On this blog, you''ll find postmortem/live bug check (BSOD) debugging, malware analysis, and reverse engineering.
Tuesday, July 30, 2013
50 answers on MS Answers
I woke up today to notice I had reached over 50 'answered' points on MS Answers. This is quite a nice feeling. I hope I can only continue to provide people with the solutions to their problems!
Saturday, July 27, 2013
[SOLVED] VIDEO_TDR_FAILURE
Link to solved thread - bluescreen error (unexpected windows shutdown)
What the issue was - Unknown, OP only marked as 'answer'. Will update if what the issue was is ever posted.
What the issue was - Unknown, OP only marked as 'answer'. Will update if what the issue was is ever posted.
[SOLVED] CRITICAL_STRUCTURE_CORRUPTION / PAGE_FAULT_IN_NONPAGED_AREA / IRQL_NOT_LESS_OR_EQUAL / KMODE_EXCEPTION_NOT_HANDLED
Link to solved thread - kmode_execption_not_handled (afd.sys)
What the issue was - Video drivers needed to be updated.
What the issue was - Video drivers needed to be updated.
[SOLVED] DRIVER_IRQL_NOT_LESS_OR_EQUAL
Link to solved thread - BSOD and shutdown, possibly on Sleep
What the issue was - MotionInJoy software needed to be removed.
What the issue was - MotionInJoy software needed to be removed.
[SOLVED] ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
Link to solved thread - BSOD and Crashing during video games
What the issue was - Various different issues, however it appears that a Windows upgrade solved the issue.
What the issue was - Various different issues, however it appears that a Windows upgrade solved the issue.
Sunday, July 21, 2013
[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Link to solved thread - BSOD when return from standby
What the issue was - Bug in Windows 8.1 preview. Possibly a device driver or piece of hardware the OP was using did not work on 8.1.
What the issue was - Bug in Windows 8.1 preview. Possibly a device driver or piece of hardware the OP was using did not work on 8.1.
[SOLVED] DRIVER_POWER_STATE_FAILURE
Link to solved thread - Win7 STOP 9f after wake from hibernate
What the issue was - Hauppauge TV Tuner driver and also the ASUS ACPI Utility needed to be updated.
What the issue was - Hauppauge TV Tuner driver and also the ASUS ACPI Utility needed to be updated.
Labels:
0x9F,
MS Answers,
solved
Wednesday, July 17, 2013
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA / PFN_LIST_CORRUPT
Link to solved thread - BSOD with Windows 7 - Dfferent each time
What the issue was -
ASACPI.sys (Asus ATK0110 ACPI Utility, as well as other Asus utilities) needed to be updated.
nvm62x64.sys ( nVidia Ethernet Networking Driver (nForce chipset driver) ) needed to be updated.
What the issue was -
ASACPI.sys (Asus ATK0110 ACPI Utility, as well as other Asus utilities) needed to be updated.
nvm62x64.sys ( nVidia Ethernet Networking Driver (nForce chipset driver) ) needed to be updated.
Sunday, July 14, 2013
[SOLVED] VIDEO_TDR_FAILURE
Solved thread here - BSOD BSOD Everywhere. Geforce GTX570
What the issue was - Video card needed to be replaced.
What the issue was - Video card needed to be replaced.
Friday, July 12, 2013
[SOLVED] IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Solved thread here - Blue Screen of Death Bug Check Code: 0x0000004a Please help.
What the issue was - Bit Defender needed to be removed.
What the issue was - Bit Defender needed to be removed.
Thursday, July 11, 2013
Forum Moderator
As of today, I am now once again a Forum Moderator on Overclock.net. I retired a few months ago to iron out my lifestyle, and now that things are going well, I have picked the position up again!
[SOLVED] DRIVER_POWER_STATE_FAILURE
Solved thread here - DRIVER_POWER_STATE_FAILURE (9f)
What the issue was - Diskeeper - Condusiv Technologies needed to be removed.
Very interesting thread with a knowledgeable original poster. I learned a lot about deadlocks and such from this one! : )
What the issue was - Diskeeper - Condusiv Technologies needed to be removed.
Very interesting thread with a knowledgeable original poster. I learned a lot about deadlocks and such from this one! : )
Labels:
0x9F,
MS Answers,
solved
Wednesday, July 10, 2013
[SOLVED] posts more info
So the other day I was sitting down in classes and figured it'd be a good idea to post any threads I happen to solve / participate in solving in on any forum or online community I am on. That way, if someone was viewing my blog and had an issue in regards to a specific bugcheck, they could possibly go through the labels on my blog for their bugcheck in question and see if they have anything that relates to the solved thread.
I started funneling my solved threads here onto my blog, however, I didn't like how it looked so small and simple. Sure, it's still a good idea (I think), however, I wanted more info on it. Well, during class (it seems I get most of my ideas in a scenario in which I should be paying attention) I got the idea to also add what the issue was in each solved blog post I have posted, and all future solved posts.
Well, that's what I did! : )
I started funneling my solved threads here onto my blog, however, I didn't like how it looked so small and simple. Sure, it's still a good idea (I think), however, I wanted more info on it. Well, during class (it seems I get most of my ideas in a scenario in which I should be paying attention) I got the idea to also add what the issue was in each solved blog post I have posted, and all future solved posts.
Well, that's what I did! : )
Tuesday, July 9, 2013
[SOLVED] BAD_POOL_HEADER / PAGE_FAULT_IN_NONPAGED_AREA / WHEA_UNCORRECTABLE_ERROR / MACHINE_CHECK_EXCEPTION
Solved thread here - BSOD
What the issue was - Motherboard was overheating (sitting at 94c+ at times). Fan needed to be replaced.
What the issue was - Motherboard was overheating (sitting at 94c+ at times). Fan needed to be replaced.
Monday, July 8, 2013
[SOLVED] PAGE_FAULT_IN_NONPAGED_AREA / SYSTEM_SERVICE_EXCEPTION
Solved thread here - Random BSOD's, constant crashes while playing games
What the issue was - RAM needed to be replaced.
What the issue was - RAM needed to be replaced.
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Solved thread here - BSOD I think HDD is dying!
What the issue was - Hard drive needed to be replaced.
What the issue was - Hard drive needed to be replaced.
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Labels:
0x124,
MS Answers,
solved
[SOLVED] MULTIPLE_IRP_COMPLETE_REQUESTS
Solved thread here - Vista: continuous blue screen followed by reboot
What the issue was - Symantec Real Time Storage Protection needed to be removed and was replaced with Microsoft Security Essentials.
What the issue was - Symantec Real Time Storage Protection needed to be removed and was replaced with Microsoft Security Essentials.
Labels:
0x44,
MS Answers,
solved
Sunday, July 7, 2013
A0000001 - ATI/AMD based bugcheck
I ran into a A0000001 bugcheck for the second time today. Here's the thread in which I am currently dealing with it - THREAD HERE.
Interestingly enough, atikmdag (ATI/AMD video driver) called right into KeBugCheckEx as seen in the stack, so I would be surprised if the video drivers weren't the actual issue here. However, something else may be causing them. We will find out eventually!
Interestingly enough, atikmdag (ATI/AMD video driver) called right into KeBugCheckEx as seen in the stack, so I would be surprised if the video drivers weren't the actual issue here. However, something else may be causing them. We will find out eventually!
[SOLVED] DRIVER_POWER_STATE_FAILURE
Solved thread here - Driver Power State Failure caused by ntoskrnl.exe
What the issue was -
ExpressCache needed to be removed
Daemon Tools needed to be removed
NTI CD &DVD-Maker or NTI Backup NOW! or NTI CD-Maker needed to be removed
What the issue was -
ExpressCache needed to be removed
Daemon Tools needed to be removed
NTI CD &DVD-Maker or NTI Backup NOW! or NTI CD-Maker needed to be removed
Labels:
0x9F,
MS Answers,
solved
[SOLVED] IRQL_NOT_LESS_OR_EQUAL
Solved thread here - Windows8 Bluescreen IRQL_NOT_LESS_OR_EQUAL
What the issue was - Rt630x86.sys (Realtek 8101E/8168/8169 NDIS 6.30 32-bit Driver) needed to be updated.
What the issue was - Rt630x86.sys (Realtek 8101E/8168/8169 NDIS 6.30 32-bit Driver) needed to be updated.
Labels:
0x24,
0x9F,
0xA,
MS Answers,
solved
[SOLVED] DRIVER_POWER_STATE_FAILURE
Solved thread here - Many 0x9f blue screen (DRIVER_POWER_STATE_FAILURE) errors.
What the issue was -
GEARAspiWDM.sys (CD-ROM Class Filter Driver by Gear Software.)
nvstor64.sys (nVidia Storage Driver (nForce chipset driver) )
StkCPipe.sys (Syntek USB 2.0 Video Pipeline Driver EASYCAP DC60 - STK1160 CHIPSET Driver)
ASMMAP64.sys (LENOVO ATK Hotkey ATK0101 ACPI UTILITY)
StkCSF.sys (STK1160 Grabber)
ATK64AMD.sys (ATK Hotkey ATK0101 ACPI UTILITY Driver)
nvsmu.sys (nVidia nForce System Management Controller (nVidia nForce chipset driver) )
ETD.sys (ELAN PS/2 Port Smart Pad)
all needed to be updated~
What the issue was -
GEARAspiWDM.sys (CD-ROM Class Filter Driver by Gear Software.)
nvstor64.sys (nVidia Storage Driver (nForce chipset driver) )
StkCPipe.sys (Syntek USB 2.0 Video Pipeline Driver EASYCAP DC60 - STK1160 CHIPSET Driver)
ASMMAP64.sys (LENOVO ATK Hotkey ATK0101 ACPI UTILITY)
StkCSF.sys (STK1160 Grabber)
ATK64AMD.sys (ATK Hotkey ATK0101 ACPI UTILITY Driver)
nvsmu.sys (nVidia nForce System Management Controller (nVidia nForce chipset driver) )
ETD.sys (ELAN PS/2 Port Smart Pad)
all needed to be updated~
Labels:
0x9F,
MS Answers,
solved
Saturday, July 6, 2013
[SOLVED] WHEA_UNCORRECTABLE_ERROR
Solved thread here - [SOLVED] BsoD while playing games
What the issue was - BUSL0_SRC_ERR_M_NOTIMEOUT_ERR (Proc 1 Bank 0) showing consistently through the DMP files. Implies that the processor sent out a request to L0 cache and there was a delay in return (invalid data, miss, etc). Temperatures were not a problem, BIOS was not the problem, etc... so ultimately the CPU was to be replaced.
What the issue was - BUSL0_SRC_ERR_M_NOTIMEOUT_ERR (Proc 1 Bank 0) showing consistently through the DMP files. Implies that the processor sent out a request to L0 cache and there was a delay in return (invalid data, miss, etc). Temperatures were not a problem, BIOS was not the problem, etc... so ultimately the CPU was to be replaced.
[SOLVED] DRIVER_POWER_STATE_FAILURE
I'm going to start blogging BSOD cases that I solve / have helped in solving. I figure this will be good for my own personal benefit in case I need to look back on a specific solved thread, or the benefit of others trying to find something out. It may be difficult in certain cases when the original poster doesn't mark their thread as solved, or doesn't tell me. However, I digress.
Solved thread here - [SOLVED] DRIVER_POWER_STATE_FAILURE BSOD persistent problem.
What the issue was - VW7UX64V.sys (VIA Networking Technologies USB Wireless LAN Adapter) needed to be updated.
Solved thread here - [SOLVED] DRIVER_POWER_STATE_FAILURE BSOD persistent problem.
What the issue was - VW7UX64V.sys (VIA Networking Technologies USB Wireless LAN Adapter) needed to be updated.
Friday, July 5, 2013
0x76: PROCESS_HAS_LOCKED_PAGES
I ran into my first 0x76 bugcheck today!
Here's the forum post in which I am currently analyzing it~
The user is assuming the probably is currently with AmarecTV, which may be likely given the user reported they have no issues with any other system operations, but I am curious to see if another driver is possibly conflicting with AmarecTV's driver and causing issues. We will see!
Here's the MSDN article to 0x76's page.
Here's the forum post in which I am currently analyzing it~
The user is assuming the probably is currently with AmarecTV, which may be likely given the user reported they have no issues with any other system operations, but I am curious to see if another driver is possibly conflicting with AmarecTV's driver and causing issues. We will see!
Here's the MSDN article to 0x76's page.
Wednesday, July 3, 2013
Not an analysis post or anything cool, but more-so just a plug that I created a Twitter for BSOD analysis and to connect with MVP's and other very cool tech related things! I've also inserted it into the sidebar.
I figure at the moment I am going to use it to share the posts I make here, links to interesting BSOD cases along my path, follow some great BSOD friends, MVP's, technology based Twitters, etc. I've already made a few tweets and such, getting used to it.
That's about it : )
I figure at the moment I am going to use it to share the posts I make here, links to interesting BSOD cases along my path, follow some great BSOD friends, MVP's, technology based Twitters, etc. I've already made a few tweets and such, getting used to it.
That's about it : )
Video card drivers~
In BSOD analysis, something you see often is a video driver being a culprit or being in a stack, kind of just hanging out. The same thing goes for DirectX and its kernel, etc. Generally, DirectX and its kernel, and the video driver itself are not the true culprit, however something goes wrong between DirectX kernel making calls, etc, whatever it may be... so we are left with DirectX's kernel holding the murder weapon.
When I am personally analyzing, if I am dealing with a case in which I am seeing video driver culprits (AMD or nVidia) or dxgmms1.sys / dxgkrnl.sys (DirectX), something I always mention is to update to the latest video card drivers as it's very important to always be up to date on any of your drivers, but absolutely important to be on the latest video card drivers. However, if you ARE on the latest drivers already, uninstall and go back a previous version, or maybe 1-2 more versions behind the latest just in case the latest drivers are causing issues.
Example of where I recommend a user to try a different driver version. The user did, however did not have success. Ultimately, the user installed the beta driver for their video card and that ended up working.
In most cases I would never recommend beta drivers as they are BETA DRIVERS for a reason, however, in this case, it was a great idea to just say (hey, what the heck, let's try the beta drivers... they're a different version than the latest).
Something I never really thought about until a professor of mine mentioned it, is that your video card is practically a computer itself. It has its own dedicated memory, its own BIOS, its own cooler, its own processing unit, etc. Take all of that and imagine it has to work with an OS, other hardware, drivers to communicate, etc. This is an extremely complex process, which I am currently reading and learning more about calls, IRQL's, and all of that neat stuff everyday.
With that said, the slightest issue in a driver installation, or the slightest issue in a certain driver version is really sometimes all it takes to cause issues. I have been a firm believer of this, but never really understood it fully until I started learning more and more. I'm sure even further in my analysis I will understand it much more.
With all of this said, if you are ever dealing with a case in which the user in question is having video driver culprits or DirectX culprits, it never hurts to recommend the user to update to the latest drivers, OR to uninstall and go back to a previous version or so to eliminate driver issues. Same goes for you users, not just analysts! If you are having issues, before running other diagnostics, always work with the software first.
When I am personally analyzing, if I am dealing with a case in which I am seeing video driver culprits (AMD or nVidia) or dxgmms1.sys / dxgkrnl.sys (DirectX), something I always mention is to update to the latest video card drivers as it's very important to always be up to date on any of your drivers, but absolutely important to be on the latest video card drivers. However, if you ARE on the latest drivers already, uninstall and go back a previous version, or maybe 1-2 more versions behind the latest just in case the latest drivers are causing issues.
Example of where I recommend a user to try a different driver version. The user did, however did not have success. Ultimately, the user installed the beta driver for their video card and that ended up working.
In most cases I would never recommend beta drivers as they are BETA DRIVERS for a reason, however, in this case, it was a great idea to just say (hey, what the heck, let's try the beta drivers... they're a different version than the latest).
Something I never really thought about until a professor of mine mentioned it, is that your video card is practically a computer itself. It has its own dedicated memory, its own BIOS, its own cooler, its own processing unit, etc. Take all of that and imagine it has to work with an OS, other hardware, drivers to communicate, etc. This is an extremely complex process, which I am currently reading and learning more about calls, IRQL's, and all of that neat stuff everyday.
With that said, the slightest issue in a driver installation, or the slightest issue in a certain driver version is really sometimes all it takes to cause issues. I have been a firm believer of this, but never really understood it fully until I started learning more and more. I'm sure even further in my analysis I will understand it much more.
With all of this said, if you are ever dealing with a case in which the user in question is having video driver culprits or DirectX culprits, it never hurts to recommend the user to update to the latest drivers, OR to uninstall and go back to a previous version or so to eliminate driver issues. Same goes for you users, not just analysts! If you are having issues, before running other diagnostics, always work with the software first.
Tuesday, July 2, 2013
Resources I often use!
General reference links:
Driver Reference Table. This lists practically every driver there is in a handy reference table. Refer to this when analyzing and debugging crash dump files if you need to. Created and maintained by John Carrona, Microsoft Expert-Consumer MVP since 2006!
Driver Download Sites. Contains links to where a driver is hosted and where to download it / update it. If a driver isn't available for download via the reference table, or you want to look here regardless.
Bugcheck or STOP Code Index. Great link for reading up on STOP codes and what causes those STOP codes.
Antivirus Uninstallers. Great blog post that provides Antivirus Uninstaller links (always recommended to use rather than using the traditional Programs & Features uninstall method). Written by Corrine, Microsoft MVP since 2006 in Consumer Security!
Troubleshooting Windows STOP Messages. Great link on how to troubleshoot various different STOP codes.
Fatal BSOD Solutions. Contains links to various different STOP codes, what causes them, how to troubleshoot, etc.
Windows Hang and Crash Dump Analysis 1/9. Contains a NINE part video series on how to analyze and debug crash dumps.
Troubleshooting Microsoft Event Viewer Logs. Great website in which you can enter the Event ID and get details on that specific event entry you may have questions about.
Debugging In Progress - A TechNet blog about debugging and analyzing BSODs. Wonderful source of information, a bit advanced.
Forums to check out if you're looking to brush up on your analysis and debugging skills:
Sysnative BSOD, Crashes, Kernel Debugging.
TechSupportForum BSOD, App Crashes And Hangs.
Overclock.net Crash Analysis and Debugging
Very informative books on analysis and debugging & more:
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging
Driver Reference Table. This lists practically every driver there is in a handy reference table. Refer to this when analyzing and debugging crash dump files if you need to. Created and maintained by John Carrona, Microsoft Expert-Consumer MVP since 2006!
Driver Download Sites. Contains links to where a driver is hosted and where to download it / update it. If a driver isn't available for download via the reference table, or you want to look here regardless.
Bugcheck or STOP Code Index. Great link for reading up on STOP codes and what causes those STOP codes.
Antivirus Uninstallers. Great blog post that provides Antivirus Uninstaller links (always recommended to use rather than using the traditional Programs & Features uninstall method). Written by Corrine, Microsoft MVP since 2006 in Consumer Security!
Troubleshooting Windows STOP Messages. Great link on how to troubleshoot various different STOP codes.
Fatal BSOD Solutions. Contains links to various different STOP codes, what causes them, how to troubleshoot, etc.
Windows Hang and Crash Dump Analysis 1/9. Contains a NINE part video series on how to analyze and debug crash dumps.
Troubleshooting Microsoft Event Viewer Logs. Great website in which you can enter the Event ID and get details on that specific event entry you may have questions about.
Debugging In Progress - A TechNet blog about debugging and analyzing BSODs. Wonderful source of information, a bit advanced.
Forums to check out if you're looking to brush up on your analysis and debugging skills:
Sysnative BSOD, Crashes, Kernel Debugging.
TechSupportForum BSOD, App Crashes And Hangs.
Overclock.net Crash Analysis and Debugging
Very informative books on analysis and debugging & more:
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging
Subscribe to:
Posts (Atom)