Question Repeated BSOD WHEA_UNCORRECTABLE_ERROR (124) on Device Driver Error ?

johnbl · Tuesday at 12:54 AM

I was looking at some of your files that the debugger did not like
the files were from 2020 around June and July.
windows build 19.9.19041
Microsoft has listed this build as "End of servicing"
it could explain why the proper debugging files were not on the server.

it would also mean that your windows updates are blocked from mid 2020

note: window update only updates drivers that vendors actually give to them. Many vendors only give very basic drivers to Microsoft and keep the drivers with more features for their own updates. when windows sees these custom drivers it will not update them with the basic driver and you are expected to know this and get the update from the motherboard vendor or the actual driver vendor. (most people would not know, I try to keep the generic drivers from Microsoft since they get fixed and tested on millions of machines everyday. (less problems for me since windows update will update the generic intel drivers)

niv13 · Tuesday at 3:07 AM

Any ideas why there is so much mismatched files on my system? I'm contemplating if I should just go for a upgrade on the machine and start everything fresh

johnbl · Tuesday at 9:20 AM

niv13 said:
Any ideas why there is so much mismatched files on my system? I'm contemplating if I should just go for a upgrade on the machine and start everything fresh

I think the updates are being blocked. you can run the dism.exe command and it might fix the problem but It might just better to wipe and reinstall windows with the current build.

ubuysa · Wednesday at 4:43 AM

Before you reinstall, did you ever enable Driver Verifier as I suggested in post #4, and have you uploaded any resulting dumps? It wasn't enabled in any of the dumps you have uploaded.

The problem with reinstalling Windows without knowing what the problem might be - especially if it could be a bad driver - means that there is a high probability that you will reinstall the problem and be back to square one.

johnbl · Wednesday at 2:08 PM

ubuysa said:
Before you reinstall, did you ever enable Driver Verifier as I suggested in post #4, and have you uploaded any resulting dumps? It wasn't enabled in any of the dumps you have uploaded.

The problem with reinstalling Windows without knowing what the problem might be - especially if it could be a bad driver - means that there is a high probability that you will reinstall the problem and be back to square one.

he was running a old windows build with a bunch of modified windows core files. I would expect the system to bugcheck quickly unter verifier and end the end you find that hacks are the problem. looks like Microsoft removed the symbols for the old build from the Microsoft symbol server.

ubuysa · 2024-10-31T02:50:34-0400

Fair enough.

niv13 · 2024-10-31T05:54:08-0400

johnbl said:
he was running a old windows build with a bunch of modified windows core files. I would expect the system to bugcheck quickly unter verifier and end the end you find that hacks are the problem. looks like Microsoft removed the symbols for the old build from the Microsoft symbol server.

Can you elaborate more in this? I have a bit difficulty understanding you. Are you saying that my computer potentially was hacked?

What is the "symbols" that you mentioned here?

niv13 · 2024-10-31T06:00:57-0400

ubuysa said:
Before you reinstall, did you ever enable Driver Verifier as I suggested in post #4, and have you uploaded any resulting dumps? It wasn't enabled in any of the dumps you have uploaded.

The problem with reinstalling Windows without knowing what the problem might be - especially if it could be a bad driver - means that there is a high probability that you will reinstall the problem and be back to square one.

My computer is over due for a proper upgrade... There are components in there that are over 5 years old at this point.

While I don't think any of the hardware are having physical problems, I'm forced to recognize that with end-of-life coming for Windows10. I'm eventually forced to use Windows 11 and likely with even more driver support issues coming.

What I can't understand is how the window core files have been changed so much like this. I don't recall ever suffering a hack and/or having some malware/ virus in the computer. There's the on and off alert from my antivirus (ESET) warning of attempt to change things but those are usually minor and any attempt gets flagged right away...

niv13 · 2024-10-31T06:08:23-0400

ubuysa said:
Before you reinstall, did you ever enable Driver Verifier as I suggested in post #4, and have you uploaded any resulting dumps? It wasn't enabled in any of the dumps you have uploaded.

The problem with reinstalling Windows without knowing what the problem might be - especially if it could be a bad driver - means that there is a high probability that you will reinstall the problem and be back to square one.

I haven't ignored your suggestion. I'm actually quite interested in investigating the issue further using your method. It's just that I would need this computer (as broken as it is with the BOSD) working for now while I prepare to build a 2nd rig to take over. Once I have the 2nd rig's integrity checked and all good to go (in Windows 11), I'll be more inclined to do more tests on this old one.

I'll start another post thread discussing builds for my 2nd rig. Please chip in your opinions there too 🙏

johnbl · 2024-10-31T09:55:02-0400

Some programs work by modifying windows core files. This was common in the windows 7 days but should not be done today. These programs used to modify the files on disk, then Microsoft implemented a driver store (hidden copy of the windows files) which would overwrite any changes that a program made to windows core file on each boot. Programs then would modify the active image and would also modify the back up hidden image in the driverstore. Problem was that windows update would then overwrite the files so programmers would modify windows update to block updated files being placed on the system so the hacks would not be overwritten.
now, these hacks are not written to the actual file or the backup copy, they find the image of the file after it is copied from disk to RAM then modify the image while in memory. The modified image is then saved to the pagefile.sys After that each time you boot you get the modified image until you delete the pagefile.sys. often if you delete the pagefile then the hack start over agin by running a program in the task scheduler and the process starts over again.

symbols are created by the compiler when the windows core files are created. They are ed in a debugger to map the functions in the program to the source code functions so a programmer can determine what is being executed. for each compiled file there will be one symbol file. These files have checksums and build stamps to aid and make sure the code matches the versions.
Hacked programs might have the correct build stamp and checksum code of the original but when you use a debugger to check for modifications the real checksum does not match.

some hacks just remove the checksum and build number from the file so you can not check for the changes using the debugger.

also, now Microsoft has a new policy where they only support a build for 2 years and it looks like they remove the symbols from the Microsoft server. So I can not look at the symbols unless I already downloaded them before the 2 year limit. (I had removed all of the old local symbols from my machine when I cleaned up my machine a few weeks ago)

for your system: you have hacked files and a blocked windows update.
you can fix it or just reinstall the current version of windows and install your programs again.
if one of your programs is doing the hack. It may or may not work.
you can attempt repair by
turn off virtual memory to delete the pagefile.sys
look in the task scheduler and remove unwanted/unexpected programs from running.
start cmd.exe as an admin and run
sfc.exe /scannow
dism.exe /online /cleanup-image /restorehealth
(this program will check your windows core files for modification and will fix them from a known good source ie Microsoft server)
Problem: often hacked systems modify the dism.exe so it will not run. Or they block access to the Microsoft update servers.
Problem: your core files are "out of service" and I do not know if the dism.exe /online will be able to find the old copy to apply the fixes. No fixes means that window update will not be fixed and you will still have your updates blocked.

you can try, or just make a current usb windows installer and reinstall windows and start fresh

niv13 · 2024-11-01T09:48:10-0400

johnbl said:
you can fix it or just reinstall the current version of windows and install your programs again.
if one of your programs is doing the hack. It may or may not work.
you can attempt repair by
turn off virtual memory to delete the pagefile.sys
look in the task scheduler and remove unwanted/unexpected programs from running.
start cmd.exe as an admin and run
sfc.exe /scannow
dism.exe /online /cleanup-image /restorehealth
(this program will check your windows core files for modification and will fix them from a known good source ie Microsoft server)

Give me a week to get my new computer ready.

I'll do all this step and see if we can get it fixed, if not I'll just reinstall everything. If yes, I'll know how to fix this again in the future if it happens again

but just to iterate. I don't even have pagefile.sys I don't think I ever turned on virtual memory on this pc. So... on this part that's confusing to me on what you discovered when going through the reports... very interesting

Search

Question Repeated BSOD WHEA_UNCORRECTABLE_ERROR (124) on Device Driver Error ?

johnbl

Polypheme

niv13

Distinguished

johnbl

Polypheme

ubuysa

Distinguished

johnbl

Polypheme

ubuysa

Distinguished

niv13

Distinguished

niv13

Distinguished

niv13

Distinguished

johnbl

Polypheme

niv13

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page