 on, and after 15 or so minutes I BSOD'd again.

Its another 0x00000024 so I'm going to recheck my HDD and what not. I think my comp could have BSOD whilst on the chdisk last night, but I was asleep so I cant say for sure.
My System SpecsSystem Spec
26 Jun 2010   #8

Microsoft Window 7 Professional 32 bit
 
 

Yes, you have a good guess buddy, bugcheck code 24 is usually hard drive, and ntfs.sys is the hard drive controller driver, they both appear in the minidump you just posted.
So I would suggest you to run the check disk again and also the hard drive diagnostic as I suggested on my first post above
Have you updated or re-install the silicon image that I suggested yet, I still think that it was the cause, the date of driver still from 2007
BUGCHECK:
Code:
BugCheck 24, {1904fb, fffff88009dc5398, fffff88009dc4c00, fffff880012628ad}

Unable to load image \SystemRoot\system32\DRIVERS\SiWinAcc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsProcessUsnRecordsForCommit+16d )
You also have some other old driver, update them please:
Code:
LMouFilt LMouFilt.Sys Wed Jul 18 07:35:26 2007 (469D604E)
nvm62x64 nvm62x64.sys Sat Oct 18 04:01:06 2008 (48F8FD12)
I'm looking for the silicon image drivers with you too, don't know if I can, it is time consuming stuff. Hope someone know where it is

~Tuan
My System SpecsSystem Spec
26 Jun 2010   #9

Microsoft Window 7 Professional 32 bit
 
 

My System SpecsSystem Spec
26 Jun 2010   #10

Windows 7 64Bit Home
 
 

I just ran the Western Digital Data Lifeguard and got this PASS.

Test Option: EXTENDED TEST Model Number: WDC WD10EADS-00L5B1 Unit Serial Number: WD-WCAU48132387 Firmware Number: 01.01A01 Capacity: 1000.20 GB SMART Status: Not Available Test Result: PASS Test Time: 17:43:22, June 26, 2010

I have just gotten the 3132r5_x64_15190_logo_win7 drivers off of the Silicon Image website, you posted Tuan so I'll throw them on now, and run another disk check when I do the restart.

At least I'm making some progress on this, so thanks guys, just wondering what do you use to veiw the dump files?

TheFrin
My System SpecsSystem Spec
Reply

 BSOD Help




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:48 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33