BSOD caused by unknown image

Toggle sidebar Toggle sidebar
D

die_magische_zwiebel

Jun 11, 2018
7
0
10
(Edit here is a screenshot of bluescreen viewer if anyone needs it https://drive.google.com/file/d/1MaYktqguPD2QzMfCvtqBQHA5pphfzQ_K/view?usp=sharing)
Hey so recently a friend of mine has been experiencing bsod's, his computer is only around 2-3 weeks old, I've tried several things myself like sfc /scannow etc and repair through windows, eventually we decided to completely reset the pc and reinstall windows.
This did not fix the problem and he started experiencing bsod's again.

We haven't run the windows memory diagnostic test yet because he doesn't want to do it at this moment during his gaming session xd(I will post the results once we've ran the test), I've decided to then first post the minidump to see if anyone else might have a fix or theory why the bsod's are happening.
I have no idea how you upload files on this site or if it's even possible, but I've decided to put it on google drive, here is the link to the most recent minidump: https://drive.google.com/file/d/1ZX47qEM29haOWfVHuRF5-I4qJTl4Ht_w/view?usp=sharing

I've been thinking about reseating the RAM since multiple errors point to that the RAM might be the problem, and reseating the RAM also fixed my bluescreen a while ago so ye

Here are all the stop codes he has encounterd

(before windows reset)
kernel_auto_boost_invalid_lock_release
irql_not_less_or_equal

(after windows reset)
irql_not_less_or_equal
page_fault_in_nonpaged_area
critical_structure_corruption (this has been the latest stopcode I'm not sure if the others will reappear but time will tell I guess)

Now to get to the point of the title.
So I've uploaded the minidump to a website which apperantly analyzes it, this is what it said.
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 8 Kernel Version 17134 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff802`36605000 PsLoadedModuleList = 0xfffff802`369bf1f0
Debug session time: Wed Jul 4 13:57:59.085 2018 (UTC - 4:00)
System Uptime: 0 days 2:33:40.790
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88ccc90cb70, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: fffff88ccc90cb70, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 000000000000000c, (reserved)

Debugging Details:
------------------


Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
fffff88ccc90cb70

FAULTING_IP:
+0
fffff88c`cc90cb70 ?? ???

MM_INTERNAL_CODE: c

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: Discord.exe

CURRENT_IRQL: 0

BAD_PAGES_DETECTED: 8096

TRAP_FRAME: fffff502417ef420 -- (.trap 0xfffff502417ef420)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd208f5808100
rdx=fffff502417ef600 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88ccc90cb70 rsp=fffff502417ef5b8 rbp=ffffc00de09e9e40
r8=0000000000000000 r9=0000000000000000 r10=000000004d637052
r11=0000000000001001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff88c`cc90cb70 ?? ???
Resetting default scope

LOCK_ADDRESS: fffff802369d94e0 -- (!locks fffff802369d94e0)

Resource @ nt!PiEngineLock (0xfffff802369d94e0) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0xfffff802369d94e0
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from fffff802367ef21d to fffff8023679d330

STACK_TEXT:
fffff502`417ef168 fffff802`367ef21d : 00000000`00000050 fffff88c`cc90cb70 00000000`00000010 fffff502`417ef420 : nt!KeBugCheckEx
fffff502`417ef170 fffff802`366b23e8 : fffff502`417ef308 00000000`00000010 00000000`00000000 ffffb9dc`ee773b98 : nt!MiSystemFault+0x14135d
fffff502`417ef2b0 fffff802`367aa9da : 00000000`00000000 fffff502`417ef6d8 ffffc00d`e764a010 ffffc00d`e6dc52f0 : nt!MmAccessFault+0x1f8
fffff502`417ef420 fffff88c`cc90cb70 : fffff802`36b6a388 00000000`00000014 ffffc00d`e09e9e40 00000000`00000000 : nt!KiPageFault+0x31a
fffff502`417ef5b8 fffff802`36b6a388 : 00000000`00000014 ffffc00d`e09e9e40 00000000`00000000 00000000`00000000 : 0xfffff88c`cc90cb70
fffff502`417ef5c0 fffff802`36b6bb9b : ffffc00d`e6dc52b0 00000000`00000000 00000000`00000000 fffff502`417ef6d8 : nt!PiDqQuerySerializeActionQueue+0xfc
fffff502`417ef650 fffff802`36b684ba : ffff8480`9f9be000 00000000`00000000 ffffc00d`e6dc52b0 ffffd208`ed90f400 : nt!PiDqIrpQueryCreate+0x25b
fffff502`417ef790 fffff802`36b67266 : ffffc00d`e764a010 ffffc00d`e09e9e40 fffff802`36900940 ffffc00d`e2979050 : nt!PiDqDispatch+0x9a
fffff502`417ef7d0 fffff802`36689189 : ffffc00d`e764a010 ffffc00d`e2979080 00000000`00000001 00000000`20206f49 : nt!PiDaDispatch+0x46
fffff502`417ef800 fffff802`36afc2eb : ffffc00d`e764a010 fffff502`417efb80 00000000`00000001 00000000`00000000 : nt!IofCallDriver+0x59
fffff502`417ef840 fffff802`36b0822f : ffffc00d`00000000 ffffc00d`e29790d0 00000000`00000000 fffff502`417efb80 : nt!IopSynchronousServiceTail+0x1ab
fffff502`417ef8f0 fffff802`36b089d6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x66f
fffff502`417efa20 fffff802`367ad943 : ffffd208`f0ff1e90 fffff802`36b07add 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff502`417efa90 00000000`77e41e4c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0940f298 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77e41e4c


STACK_COMMAND: kb

SYMBOL_NAME: PAGE_NOT_ZERO

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: PAGE_NOT_ZERO

Followup: MachineOwner
---------

*** Memory manager detected 32918 instance(s) of page corruption, target is likely to have memory corruption.


This free analysis is provided by OSR Open Systems Resources, Inc.
Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)

What I found in this was that it detected page corruption and then states memory corruption, so I think this points directly that the RAM is causing the bsod's I'm not sure though.
A youtube video pointed that you should look at the image name which is unknown_image apperently this made it crash??
I was thinking of using memtest86 to see if there is anything wrong with the RAM but wouldn't it be better to first reseat the RAM to see if it's fixed that way? because that worked for me before when I was experiencing bsod's

I hope one of you can help me with these bsod's, of course if you need any additional information I'm happy to provide it.
Thanks in advance :)
 
Sort by date Sort by votes


Where should I check settings, in the application or in the files? and for what because I can't find any settings about the faulting ip or something?
Can you maybe be more specific because I don't really have an idea what you mean ;p
 
Upvote 0 Downvote

It didn't fix it, yesterday it crashed while shutting down the system, and today during gaming, he didn't take a picture of the error code so ye won't be able to give you those, although he said it were different codes compared to the previous codes I have mentioned
(btw it usually takes around 2ish houres before it crashes and sometimes it even takes longer, not sure if this information is important but providing it just in case it helps)

Here are the minidumps

Yesterday
https://drive.google.com/file/d/1LoX8EbwSNz6Xx3pee2t1DZUv92CnNbe2/view?usp=sharing
Info given by site
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 8 Kernel Version 17134 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff801`41a12000 PsLoadedModuleList = 0xfffff801`41dcc1f0
Debug session time: Thu Jul 5 15:43:57.996 2018 (UTC - 4:00)
System Uptime: 0 days 4:45:07.563
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffdb80b390a070
Arg3: ffff9a0ba3903f50
Arg4: fffff80141bb74d0

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

BUGCHECK_STR: 0x7f_8

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

BAD_PAGES_DETECTED: 7706

LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80141bb74d0

STACK_TEXT:
ffff9a0b`a3903f50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10


