Question
359 views

Much Errors and BSOD in Windows 8

Mayur Goyal asked on
I've had an issue with the Blue Screen error for a long time. Many Minidump files had been created and I uploaded them on SkyDrive(https://onedrive.live.com/redir?resid=22D347B8F78B247D%21157) No Virus Has Been Detected When Scanned With Norton Internet Security And Windows Defender. I had also refreshed, Restored my Windows8 and all hardware check were passed . Can Anyone check these files and tell me what's the issue with my Windows 8 Single Language Operating System?  Please Help.
3 people had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

Hi,


We have two bug checks:


IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.


2: kd> k
Child-SP          RetAddr           Call Site
fffff880`05e8f6a8 fffff801`45260769 nt!KeBugCheckEx
fffff880`05e8f6b0 fffff801`4525efe0 nt!KiBugCheckDispatch+0x69
fffff880`05e8f7f0 fffff801`452e5a36 nt!KiPageFault+0x260
fffff880`05e8f980 fffff880`074b564f nt!IoAcquireCancelSpinLock+0x46
fffff880`05e8f9b0 fffffa80`059b3b00 rtbth+0x1264f
fffff880`05e8f9b8 fffff801`452a4870 0xfffffa80`059b3b00
fffff880`05e8f9c0 fffff801`452a367f nt!KiCommitThreadWait+0x280
fffff880`05e8fa80 fffff880`074c485c nt!KeWaitForSingleObject+0x1cf
fffff880`05e8fb10 fffffa80`05082e00 rtbth+0x2185c
fffff880`05e8fb18 fffff801`00000000 0xfffffa80`05082e00
fffff880`05e8fb20 00000000`00000000 0xfffff801`00000000


rtbth.sys (Ralink Bluetooth Adapter driver) calls into nt!IoAcquireCancelSpinLock+0x46, which is a routine that synchronizes cancelable-state transitions for IRPs in a multiprocessor-safe way. It appears that this was done at an improper IRQL, therefore a pagefault was called.


DPC_WATCHDOG_VIOLATION (133)

This bug check indicates that the DPC watchdog executed, either because it detected a single long-running deferred procedure call (DPC), or because the system spent a prolonged time at an interrupt request level (IRQL) of DISPATCH_LEVEL or above.


0: kd> k
Child-SP          RetAddr           Call Site
fffff803`f2598388 fffff803`f1058f4b nt!KeBugCheckEx
fffff803`f2598390 fffff803`f0f1d774 nt! ?? ::FNODOBFM::`string'+0x145a4
fffff803`f2598410 fffff803`f0e35eca nt!KeUpdateTime+0x2ec
fffff803`f25985f0 fffff803`f0ed273a hal!HalpTimerClockInterrupt+0x86
fffff803`f2598620 fffff880`08969d83 nt!KiInterruptDispatchNoLockNoEtw+0x1aa
fffff803`f25987b0 fffff803`f0f021ea usb8023x!CancelSendsTimerDpc+0x57
fffff803`f25987f0 fffff803`f0f00655 nt!KiProcessExpiredTimerList+0x22a
fffff803`f2598920 fffff803`f0f02668 nt!KiExpireTimerTable+0xa9
fffff803`f25989c0 fffff803`f0f01a06 nt!KiTimerExpiration+0xc8
fffff803`f2598a70 fffff803`f0f029ba nt!KiRetireDpcList+0x1f6
fffff803`f2598be0 00000000`00000000 nt!KiIdleLoop+0x5a


usb8023x.sys is the Remote NDIS driver (MS system driver).


-----------------------


1. Uninstall Accelerometer ASAP.


2. Ensure all of your Bluwetooth drivers are up to date via HP's website - http://www8.hp.com/us/en/drivers.html


3. If you're still crashing after the above, please enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

http://support.microsoft.com/kb/244617

Regards,

Patrick

Debugger/Reverse Engineer.
1 person found this helpful

Abuse history


progress