Hi. . .
I ran the lone mini kernel dump -
The bugcheck was
0x1000000a (0x805a399d, 0xff, 0x0, 0x805a399d), with the probable cause listed as the XP Kernel module
ntoskrnl.exe.
0x1000000a = IRQL_NOT_LESS_OR_EQUAL and indicates that a Microsoft Windows or a kernel-mode driver accessed paged memory (or invalid memory) at DISPATCH_LEVEL or above.
What I find interesting here is that the 1st parm 0x805a399d is the same as the 4th parm. The 1st parm is the memory address that was referenced; the 4th is the address that referenced the first. Based on these parms, it appears the suspect driver is "calling itself".
The stack text is not much help here as it simply tells us the kernel called a driver and tried to load it. It does not tell us which driver. The line in red is where the bugcheck was issued that resulted in the BSOD.
Code:
0000001 00000000 nt!IopLoadDriver+0x66d
0000000 8683dda8 nt!IopLoadUnloadDriver+0x45
000000 00000000 nt!ExpWorkerThread+0x100
0000001 00000000 nt!PspSystemThreadStartup+0x34
0000000 00000000 nt!KiThreadStartup+0x16
One option to try and find that driver is to run the driver verifier.
Start | Run | type cmd - hit enter | type
verifier & hit enter - the Verifier screen will appear | do the following:
Code:
1. Select 2nd option - Create custom settings (for code developers)
2. Select 2nd option - Select individual settings from a full list.
3. Check the boxes• Special Pool
• Pool Tracking
• Force IRQL checking
4. Select last option - Select driver names from a list
5. Click on the Provider heading - sorts list by Provider
6. Check ALL boxes where Microsoft is not the Provider
7. Click on Finish
8. Re-boot
The driver verifier will interrogate your non-Microsoft drivers and very well may end up causing a BSOD. Should this happen, please get the dump file immediately upon re-boot and attach to your next post as it should contain the name of the driver we are looking for.
It would be helpful for me to have an msinfo32 NFO file as well.
START | Run | type msinfo32 - hit enter. Save as an NFO (default file extension) file. Zip it up and attach.
While the verifier is at work in the background, you may see CPU and RAM peak. This is normal.
The dbug log can be found below.
Regards. . .
jcgriff2
.
Code:
Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [A:\D\#Dumps\Efex_XP_Laptop_Support_10-02-08\Mini093008-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Tue Sep 30 09:32:43.157 2008 (GMT-4)
System Uptime: 0 days 0:00:39.707
Loading Kernel Symbols
........................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {805a399d, ff, 0, 805a399d}
Probably caused by : ntoskrnl.exe ( nt!IopLoadDriver+66d )
Followup: MachineOwner
---------
kd> !analyze -v;r;kv;lmtn
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 805a399d, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805a399d, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 805a399d
CURRENT_IRQL: ff
FAULTING_IP:
nt!IopLoadDriver+66d
805a399d 3bc3 cmp eax,ebx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 805a3c73 to 805a399d
FAILED_INSTRUCTION_ADDRESS:
nt!IopLoadDriver+66d
805a399d 3bc3 cmp eax,ebx
STACK_TEXT:
f78e6d4c 805a3c73 80000704 00000001 00000000 nt!IopLoadDriver+0x66d
f78e6d74 804e426b 80000704 00000000 8683dda8 nt!IopLoadUnloadDriver+0x45
f78e6dac 8057aeff f6f69cf4 00000000 00000000 nt!ExpWorkerThread+0x100
f78e6ddc 804f88ea 804e4196 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopLoadDriver+66d