STACK_COMMAND: kb

SYMBOL_NAME: PAGE_NOT_ZERO

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: PAGE_NOT_ZERO

Followup: MachineOwner
---------

*** Memory manager detected 30470 instance(s) of page corruption, target is likely to have memory corruption.

Today
https://drive.google.com/file/d/1SKMBVhrZB7baj-5TYPc4r6re3vVHzvkB/view?usp=sharing
Info given by site
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 8 Kernel Version 17134 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff800`81e9c000 PsLoadedModuleList = 0xfffff800`822561f0
Debug session time: Fri Jul 6 09:55:12.497 2018 (UTC - 4:00)
System Uptime: 0 days 2:43:50.203
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc000001d, The exception code that was not handled
Arg2: fffff800824566d8, The address that the exception occurred at
Arg3: ffff8c0c559db080, Parameter 0 of the exception
Arg4: ffff8c0c5136d1a8, Parameter 1 of the exception

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.

FAULTING_IP:
nt!FsRtlOplockBreakH+18
fffff800`824566d8 f04c8bfa lock mov r15,rdx

EXCEPTION_PARAMETER1: ffff8c0c559db080

EXCEPTION_PARAMETER2: ffff8c0c5136d1a8

ERROR_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.

BUGCHECK_STR: 0x1e_c000001d

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

BAD_PAGES_DETECTED: 7c9c

EXCEPTION_RECORD: 0000000000000100 -- (.exr 0x100)
Cannot read Exception record @ 0000000000000100

LAST_CONTROL_TRANSFER: from fffff80081ef52bd to fffff80082034430

FAILED_INSTRUCTION_ADDRESS:
nt!FsRtlOplockBreakH+18
fffff800`824566d8 f04c8bfa lock mov r15,rdx

CONTEXT: b8b28b4858247c89 -- (.cxr 0xb8b28b4858247c89)
Unable to read context, Win32 error 0n30

STACK_TEXT:
ffff8001`ee94ee48 fffff800`81ef52bd : 00000000`0000001e ffffffff`c000001d fffff800`824566d8 ffff8c0c`559db080 : nt!KeBugCheckEx
ffff8001`ee94ee50 fffff800`82045042 : 00000000`00000100 00000000`00000000 00000000`00000000 ffff8c0c`50f71630 : nt!KiDispatchException+0x58d
ffff8001`ee94f500 fffff800`820401a5 : 00000000`00000000 ffff8c0c`55a3aaf0 ffff8c0c`52b02080 ffff8001`ef71d340 : nt!KiExceptionDispatch+0xc2
ffff8001`ee94f6e0 fffff800`824566d8 : ffffc483`f415a448 ffff8c0c`54d52dc8 ffffc483`f415a010 00000000`00000002 : nt!KiInvalidOpcodeFault+0x2e5
ffff8001`ee94f870 ffff8c0c`00000002 : 00000000`00000000 ffff8001`ee6ca448 ffff8001`ee6ca3f0 ffff8001`ee6ca450 : nt!FsRtlOplockBreakH+0x18
ffff8001`ee94f910 00000000`00000000 : ffff8001`ee6ca448 ffff8001`ee6ca3f0 ffff8001`ee6ca450 00007fff`d8dd3140 : 0xffff8c0c`00000002


SYMBOL_NAME: PAGE_NOT_ZERO

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .cxr 0xb8b28b4858247c89 ; kb

BUCKET_ID: PAGE_NOT_ZERO

Followup: MachineOwner
---------

*** Memory manager detected 31900 instance(s) of page corruption, target is likely to have memory corruption.

Could these bsod's be caused by windows?

Tomorrow I'll be going to his house to run some checks on his hdd, ram and try the windows repair thing again etc
Would it be a good idea to bring my boot drive and boot his pc onto that to see if it crashes or not, because maybe the hardware like the ram can be causing it? or are you certain that it is software wise?
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom