Hi all,
I'm having a problem with a variety of BSODs, usually within a few minutes of booting the system. If the system hasn't blue screened within that first few minutes, it stays up and doesn't crash thereafter. These blue screens are usually one of the following:
KMODE_EXCEPTION_NOT_HANDLED
PAGE_FAULT_IN_NONPAGED_AREA
MEMORY_MANAGEMENT
BAD_POOL_HEADER
Everything I've read indicates this is a driver problem. I have recently run memtest without any problems. I can't remember how many passes, but i left it running overnight, so must have been a few!
I've attached the output from SF Diagnostic Tool (which so far as i can tell, has just grabbed all recent minidumps amongst other things).
Some of those minidumps will show crashes caused by driver verifier - it didn't like a virtual serial port driver which was used to get a dual shock 4 controller working in windows. I removed that driver and the underlying BSODs described here, which can also been seen in the minidumps, have unfortunately not stopped. I have a licence for WhoCrashed and all that's able to tell me is that the problem is likely caused by a driver which cannot be identified.
I have used WinDbg !anaylze -v on the most recent crash dump (ntkrnlmp.exe KMODE_EXCEPTION_NOT_HANDLED). Windows was configured to produce kernel memory dumps. Here's the output from that:
It looks to me that whilst the debugger has managed to find symbols for the ntkrnl stuff in the stack trace, there's a load of stuff before the calls into ntkrnl which is still just showing up as addresses. Needless to say, at this point I'm a bit stuck.
This problem has been driving me bonkers for the last couple of months, so any help that anyone can offer would be much appreciated.
Cheers
I'm having a problem with a variety of BSODs, usually within a few minutes of booting the system. If the system hasn't blue screened within that first few minutes, it stays up and doesn't crash thereafter. These blue screens are usually one of the following:
KMODE_EXCEPTION_NOT_HANDLED
PAGE_FAULT_IN_NONPAGED_AREA
MEMORY_MANAGEMENT
BAD_POOL_HEADER
Everything I've read indicates this is a driver problem. I have recently run memtest without any problems. I can't remember how many passes, but i left it running overnight, so must have been a few!
I've attached the output from SF Diagnostic Tool (which so far as i can tell, has just grabbed all recent minidumps amongst other things).
Some of those minidumps will show crashes caused by driver verifier - it didn't like a virtual serial port driver which was used to get a dual shock 4 controller working in windows. I removed that driver and the underlying BSODs described here, which can also been seen in the minidumps, have unfortunately not stopped. I have a licence for WhoCrashed and all that's able to tell me is that the problem is likely caused by a driver which cannot be identified.
I have used WinDbg !anaylze -v on the most recent crash dump (ntkrnlmp.exe KMODE_EXCEPTION_NOT_HANDLED). Windows was configured to produce kernel memory dumps. Here's the output from that:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff801e5d6326a, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
Page 144a3c not present in the dump file. Type ".hh dbgerr004" for details
READ_ADDRESS: unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffffffffffffff
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!SwapContext_PatchXRstor+0
fffff801`e5d6326a 0fae29 xrstor [rcx]
EXCEPTION_PARAMETER2: ffffffffffffffff
BUGCHECK_STR: 0x1E_c0000005_R
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
LAST_CONTROL_TRANSFER: from fffff801e5daad47 to fffff801e5d5ffa0
STACK_TEXT:
ffffd000`2e0799b8 fffff801`e5daad47 : 00000000`0000001e ffffffff`c0000005 fffff801`e5d6326a 00000000`00000000 : nt!KeBugCheckEx
ffffd000`2e0799c0 fffff801`e5d6bbc2 : ffffd000`2e07a1c0 ffffe001`7cbd5580 00000000`00000000 ffffe001`7dcafc20 : nt! ?? ::FNODOBFM::`string'+0x3a897
ffffd000`2e07a0b0 fffff801`e5d6a0fe : ffffab01`769a0c00 00007e00`00da7a64 ffffce00`2e07a2e0 ffff4d01`e5cccaa7 : nt!KiExceptionDispatch+0xc2
ffffd000`2e07a290 fffff801`e5d6326a : 0000fd00`00000000 00003000`00000000 ffff9f01`00000000 ffff1801`e600215e : nt!KiGeneralProtectionFault+0xfe
ffffd000`2e07a420 ffff6f01`e5d62e36 : ffff3801`7f1ce880 ffffda00`23e87180 ffff5200`23e933c0 ffffaa00`2e07a679 : nt!SwapContext_PatchXRstor
ffffd000`2e07a460 ffff3801`7f1ce880 : ffffda00`23e87180 ffff5200`23e933c0 ffffaa00`2e07a679 fffff801`e5c0c000 : 0xffff6f01`e5d62e36
ffffd000`2e07a468 ffffda00`23e87180 : ffff5200`23e933c0 ffffaa00`2e07a679 fffff801`e5c0c000 ffffe001`7f1ce980 : 0xffff3801`7f1ce880
ffffd000`2e07a470 ffff5200`23e933c0 : ffffaa00`2e07a679 fffff801`e5c0c000 ffffe001`7f1ce980 00000000`00000000 : 0xffffda00`23e87180
ffffd000`2e07a478 ffffaa00`2e07a679 : fffff801`e5c0c000 ffffe001`7f1ce980 00000000`00000000 00000000`00000000 : 0xffff5200`23e933c0
ffffd000`2e07a480 fffff801`e5c0c000 : ffffe001`7f1ce980 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffaa00`2e07a679
ffffd000`2e07a488 ffffe001`7f1ce980 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_guard_check_icall_fptr <PERF> (nt+0x0)
ffffd000`2e07a490 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffe001`7f1ce980
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!SwapContext_PatchXRstor+0
fffff801`e5d6326a 0fae29 xrstor [rcx]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!SwapContext_PatchXRstor+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 53388e13
BUCKET_ID_FUNC_OFFSET: 0
FAILURE_BUCKET_ID: 0x1E_c0000005_R_nt!SwapContext_PatchXRstor
BUCKET_ID: 0x1E_c0000005_R_nt!SwapContext_PatchXRstor
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1e_c0000005_r_nt!swapcontext_patchxrstor
FAILURE_ID_HASH: {3877648d-a897-a15e-f342-f1945b62c157}
Followup: MachineOwner
---------
This problem has been driving me bonkers for the last couple of months, so any help that anyone can offer would be much appreciated.
Cheers
My Computer
System One
-
- OS
- Windows 8.1 professional