BSOD [page fault in nonpaged area]


  1. cdog
    Posts : 12
    windows 7 64bit
       New #1

    BSOD [page fault in nonpaged area]


    Hi guys
    i bought a new configuration:

    Gigabyte-770T-D3L motherboard with
    AMD Phenom II X2 processor
    4 gb DDR3 Ram
    ATI Radeon HD 4800 graphics card

    freshly installed Windows 7 x64 retailed
    i updated my drivers motherboard and graphics card i do not use ESET antivirus (just the windows essentials as you recommended)

    and sometimes i still got random BSOD page fault in nonpaged area

    but i always got a BSOD when i want to install the NetBeans IDE

    i attached my dump files

    thanks in advance for you time
    cdog
      My Computer
    Quote Quote

  3. zigzag3143
    Posts : 28,845
    Win 8 Release candidate 8400
       New #2

    cdog said:
    Hi guys
    i bought a new configuration:

    Gigabyte-770T-D3L motherboard with
    AMD Phenom II X2 processor
    4 gb DDR3 Ram
    ATI Radeon HD 4800 graphics card

    freshly installed Windows 7 x64 retailed
    i updated my drivers motherboard and graphics card i do not use ESET antivirus (just the windows essentials as you recommended)

    and sometimes i still got random BSOD page fault in nonpaged area

    but i always got a BSOD when i want to install the NetBeans IDE

    i attached my dump files

    thanks in advance for you time
    cdog

    Hi Cdog


    One thing I noticed is sptd.sys used in daemon tools/alcohol120. It frequently causes BSOD's

    Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dmp, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads
     [/quote]
    You can use MagicDisc as an alternative.

    Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) Overview

    Let us know if the BSOD's continue.


    Ken J
      My Computer
    Quote Quote

  4. cdog
    Posts : 12
    windows 7 64bit
    Thread Starter
       New #3

    Now my machine works like a charm since I uninstalled Daemon Tools.

    NetBeans installed perfectly.

    Thank you very much for you help

    p.s:
    Is there some resource out there how should i read those dump files?
      My Computer
    Quote Quote

  6. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #4

    cdog, we use WinDbg from Microsoft to analyze the dump files. BlueScreenView is another program.
      My Computer
    Quote Quote

  7. cdog
    Posts : 12
    windows 7 64bit
    Thread Starter
       New #5

    Well i just needed couple of hours till the next crash.
    Here are my dump files.

    I used who crashed and almost everytime ntoskernel.exe was the problem.
    And there are some errors when i want to run Windows update

    It could install/update Security Update for .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841)

    Thank you again for your efforts
      My Computer
    Quote Quote

  8. Tews
    Posts : 11,840
    64-bit Windows 8.1 Pro
       New #6

    The dmp(s) point to ntkrnlmp.exe or ntoskrnl.exe as the probable cause. We know this is not the case, as these are core OS files, and will definitely not cause a BSOD. They are just the default files the debuggers blame when they can't see a better cause. We need to enable driver verifier to help pinpoint the faulting driver..

    - Go to Start and type in "verifier" (without the quotes) and press Enter
    - Select "Create custom settings (for code developers)" and click "Next"
    - Select "Select individual settings from a full list" and click "Next"
    - Select everything EXCEPT FOR "Low Resource Simulation" and click "Next"
    - Select "Select driver names from a list" and click "Next"
    Then select all drivers NOT provided by Microsoft and click "Next"
    - Select "Finish" on the next page.

    Reboot the system and wait for it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation (an estimate on my part).

    Code:
    *******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80002d994a1, fffff880085e35d0, 0}

Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+51 )

Followup: MachineOwner
---------
      My Computer
    Quote Quote

  10. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #7

    ntoskernel.exe is the Windows system core and is very unlikely to be the real problem. An analysis program has to blames something and if it sees nothing else, it will blame a Windows system file. I looked at your four most recent dumps and see four different error codes. This usually means a hardware or hardware related (drivers) problem. All four dumps indicate memory corruption. One dump directly blames Rt64win7.sys.
    Code:
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a13000 PsLoadedModuleList = 0xfffff800`02c50e50
Debug session time: Sat Nov 27 08:33:04.728 2010 (GMT-5)
System Uptime: 0 days 3:08:00.211
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80002d994a1, fffff880085e35d0, 0}

Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+51 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002d994a1, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff880085e35d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ObpCloseHandleTableEntry+51
fffff800`02d994a1 4883bba800000000 cmp     qword ptr [rbx+0A8h],0

