Question
Applies to
223 views
Windows 8 Has Been Crashing
I've had my computer for a little over a month, but this past week I've been having problems with Windows 8 crashing and restarting my computer. When my computer crashes it has shown a couple of different error messages (UNEXPECTED_KERNAL_MODE_TRAP and
IRQL_NOT_LESS_OR_EQUAL being two of the more recent). I'm not sure what is going on exactly, but I have a feeling it might be related to my Wacom Tablet drivers. Any help in regards to this would be greatly appreciated.
Abuse history
Answer
Hi,
We have various different bugchecks attached:
INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).
The processor identified a problem, but Windows was unable to deal with it.
This problem can occur when any of these issues occur:
・ Defective memory, memory incorrectly installed or mismatched memory sticks
・ BIOS having the wrong settings and/or overclocking the processor (CPU) or memory
・ Stopped or slow fans causing overheating
・ Defective or buggy hardware or video drivers
・ Defective Processor (CPU)
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
A kernel-mode driver attempted to access pageable memory at a process IRQL (Interrupt Request Level) that was too high.
Usual causes are a device driver has a bug and attempted to access invalid memory, the pagefile has been corrupted or there is a memory problem.
Wdf01000.sys is the driver faulted in the *D1 bugcheck which is NOT the true cause as Wdf01000.sys is the Kernel Mode Driver Framework Runtime and is likely being faulted by possibly another device driver or hardware failure.
IRQL_NOT_LESS_OR_EQUAL (a)
A kernel-mode driver or process attempted to access a protected memory location it does not have permission for, or a kernel interrupt request level (IRQL) attempted to access a memory address that is too high.
This bugcheck usually occurs when a driver uses an incorrect memory address. Other possible causes of this error include: bug in a device driver, system service, the BIOS, an old Anti-virus program or backup tool, or possibly memory issues.
IMAGE_NAME: hardware
MODULE_NAME: hardware
and then we have another *A faulting dxgmms1.sys which is the DirectX Kernel.
1. I recommend temporarily removing and replacing AVG with Windows 8's built-in Windows Defender:
AVG removal tool - http://www.avg.com/us-en/utilities
2. WacomVKHid.sys - Thu Feb 15 18:10:54 2007
^^ Wacom(tablet) HID filter. 2007 is a little too old for Windows 8.
Check for an update -
We have various different bugchecks attached:
INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
An exception was raised in an interrupt service routine which was not handled by the interrupt service routine.
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).
The processor identified a problem, but Windows was unable to deal with it.
This problem can occur when any of these issues occur:
・ Defective memory, memory incorrectly installed or mismatched memory sticks
・ BIOS having the wrong settings and/or overclocking the processor (CPU) or memory
・ Stopped or slow fans causing overheating
・ Defective or buggy hardware or video drivers
・ Defective Processor (CPU)
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
A kernel-mode driver attempted to access pageable memory at a process IRQL (Interrupt Request Level) that was too high.
Usual causes are a device driver has a bug and attempted to access invalid memory, the pagefile has been corrupted or there is a memory problem.
Wdf01000.sys is the driver faulted in the *D1 bugcheck which is NOT the true cause as Wdf01000.sys is the Kernel Mode Driver Framework Runtime and is likely being faulted by possibly another device driver or hardware failure.
IRQL_NOT_LESS_OR_EQUAL (a)
A kernel-mode driver or process attempted to access a protected memory location it does not have permission for, or a kernel interrupt request level (IRQL) attempted to access a memory address that is too high.
This bugcheck usually occurs when a driver uses an incorrect memory address. Other possible causes of this error include: bug in a device driver, system service, the BIOS, an old Anti-virus program or backup tool, or possibly memory issues.
IMAGE_NAME: hardware
MODULE_NAME: hardware
and then we have another *A faulting dxgmms1.sys which is the DirectX Kernel.
1. I recommend temporarily removing and replacing AVG with Windows 8's built-in Windows Defender:
AVG removal tool - http://www.avg.com/us-en/utilities
2. WacomVKHid.sys - Thu Feb 15 18:10:54 2007
^^ Wacom(tablet) HID filter. 2007 is a little too old for Windows 8.
Check for an update -
http://www.wacom.com/en/CustomerCare/Drivers.aspx or at the OEM support website if it came built in to your system
If no update available, remove the Wacom device and uninstall any Wacom software for troubleshooting purposes.
If the above do not help, let's enable Driver Verifier to check for further device driver conflicts:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7)
- Concurrentcy Stress Test (Windows 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:
- Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
Regards,
Patrick
If no update available, remove the Wacom device and uninstall any Wacom software for troubleshooting purposes.
If the above do not help, let's enable Driver Verifier to check for further device driver conflicts:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7)
- Concurrentcy Stress Test (Windows 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:
- Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
Regards,
Patrick
Debugger/Reverse Engineer.
Abuse history