805a399d 3bc3 cmp eax,ebx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!IopLoadDriver+66d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab
FAILURE_BUCKET_ID: 0xA_CODE_AV_BAD_IP_nt!IopLoadDriver+66d
BUCKET_ID: 0xA_CODE_AV_BAD_IP_nt!IopLoadDriver+66d
Followup: MachineOwner
---------
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=e1761146 edi=86670760
eip=805a399d esp=f78e6c8c ebp=f78e6d4c iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010046
nt!IopLoadDriver+0x66d:
805a399d 3bc3 cmp eax,ebx
ChildEBP RetAddr Args to Child
f78e6d4c 805a3c73 80000704 00000001 00000000 nt!IopLoadDriver+0x66d (FPO: [Non-Fpo])
f78e6d74 804e426b 80000704 00000000 8683dda8 nt!IopLoadUnloadDriver+0x45 (FPO: [Non-Fpo])
f78e6dac 8057aeff f6f69cf4 00000000 00000000 nt!ExpWorkerThread+0x100 (FPO: [Non-Fpo])
f78e6ddc 804f88ea 804e4196 00000001 00000000 nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
804d7000 806ed680 nt ntoskrnl.exe Sun Apr 13 15:27:39 2008 (48025EAB)
806ee000 80701d00 hal halacpi.dll Sun Apr 13 14:31:27 2008 (4802517F)
bac01000 bac14f00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 14:44:39 2008 (48025497)
bac77000 bac87800 tifm21 tifm21.sys Wed May 26 11:07:28 2004 (40B4B2B0)
bac90000 bac92780 ndistapi ndistapi.sys Sun Apr 13 14:57:27 2008 (48025797)
baca0000 baca2c00 irenum irenum.sys Sun Apr 13 14:54:28 2008 (480256E4)
baca4000 baca7d80 serenum serenum.sys Sun Apr 13 14:40:12 2008 (4802538C)
bae71000 bae8ab80 Mup Mup.sys Sun Apr 13 15:17:05 2008 (48025C31)
bae8b000 baeb7980 NDIS NDIS.sys Sun Apr 13 15:20:35 2008 (48025D03)
baeb8000 baece880 KSecDD KSecDD.sys Sun Apr 13 14:31:40 2008 (4802518C)
baecf000 baef2180 Fastfat Fastfat.sys Sun Apr 13 15:14:28 2008 (48025B94)
baef3000 baf04f00 sr sr.sys Sun Apr 13 14:36:50 2008 (480252C2)
baf05000 baf06000 fltmgr fltmgr.sys unavailable (00000000)
baf25000 baf3c900 atapi atapi.sys Sun Apr 13 14:40:29 2008 (4802539D)
baf3d000 baf62700 dmio dmio.sys Sun Apr 13 14:44:45 2008 (4802549D)
baf63000 baf81880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
baf82000 baf9f580 pcmcia pcmcia.sys Sun Apr 13 14:36:41 2008 (480252B9)
bafa0000 bafb0a80 pci pci.sys Sun Apr 13 14:36:43 2008 (480252BB)
bafb1000 bafded80 ACPI ACPI.sys Sun Apr 13 14:36:33 2008 (480252B1)
bf800000 bf9c2980 win32k win32k.sys Sun Apr 13 15:29:46 2008 (48025F2A)
bf9c3000 bf9d4600 dxg dxg.sys Sun Apr 13 14:38:27 2008 (48025323)
bf9d5000 bf9e4000 ialmrnt5 ialmrnt5.dll Tue Feb 07 11:56:14 2006 (43E8D12E)
bf9e4000 bfa06000 ialmdnt5 ialmdnt5.dll Tue Feb 07 11:56:07 2006 (43E8D127)
bfa06000 bfa3eca0 ialmdev5 ialmdev5.DLL Tue Feb 07 11:55:56 2006 (43E8D11C)
bfa3f000 bfb2e000 ialmdd5 ialmdd5.DLL Tue Feb 07 12:03:30 2006 (43E8D2E2)
f0cc2000 f0cd5180 epm_shd epm-shd.sys Sat Aug 14 23:59:20 2004 (411EDF98)
f0d26000 f0d52180 mrxdav mrxdav.sys Sun Apr 13 14:32:42 2008 (480251CA)
f0f13000 f0f3d180 kmixer kmixer.sys Sun Apr 13 14:45:07 2008 (480254B3)
f0f3e000 f0f60d00 aec aec.sys Thu May 24 15:53:32 2007 (4655ED3C)
f0f61000 f0f75480 wdmaud wdmaud.sys Sun Apr 13 15:17:18 2008 (48025C3E)
f103e000 f104bd00 swmidi swmidi.sys Sun Apr 13 14:45:07 2008 (480254B3)
f105e000 f106cd80 sysaudio sysaudio.sys Sun Apr 13 15:15:55 2008 (48025BEB)
f11a6000 f11bb880 irda irda.sys Sun Apr 13 14:54:35 2008 (480256EB)
f11f0000 f11f3900 ndisuio ndisuio.sys Sun Apr 13 14:55:57 2008 (4802573D)
f1284000 f129b900 dump_atapi dump_atapi.sys Sun Apr 13 14:40:29 2008 (4802539D)
f12c4000 f1350600 Ntfs Ntfs.SYS Sun Apr 13 15:15:49 2008 (48025BE5)
f1351000 f1376500 ipnat ipnat.sys Sun Apr 13 14:57:10 2008 (48025786)
f1377000 f13e6780 mrxsmb mrxsmb.sys Sun Apr 13 15:16:58 2008 (48025C2A)
f140f000 f1439e80 rdbss rdbss.sys Sun Apr 13 15:28:38 2008 (48025EE6)
f143a000 f145bd00 afd afd.sys Fri Jun 20 07:40:07 2008 (485B9717)
f145c000 f1483c00 netbt netbt.sys Sun Apr 13 15:20:59 2008 (48025D1B)
f1484000 f14dc480 tcpip tcpip.sys Fri Jun 20 07:51:09 2008 (485B99AD)
f14dd000 f14ef600 ipsec ipsec.sys Sun Apr 13 15:19:42 2008 (48025CCE)
f153c000 f153e900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
f1584000 f1586280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
f2377000 f23d4f00 update update.sys Sun Apr 13 14:39:46 2008 (48025372)
f23d5000 f2404e80 rdpdr rdpdr.sys Sun Apr 13 14:32:50 2008 (480251D2)
f268c000 f269ad80 arp1394 arp1394.sys Sun Apr 13 14:51:22 2008 (4802562A)
f26ac000 f26b4700 wanarp wanarp.sys Sun Apr 13 14:57:20 2008 (48025790)
f26bc000 f26cb900 Cdfs Cdfs.SYS Sun Apr 13 15:14:21 2008 (48025B8D)
f2875000 f2878e80 SMBBATT SMBBATT.sys Sun Apr 13 14:36:32 2008 (480252B0)
f287d000 f2880c80 mssmbios mssmbios.sys Sun Apr 13 14:36:45 2008 (480252BD)
f2a6f000 f2a7be80 DMusic DMusic.sys Sun Apr 13 14:45:00 2008 (480254AC)
f2aef000 f2afd880 usbhub usbhub.sys Sun Apr 13 14:45:36 2008 (480254D0)
f6bb3000 f6bbce80 NDProxy NDProxy.SYS Sun Apr 13 14:57:28 2008 (48025798)
f6c2b000 f6c3be00 psched psched.sys Sun Apr 13 14:56:36 2008 (48025764)
f6c3c000 f6c52580 ndiswan ndiswan.sys Sun Apr 13 15:20:41 2008 (48025D09)
f6c53000 f6cf9a80 HSF_CNXT HSF_CNXT.sys Wed Mar 10 04:37:22 2004 (404EE1D2)
f6cfa000 f6df8480 HSF_DP HSF_DP.sys Wed Mar 10 04:35:31 2004 (404EE163)
f6df9000 f6e29b80 HSFHWICH HSFHWICH.sys Wed Mar 10 04:40:25 2004 (404EE289)
f6e2a000 f6e4da80 portcls portcls.sys Sun Apr 13 15:19:40 2008 (48025CCC)
f6e4e000 f6e95600 camcaud camcaud.sys Thu Apr 29 17:09:17 2004 (40916EFD)
f6e96000 f6ed9100 camchal camchal.sys Thu Apr 29 17:10:04 2004 (40916F2C)
f6f4a000 f6f54e00 Fips Fips.SYS Sun Apr 13 14:33:27 2008 (480251F7)
f6f7a000 f6f9c700 ks ks.sys Sun Apr 13 15:16:34 2008 (48025C12)
f6fdd000 f6ff0900 parport parport.sys Sun Apr 13 14:40:09 2008 (48025389)
f6ff1000 f7026b80 SynTP SynTP.sys Thu Dec 06 20:41:41 2007 (4758A4D5)
f7027000 f7244080 w29n51 w29n51.sys Wed Dec 19 02:38:26 2007 (4768CA72)
f7245000 f7268200 USBPORT USBPORT.SYS Sun Apr 13 14:45:34 2008 (480254CE)
f72a4000 f73f9ac0 ialmnt5 ialmnt5.sys Tue Feb 07 12:04:33 2006 (43E8D321)
f7487000 f7490180 isapnp isapnp.sys Sun Apr 13 14:36:40 2008 (480252B8)
f7497000 f74a6100 ohci1394 ohci1394.sys Sun Apr 13 14:46:18 2008 (480254FA)
f74a7000 f74b4080 1394BUS 1394BUS.SYS Sun Apr 13 14:46:18 2008 (480254FA)
f74b7000 f74c1580 MountMgr MountMgr.sys Sun Apr 13 14:39:45 2008 (48025371)
f74c7000 f74d3c80 VolSnap VolSnap.sys Sun Apr 13 14:41:00 2008 (480253BC)
f74d7000 f74dfe00 disk disk.sys Sun Apr 13 14:40:46 2008 (480253AE)
f74e7000 f74f3180 CLASSPNP CLASSPNP.SYS Sun Apr 13 15:16:21 2008 (48025C05)
f74f7000 f7501580 agp440 agp440.sys Sun Apr 13 14:36:37 2008 (480252B5)
f7517000 f7521c00 bcm4sbxp bcm4sbxp.sys Fri Sep 26 13:41:10 2003 (3F747A36)
f7547000 f7556180 nic1394 nic1394.sys Sun Apr 13 14:51:22 2008 (4802562A)
f7557000 f7563d00 i8042prt i8042prt.sys Sun Apr 13 15:17:59 2008 (48025C67)
f7567000 f7576c00 serial serial.sys Sun Apr 13 15:15:44 2008 (48025BE0)
f7577000 f7581480 imapi imapi.sys Sun Apr 13 14:40:57 2008 (480253B9)