CONTEXT:  fffff880085e35d0 -- (.cxr 0xfffff880085e35d0)
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a007c98360
rdx=fffff8a007faadc0 rsi=fffffa800612ab60 rdi=fffff8a007faadc0
rip=fffff80002d994a1 rsp=fffff880085e3fa0 rbp=fffff8a007c98360
 r8=fffffa8005b3d940  r9=0000000000000770 r10=0000000000000770
r11=fffff880085e4000 r12=fffffa8005f7ff30 r13=fffffa8005b3d940
r14=fffffa8005b3da00 r15=fffff8a007c98360
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!ObpCloseHandleTableEntry+0x51:
fffff800`02d994a1 4883bba800000000 cmp     qword ptr [rbx+0A8h],0 ds:002b:00000000`000000a8=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  msnmsgr.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff80002d994a1

STACK_TEXT:  
fffff880`085e3fa0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpCloseHandleTableEntry+0x51


FOLLOWUP_IP: 
nt!ObpCloseHandleTableEntry+51
fffff800`02d994a1 4883bba800000000 cmp     qword ptr [rbx+0A8h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ObpCloseHandleTableEntry+51

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

STACK_COMMAND:  .cxr 0xfffff880085e35d0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_nt!ObpCloseHandleTableEntry+51

BUCKET_ID:  X64_0x3B_nt!ObpCloseHandleTableEntry+51

Followup: MachineOwner
---------

Debug session time: Sat Nov 27 10:02:42.850 2010 (GMT-5)
System Uptime: 0 days 1:28:45.332
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff88041e241cc, 1, fffff88000e24162, 5}


Could not read faulting driver name
Probably caused by : hardware ( fileinfo!FIStreamGetInfo+11f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88041e241cc, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff88000e24162, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc10e0
 fffff88041e241cc 

FAULTING_IP: 
fltmgr!FltpExpandShortNames+292
fffff880`00e24162 891564000041    mov     dword ptr [fffff880`41e241cc],edx

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  javaw.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88006a7f080 -- (.trap 0xfffff88006a7f080)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8005c53701
rdx=fffff88006a7fc01 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000e24162 rsp=fffff88006a7f210 rbp=0000000000000017
 r8=fffffa8005dc5970  r9=0000000000000150 r10=fffff80002c04e80
r11=fffffa8005ab76d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
fltmgr!FltpExpandShortNames+0x292:
fffff880`00e24162 891564000041    mov     dword ptr [fffff880`41e241cc],edx ds:0037:fffff880`41e241cc=????????
Resetting default scope

MISALIGNED_IP: 
fltmgr!FltpExpandShortNames+292
fffff880`00e24162 891564000041    mov     dword ptr [fffff880`41e241cc],edx

LAST_CONTROL_TRANSFER:  from fffff80002b088c1 to fffff80002a89740

STACK_TEXT:  
fffff880`06a7ef18 fffff800`02b088c1 : 00000000`00000050 fffff880`41e241cc 00000000`00000001 fffff880`06a7f080 : nt!KeBugCheckEx
fffff880`06a7ef20 fffff800`02a8782e : 00000000`00000001 00000000`00000037 fffffa80`04903700 fffff880`00e24c01 : nt! ?? ::FNODOBFM::`string'+0x40e8b
fffff880`06a7f080 fffff880`00e24162 : 00000000`00000017 00000000`00000037 fffffa80`0428b510 fffff880`00e25200 : nt!KiPageFault+0x16e
fffff880`06a7f210 fffff880`00e25361 : fffffa80`00000042 00000000`00000042 00000000`00000038 00000000`00000000 : fltmgr!FltpExpandShortNames+0x292
fffff880`06a7f270 fffff880`00e2513e : fffffa80`0428b510 fffff880`00e20000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetNormalizedFileNameWorker+0xc1
fffff880`06a7f2b0 fffff880`00e0654b : fffffa80`039c1000 00000000`00000000 fffffa80`05cda430 fffff880`06a80000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`06a7f310 fffff880`00e11ad4 : 00000000`00008000 fffffa80`05cda430 00000000`00000000 00000000`00000401 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`06a7f390 fffff880`0102a36b : fffffa80`0428b510 fffff8a0`0a4ab2d0 00000000`00000001 fffff880`06a7f4c0 : fltmgr!FltGetFileNameInformation+0x184
fffff880`06a7f420 fffff880`01028bdb : fffff140`167b2027 00000000`00000001 00000000`00000000 00000000`000276d5 : fileinfo!FIStreamGetInfo+0x11f
fffff880`06a7f4a0 fffff880`00e04242 : 00000000`00000000 fffff8a0`0a4ab2d0 fffffa80`05d09ca0 00000000`00000000 : fileinfo!FIPostCreateCallback+0x1c7
fffff880`06a7f530 fffff880`00e0338b : fffffa80`048c0030 fffffa80`03d636f0 fffffa80`049b0bb0 fffffa80`049b0dd0 : fltmgr!FltpPerformPostCallbacks+0x392
fffff880`06a7f600 fffff880`00e222b9 : fffffa80`05d09900 fffffa80`04a4a010 fffffa80`05d09900 fffffa80`04a0b3d0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x39b
fffff880`06a7f690 fffff800`02d8c807 : 00000000`00000005 fffff800`02d8c260 fffffa80`05cef010 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`06a7f740 fffff800`02d82e84 : fffffa80`049289d0 00000000`00000000 fffffa80`05c4fb10 fffff880`06a7f801 : nt!IopParseDevice+0x5a7
fffff880`06a7f8d0 fffff800`02d87e4d : fffffa80`05c4fb10 fffff880`06a7fa30 00000000`00000040 fffffa80`03a01de0 : nt!ObpLookupObjectName+0x585
fffff880`06a7f9d0 fffff800`02d8e917 : 00000000`000007ff 00000000`00000001 fffffa80`05d7d101 00000000`00000180 : nt!ObOpenObjectByName+0x1cd
fffff880`06a7fa80 fffff800`02d98520 : 00000000`354bf0d8 fffff8a0`00100080 fffff8a0`0b565020 00000000`354bf0e8 : nt!IopCreateFile+0x2b7
fffff880`06a7fb20 fffff800`02a88993 : fffffa80`03da47e0 00000000`00000001 fffffa80`05ab76d0 fffff800`02d9f414 : nt!NtCreateFile+0x78
fffff880`06a7fbb0 00000000`77c702aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`354bf058 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c702aa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
fileinfo!FIStreamGetInfo+11f
fffff880`0102a36b 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  8

SYMBOL_NAME:  fileinfo!FIStreamGetInfo+11f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hardware

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner
---------

Debug session time: Fri Nov 26 13:54:37.562 2010 (GMT-5)
System Uptime: 0 days 0:48:31.045
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {ffffffff828b027a, 2, 1, fffff8800167c468}

Unable to load image \SystemRoot\system32\DRIVERS\Rt64win7.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rt64win7.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : Rt64win7.sys ( Rt64win7+11af7 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffffff828b027a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800167c468, address which referenced memory

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'SCSIPORT' and 'spsys.sys' overlap

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d070e0
 ffffffff828b027a 

CURRENT_IRQL:  2

FAULTING_IP: 
tcpip!TcpPreValidatedReceive+228
fffff880`0167c468 66448b7902      mov     r15w,word ptr [rcx+2]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88006b4ec40 -- (.trap 0xfffff88006b4ec40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000050c2401f rbx=0000000000000000 rcx=fffff88004f51662
rdx=0000000000000009 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800167c468 rsp=fffff88006b4edd8 rbp=0000000000000001
 r8=0000000000000000  r9=0000000000000000 r10=0000000080000000
r11=0000000220b58dbc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
tcpip!TcpPreValidatedReceive+0x228:
fffff880`0167c468 66448b7902      mov     r15w,word ptr [rcx+2] ds:e5f6:fffff880`04f51664=????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002aceca9 to fffff80002acf740

STACK_TEXT:  
fffff880`06b4eaf8 fffff800`02aceca9 : 00000000`0000000a ffffffff`828b027a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`06b4eb00 fffff800`02acd920 : 00000000`00000000 00000000`00000001 00000000`8a391749 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`06b4ec40 fffff880`0167c468 : fffffa80`0482a000 fffff880`04f47000 fffff880`00000000 fffffa80`04f5eb40 : nt!KiPageFault+0x260
fffff880`06b4edd8 fffffa80`044abf00 : fffff880`0165e6c7 fffffa80`0482a000 fffffa80`04829e30 fffffa80`044a0000 : tcpip!TcpPreValidatedReceive+0x228
fffff880`06b4ee88 fffff880`0165e6c7 : fffffa80`0482a000 fffffa80`04829e30 fffffa80`044a0000 00000000`00000000 : 0xfffffa80`044abf00
fffff880`06b4ee90 fffff880`0165e799 : fffff880`06b4f010 fffff880`0176c9a0 fffff880`06b4f020 fffff880`01635bab : tcpip!IppDeliverListToProtocol+0x97
fffff880`06b4ef50 fffff880`0165ec90 : fffffa80`0482a000 fffffa80`04f55200 00000000`00000011 fffff880`06b4f010 : tcpip!IppProcessDeliverList+0x59
fffff880`06b4efc0 fffff880`0165db21 : fffffa80`faffffef fffffa80`0482a000 fffff880`0176c9a0 00000000`04c36b01 : tcpip!IppReceiveHeaderBatch+0x231
fffff880`06b4f0a0 fffff880`0165c592 : fffffa80`04c427e0 00000000`00000000 fffffa80`04c36b01 00000000`00000001 : tcpip!IpFlcReceivePackets+0x651
fffff880`06b4f2a0 fffff880`01675e5a : fffffa80`04c36bb0 fffff880`06b4f3d0 fffffa80`04c36bb0 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
fffff880`06b4f380 fffff800`02adee5a : fffffa80`04f5ea10 fffff880`06b4a000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda
fffff880`06b4f3d0 fffff880`01675882 : fffff880`01675d80 fffff880`06b4f4e0 fffff880`06b4f502 00000000`00000001 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`06b4f4b0 fffff880`015730eb : fffffa80`04d478d0 00000000`00000000 fffffa80`04ca61a0 fffff880`03ba4a7e : tcpip!FlReceiveNetBufferListChain+0xb2
fffff880`06b4f520 fffff880`0153cfc6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff880`06b4f590 fffff880`014b6ef1 : fffffa80`04ca61a0 00000000`00000002 00000000`00000001 00000000`00000000 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff880`06b4fa10 fffff880`04411af7 : fffffa80`04ef8000 00000000`00000000 fffff880`04ed3030 00000000`00000001 : ndis!NdisMIndicateReceiveNetBufferLists+0xc1
fffff880`06b4fa60 fffffa80`04ef8000 : 00000000`00000000 fffff880`04ed3030 00000000`00000001 00000000`00000001 : Rt64win7+0x11af7
fffff880`06b4fa68 00000000`00000000 : fffff880`04ed3030 00000000`00000001 00000000`00000001 00000000`00000000 : 0xfffffa80`04ef8000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Rt64win7+11af7
fffff880`04411af7 ??              ???

SYMBOL_STACK_INDEX:  10

SYMBOL_NAME:  Rt64win7+11af7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Rt64win7

IMAGE_NAME:  Rt64win7.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49a65b0d

FAILURE_BUCKET_ID:  X64_0xD1_Rt64win7+11af7

BUCKET_ID:  X64_0xD1_Rt64win7+11af7

Followup: MachineOwner
---------

Debug session time: Fri Nov 26 12:02:14.028 2010 (GMT-5)
System Uptime: 0 days 0:03:38.511
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck BE, {6b42828, 9f000000c8eb6025, fffff88006b4a6d0, a}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+409b4 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory.  The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 0000000006b42828, Virtual address for the attempted write.
Arg2: 9f000000c8eb6025, PTE contents.
Arg3: fffff88006b4a6d0, (reserved)
Arg4: 000000000000000a, (reserved)

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xBE

PROCESS_NAME:  MsMpEng.exe

CURRENT_IRQL:  2

TRAP_FRAME:  fffff88006b4a6d0 -- (.trap 0xfffff88006b4a6d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88006b4a7e8 rbx=0000000000000000 rcx=fffff88006b4a7e8
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ac2743 rsp=fffff88006b4a860 rbp=0000000000000001
 r8=fffff880009e7180  r9=0000000000000000 r10=fffff80002cc9840
r11=fffff88006b4a830 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!MiDeletePageTableHierarchy+0x203:
fffff800`02ac2743 f00fba6f1000    lock bts dword ptr [rdi+10h],0 ds:00000000`00000010=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002b0e448 to fffff80002a8f740

STACK_TEXT:  
fffff880`06b4a568 fffff800`02b0e448 : 00000000`000000be 00000000`06b42828 9f000000`c8eb6025 fffff880`06b4a6d0 : nt!KeBugCheckEx
fffff880`06b4a570 fffff800`02a8d82e : fffff880`06b4a700 fffffa80`0028c2c0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x409b4
fffff880`06b4a6d0 fffff800`02ac2743 : fffffa80`0028c2c0 00000000`00000001 00000000`06b42818 fffff680`00024ff8 : nt!KiPageFault+0x16e
fffff880`06b4a860 fffff800`02ac08e5 : fffffa80`0574c6b0 55555555`55555555 00000000`00000000 fffff800`02d665f5 : nt!MiDeletePageTableHierarchy+0x203
fffff880`06b4a970 fffff800`02ad10da : 00000000`00000000 00000000`04b00fff fffffa80`00000000 fffffa80`00000000 : nt!MiDeleteVirtualAddresses+0x96c
fffff880`06b4ab30 fffff800`02a8e993 : ffffffff`ffffffff 00000000`020feb50 00000000`020feb18 fffffa80`00008000 : nt!NtFreeVirtualMemory+0x5ca
fffff880`06b4ac20 00000000`7719ff3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`020fea88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7719ff3a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+409b4
fffff800`02b0e448 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+409b4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0xBE_nt!_??_::FNODOBFM::_string_+409b4

BUCKET_ID:  X64_0xBE_nt!_??_::FNODOBFM::_string_+409b4

Followup: MachineOwner
---------
    I find the following outdated drivers loading on your system. Out of date drivers can and do cause memory corruption and BSDOD's. Update these two drivers.
    Rt64win7.sys Thu Feb 26 04:04:13 2009 - Rt64win7.sys - Latest PCIe GBE (GigaBit Ethernet) drivers here: Realtek. This driver was blamed in one of your dumps.

    usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers), AMD.com | Support & Downloads
    Update these two drivers and see how your system does. If you get another BSOD, upload then dump and then run Memtest to test your RAM. Follow the instructions in this tutorial. Let Memtest run for at least 7 passes. This will take 6-8 hours. Run Memtest from a cold boot after your computer has been off for a while. Post your results.
      My Computer
    Quote Quote

  11. cdog
    Posts : 12
    windows 7 64bit
    Thread Starter
       New #8

    I was away for a week. So now I got the time to "repair" my computer.

    I just started to run a memtest86 on my machine and in the first 10 minutes it gave me 5 errors.

    I think it means i need to go back to the retailer and ask for new rams or motherboard.
    (both are 2 weeks old ::sigh:: )


    or any other suggestions?
      My Computer
    Quote Quote

  12. cdog
    Posts : 12
    windows 7 64bit
    Thread Starter
       New #9

    It was a bad memory stick. Now is all good.

    thank you for your time and help. this forum is great
      My Computer
    Quote Quote

  13. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #10

    Thank you very much for reporting back with your solution. That is the news we like to hear! Glad you are running smoothly. Happy computing!
      My Computer
    Quote Quote

 

  Related Discussions
BSOD Page fault in nonpaged area
in BSOD Help and Support

Hello, I replaced my old HDD for an SSD. After turning on AHCI-mode in the BIOS and formatting the new SSD, I installed Windows 7 Ultimate x64 SP1. Now that Windows installation is complete, I installed all the drivers for my hardware. Since then, after starting Windows a BSOD appears with the...
BSOD: page fault in nonpaged area
in BSOD Help and Support

Hello, I bought a new computera last week and it has been throwing BSODs at random times, around 2-3 times a week, with no apparent reason. The error I get is PAGE_FAULT_IN_NONPAGED_AREA, win32k.sys. I'm uploading the diagnostics I got from the SD diagnostic tool. Please, I'm desperate, I...
BSOD - Page fault in nonpaged area
in BSOD Help and Support

Just done a clean install of windows to solve an issue I had with graphics drivers crashing then recovering this doesnt seem to have helped as screen has frozen and NOT recovered twice now and just had this BSOD:Page fault in nonpaged area. Wasnt fast enough to catch codes on screen but SF...
BSOD Page Fault in Nonpaged Area
in BSOD Help and Support

Hi All, First post here so hope I have done all correctly! Had hoped to catch up on my workload today but windows decided otherwise! Have had multiple BSOD. Mainly Page Fault in Nonpaged Area but also others such as Apc Index Mistmatch. I am getting BSOD on every boot. I literally cannot use...
I have just built my dream custom PC Windows 7 x64 Ultimate Ga-x58a-ud3r MB and 6GB corsair ram Gtx 460 SLI SSD (ocz sata 2) (boot) none raid SSD (crucial sata 3) Samsung F3 1TB (storage) 850w Corsair PSU.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:28.
Find Us