Hi,
Ive had some recent problems with random BSODs. They usually come within 30 minutes of gaming. After one crash, the system seems more unstable and often crashes again, even when only using web browser etc. After letting it "cool down" it gets better. I used driver verifier which detected an error on boot and put me in a BSOD loop. I got that fixed and now have a Minidump file that indicates that RzDev_0203.sys caused the bluescreen. I have used WinDbg and Bluescreen Viewer to my help, but am no expert and do not know what to do with all the info.
So my question, how do I know if its only a driver at fault or something else that has to do with my hardware?
Minidump with driver verifier:
https://www.mediafire.com/file/qsclbo404hyzlt3/072424-7140-01.zip/file
Minidumps without driver verifier:
https://www.mediafire.com/file/sw2yj7jmd6hanc4/072524-12687-01.zip/file
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0xfffff800`58a06000 PsLoadedModuleList = 0xfffff800`59619510
Debug session time: Wed Jul 24 17:46:05.230 2024 (UTC + 2:00)
System Uptime: 0 days 0:00:19.929
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`58e1bdf0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef03`92351a10=00000000000000c4
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff809748d24cf, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000065447a52, Pool Tag (if provided).
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 484
Key : Analysis.Elapsed.mSec
Value: 1787
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 93
Key : Analysis.Init.Elapsed.mSec
Value: 5970
Key : Analysis.Memory.CommitPeak.Mb
Value: 101
Key : Bugcheck.Code.LegacyAPI
Value: 0xc4
Key : Bugcheck.Code.TargetModel
Value: 0xc4
Key : Dump.Attributes.AsUlong
Value: 1808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: 0xc4_2000_RzDev_0203!unknown_function
Key : Failure.Hash
Value: {4906dfaa-7ed8-1d02-f23f-f7f793ca9407}
Key : Hypervisor.Enlightenments.ValueHex
Value: 1417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 21631230
Key : Hypervisor.Flags.ValueHex
Value: 14a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 3f7
BUGCHECK_CODE: c4
BUGCHECK_P1: 2000
BUGCHECK_P2: fffff809748d24cf
BUGCHECK_P3: 0
BUGCHECK_P4: 65447a52
FILE_IN_CAB: 072424-7140-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1808
Kernel Generated Triage Dump
BLACKBOXNTFS: 1 (!blackboxntfs)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffef03`92351a08 fffff800`594d03d1 : 00000000`000000c4 00000000`00002000 fffff809`748d24cf 00000000`00000000 : nt!KeBugCheckEx
ffffef03`92351a10 fffff800`58fd3b32 : fffff800`59613ca0 00000000`00002000 fffff809`748d24cf 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x14d
ffffef03`92351ab0 fffff800`594c6980 : 00000000`65447a52 fffff800`59613ca0 fffff809`748d24cf fffff800`59ca0d95 : nt!VfReportIssueWithOptions+0x102
ffffef03`92351b00 fffff800`58fd20f2 : ffffdf02`04a02d00 00000000`00000000 000020fd`f8652ea8 fffff800`59c96277 : nt!VfCheckPoolType+0x90
ffffef03`92351b40 fffff800`59cc1cbe : ffffdf02`04a02d00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfCheckNxPoolType+0x12
ffffef03`92351b70 fffff809`748d24cf : ffffdf02`079ad150 00000000`00000000 ffffef03`92351cd0 ffffdf02`079ad440 : Wdf01000!imp_WdfDeviceAllocAndQueryProperty+0x8e [minkernel\wdf\framework\shared\core\fxdeviceapi.cpp @ 1196]
ffffef03`92351bd0 ffffdf02`079ad150 : 00000000`00000000 ffffef03`92351cd0 ffffdf02`079ad440 00000000`00000000 : RzDev_0203+0x24cf
ffffef03`92351bd8 00000000`00000000 : ffffef03`92351cd0 ffffdf02`079ad440 00000000`00000000 ffffef03`92351c20 : 0xffffdf02`079ad150
SYMBOL_NAME: RzDev_0203+24cf
MODULE_NAME: RzDev_0203
IMAGE_NAME: RzDev_0203.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 24cf
FAILURE_BUCKET_ID: 0xc4_2000_RzDev_0203!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4906dfaa-7ed8-1d02-f23f-f7f793ca9407}
Followup: MachineOwner
---------
Ive had some recent problems with random BSODs. They usually come within 30 minutes of gaming. After one crash, the system seems more unstable and often crashes again, even when only using web browser etc. After letting it "cool down" it gets better. I used driver verifier which detected an error on boot and put me in a BSOD loop. I got that fixed and now have a Minidump file that indicates that RzDev_0203.sys caused the bluescreen. I have used WinDbg and Bluescreen Viewer to my help, but am no expert and do not know what to do with all the info.
So my question, how do I know if its only a driver at fault or something else that has to do with my hardware?
Minidump with driver verifier:
https://www.mediafire.com/file/qsclbo404hyzlt3/072424-7140-01.zip/file
Minidumps without driver verifier:
https://www.mediafire.com/file/sw2yj7jmd6hanc4/072524-12687-01.zip/file
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0xfffff800`58a06000 PsLoadedModuleList = 0xfffff800`59619510
Debug session time: Wed Jul 24 17:46:05.230 2024 (UTC + 2:00)
System Uptime: 0 days 0:00:19.929
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`58e1bdf0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef03`92351a10=00000000000000c4
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff809748d24cf, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000065447a52, Pool Tag (if provided).
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 484
Key : Analysis.Elapsed.mSec
Value: 1787
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 93
Key : Analysis.Init.Elapsed.mSec
Value: 5970
Key : Analysis.Memory.CommitPeak.Mb
Value: 101
Key : Bugcheck.Code.LegacyAPI
Value: 0xc4
Key : Bugcheck.Code.TargetModel
Value: 0xc4
Key : Dump.Attributes.AsUlong
Value: 1808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: 0xc4_2000_RzDev_0203!unknown_function
Key : Failure.Hash
Value: {4906dfaa-7ed8-1d02-f23f-f7f793ca9407}
Key : Hypervisor.Enlightenments.ValueHex
Value: 1417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 21631230
Key : Hypervisor.Flags.ValueHex
Value: 14a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 3f7
BUGCHECK_CODE: c4
BUGCHECK_P1: 2000
BUGCHECK_P2: fffff809748d24cf
BUGCHECK_P3: 0
BUGCHECK_P4: 65447a52
FILE_IN_CAB: 072424-7140-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1808
Kernel Generated Triage Dump
BLACKBOXNTFS: 1 (!blackboxntfs)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffef03`92351a08 fffff800`594d03d1 : 00000000`000000c4 00000000`00002000 fffff809`748d24cf 00000000`00000000 : nt!KeBugCheckEx
ffffef03`92351a10 fffff800`58fd3b32 : fffff800`59613ca0 00000000`00002000 fffff809`748d24cf 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x14d
ffffef03`92351ab0 fffff800`594c6980 : 00000000`65447a52 fffff800`59613ca0 fffff809`748d24cf fffff800`59ca0d95 : nt!VfReportIssueWithOptions+0x102
ffffef03`92351b00 fffff800`58fd20f2 : ffffdf02`04a02d00 00000000`00000000 000020fd`f8652ea8 fffff800`59c96277 : nt!VfCheckPoolType+0x90
ffffef03`92351b40 fffff800`59cc1cbe : ffffdf02`04a02d00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfCheckNxPoolType+0x12
ffffef03`92351b70 fffff809`748d24cf : ffffdf02`079ad150 00000000`00000000 ffffef03`92351cd0 ffffdf02`079ad440 : Wdf01000!imp_WdfDeviceAllocAndQueryProperty+0x8e [minkernel\wdf\framework\shared\core\fxdeviceapi.cpp @ 1196]
ffffef03`92351bd0 ffffdf02`079ad150 : 00000000`00000000 ffffef03`92351cd0 ffffdf02`079ad440 00000000`00000000 : RzDev_0203+0x24cf
ffffef03`92351bd8 00000000`00000000 : ffffef03`92351cd0 ffffdf02`079ad440 00000000`00000000 ffffef03`92351c20 : 0xffffdf02`079ad150
SYMBOL_NAME: RzDev_0203+24cf
MODULE_NAME: RzDev_0203
IMAGE_NAME: RzDev_0203.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 24cf
FAILURE_BUCKET_ID: 0xc4_2000_RzDev_0203!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4906dfaa-7ed8-1d02-f23f-f7f793ca9407}
Followup: MachineOwner
---------
Last edited: