Solved thread here - Many 0x9f blue screen (DRIVER_POWER_STATE_FAILURE) errors.
What the issue was -
GEARAspiWDM.sys (CD-ROM Class Filter Driver by Gear Software.)
nvstor64.sys (nVidia Storage Driver (nForce chipset driver) )
StkCPipe.sys (Syntek USB 2.0 Video Pipeline Driver EASYCAP DC60 - STK1160 CHIPSET Driver)
ASMMAP64.sys (LENOVO ATK Hotkey ATK0101 ACPI UTILITY)
StkCSF.sys (STK1160 Grabber)
ATK64AMD.sys (ATK Hotkey ATK0101 ACPI UTILITY Driver)
nvsmu.sys (nVidia nForce System Management Controller (nVidia nForce chipset driver) )
ETD.sys (ELAN PS/2 Port Smart Pad)
all needed to be updated~
On this blog, you''ll find postmortem/live bug check (BSOD) debugging, malware analysis, and reverse engineering.
Sunday, July 7, 2013
Saturday, July 6, 2013
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Solved thread here - [SOLVED] BsoD while playing games
What the issue was - BUSL0_SRC_ERR_M_NOTIMEOUT_ERR (Proc 1 Bank 0) showing consistently through the DMP files. Implies that the processor sent out a request to L0 cache and there was a delay in return (invalid data, miss, etc). Temperatures were not a problem, BIOS was not the problem, etc... so ultimately the CPU was to be replaced.
What the issue was - BUSL0_SRC_ERR_M_NOTIMEOUT_ERR (Proc 1 Bank 0) showing consistently through the DMP files. Implies that the processor sent out a request to L0 cache and there was a delay in return (invalid data, miss, etc). Temperatures were not a problem, BIOS was not the problem, etc... so ultimately the CPU was to be replaced.
[SOLVED] DRIVER_POWER_STATE_FAILURE
I'm going to start blogging BSOD cases that I solve / have helped in solving. I figure this will be good for my own personal benefit in case I need to look back on a specific solved thread, or the benefit of others trying to find something out. It may be difficult in certain cases when the original poster doesn't mark their thread as solved, or doesn't tell me. However, I digress.
Solved thread here - [SOLVED] DRIVER_POWER_STATE_FAILURE BSOD persistent problem.
What the issue was - VW7UX64V.sys (VIA Networking Technologies USB Wireless LAN Adapter) needed to be updated.
Solved thread here - [SOLVED] DRIVER_POWER_STATE_FAILURE BSOD persistent problem.
What the issue was - VW7UX64V.sys (VIA Networking Technologies USB Wireless LAN Adapter) needed to be updated.
Friday, July 5, 2013
0x76: PROCESS_HAS_LOCKED_PAGES
I ran into my first 0x76 bugcheck today!
Here's the forum post in which I am currently analyzing it~
The user is assuming the probably is currently with AmarecTV, which may be likely given the user reported they have no issues with any other system operations, but I am curious to see if another driver is possibly conflicting with AmarecTV's driver and causing issues. We will see!
Here's the MSDN article to 0x76's page.
Here's the forum post in which I am currently analyzing it~
The user is assuming the probably is currently with AmarecTV, which may be likely given the user reported they have no issues with any other system operations, but I am curious to see if another driver is possibly conflicting with AmarecTV's driver and causing issues. We will see!
Here's the MSDN article to 0x76's page.
Wednesday, July 3, 2013
Not an analysis post or anything cool, but more-so just a plug that I created a Twitter for BSOD analysis and to connect with MVP's and other very cool tech related things! I've also inserted it into the sidebar.
I figure at the moment I am going to use it to share the posts I make here, links to interesting BSOD cases along my path, follow some great BSOD friends, MVP's, technology based Twitters, etc. I've already made a few tweets and such, getting used to it.
That's about it : )
I figure at the moment I am going to use it to share the posts I make here, links to interesting BSOD cases along my path, follow some great BSOD friends, MVP's, technology based Twitters, etc. I've already made a few tweets and such, getting used to it.
That's about it : )
Video card drivers~
In BSOD analysis, something you see often is a video driver being a culprit or being in a stack, kind of just hanging out. The same thing goes for DirectX and its kernel, etc. Generally, DirectX and its kernel, and the video driver itself are not the true culprit, however something goes wrong between DirectX kernel making calls, etc, whatever it may be... so we are left with DirectX's kernel holding the murder weapon.
When I am personally analyzing, if I am dealing with a case in which I am seeing video driver culprits (AMD or nVidia) or dxgmms1.sys / dxgkrnl.sys (DirectX), something I always mention is to update to the latest video card drivers as it's very important to always be up to date on any of your drivers, but absolutely important to be on the latest video card drivers. However, if you ARE on the latest drivers already, uninstall and go back a previous version, or maybe 1-2 more versions behind the latest just in case the latest drivers are causing issues.
Example of where I recommend a user to try a different driver version. The user did, however did not have success. Ultimately, the user installed the beta driver for their video card and that ended up working.
In most cases I would never recommend beta drivers as they are BETA DRIVERS for a reason, however, in this case, it was a great idea to just say (hey, what the heck, let's try the beta drivers... they're a different version than the latest).
Something I never really thought about until a professor of mine mentioned it, is that your video card is practically a computer itself. It has its own dedicated memory, its own BIOS, its own cooler, its own processing unit, etc. Take all of that and imagine it has to work with an OS, other hardware, drivers to communicate, etc. This is an extremely complex process, which I am currently reading and learning more about calls, IRQL's, and all of that neat stuff everyday.
With that said, the slightest issue in a driver installation, or the slightest issue in a certain driver version is really sometimes all it takes to cause issues. I have been a firm believer of this, but never really understood it fully until I started learning more and more. I'm sure even further in my analysis I will understand it much more.
With all of this said, if you are ever dealing with a case in which the user in question is having video driver culprits or DirectX culprits, it never hurts to recommend the user to update to the latest drivers, OR to uninstall and go back to a previous version or so to eliminate driver issues. Same goes for you users, not just analysts! If you are having issues, before running other diagnostics, always work with the software first.
When I am personally analyzing, if I am dealing with a case in which I am seeing video driver culprits (AMD or nVidia) or dxgmms1.sys / dxgkrnl.sys (DirectX), something I always mention is to update to the latest video card drivers as it's very important to always be up to date on any of your drivers, but absolutely important to be on the latest video card drivers. However, if you ARE on the latest drivers already, uninstall and go back a previous version, or maybe 1-2 more versions behind the latest just in case the latest drivers are causing issues.
Example of where I recommend a user to try a different driver version. The user did, however did not have success. Ultimately, the user installed the beta driver for their video card and that ended up working.
In most cases I would never recommend beta drivers as they are BETA DRIVERS for a reason, however, in this case, it was a great idea to just say (hey, what the heck, let's try the beta drivers... they're a different version than the latest).
Something I never really thought about until a professor of mine mentioned it, is that your video card is practically a computer itself. It has its own dedicated memory, its own BIOS, its own cooler, its own processing unit, etc. Take all of that and imagine it has to work with an OS, other hardware, drivers to communicate, etc. This is an extremely complex process, which I am currently reading and learning more about calls, IRQL's, and all of that neat stuff everyday.
With that said, the slightest issue in a driver installation, or the slightest issue in a certain driver version is really sometimes all it takes to cause issues. I have been a firm believer of this, but never really understood it fully until I started learning more and more. I'm sure even further in my analysis I will understand it much more.
With all of this said, if you are ever dealing with a case in which the user in question is having video driver culprits or DirectX culprits, it never hurts to recommend the user to update to the latest drivers, OR to uninstall and go back to a previous version or so to eliminate driver issues. Same goes for you users, not just analysts! If you are having issues, before running other diagnostics, always work with the software first.
Tuesday, July 2, 2013
Resources I often use!
General reference links:
Driver Reference Table. This lists practically every driver there is in a handy reference table. Refer to this when analyzing and debugging crash dump files if you need to. Created and maintained by John Carrona, Microsoft Expert-Consumer MVP since 2006!
Driver Download Sites. Contains links to where a driver is hosted and where to download it / update it. If a driver isn't available for download via the reference table, or you want to look here regardless.
Bugcheck or STOP Code Index. Great link for reading up on STOP codes and what causes those STOP codes.
Antivirus Uninstallers. Great blog post that provides Antivirus Uninstaller links (always recommended to use rather than using the traditional Programs & Features uninstall method). Written by Corrine, Microsoft MVP since 2006 in Consumer Security!
Troubleshooting Windows STOP Messages. Great link on how to troubleshoot various different STOP codes.
Fatal BSOD Solutions. Contains links to various different STOP codes, what causes them, how to troubleshoot, etc.
Windows Hang and Crash Dump Analysis 1/9. Contains a NINE part video series on how to analyze and debug crash dumps.
Troubleshooting Microsoft Event Viewer Logs. Great website in which you can enter the Event ID and get details on that specific event entry you may have questions about.
Debugging In Progress - A TechNet blog about debugging and analyzing BSODs. Wonderful source of information, a bit advanced.
Forums to check out if you're looking to brush up on your analysis and debugging skills:
Sysnative BSOD, Crashes, Kernel Debugging.
TechSupportForum BSOD, App Crashes And Hangs.
Overclock.net Crash Analysis and Debugging
Very informative books on analysis and debugging & more:
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging
Driver Reference Table. This lists practically every driver there is in a handy reference table. Refer to this when analyzing and debugging crash dump files if you need to. Created and maintained by John Carrona, Microsoft Expert-Consumer MVP since 2006!
Driver Download Sites. Contains links to where a driver is hosted and where to download it / update it. If a driver isn't available for download via the reference table, or you want to look here regardless.
Bugcheck or STOP Code Index. Great link for reading up on STOP codes and what causes those STOP codes.
Antivirus Uninstallers. Great blog post that provides Antivirus Uninstaller links (always recommended to use rather than using the traditional Programs & Features uninstall method). Written by Corrine, Microsoft MVP since 2006 in Consumer Security!
Troubleshooting Windows STOP Messages. Great link on how to troubleshoot various different STOP codes.
Fatal BSOD Solutions. Contains links to various different STOP codes, what causes them, how to troubleshoot, etc.
Windows Hang and Crash Dump Analysis 1/9. Contains a NINE part video series on how to analyze and debug crash dumps.
Troubleshooting Microsoft Event Viewer Logs. Great website in which you can enter the Event ID and get details on that specific event entry you may have questions about.
Debugging In Progress - A TechNet blog about debugging and analyzing BSODs. Wonderful source of information, a bit advanced.
Forums to check out if you're looking to brush up on your analysis and debugging skills:
Sysnative BSOD, Crashes, Kernel Debugging.
TechSupportForum BSOD, App Crashes And Hangs.
Overclock.net Crash Analysis and Debugging
Very informative books on analysis and debugging & more:
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging
Labels:
links,
references,
resources
Subscribe to:
Posts (Atom)