locked
windows 7 BSOD memory management RRS feed

  • Question

  • Hello

    I am totally not a tech genius but I will definitely appreciate all your help with my problem. I always get a BSOD in random like MEMORY_MANAGEMENT or PAGE_FAULT_NONPAGED_AREA or something like that. I thought it was my RAM so I bought a new 2GB RAM and still I am getting BSOD. I tried reformatting many times so now I am thinking it my be the RAM slot on my motherboard or the graphics card is the cause of this problem but I already updated the drivers. I am using NVIDIA GeForce 8000 series. Windows 7 ultimate 32bit

    please help me! Thanks


    • Edited by TsunaSawada Thursday, December 8, 2011 11:37 PM
    Thursday, December 8, 2011 11:36 PM

Answers

  • Since the Dragon Nest game installs a kernel mode driver, it is likely that this specific piece is always active even when the game itself is not. This means that the part of the driver that causes the issue has the potential to cause the memory corruption at any time and it is going to be more or less random (but more often when you are playing the game).

    Based on the dump files so far, it is the only cause that has been identified so far, but you could try disabling the 1394hub.sys driver (be sure to note the original start value) and then see if the driver verifier catches anything else.

    Is the driver verifier still enabled? The PAGE_FAULT_IN_NONPAGED_AREA for the latest dump is fairly inconclusive because of the way that the error occurs...

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: 8ca75bf8, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 82d5d4b5, If non-zero, the instruction address which referenced the bad memory
    	address.
    Arg4: 00000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from 82da6718
    Unable to read MiSystemVaType memory at 82d861a0
     8ca75bf8 
    
    FAULTING_IP: 
    nt!ExAllocatePoolWithTag+4ab
    82d5d4b5 3932            cmp     dword ptr [edx],esi
    
    MM_INTERNAL_CODE:  0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x50
    
    PROCESS_NAME:  chrome.exe
    
    CURRENT_IRQL:  0
    
    TRAP_FRAME:  8c87a6ac -- (.trap 0xffffffff8c87a6ac)
    ErrCode = 00000000
    eax=84c36730 ebx=84c363c0 ecx=9ca75bf8 edx=8ca75bf8 esi=84c36730 edi=84c363c4
    eip=82d5d4b5 esp=8c87a720 ebp=8c87a76c iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!ExAllocatePoolWithTag+0x4ab:
    82d5d4b5 3932            cmp     dword ptr [edx],esi  ds:0023:8ca75bf8=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from 82c7d3d8 to 82cca41b
    
    STACK_TEXT:  
    8c87a694 82c7d3d8 00000000 8ca75bf8 00000000 nt!MmAccessFault+0x106
    8c87a694 82d5d4b5 00000000 8ca75bf8 00000000 nt!KiTrap0E+0xdc
    8c87a76c 88c9f7c5 00000011 00000228 6646744e nt!ExAllocatePoolWithTag+0x4ab
    8c87a808 88cb4df6 86d551b0 850c05e8 8c87a85c Ntfs!NtfsPrefetchFile+0x445
    8c87a820 88cb9ad7 86d551b0 850c05e8 8c87a85c Ntfs!NtfsUserFsRequest+0x378
    8c87a83c 88cae3a8 86d551b0 850c05e8 0442c256 Ntfs!NtfsCommonFileSystemControl+0x91
    8c87a8ac 82c73593 85c88020 850c05e8 850c05e8 Ntfs!NtfsFsdFileSystemControl+0x164
    8c87a8c4 88a0620c 85c7fed8 850c05e8 00000000 nt!IofCallDriver+0x63
    8c87a8e8 88a19ce8 8c87a908 85c7fed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
    8c87a920 82c73593 85c7fed8 850c05e8 850c05e8 fltmgr!FltpFsControl+0xe8
    8c87a938 82e6799f 8503d8a8 850c05e8 850c07c0 nt!IofCallDriver+0x63
    8c87a958 82e6ab71 85c7fed8 8503d8a8 00000001 nt!IopSynchronousServiceTail+0x1f8
    8c87a9f4 82ec00a9 85c7fed8 850c05e8 00000000 nt!IopXxxControlFile+0x6aa
    8c87aa40 82ebfedb 800009a4 87887fd0 00000000 nt!PfSnPrefetchFileMetadata+0x81
    8c87aab8 82ebf350 8c87aad4 00000000 a60c42e0 nt!PfSnPrefetchMetadata+0x92
    8c87ac34 82e9853a 8787a000 8c87ac64 8c87ac70 nt!PfSnPrefetchScenario+0x184
    8c87acc8 82eb00ef 82e9661e 84eb50f0 8c87ad20 nt!PfSnBeginAppLaunch+0x382
    8c87acd8 82e96231 a9c1103f 00000000 00000000 nt!PfProcessCreateNotification+0x65
    8c87ad20 82ced219 00000000 777b7098 00000001 nt!PspUserThreadStartup+0x113
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExAllocatePoolWithTag+4ab
    82d5d4b5 3932            cmp     dword ptr [edx],esi
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!ExAllocatePoolWithTag+4ab
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    FAILURE_BUCKET_ID:  0x50_nt!ExAllocatePoolWithTag+4ab
    
    BUCKET_ID:  0x50_nt!ExAllocatePoolWithTag+4ab
    
    Followup: MachineOwner
    ---------
    
    
    For the original two, the dumps are inconclusive on the root cause of the issue,

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
        # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 00005003, The subtype of the bugcheck.
    Arg2: c0802000
    Arg3: 00010f49
    Arg4: 031ba009

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x1a_5003

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  DragonNest.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 82cb65db to 82d30f20

    STACK_TEXT: 
    9c8c0c5c 82cb65db 0000001a 00005003 c0802000 nt!KeBugCheckEx+0x1e
    9c8c0c94 82ce2569 c007cf40 8463bd3c 00000000 nt!MiAllocateWsle+0x6f
    9c8c0d1c 82c933d8 00000001 0f9e8000 00000001 nt!MmAccessFault+0x2252
    9c8c0d1c 64967620 00000001 0f9e8000 00000001 nt!KiTrap0E+0xdc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0a62fe78 00000000 00000000 00000000 00000000 0x64967620


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!MiAllocateWsle+6f
    82cb65db cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!MiAllocateWsle+6f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

    BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 00000003, the pool freelist is corrupt.
    Arg2: 984414d0, the pool entry being checked.
    Arg3: 984414d0, the read back flink freelist value (should be the same as 2).
    Arg4: c0000002, the read back blink freelist value (should be the same as 2).

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x19_3

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 82d7235f to 82d72996

    STACK_TEXT: 
    8ad1bc00 82d7235f 84c34140 00000000 94608828 nt!ExDeferredFreePool+0x336
    8ad1bc6c 82ed4dba 94607080 00000000 94608828 nt!ExFreePoolWithTag+0x8a4
    8ad1bc80 82ed4e58 00000000 94608828 00000000 nt!CmpCleanUpKcbValueCache+0x3e
    8ad1bc94 82e91ba8 00000000 94608828 94608848 nt!CmpCleanUpKcbCacheWithLock+0x25
    8ad1bcb4 82e919e9 94608828 00000000 82db90c0 nt!CmpDereferenceKeyControlBlockWithLock+0x8d
    8ad1bce4 82ece7cc 82d8c63c 82db90b0 84cdea70 nt!CmpDereferenceKeyControlBlock+0x11b
    8ad1bd00 82ccdaab 00000000 00000000 84cdea70 nt!CmpDelayDerefKCBWorker+0xea
    8ad1bd50 82e59f5e 00000001 af9026c9 00000000 nt!ExpWorkerThread+0x10d
    8ad1bd90 82d01219 82ccd99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!ExDeferredFreePool+336
    82d72996 cc              int     3

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt!ExDeferredFreePool+336

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MODULE_NAME: Pool_Corruption

    FAILURE_BUCKET_ID:  0x19_3_nt!ExDeferredFreePool+336

    BUCKET_ID:  0x19_3_nt!ExDeferredFreePool+336

    Followup: Pool_corruption
    ---------



    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Monday, December 26, 2011 2:51 AM
    Friday, December 9, 2011 2:30 PM
  • I think we have most of the information that we'll be able to get without trying to update the BIOS, I downloaded the 1.2 version,

    http://www.emaxxtech.com/files/EMXMCP61D3iCafe/bios/EMX-MCP61D3-iCafe%20BIOS%20V1.2.rar

    When I extracted it with 7-zip, it creates a few folders. In

    EMX-MCP61D3-iCafe BIOS V1.2\EMX-MCP61D3-iCafe BIOS V1.2\Wintools 64 Bit

    There is a flash.bat file that needs to be ran. To help minimize the chance of a system crash, you may try the BIOS update in Safe mode

    http://mikemstech.blogspot.com/2011/12/accessing-safe-mode-in-windows.html

    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Monday, December 26, 2011 2:51 AM
    Sunday, December 11, 2011 9:32 PM

All replies

  • Hi,
     
    Please upload the dumps to skydrive and post a link,
     
     
    On a hunch, we will likely need to turn on driver verifier and re-upload
    the dumps to identify the root cause of the issue,
     
     
    If you want to poke around at the dumps yourself, here is a starting point,
     
     

    -- Mike Burr
    Technology
    Thursday, December 8, 2011 11:44 PM
  • Hi

    I am not sure if I did it right but here is the link

     

    https://skydrive.live.com/redir.aspx?cid=e766283644f615ac&resid=E766283644F615AC!104&parid=root

    Thursday, December 8, 2011 11:50 PM
  • Let's rule out a hardware issue first,
     
     
    If memtest86+/Windiag come back clean, then follow my post on enabling
    the driver verifier and we can see if we find something more definitive
    in terms of a cause
     

    -- Mike Burr
    Technology
    Friday, December 9, 2011 12:40 AM
  • I have tried the memtest with 100 runs and no errors found that was last week ago. I tried to follow your post about verifier but I don't know if I am doing it right. After I reboot my PC, nothing happens. Should that be it? I mean I am expecting that there will be a dialog box or DOS system that looks like memtest which indicates that the Verifier is running. How do I know if I did it right?
    Friday, December 9, 2011 1:02 AM
  • I was late I just got a BSOD and it says:

    "STOP: 0x000000C4

    1394hub.sys - address A0B9C98 base at A0A8B000

    a device driver attempts to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version."

    unfortunately, I don't know where to locate that driver that attempts to corrupt the system but I uploaded another 2 minidumps so kindly check it please!

    https://skydrive.live.com/redir.aspx?cid=e766283644f615ac&resid=E766283644F615AC!104&parid=root

    Friday, December 9, 2011 1:27 AM
  • It looks like one of the dumps was more conclusive, it is blaming a
    "Dragon Nest" application... do you know anything about this one?
     
    1: kd>  !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 000000f6, Referencing user handle as KernelMode.
    Arg2: 00000478, Handle value being referenced.
    Arg3: 87982d40, Address of the current process.
    Arg4: a0b9c98c, Address inside the driver that is performing the incorrect reference.
     
    Debugging Details:
    ------------------
     
    *** WARNING: Unable to verify timestamp for 1394hub.sys
    *** ERROR: Module load completed but symbols could not be loaded for 1394hub.sys
     
    BUGCHECK_STR:  0xc4_f6
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
     
    PROCESS_NAME:  dnlauncher.exe
     
    CURRENT_IRQL:  0
     
    LAST_CONTROL_TRANSFER:  from 82f70f03 to 82d18f20
     
    STACK_TEXT:
    af03771c 82f70f03 000000c4 000000f6 00000478 nt!KeBugCheckEx+0x1e
    af03773c 82f75766 00000478 87982d40 81e1b908 nt!VerifierBugCheckIfAppropriate+0x30
    af0377d0 82e5cf7b 00000000 00000002 00000000 nt!VfCheckUserHandle+0x14f
    af037804 82e5ce35 00000478 00000001 84daeca0 nt!ObReferenceObjectByHandleWithTag+0x13b
    af037828 82e8544c 00000478 00000001 84daeca0 nt!ObReferenceObjectByHandle+0x21
    af03784c 82e86523 00000478 00000001 00000200 nt!CmObReferenceObjectByHandle+0x21
    af0378f8 82c781ea 00000478 af0379d4 00000002 nt!NtQueryValueKey+0x11e
    af0378f8 82c76c2d 00000478 af0379d4 00000002 nt!KiFastCallEntry+0x12a
    af037988 a0b08034 00000478 af0379d4 00000002 nt!ZwQueryValueKey+0x11
    WARNING: Stack unwind information not available. Following frames may be wrong.
    af0379f0 a0b9c98c af037a0c 00000000 00000000 1394hub+0x7d034
    af037b18 a0ae19e4 0fa973f5 00000000 aed8efe0 1394hub+0x11198c
    af037b60 a0b26f19 a97a3014 0fa97309 00000000 1394hub+0x569e4
    af037b9c a0b9e2dc a97a3014 0fa97349 a4dda6e8 1394hub+0x9bf19
    af037bdc 82f6b6c3 89d96cd8 a9eacf68 81e3a7c0 1394hub+0x1132dc
    af037c00 82c7154a 00000000 a9eacf68 89d96cd8 nt!IovCallDriver+0x258
    af037c14 82e6599f 81e3a7c0 a9eacf68 a9eacfd8 nt!IofCallDriver+0x1b
    af037c34 82e68b71 89d96cd8 81e3a7c0 00000000 nt!IopSynchronousServiceTail+0x1f8
    af037cd0 82eaf3f4 89d96cd8 a9eacf68 00000000 nt!IopXxxControlFile+0x6aa
    af037d04 82c781ea 00000468 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    af037d04 779d70b4 00000468 00000000 00000000 nt!KiFastCallEntry+0x12a
    0012bf9c 00000000 00000000 00000000 00000000 0x779d70b4
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    1394hub+7d034
    a0b08034 ??              ???
     
    SYMBOL_STACK_INDEX:  9
     
    SYMBOL_NAME:  1394hub+7d034
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: 1394hub
     
    IMAGE_NAME:  1394hub.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e48b7b9
     
    FAILURE_BUCKET_ID:  0xc4_f6_VRF_1394hub+7d034
     
    BUCKET_ID:  0xc4_f6_VRF_1394hub+7d034
     
    Followup: MachineOwner
    ---------
     
    1: kd>  !process 87982d40
    GetPointerFromAddress: unable to read from 82da471c
    PROCESS 87982d40  SessionId: none  Cid: 0f4c    Peb: 7ffdf000  ParentCid: 0498
        DirBase: 7fc024e0  ObjectTable: a7032438  HandleCount:<Data Not Accessible>
        Image: dnlauncher.exe
        VadRoot 8c820a98 Vads 165 Clone 0 Private 1525. Modified 1832325. Locked 1.
        DeviceMap a19a8b28
        Token                             abe57890
        ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    ffdf0000: Unable to get shared data
        ElapsedTime                       00:00:00.000
        UserTime                          00:00:00.000
        KernelTime                        00:00:00.000
        QuotaPoolUsage[PagedPool]         0
        QuotaPoolUsage[NonPagedPool]      0
        Working Set Sizes (now,min,max)  (3814, 50, 345) (15256KB, 200KB, 1380KB)
        PeakWorkingSetSize                3839
        VirtualSize                       87 Mb
        PeakVirtualSize                   89 Mb
        PageFaultCount                    5794
        MemoryPriority                    BACKGROUND
        BasePriority                      8
        CommitCharge                      2648
        Job                               81ec87a0
             THREAD 81e1b908  Cid 0f4c.0f50  Teb: 7ffde000 Win32Thread: fe282de0 RUNNING on processor 1
            IRP List:
                Unable to read nt!_IRP @ a9eacf68
            Not impersonating
    GetUlongFromAddress: unable to read from 82d644dc
            Owning Process            87982d40       Image:         dnlauncher.exe
            Attached Process          N/A            Image:         N/A
    ffdf0000: Unable to get shared data
            Wait Start TickCount      6732
            Context Switch Count      44752
            ReadMemory error: Cannot get nt!KeMaximumIncrement value.
            UserTime                  00:00:00.000
            KernelTime                00:00:00.000
            Win32 Start Address 0x0046e760
            Stack Init af037fd0 Current af037c08 Base af038000 Limit af035000 Call 0
            Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
            ChildEBP RetAddr
            af03771c 82f70f03 nt!KeBugCheckEx+0x1e
            af03773c 82f75766 nt!VerifierBugCheckIfAppropriate+0x30
            af0377d0 82e5cf7b nt!VfCheckUserHandle+0x14f
            af037804 82e5ce35 nt!ObReferenceObjectByHandleWithTag+0x13b
            af037828 82e8544c nt!ObReferenceObjectByHandle+0x21
            af03784c 82e86523 nt!CmObReferenceObjectByHandle+0x21
            af0378f8 82c781ea nt!NtQueryValueKey+0x11e
            af0378f8 82c76c2d nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ af037918)
            af037988 a0b08034 nt!ZwQueryValueKey+0x11 (FPO: [6,0,0])
    WARNING: Stack unwind information not available. Following frames may be wrong.
            af0379f0 a0b9c98c 1394hub+0x7d034
            af037b18 a0ae19e4 1394hub+0x11198c
            af037b60 a0b26f19 1394hub+0x569e4
            af037b9c a0b9e2dc 1394hub+0x9bf19
            af037bdc 82f6b6c3 1394hub+0x1132dc
            af037c00 82c7154a nt!IovCallDriver+0x258
            af037c14 82e6599f nt!IofCallDriver+0x1b
            af037c34 82e68b71 nt!IopSynchronousServiceTail+0x1f8
            af037cd0 82eaf3f4 nt!IopXxxControlFile+0x6aa
            af037d04 82c781ea nt!NtDeviceIoControlFile+0x2a
            af037d04 779d70b4 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ af037d34)
            0012bf9c 00000000 0x779d70b4
             *** Error in reading nt!_ETHREAD @ 81f77348
     
    1: kd>  lmvm 1394hub
    start    end        module name
    a0a8b000 a0bd5400   1394hub  T (no symbols)
        Loaded symbol image file: 1394hub.sys
        Image path: \??\C:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
        Image name: 1394hub.sys
        Timestamp:        Mon Aug 15 00:07:53 2011 (4E48B7B9)
        CheckSum:         0015B5F7
        ImageSize:        0014A400
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
     
     

    -- Mike Burr
    Technology
    Friday, December 9, 2011 2:17 AM
  • Oh really? I am playing that Dragon Nest. That is an online game. Can you tell why does it cause the system so stop? To be honest, there is a 50% chance that my PC will stop when playing Dragon Nest so I stopped playing it for a while and went on just browsing but still BSOD appears even if I am just browsing Facebook and other sites.

    I already reformatted my PC and reinstalled Dragon Nest. What do you think should I do?

    By the way, what did the other dumps tell you? are they also related to Dragon Nest? I am actually finding some forums regarding Dragon Nest but it seems to be nowhere to found. So you think that is the only suspect we have?

    I have been playing the game more than a month and I have been experiencing the BSOD a month as well. But is there a way that you can explain to me why blue screen also appears when I am just browsing websites and not playing Dragon Nest?

    • Edited by TsunaSawada Friday, December 9, 2011 9:49 AM
    Friday, December 9, 2011 9:24 AM
  • Hi there again i got another BSOD

    page_faulit_in_nonpaged_area

     

    stop: 0x00000050 (0x8CA75BF8, 0X00000000, 0X82D5D4B5, 0X00000000

     

    I also uploaded new minidump file. please help me identify the problem.

    thanks

    https://skydrive.live.com/redir.aspx?cid=e766283644f615ac&resid=E766283644F615AC!104&parid=root

    minidump 120911-30560-01.dmp

    Friday, December 9, 2011 11:30 AM
  • Since the Dragon Nest game installs a kernel mode driver, it is likely that this specific piece is always active even when the game itself is not. This means that the part of the driver that causes the issue has the potential to cause the memory corruption at any time and it is going to be more or less random (but more often when you are playing the game).

    Based on the dump files so far, it is the only cause that has been identified so far, but you could try disabling the 1394hub.sys driver (be sure to note the original start value) and then see if the driver verifier catches anything else.

    Is the driver verifier still enabled? The PAGE_FAULT_IN_NONPAGED_AREA for the latest dump is fairly inconclusive because of the way that the error occurs...

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: 8ca75bf8, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 82d5d4b5, If non-zero, the instruction address which referenced the bad memory
    	address.
    Arg4: 00000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from 82da6718
    Unable to read MiSystemVaType memory at 82d861a0
     8ca75bf8 
    
    FAULTING_IP: 
    nt!ExAllocatePoolWithTag+4ab
    82d5d4b5 3932            cmp     dword ptr [edx],esi
    
    MM_INTERNAL_CODE:  0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x50
    
    PROCESS_NAME:  chrome.exe
    
    CURRENT_IRQL:  0
    
    TRAP_FRAME:  8c87a6ac -- (.trap 0xffffffff8c87a6ac)
    ErrCode = 00000000
    eax=84c36730 ebx=84c363c0 ecx=9ca75bf8 edx=8ca75bf8 esi=84c36730 edi=84c363c4
    eip=82d5d4b5 esp=8c87a720 ebp=8c87a76c iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!ExAllocatePoolWithTag+0x4ab:
    82d5d4b5 3932            cmp     dword ptr [edx],esi  ds:0023:8ca75bf8=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from 82c7d3d8 to 82cca41b
    
    STACK_TEXT:  
    8c87a694 82c7d3d8 00000000 8ca75bf8 00000000 nt!MmAccessFault+0x106
    8c87a694 82d5d4b5 00000000 8ca75bf8 00000000 nt!KiTrap0E+0xdc
    8c87a76c 88c9f7c5 00000011 00000228 6646744e nt!ExAllocatePoolWithTag+0x4ab
    8c87a808 88cb4df6 86d551b0 850c05e8 8c87a85c Ntfs!NtfsPrefetchFile+0x445
    8c87a820 88cb9ad7 86d551b0 850c05e8 8c87a85c Ntfs!NtfsUserFsRequest+0x378
    8c87a83c 88cae3a8 86d551b0 850c05e8 0442c256 Ntfs!NtfsCommonFileSystemControl+0x91
    8c87a8ac 82c73593 85c88020 850c05e8 850c05e8 Ntfs!NtfsFsdFileSystemControl+0x164
    8c87a8c4 88a0620c 85c7fed8 850c05e8 00000000 nt!IofCallDriver+0x63
    8c87a8e8 88a19ce8 8c87a908 85c7fed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
    8c87a920 82c73593 85c7fed8 850c05e8 850c05e8 fltmgr!FltpFsControl+0xe8
    8c87a938 82e6799f 8503d8a8 850c05e8 850c07c0 nt!IofCallDriver+0x63
    8c87a958 82e6ab71 85c7fed8 8503d8a8 00000001 nt!IopSynchronousServiceTail+0x1f8
    8c87a9f4 82ec00a9 85c7fed8 850c05e8 00000000 nt!IopXxxControlFile+0x6aa
    8c87aa40 82ebfedb 800009a4 87887fd0 00000000 nt!PfSnPrefetchFileMetadata+0x81
    8c87aab8 82ebf350 8c87aad4 00000000 a60c42e0 nt!PfSnPrefetchMetadata+0x92
    8c87ac34 82e9853a 8787a000 8c87ac64 8c87ac70 nt!PfSnPrefetchScenario+0x184
    8c87acc8 82eb00ef 82e9661e 84eb50f0 8c87ad20 nt!PfSnBeginAppLaunch+0x382
    8c87acd8 82e96231 a9c1103f 00000000 00000000 nt!PfProcessCreateNotification+0x65
    8c87ad20 82ced219 00000000 777b7098 00000001 nt!PspUserThreadStartup+0x113
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExAllocatePoolWithTag+4ab
    82d5d4b5 3932            cmp     dword ptr [edx],esi
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!ExAllocatePoolWithTag+4ab
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    FAILURE_BUCKET_ID:  0x50_nt!ExAllocatePoolWithTag+4ab
    
    BUCKET_ID:  0x50_nt!ExAllocatePoolWithTag+4ab
    
    Followup: MachineOwner
    ---------
    
    
    For the original two, the dumps are inconclusive on the root cause of the issue,

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
        # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 00005003, The subtype of the bugcheck.
    Arg2: c0802000
    Arg3: 00010f49
    Arg4: 031ba009

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x1a_5003

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  DragonNest.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 82cb65db to 82d30f20

    STACK_TEXT: 
    9c8c0c5c 82cb65db 0000001a 00005003 c0802000 nt!KeBugCheckEx+0x1e
    9c8c0c94 82ce2569 c007cf40 8463bd3c 00000000 nt!MiAllocateWsle+0x6f
    9c8c0d1c 82c933d8 00000001 0f9e8000 00000001 nt!MmAccessFault+0x2252
    9c8c0d1c 64967620 00000001 0f9e8000 00000001 nt!KiTrap0E+0xdc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0a62fe78 00000000 00000000 00000000 00000000 0x64967620


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!MiAllocateWsle+6f
    82cb65db cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!MiAllocateWsle+6f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

    BUCKET_ID:  0x1a_5003_nt!MiAllocateWsle+6f

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 00000003, the pool freelist is corrupt.
    Arg2: 984414d0, the pool entry being checked.
    Arg3: 984414d0, the read back flink freelist value (should be the same as 2).
    Arg4: c0000002, the read back blink freelist value (should be the same as 2).

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x19_3

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 82d7235f to 82d72996

    STACK_TEXT: 
    8ad1bc00 82d7235f 84c34140 00000000 94608828 nt!ExDeferredFreePool+0x336
    8ad1bc6c 82ed4dba 94607080 00000000 94608828 nt!ExFreePoolWithTag+0x8a4
    8ad1bc80 82ed4e58 00000000 94608828 00000000 nt!CmpCleanUpKcbValueCache+0x3e
    8ad1bc94 82e91ba8 00000000 94608828 94608848 nt!CmpCleanUpKcbCacheWithLock+0x25
    8ad1bcb4 82e919e9 94608828 00000000 82db90c0 nt!CmpDereferenceKeyControlBlockWithLock+0x8d
    8ad1bce4 82ece7cc 82d8c63c 82db90b0 84cdea70 nt!CmpDereferenceKeyControlBlock+0x11b
    8ad1bd00 82ccdaab 00000000 00000000 84cdea70 nt!CmpDelayDerefKCBWorker+0xea
    8ad1bd50 82e59f5e 00000001 af9026c9 00000000 nt!ExpWorkerThread+0x10d
    8ad1bd90 82d01219 82ccd99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!ExDeferredFreePool+336
    82d72996 cc              int     3

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt!ExDeferredFreePool+336

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MODULE_NAME: Pool_Corruption

    FAILURE_BUCKET_ID:  0x19_3_nt!ExDeferredFreePool+336

    BUCKET_ID:  0x19_3_nt!ExDeferredFreePool+336

    Followup: Pool_corruption
    ---------



    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Monday, December 26, 2011 2:51 AM
    Friday, December 9, 2011 2:30 PM
  • Hi! thanks for your help.

    I disabled the 1394hub.sys from the dragon nest application. So the Dragon Nest app still runs without the 1394hub.sys but after some time playing when I closed the game app, I just browsed again websites and then suddenly the BSOD appeared with the latest error which is PAGE_FAULT_IN_NONPAGED_AREA.

    Just to give you an update, I cannot play Dragon Nest without the NVIDIA drivers installed but now i uninstalled NVIDIA Drivers from my PC and my PC is not running with aero effects anymore. With those drivers uninstalled right now, my PC seems to be working fine as of now. Do you think the NVIDIA drivers cause another blue screen although they are updated?

    Is it advisable to run the 'verifier' again to check if there are any other drivers that can affect the system? also, do you think, the motherboard could be bad and needs a replacement?

    I really thank you for helping me =)


    • Edited by TsunaSawada Friday, December 9, 2011 3:20 PM
    Friday, December 9, 2011 3:10 PM
  • I'd recommend leaving driver verifier enabled until we identify the cause of the issue. It is possible that the NVidia drivers were causing issues, have you tried updating to the latest version?

    Based on what we've seen so far, it doesn't seem like a hardware issue, otherwise you would have seen something with memtest86+ or you would be seeing different stop errors, WHEA_UNCORRECTABLE_ERROR and KERNEL_DATA_INPAGE_ERROR to name a couple.

    -- Mike Burr
    Technology
    Friday, December 9, 2011 3:28 PM
  • Honestly, I haven't seen those stop errors. The common errors I always encounter are:

    PAGE_FAULT_IN_NONPAGED_AREA

    IRQL_NOT_LESS_THAN_OR_EQUAL

    MEMORY_MANAGEMENT

    and most of the time I see the win32k.sys which I am so clueless about.

    My PC is installed with NVIDIA software updater and based on their website, I am confident that I downloaded their latest version of drivers. I just play and play Dragon Nest and browse Youtube and Facebook so I don't have any other jobs that i think can cause too much problem aside from this.

    Would it be advisable to reinstall the NVIDIA drivers and playing Dragon Nest while 'verifier' is running?

    Friday, December 9, 2011 3:39 PM
  • win32k.sys is the Windows display driver, so that would point to an
    NVidia issue. I don't think it would hurt to install the NVidia drivers
    with verifier running, but you could disable it to be safe.
     

    -- Mike Burr
    Technology
    Friday, December 9, 2011 3:50 PM
  • For a month that I experience this trouble, I think it would not really hurt so I will install the NVIDIA drivers while Verifier is running and I will inform you when something comes up.

    So at this point, we have just eliminated the 1394hub.sys as one of the causes. We are just going one by one I think?

    By the way, what do you think is the cause of PC freezing? I mean, even during the start up, the PC freezes. Even in the page where you are to choose a safe mode, it will stop moving and sometimes I will be lucky if it proceeds to the main desktop but still freezes. Mouse stops working even the num lock and caps lock are not responding. The won't restart by itself but will just freeze. Is that a RAM issue?

    Friday, December 9, 2011 3:58 PM
  • We identified that 1394hub.sys was causing issues, but by disabling it
    we prevented it from causing future issues.
     
    It strikes me that there may be a misbehaving device creating more than
    its fair share of hardware interrupts (this is one of the main causes of
    "freezes"). What devices do you have attached to your computer?
     

    -- Mike Burr
    Technology
    Friday, December 9, 2011 4:45 PM
  • What do you mean by devices?

    I did not remove or added device on my PC. Other than its new RAM, everything is the same the way they were before.

    I have 2.1 bass speakers and usb flash drives. I sometimes connect my mobile phone for file transfer purposes but as of now I am not doing any file transfer from my phone so I am not really sure what causes the freezes.

    It worries me because even when windows is loading or even the screen where you can press F8 will freeze itself and won't do anything unless you restart the PC.

    Friday, December 9, 2011 4:52 PM
  • I was seeing if there were any unusual USB/Firewire devices or anything
    that could be causing a lot of interrupts. I looked at the dumps again,
    and you might try updating the BIOS, yours is from 2010,
     
     
    1: kd>  !sysinfo machineid
    Machine ID Information [From Smbios 2.5, DMIVersion 0, Size=1961]
    BiosMajorRelease = 8
    BiosMinorRelease = 15
    BiosVendor = American Megatrends Inc.
    BiosVersion = 080015
    BiosReleaseDate = 01/22/2010
    SystemManufacturer = To Be Filled By O.E.M.
    SystemProductName = To Be Filled By O.E.M.
    SystemFamily = To Be Filled By O.E.M.
    SystemVersion = To Be Filled By O.E.M.
    SystemSKU = To Be Filled By O.E.M.
    BaseBoardManufacturer = Emaxx Technologies, Inc
    BaseBoardProduct = EMX-MCP61D3-iCafe
    BaseBoardVersion = V1.0
     
     

    -- Mike Burr
    Technology
    Saturday, December 10, 2011 7:42 PM
  • Hi

    I am sorry. I don't know how to update BIOS but i have another minidump again when. Can you help me again checking this?

    https://skydrive.live.com/redir.aspx?cid=e766283644f615ac&resid=E766283644F615AC!104&parid=root

    Sunday, December 11, 2011 12:07 AM
  • I think we have most of the information that we'll be able to get without trying to update the BIOS, I downloaded the 1.2 version,

    http://www.emaxxtech.com/files/EMXMCP61D3iCafe/bios/EMX-MCP61D3-iCafe%20BIOS%20V1.2.rar

    When I extracted it with 7-zip, it creates a few folders. In

    EMX-MCP61D3-iCafe BIOS V1.2\EMX-MCP61D3-iCafe BIOS V1.2\Wintools 64 Bit

    There is a flash.bat file that needs to be ran. To help minimize the chance of a system crash, you may try the BIOS update in Safe mode

    http://mikemstech.blogspot.com/2011/12/accessing-safe-mode-in-windows.html

    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Monday, December 26, 2011 2:51 AM
    Sunday, December 11, 2011 9:32 PM