Question
Applies to
190 views

1000008e after hibernation (Fixed)

JustAGlitch asked on

Hey guys I’ve been getting a BSOD with the error code 1000008e every time I resume windows from hibernation. Here are the details:

 

Problem signature:

  Problem Event Name:           BlueScreen

  OS Version:                          6.1.7601.2.1.0.256.48

  Locale ID:                             1033

 

Additional information about the problem:

  BCCode:                               1000008e

  BCP1:                                   C0000005

  BCP2:                                   830CE1DA

  BCP3:                                   952442E0

  BCP4:                                   00000000

  OS Version:                          6_1_7601

  Service Pack:                         1_0

  Product:                                256_1

 

Files that help describe the problem:

  C:\Windows\Minidump\010314-24765-01.dmp

  C:\Users\wirt\AppData\Local\Temp\WER-43937-0.sysdata.xml

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

 

If the online privacy statement is not available, please read our privacy statement offline:

  C:\Windows\system32\en-US\erofflps.txt

 

And here is a link to minidumps of the past few days:

https://skydrive.live.com/redir?resid=DEE84C2358A6C4D6!112&authkey=!AGt4tpttC5uh8Wc&ithint=file%2c.zip

 

Thanks for the help!


Update: Fixed. Turns out Daemon Tools was causing the BSOD as suggested.

1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on
Hi,

We have three dumps, three different bug checks:

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This indicates that a kernel-mode program generated an exception which the error handler did not catch.

If we take a look at the call stack (a bit large):

STACK_TEXT: 
95244360 8bf9cf3b 00000000 8653bae0 00000000 nt!FsRtlLookupPerStreamContextInternal+0x9a
952443a4 8bf963f0 8653bae0 85d66f80 00000000 fltmgr!FltpGetStreamListCtrl+0x5b
952443c0 8bfce6da 8674f298 00000000 952443ec fltmgr!FltGetStreamContext+0x1a
952443f0 8bfcee24 86067520 95244414 9524442c fileinfo!FIStreamGet+0x36
95244430 8bf95324 86067520 95244454 00000000 fileinfo!FIPostCreateCallback+0xb8
95244498 8bf98512 000674c0 860674c0 1000000c fltmgr!FltpPerformPostCallbacks+0x24a
952444ac 8bf98b46 860674c0 85e039a0 952444ec fltmgr!FltpProcessIoCompletion+0x10
952444bc 8bf9929c 86534698 85e039a0 860674c0 fltmgr!FltpPassThroughCompletion+0x98
952444ec 8bfac8c9 9524450c 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a
95244538 8307302a 86534698 8653bae0 85d66fdc fltmgr!FltpCreate+0x2db
95244550 83247052 bfb4492a 952446f8 00000000 nt!IofCallDriver+0x63
95244628 8324a21d 864af030 856dfa00 87ce3470 nt!IopParseDevice+0xee6
952446a4 83288d9f 00000000 952446f8 00000240 nt!ObpLookupObjectName+0x4fa
95244700 832445e4 95244960 856dfa00 86067500 nt!ObOpenObjectByName+0x165
9524477c 8328ba90 95244934 000000a1 95244960 nt!IopCreateFile+0x673
952447d8 8bfaeb62 95244934 000000a1 95244960 nt!IoCreateFileEx+0x9e
95244864 8bfd12d3 85ff89d8 00000000 95244934 fltmgr!FltCreateFileEx2+0xba
95244944 832949e7 00000000 bad2cc20 00000000 fileinfo!FIPfInterfaceOpen+0x2a9
952449a8 832bb2cd 95244a54 00000000 000000a1 nt!PfpOpenHandleCreate+0xc0
95244a1c 8328eece 95244ad4 b648ca28 95244a54 nt!PfSnGetSectionObject+0x9a
95244ab4 832864e9 01244ad4 00000000 00000000 nt!PfSnPrefetchSections+0x1d4
95244c34 83267aad 8854a000 95244c64 95244c70 nt!PfSnPrefetchScenario+0x193
95244cc8 83273a7d 832595f0 87af9978 95244d20 nt!PfSnBeginAppLaunch+0x382
95244cd8 8326cd69 bfb44222 00000000 00000000 nt!PfProcessCreateNotification+0x65
95244d20 830cd899 00000000 776f70d8 00000001 nt!PspUserThreadStartup+0x113
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


We have various fltmgr.sys (Microsoft Filesystem Filter Manager) and fileinfo.sys (FileInfo Filter Driver) routine calls. Both of these have to do with Windows' file system.

REFERENCE_BY_POINTER (18)

This indicates that the reference count of an object is illegal for the current state of the object.

The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one.


Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object.


NTFS_FILE_SYSTEM (24)

This indicates a problem occurred in ntfs.sys, the driver file that allows the system to read and write to NTFS drives.

One possible cause of this bug check is disk corruption. Corruption in the NTFS file system or bad blocks (sectors) on the hard disk can induce this error. Corrupted SCSI and IDE drivers can also adversely affect the system's ability to read and write to disk, thus causing the error.


Another possible cause is depletion of nonpaged pool memory. If the nonpaged pool memory is completely depleted, this error can stop the system. However, during the indexing process, if the amount of available nonpaged pool memory is very low, another kernel-mode driver requiring nonpaged pool memory can also trigger this error.


---------------------

1. First of all, and possibly even the problem, your ASACPI.sys (Asus ATK0110 ACPI Utility (a known BSOD maker in Win7 and Win8). Also a part of many Asus utilities) is dated from 2004. 2004!!! The only explanation for it being so old is you installed all Asus software from the CD that came with your motherboard.

Remove all Asus utilities you have installed, they are all bloatware.

2. In your loaded drivers list, dtsoftbus01.sys is listed which is the Daemon Tools driver. Daemon Tools is a very popular cause of BSOD's in 7/8 based systems. Please uninstall Daemon Tools. Alternative imaging programs are: MagicISO, Power ISO, etc.

3. If after the above you're still crashing, enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick
Debugger/Reverse Engineer.
1 person found this helpful

Abuse history


progress