Question
1072 views

kmode_execption_not_handled (afd.sys)

D_r_Fox asked on

I have been getting crashes that say "kmode_execption_not_handled (afd.sys)" It usually happens when I play a game from steam.

 

PC info:

Toshiba Satellite C855

Intel Core i3 Processor

8GB DDR3 RAM (7.89 Usable)

64 bit OS/64 bit based processor

No touchscreen

 

It is really annoying, when I'm trying to play a game it has about a 60% chance of crashing I would estimate.

 

Help would be greatly appreciated. Thanks!

                                                                       

 

6 people had this question

Abuse history


The answered status icon Answer
D_r_Fox replied on

Sorry I was away for a while. I updated my video card drivers and sound card drivers and I have not been crashing :D thank you for the help! I very much appreciate it!
Be the first person to mark this helpful

Abuse history


The answered status icon Answer
Patrick Barker replied on

Thanks!

Four different bugchecks attached, all faulting memory corruption (could be a physical memory hardware issue or simply a device driver bug causing corruption).

CRITICAL_STRUCTURE_CORRUPTION (109)

This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:

1) A driver has inadvertently or deliberately modified critical kernel code
 or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

2) A developer attempted to set a normal kernel breakpoint using a kernel
 debugger that was not attached when the system was booted. Normal breakpoints,
 "bp", can only be set if the debugger is attached at boot time. Hardware
 breakpoints, "ba", can be set at any time.

3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.

PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

Usual causes are a bug in a device driver, hardware related memory issues, corrupt NTFS volume, anti-virus software.

IRQL_NOT_LESS_OR_EQUAL (a)


A kernel-mode driver or process attempted to access a protected memory location it does not have permission for, or a kernel interrupt request level (IRQL) attempted to access a memory address that is too high.

This bugcheck usually occurs when a driver uses an incorrect memory address. Other possible causes of this error include: bug in a device driver, system service, the BIOS, an old Anti-virus program or backup tool, or possibly memory issues.

KMODE_EXCEPTION_NOT_HANDLED (1e)

This error typically indicates low disk space, a bug in a device driver or the system BIOS.

I recommend the following
:

Remove Norton with the removal tool~ https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

If after removing Norton you're still crashing, please enable Driver Verifier~


Driver Verifier:


What is Driver Verifier?


Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.


Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver by flagging it and causing your system to BSOD.


Before enabling Driver Verifier, it is recommended to create a System Restore Point:


Vista - START | type rstrui - create a restore point

Windows 7 - START | type create | select "Create a Restore Point"


How to enable Driver Verifier:


Start > type "verifier" without the quotes > Select the following options -


1. Select - "Create custom settings (for code developers)"

2. Select - "Select individual settings from a full list"

3. Check the following boxes -

- Special Pool

- Pool Tracking

- Force IRQL Checking

- Deadlock Detection

- Security Checks (Windows 7)

- Concurrentcy Stress Test (Windows 8)

- DDI compliance checking (Windows 8)

- Miscellaneous Checks

4. Select - "Select driver names from a list"

5. Click on the "Provider" tab. This will sort all of the drivers by the provider.

6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.

7. Click on Finish.

  1. Restart.


Important information regarding Driver Verifier:


- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do [b]not[/b] panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:

- Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

  • Restart and boot into normal Windows.


How long should I keep Driver Verifier enabled for?


It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 36-48 hours. If you don't BSOD by then, disable Driver Verifier.


My system BSOD'd, where can I find the crash dumps?


They will be located in C:\Windows\Minidump


Any other questions can most likely be answered by this article:

http://support.microsoft.com/kb/244617



Regards,

Patrick
Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress