BSOD - PAGE_FAULT by win32k.sys

shmezbollah · Jun 19, 2015

Hi! A friend of mine has had a acer laptop (win 8.1 i think) for a few years now and since a few days ago his laptop would give a BSOD with the o so infamous PAGE_FAULT error. The laptop cant boot properly and the safe mode cant be accessed because of the BSOD. I even tried the ALT+F10 command for the acer erecovery but it will jump into BSOD straight away.

I extracted the MEMORY.DMP file from the HDD by hooking it up to my own computer, i tried everything so now im asking the internets to help me out.

Tried uploading the dmp file because its like 330MB but no success. Basically im getting these lines when i open the DMP file with Windbg.

How can i make a .zip log file (the one from http://www.eightforums.com/bsod-cra...e-screen-death-bsod-posting-instructions.html) from that laptop HDD on my own computer?

Code:

********************************************************************************                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 50, {fffff6fb40000000, 0, 0, 6}


Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : win32k.sys ( win32k!UninitializeWin32PoolTracking+168 )


Followup: MachineOwner
---------


1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff6fb40000000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: 0000000000000000, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000006, (reserved)


Debugging Details:
------------------


Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details
Page 1c800c not present in the dump file. Type ".hh dbgerr004" for details


READ_ADDRESS: unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 fffff6fb40000000 


MM_INTERNAL_CODE:  6


DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT


BUGCHECK_STR:  AV


PROCESS_NAME:  smss.exe


CURRENT_IRQL:  0


ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre


TRAP_FRAME:  ffffd00020eb5fc0 -- (.trap 0xffffd00020eb5fc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff6fb40000000 rbx=0000000000000000 rcx=00000904c0000000
rdx=fffff80242c7d000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80242cbf4a8 rsp=ffffd00020eb6150 rbp=0000000000000001
 r8=0000000000000000  r9=0000000000000000 r10=fffff90000000340
r11=ffffd00020eb6228 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!ExFreeLargePool+0x78:
fffff802`42cbf4a8 488b00          mov     rax,qword ptr [rax] ds:fffff6fb`40000000=????????????????
Resetting default scope


LAST_CONTROL_TRANSFER:  from fffff80242df1806 to fffff80242dcdca0


STACK_TEXT:  
ffffd000`20eb5d08 fffff802`42df1806 : 00000000`00000050 fffff6fb`40000000 00000000`00000000 fffff6fb`7da00000 : nt!KeBugCheckEx
ffffd000`20eb5d10 fffff802`42cd0357 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd000`20eb5eb0 : nt! ?? ::FNODOBFM::`string'+0x13646
ffffd000`20eb5e00 fffff802`42dd7f2f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x287
ffffd000`20eb5fc0 fffff802`42cbf4a8 : fffff901`40001000 00000000`00000004 00000000`00000010 00000000`00000000 : nt!KiPageFault+0x12f
ffffd000`20eb6150 fffff802`42f20bcc : 00000000`00000000 ffffd000`20eb6228 00000000`00000000 fffff802`00000000 : nt!ExFreeLargePool+0x78
ffffd000`20eb61f0 fffff960`0033fde4 : 00000000`00000010 fffff802`4316359a ffffe000`4ae16370 ffffd000`00000006 : nt!ExFreePoolWithTag+0x72c
ffffd000`20eb62e0 fffff960`0033e834 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`00000005 : win32k!UninitializeWin32PoolTracking+0x168
ffffd000`20eb6360 fffff960`004d21a9 : 00000000`c0000034 ffffd000`20eb6400 00000000`00000000 00000000`00000000 : win32k!Win32KDriverUnload+0x29c
ffffd000`20eb6390 fffff802`43162877 : fffff960`000e2000 00000000`00000000 00000001`00000008 ffffd000`20eb65f8 : win32k!DriverEntry+0x171
ffffd000`20eb6420 fffff802`43045617 : fffff960`000e2000 00000000`00000000 ffffd000`20eb6858 ffffd000`20eb6898 : nt!ExpInitializeSessionDriver+0x3f
ffffd000`20eb65a0 fffff802`42dd94b3 : ffffe000`4af32080 00000000`00000000 ffffe000`4af32000 ffffffff`00000000 : nt!NtSetSystemInformation+0x5a3
ffffd000`20eb6800 fffff802`42dd1900 : fffff802`4304559b ffffe000`00000000 00000000`00000026 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x13
ffffd000`20eb6998 fffff802`4304559b : ffffe000`00000000 00000000`00000026 00000000`00000001 00000000`00000000 : nt!KiServiceLinkage
ffffd000`20eb69a0 fffff802`42dd94b3 : ffffe000`4af32080 00000000`00000000 00000052`bf771f60 00007ff7`1965dad8 : nt!NtSetSystemInformation+0x527
ffffd000`20eb6c00 00007ff8`f5e42a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000052`bf5af588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`f5e42a3a




STACK_COMMAND:  kb


FOLLOWUP_IP: 
win32k!UninitializeWin32PoolTracking+168
fffff960`0033fde4 8bc3            mov     eax,ebx


SYMBOL_STACK_INDEX:  6


SYMBOL_NAME:  win32k!UninitializeWin32PoolTracking+168


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: win32k


IMAGE_NAME:  win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP:  552c478a


BUCKET_ID_FUNC_OFFSET:  168


FAILURE_BUCKET_ID:  AV_win32k!UninitializeWin32PoolTracking


BUCKET_ID:  AV_win32k!UninitializeWin32PoolTracking


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:av_win32k!uninitializewin32pooltracking


FAILURE_ID_HASH:  {951f4c39-ad83-d834-aaeb-c9a754c1a681}


Followup: MachineOwner
---------

blueelvis · Aug 7, 2015

Hi,

I am extremely sorry that this thread was not attended to. There are not many people in this field.

In case you still require help, kindly respond to this thread and I will be notified via email and you should expect a response from me in 48 hours.

Regards,
Pranav

BSOD - PAGE_FAULT by win32k.sys

shmezbollah

New Member

My Computer

System One

blueelvis

OMG Debugger!

My Computer

System One