Question
Applies to
36567 views
random BSOD on windows 8.1 caused by ntoskrnl.exe
Hi all,
I am facing major issues as my new computer is plagued with BSOD since i bought it.
I have not over clocked any of the components and have been unlucky to solve issues related to BSOD. the occurrences are totally random but the cause(ntoskrnl.exe) remains the same even the address (ntoskrnl.exe+14dca0) but the check string changes
below are the dumps created
Any help would be deeply appreciated. Thanks
==================================================
Dump File : 013114-8046-01.dmp
Crash Time : 31/01/2014 11:53:22 PM
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : fffff680`003fff00
Parameter 2 : 02300003`68b5f025
Parameter 3 : ffffd000`229ee0e0
Parameter 4 : 00000000`0000000b
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\013114-8046-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 9600
Dump File Size : 302,312
Dump File Time : 31/01/2014 11:54:17 PM
==================================================
==================================================
Dump File : 012814-138437-01.dmp
Crash Time : 28/01/2014 4:06:41 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041792
Parameter 2 : fffff680`1ea93080
Parameter 3 : 00000000`0d000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\012814-138437-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 9600
Dump File Size : 302,256
Dump File Time : 28/01/2014 4:09:38 AM
==================================================
==================================================
Dump File : 012514-7937-01.dmp
Crash Time : 25/01/2014 6:12:05 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : ffffc000`34503b40
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`00d69a16
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\012514-7937-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 9600
Dump File Size : 302,312
Dump File Time : 25/01/2014 6:12:54 PM
==================================================
==================================================
Dump File : 012514-6828-01.dmp
Crash Time : 25/01/2014 11:58:59 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041793
Parameter 2 : fffff6bf`fd94f080
Parameter 3 : 00000000`00000002
Parameter 4 : 00000000`00000001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\012514-6828-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 9600
Dump File Size : 302,256
Dump File Time : 25/01/2014 12:00:11 PM
==================================================
Abuse history
Answer
Thanks!
We have various different bug checks:
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
This is issued if a driver attempts to write to a read-only memory segment.
MEMORY_MANAGEMENT (1a)
This indicates that a severe memory management error occurred.
BugCheck 1A, {41792, fffff6801ea93080, d000000, 0}
- The 1st parameter of the bug check is 41792 which indicates a corrupted PTE has been detected.
If we check the PFN database:
3: kd> dt nt!_MMPFN fffff6801ea93080
+0x000 u1 : <unnamed-tag>
+0x008 u2 : <unnamed-tag>
+0x010 PteAddress : 0x00000000`7b000000 _MMPTE
+0x010 VolatilePteAddress : 0x00000000`7b000000 Void
+0x010 Lock : 0n2063597568
+0x010 PteLong : 0x7b000000
+0x018 u3 : <unnamed-tag>
+0x01c NodeBlinkLow : 0
+0x01e Unused : 0y0000
+0x01e VaType : 0y0000
+0x01f ViewCount : 0 ''
+0x01f NodeFlinkLow : 0 ''
+0x020 OriginalPte : _MMPTE
+0x028 u4 : <unnamed-tag>
There doesn't appear to be any corruption, so this is likely caused by hardware as opposed to a driver causing memory corruption. However, it's still very possible!
We also have a different 1st parameter - BugCheck 1A, {41793, fffff6bffd94f080, 2, 1}
- The 1st parameter of the bug check is 41793 which indicates an unknown memory management error occurred.
PAGE_FAULT_IN_NONPAGED_AREA (50)
This indicates that invalid system memory has been referenced.
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
--------------
1. You have a lot of problematic Asus software installed, such as AiChargerPlus, Asus PC Probe, etc. All of Asus' utility software is unnecessary bloatware that is known to cause issues. Please remove any and all Asus software.
2. Enable Driver Verifier if you're still crashing:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
Regards,
Patrick
We have various different bug checks:
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
This is issued if a driver attempts to write to a read-only memory segment.
MEMORY_MANAGEMENT (1a)
This indicates that a severe memory management error occurred.
BugCheck 1A, {41792, fffff6801ea93080, d000000, 0}
- The 1st parameter of the bug check is 41792 which indicates a corrupted PTE has been detected.
If we check the PFN database:
3: kd> dt nt!_MMPFN fffff6801ea93080
+0x000 u1 : <unnamed-tag>
+0x008 u2 : <unnamed-tag>
+0x010 PteAddress : 0x00000000`7b000000 _MMPTE
+0x010 VolatilePteAddress : 0x00000000`7b000000 Void
+0x010 Lock : 0n2063597568
+0x010 PteLong : 0x7b000000
+0x018 u3 : <unnamed-tag>
+0x01c NodeBlinkLow : 0
+0x01e Unused : 0y0000
+0x01e VaType : 0y0000
+0x01f ViewCount : 0 ''
+0x01f NodeFlinkLow : 0 ''
+0x020 OriginalPte : _MMPTE
+0x028 u4 : <unnamed-tag>
There doesn't appear to be any corruption, so this is likely caused by hardware as opposed to a driver causing memory corruption. However, it's still very possible!
We also have a different 1st parameter - BugCheck 1A, {41793, fffff6bffd94f080, 2, 1}
- The 1st parameter of the bug check is 41793 which indicates an unknown memory management error occurred.
PAGE_FAULT_IN_NONPAGED_AREA (50)
This indicates that invalid system memory has been referenced.
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
--------------
1. You have a lot of problematic Asus software installed, such as AiChargerPlus, Asus PC Probe, etc. All of Asus' utility software is unnecessary bloatware that is known to cause issues. Please remove any and all Asus software.
2. Enable Driver Verifier if you're still crashing:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
Regards,
Patrick
Debugger/Reverse Engineer.
Abuse history
