I need help reading some Mini-dumps to solve some Bsods that have been just out of arms reach

Toggle sidebar Toggle sidebar
J

JosiahCrawford

Prominent
Apr 3, 2017
25
0
530
Here are some of the more recent bsods, link to my Onedrive

https://1drv.ms/u/s!AmSGGFeCFoVOlBLFmda0pNdvbALy
https://1drv.ms/u/s!AmSGGFeCFoVOlBMYbG2PXQKfxIMg
https://1drv.ms/u/s!AmSGGFeCFoVOlBRqn230uGtHC2Xq
https://1drv.ms/u/s!AmSGGFeCFoVOlBVzEMl9hunALB4w

Also here is some stuff Who Crashed Gave me


On Thu 8/10/2017 4:51:55 PM your computer crashed
crash dump file: C:\WINDOWS\Minidump\081017-22468-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x16C560)
Bugcheck code: 0x19 (0x20, 0xFFFF9683D3852710, 0xFFFF9683D3852810, 0xC080004)
Error: BAD_POOL_HEADER
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 8/10/2017 4:51:55 PM your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x19 (0x20, 0xFFFF9683D3852710, 0xFFFF9683D3852810, 0xC080004)
Error: BAD_POOL_HEADER
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Mon 8/7/2017 5:30:59 PM your computer crashed
crash dump file: C:\WINDOWS\Minidump\080717-22421-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x16C550)
Bugcheck code: 0xA (0xFFFFC881CDEA7071, 0xFF, 0x0, 0xFFFFF8010C609044)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Mon 8/7/2017 5:30:59 PM your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: amdppm.sys (amdppm+0xB492)
Bugcheck code: 0xA (0xFFFFC881CDEA7071, 0xFF, 0x0, 0xFFFFF8010C609044)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\drivers\amdppm.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Processor Device Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Sat 8/5/2017 3:05:07 AM your computer crashed
crash dump file: C:\WINDOWS\Minidump\080517-19828-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x16C550)
Bugcheck code: 0xA (0x0, 0xE, 0x1, 0xFFFFF8039917BB8C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
 
Solution
gardenman
I ran the memory.dmp file through the debugger and it was full of errors. This is a known problem with the debugger. I edited out most of the errors got the following results: https://pastebin.com/pEsHT6vF

File: MEMORY.DMP (Sat Aug 19 22:14:59 2017)
BugCheck: [CLOCK_WATCHDOG_TIMEOUT (101)] {18, 0, ffff8c01fa2aa180, 6}
Probably caused by: memory_corruption (Process: GameOverlayUI.exe)

Colif, it's unlikely that the drivers list is complete due to the errors.

I can't help you with this. Wait for someone else to reply. Good luck.
Sort by date Sort by votes
Hi, I ran the dump file(s) through the debugger and got the following information: https://pastebin.com/TxeG3xcN

File: 080517-19828-01.dmp (Sat Aug 5 06:05:07 2017)
BugCheck: [IRQL_NOT_LESS_OR_EQUAL (A)] {0, e, 1, fffff8039917bb8c}
Probably caused by: memory_corruption (Process: System)

File: 080317-26312-01.dmp (Thu Aug 3 22:33:52 2017)
BugCheck: [IRQL_NOT_LESS_OR_EQUAL (A)] {2f, ff, 0, fffff8014e48c298}
Probably caused by: ntkrnlmp.exe (Process: System)

File: 081017-22468-01.dmp (Thu Aug 10 19:51:55 2017)
BugCheck: [BAD_POOL_HEADER (19)] {20, ffff9683d3852710, ffff9683d3852810, c080004}
Probably caused by: memory_corruption (Process: nvcontainer.exe)

File: 080717-22421-01.dmp (Mon Aug 7 20:30:59 2017)
BugCheck: [IRQL_NOT_LESS_OR_EQUAL (A)] {ffffc881cdea7071, ff, 0, fffff8010c609044}
Probably caused by: ntkrnlmp.exe (Process: System)

I can't help you with this. Wait for someone else to reply. Good luck.
 
Upvote 0 Downvote
Given there is only 1 BIOS, you must be on latest.

nvcontainer.exe is part of the Nvidia drivers. You might want to run ddu and instead of loading latest drivers, run windows update and use the drivers Microsoft have. The July drivers aren't the best.

Old drivers that might be cause:
wdcsam64.sys (Dated Fri Oct 9 2015) - Western Digital SCSI Architecture Model (SAM) WDM driver (normally used for ssd)
CMUSBDAC.sys (Dated Mon Nov 28 2016) - Possibly part of Blue Snowball Microphone drivers, these don't work well with win 10

Unplug the Blue Snowball
Download and install the ASIO4ALL driver Available from HERE, most users have reported this driver fixes an incompatibility between the Blue Snowball and Windows 10 . . .
Plug in the Blue Snowball and it should now work . . .
Click to expand...
https://answers.microsoft.com/en-us/windows/forum/windows_10-hardware/my-blue-snowball-ice-is-crashing-my-pc/3bcfe403-26da-42e4-9259-35d5b47f9a4c

given the number of USB drivers mentioned, I wouldn't be surprised if you did have a Blue Snowball Microphone.
 
Upvote 1 Downvote
Hello and thank you for helping me with this, as for wdcsam64.sys that sounds plausible and i'll try to look for an updated driver however I've been unsuccessful finding one as the HDD is old, generic, and doesn't really have a name that I can find but i'll give it a shot. As for the Blue Snowball i guess i'll be on a look out for an update for it but I've have this issue since before the mic so not likely to be the fix. As for the Nvidia driver do you have any suggestions on what date i should shoot for or is this a trial and error kind of thing?
 
Upvote 0 Downvote
Okay, I see I had name wrong... wdcsam = WD External Storage (WD SCSI Architecture Model (SAM) driver)
So this drive you can't find drivers for, is it external?

That explains why I couldn't see a link between motherboard and drivers.

try the fix in the quote for the Blue Snowball as it helped others.

Nvidia, I let windows update get my drivers so not sure what date they are. I think they the May drivers.
 
Upvote 0 Downvote
Sorry I've been busy lately, so yeah. As for the hard drive I have two, one internal (Generic) and one external (WD Passport ultra 2T) both are WD so what i did with that was go onto the site again and download every support software i could find that would do anything close to what you told me to do. Out of all of them one was the most useful being some diagnostic software I don't remember which one, (there were a few) and it showed me a driver that was installed for an ssd with a few options on to update one to uninstall and one to install only if needed. I clicked the last one and it uninstalled the driver however i'm not sure if it was related, but it is the most significant thing that I've been able to find that may be a cause. Small victories.

As for the Snowball i went and did all that, installed the fix and everything just to get that out of the way so that's done.

Now i guess i'll go trying to find a working driver for the GPU if a proper crash happens again, things have been a bit more reliable since I've gotten rid of the useless driver but there are still some cases of crashing to desktop when playing certain games. And i won't be totally convinced that this is fixed until a significant amount of time has passed. This issue has appeared fixed quite a few times only for it to reemerge randomly.

 
Upvote 0 Downvote
memory dump shows that you are running your own activation server.
debugging pirate versions of windows is kind of a waste of time.

you might run verifier to find out what is corrupting your device drivers memory headers. It will cause a bugcheck when the corruption happens rather than later when the corrupted kernel data is accessed.
 
Upvote 1 Downvote
curious, john, where does it show that info? I don't disbelieve you, I am sort of amateur at reading these dump print outs and a clue where to look for this will help in future :)

I wish driver verifer wouldn't put people into boot loops so often or I would suggest it more

 
Upvote 0 Downvote
I want to know how to do this also. What commands in the debugger do I type for that? I tried "!vm" to get a list of running applications but it didn't work.

If you'd rather not say here, you are more than welcome to send me a PM with info on how to do it. I don't know much about the debugger so step-by-step instructions would be best.
 
Upvote 0 Downvote
note: most of the time the hack software is not the cause of the problem. It just indicates that you have to check for modified binaries in the memory dump via:
!for_each_module !chkimg @#ModuleName
and you have to start looking at things with a lot more care because hacking software can install programs in the task scheduler, or rootkits or modified storage drivers. When I see this I have the person run
dism.exe /online /cleanup-image /restorehealth
it tends to wipe certain hacks until the hack is reinstalled via the task scheduler.

people can run windows 10 preview builds for free and not use hacked versions of windows.

---------------
generally I use the debugger command
lmiftsm
to list the drivers in alphabetical order with the time stamps
at the end it will have unloaded drivers list, if it shows the below in the list. it often indicates hack software running:
(look for MSKSSRV.sys with MSPCLOCK.sys)


fffff801`0f010000 fffff801`0f01c000 MSPQM.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff801`0f000000 fffff801`0f00d000 MSTEE.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000D000
fffff801`0eff0000 fffff801`0f000000 MSKSSRV.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00010000
fffff801`0efe0000 fffff801`0efec000 MSPCLOCK.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000



 
Upvote 1 Downvote
listing the drivers in order makes it very quick to scan for common issues.
!sysinfo smbios
is also useful to get the BIOS date, and check the speed that the CPU is currently running at.
(quick check for overclocking, and to check for mixed memory modules)



 
Upvote 0 Downvote
i am getting good at recognising problem drivers. Or should I say, the obvious problem drivers. Killer drivers or Asus Asio.sys are common files I seem to see on every PC these days,

Some problems leave me scratching my head and there seem to be a few new BSOD codes popping up that even the debugger doesn't know.

 
Upvote 0 Downvote

Thanks. I wrote that info down from an earlier post where you said that and have been using that for a while now. I've been using the lmv command to get the list of drivers.

I'm slowly learning.

 
Upvote 0 Downvote
years ago I installed hack software just to see what it installed. The version I used installed this driver at the same time as the key server. I just recognize the files as red flags, like finding overclock drivers installed. You just don't want to spend too much time debugging just to find glitches cause by timing problems because some driver is tweaking cpu voltages and frequencies.

often people just don't know they have the files installed. sometimes they run the hack software and think it is for something else. People even install valid keys and run the hacks. you never know if they have a valid key and a license hack installed. you don't want to debug it because the hack can block updates and you might spend time finding a bug that has already been fixed months or years before. The person with the system will tell you that they have all of the updates because the software lies to them.



 
Upvote 0 Downvote
Ok so a new crash happened today here's the dump.

https://1drv.ms/u/s!AmSGGFeCFoVOlBbAAB7i3BLOuvQg

and here is the Who Crashed

On Sat 8/19/2017 7:14:59 PM your computer crashed
crash dump file: C:\WINDOWS\Minidump\081917-20609-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x16C560)
Bugcheck code: 0x101 (0x18, 0x0, 0xFFFF8C01FA2AA180, 0x6)
Error: CLOCK_WATCHDOG_TIMEOUT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sat 8/19/2017 7:14:59 PM your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: hal.dll (hal!HalPerformEndOfInterrupt+0xC6)
Bugcheck code: 0x101 (0x18, 0x0, 0xFFFF8C01FA2AA180, 0x6)
Error: CLOCK_WATCHDOG_TIMEOUT
file path: C:\WINDOWS\system32\hal.dll
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hardware Abstraction Layer DLL
Bug check description: This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might also be caused because of overheating (thermal issue).
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
 
Upvote 0 Downvote
- make sure your memory dump type is set to kernel or full.
it will make a large file and store it as c:\windows\memory.dmp
it will contain the info to debug this type of error. Minidumps will not have the proper debug info saved.


you might consider a wipe of the OS and a clean install. I just mention this because you have a failed install of windows defender updated on Tue May 19 18:50:37 2015.

basically the windows debugger just does not work correctly since Microsoft started to do in memory compression. I suspect the debugger just does not have the updated to read and decompress the compressed data now being stored in the memory dump. The debugger just shows corrupt data or produces errors reading memory dumps of current builds. (at least on my machines)

the debugger did report:
*** Memory manager detected 1 instance(s) of page corruption, target is likely to have memory corruption.
but the supporting commands would not work for me.

the time out was 18 clock ticks, this is pretty fast so I would suspect video did not respond. Many functions now go thru the PCI/e interface and you can now have usb devices and drivers messing up video cards. Normally I could just look at the date of your usb driver and confirm you have installed the correct one from your motherboard vendor but here is what the debugger shows:
\SystemRoot\System32\drivers\USBPORT.SYS ***** Invalid (CE983203)
all of the dates are messed up like this one:
\SystemRoot\system32\drivers\uwfrtl.sys Sun Jan 29 15:12:39 2034 (78882867)

these errors are just likely to be side effects of the in memory compression used by the OS.

basically none of the debugger commands I need to debug a kernel mode memory dump are working correctly.

I have mostly stopped looking at bugchecks on current builds, I but I reinstalled the debugger just to see if it would work.

The process running at the time of the bugcheck was:
GameOverlayUI.exe
you might uninstall it



 
Upvote 0 Downvote
that's weird cause I already have my dumps set to kernel, as for gameoverlayUI i'm pretty sure that is steam but i'll take a closer look but it seems everyone is using gameoverlays these days also what do you meen by clean install of the OS do you mean wipe personal files or just reinstall the base OS
 
Upvote 0 Downvote
the kernel memory dump is not stored in the minidump directory.
it is stored as c:\windows\memory.dmp





 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom