BSOD : My computer does not seem to like Source games, especially HL2

[Alexander Moore]

Btw, another BSOD happened. It's attached to the post above. I've made an actual reply instead of an edit because I'm not sure if you already left the thread or not.

OH, and I don't think that the IOCBIOS had anything to do with anything after all. It was just my imagination. Nothing has actually changed since removing it.

 

[Maguscreed]

What is ntoskrnl.exe anyway?

It's the basic kernel that pretty much allows windows to run.
It very often is announced as the cause of crashes where drivers are involved only rooting through the debugger data can really help nail it down most the time.

Basically it can't be wrong though it's the sandbox all the kids have to play in so to speak.

 

[Alexander Moore]

Is there anything more I can do to try to pinpoint what the problem is?

 

[Vir Gnarus]

Just so you're aware, Driver Verifier can easily cause slowdown on a system since it performs many more operations to institute checks on your drivers. So whenever it's active, expect the system to be a bit more sluggish.

I have found the exact issue, which is a solitary changed byte to change an instruction in the kernel code to a backwards compatible variation. Judging by this, I don't believe this is hardware we're dealing with but some driver playing foul. Most common instances of this situation involve any sort of sandboxing or VM (virtual machine) software. In addition, motherboard software, chipset drivers, and perhaps even the BIOS can be involved.

Unfortunately PatchGuard on Windows - the component that tracks kernel code for any unsuspected modifications - seems to only trap when it's come across a modification, not from what caused the modification in the first place. This in all honesty is pretty stupid, but that's just how it is. So I'm afraid we're still unaware what exactly is causing this, but at least now we can trim it down to most suspect as software, with the aforementioned list in the previous paragraph being a good start. You'll want to do some late spring cleaning, which should involve cleaning off any motherboard software (all of it), updating your motherboard drivers and BIOS, and checking any software that has anything to do with sandboxing or VMs, such as certain antivirus software like Sandboxie (which should be uninstalled if present).

Another possibility, I venture to guess, is what triggered the modification could've been the processor bugged out somehow when trying to perform the 'correct' instruction, and some application responded by altering the code to make it backwards compatible with CPUs that would typically bug out on said instruction, whereas this would've been just a one-time occurrence. I don't suspect this is the case as it all looks way too consistent for that, but you are still free to perform the hardware tests.

Analysts:

Found this article on 109 bugchecks, and decided to go for it. Since the client is using Windows 7 SP1 and an AMD64 system, I downloaded and extracted the SP1 installation package and pulled out the modified ntoskrnl.exe from it. Then I opened it with Windbg (not by "Open Executable" but by "Open Crash dump"). I already know the name of the symbol I'm looking for, the one that crashes all the time, and its offset, all of which is ExpReleaseResourceForThreadLite+0x53, so I did an unassemble on it (with the u command), and then did the same with the same block of code in the client's crash dump, and juxtaposed the two, as followed:

SP1 ntoskrnl.exe:

ntoskrnl!ExpReleaseResourceForThreadLite+0x53:
00000001`400829d3 4c897c2468      mov     qword ptr [rsp+68h],r15
00000001`400829d8 0f[COLOR=Red]0d[/COLOR]4b18        [COLOR=Red]prefetchw[/COLOR] [rbx+18h]
00000001`400829dc f6431a80        test    byte ptr [rbx+1Ah],80h
00000001`400829e0 0f85ba000000    jne     ntoskrnl!ExpReleaseResourceForThreadLite+0x120 (00000001`40082aa0)
00000001`400829e6 41bf01000000    mov     r15d,1
00000001`400829ec 48396b30        cmp     qword ptr [rbx+30h],rbp
00000001`400829f0 0f8522010000    jne     ntoskrnl!ExpReleaseResourceForThreadLite+0x198 (00000001`40082b18)
00000001`400829f6 488d7b30        lea     rdi,[rbx+30h]

Client's crash dump:

nt!ExpReleaseResourceForThreadLite+0x53:
fffff800`0407c583 4c897c2468      mov     qword ptr [rsp+68h],r15
fffff800`0407c588 0f[COLOR=Red]1f[/COLOR]4b18        [COLOR=Red]nop[/COLOR]     dword ptr [rbx+18h]
fffff800`0407c58c f6431a80        test    byte ptr [rbx+1Ah],80h
fffff800`0407c590 0f85ba000000    jne     nt!ExpReleaseResourceForThreadLite+0x120 (fffff800`0407c650)
fffff800`0407c596 41bf01000000    mov     r15d,1
fffff800`0407c59c 48396b30        cmp     qword ptr [rbx+30h],rbp
fffff800`0407c5a0 0f8522010000    jne     nt!ExpReleaseResourceForThreadLite+0x198 (fffff800`0407c6c8)
fffff800`0407c5a6 488d7b30        lea     rdi,[rbx+30h]

There's a good bit of material on the difference between using the nop instruction and its variations and prefetch/prefetchw. This kinda sheds a bit of light on it generally speaking, but it's all more-or-less a deal with CPU compatibility. It's also the same kind of manipulation that's mentioned of in the Ntdebugging blog I referred to previously, however the function (and possibly the application involved) is different.

 

[Alexander Moore]

So, what exactly do I need to do to get the error aside, or to investigate further?

Sorry, I'm not a total computer newbie as I've used them for a long time, but nor am I a professional at all. I'm more of an intermediate - you know, the kinda guy that helps his friends with their little computer issues, plays some games, and runs a fairly okay forum. But deeper stuff I start to get a bit lost on. I just know how to navigate Windows fairly well and know a few commands but not a wide number of them. My terminology isn't exactly amazing either. Would love to learn though.

So basically, is there anything I can do from here? I'll continue to provide future BSODs, unless you feel that that is unnecessary from this point.

Edit : Please note that I have no installed anything that modifies my motherboard or CPU from what it came with. As for updating BIOS and Motherboard drivers, I'm not even sure where to find them. My computer's BIOS was made by Origin, and that's not a very big company. They don't have a nice place for updating drivers and so forth. When I ask them about BIOS, they just usually tell me I don't need to update, or there's no new updates. As for the Motherboard, apparently it's some kind of Clevo board, which makes sense since Origin basically just takes Clevo chassis and put's their own stuff in it, but I have no idea where they would have updates for that, if there are any.

Also note : There are no overclocking options in the BIOS. There's only a very limited set of things I can change from the BIOS setup screen, and none of them seem to be even remotely related to overclocking (they're all things like enabling Bluetooth and what mode my Hard Drive is in, the boot sequence, etc).

Such is the curse of going with a more custom brand. There's no easy support system about it.

 

[Vir Gnarus]

For a customizable system that you would've paid extra for, that sure sounds like a pretty rinky dink BIOS it's got going on. Either way, since it's a Clevo model laptop, you may find details and resources at their website as well as here. Aside from that, I cannot help you as I'm unfamiliar with them.

As for the mobo software n stuff, it's that same stuff that came with the system I may be worried about. Often times motherboards or systems come preinstalled with utilities and whatnot that actually do nothing more than jack the system into a state of disarray because they're typically made very poorly. That's why it's recommended to just do a rundown and if there's any software that comes up related to your mobo/system that isn't some form of driver then you may want to consider getting rid of it. Monitoring software and other assorted nicknacks can be garnered online from more reputable 3rd-party software developers.

I'll try and get in touch with others here on the forums to see if there's anyone more familiar with these laptops that may be able to assist you further.

 

[Alexander Moore]

NVIDIA literally just released a new version. NVIDIA just prompted me to update, so I'm downloading the new driver now.

Do you know how I can figure out the name of my motherboard? I used to know because HW Monitor would show me, but now it's uninstalled.

 

[Vir Gnarus]

The model name I got from the crashdump was a Clevo P170HMx.

 

[Alexander Moore]

So I'm guessing what you want me to download is the Chipset, right?

They didn't have the exact name "P170HMx" even listed, so I went with the closest thing which is "P170HM". Dunno what the x is about.

So do you think these drivers will really fix my problem? I mean, this issue has been around since I got the computer more than a year ago, and no matter how many restores I do back to factory settings, it's still there, which tells me it has a bug even in it's defaults.

 

[Vir Gnarus]

It's a gamble. We don't know what's causing the kernel patching that's triggering the BSOD, but the items I've mentioned have the most potential of doing so. You may even need to end up going on an update frenzy and run through all your hardware and look up and download updates for em all. I'd be especially cautious about your BIOS though, as Origin may have changed it a bit and the model number is not identical with what's on the site, and any slight change will brick your PC easily.