f7587000 f7596600 cdrom cdrom.sys Sun Apr 13 14:40:45 2008 (480253AD)
f7597000 f75a5100 redbook redbook.sys Sun Apr 13 14:40:27 2008 (4802539B)
f75c7000 f75d5b00 drmk drmk.sys Sun Apr 13 14:45:12 2008 (480254B8)
f75d7000 f75e3880 rasl2tp rasl2tp.sys Sun Apr 13 15:19:43 2008 (48025CCF)
f75e7000 f75f1200 raspppoe raspppoe.sys Sun Apr 13 14:57:31 2008 (4802579B)
f75f7000 f7600f00 termdd termdd.sys Sun Apr 13 14:38:36 2008 (4802532C)
f7617000 f7622d00 raspptp raspptp.sys Sun Apr 13 15:19:47 2008 (48025CD3)
f7637000 f763f900 msgpc msgpc.sys Sun Apr 13 14:56:32 2008 (48025760)
f76a7000 f76af780 netbios netbios.sys Sun Apr 13 14:56:01 2008 (48025741)
f76b7000 f76bfe00 intelppm intelppm.sys Sun Apr 13 14:31:31 2008 (48025183)
f7707000 f770d180 PCIIDEX PCIIDEX.SYS Sun Apr 13 14:40:29 2008 (4802539D)
f770f000 f7713d00 PartMgr PartMgr.sys Sun Apr 13 14:40:48 2008 (480253B0)
f772f000 f7733140 DKbFltr DKbFltr.sys Wed Nov 20 03:29:11 2002 (3DDB47D7)
f7737000 f773d000 kbdclass kbdclass.sys Sun Apr 13 14:39:46 2008 (48025372)
f773f000 f7744200 vga vga.sys Sun Apr 13 14:44:40 2008 (48025498)
f7747000 f774ca00 mouclass mouclass.sys Sun Apr 13 14:39:47 2008 (48025373)
f776f000 f7776000 nscirda nscirda.sys Sun Apr 13 14:54:35 2008 (480256EB)
f7777000 f777e580 Modem Modem.SYS Sun Apr 13 15:00:18 2008 (48025842)
f777f000 f7783c80 rasirda rasirda.sys Fri Aug 17 16:51:29 2001 (3B7D83D1)
f7787000 f778ba80 TDI TDI.SYS Sun Apr 13 15:00:04 2008 (48025834)
f77ef000 f77f3580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
f7807000 f780b500 watchdog watchdog.sys Sun Apr 13 14:44:59 2008 (480254AB)
f780f000 f7813080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
f7837000 f7838000 Msfs Msfs.SYS unavailable (00000000)
f7847000 f784e880 Npfs Npfs.SYS Sun Apr 13 14:32:38 2008 (480251C6)
f7887000 f788c080 usbuhci usbuhci.sys Sun Apr 13 14:45:34 2008 (480254CE)
f788f000 f7896600 usbehci usbehci.sys Sun Apr 13 14:45:34 2008 (480254CE)
f7897000 f789a000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
f789b000 f789d800 compbatt compbatt.sys Sun Apr 13 14:36:36 2008 (480252B4)
f789f000 f78a2780 BATTC BATTC.SYS Sun Apr 13 14:36:32 2008 (480252B0)
f78a3000 f78a5d80 ACPIEC ACPIEC.sys Fri Aug 17 16:57:55 2001 (3B7D8553)
f7987000 f7988b80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
f7989000 f798a100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f798b000 f798c580 intelide intelide.sys Sun Apr 13 14:40:29 2008 (4802539D)
f798d000 f798e000 dmload dmload.sys unavailable (00000000)
f799b000 f799c100 swenum swenum.sys Sun Apr 13 14:39:52 2008 (48025378)
f79b3000 f79b4000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
f79b5000 f79b6080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
f79b7000 f79b8080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
f79bb000 f79bc280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
f79bd000 f79bea80 SMBHC SMBHC.sys Fri Aug 17 16:57:54 2001 (3B7D8552)
f79bf000 f79c0b00 SMBCLASS SMBCLASS.SYS Sun Apr 13 14:36:33 2008 (480252B1)
f79c1000 f79c2b00 NTIDrvr NTIDrvr.sys Wed Jan 15 12:33:02 2003 (3E259B4E)
f79c3000 f79c4080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
f79cb000 f79cc880 splitter splitter.sys Sun Apr 13 14:45:07 2008 (480254B3)
f79e7000 f79e8100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f7a33000 f7a34000 ParVdm ParVdm.SYS unavailable (00000000)
f7a4f000 f7a4fd00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
f7a50000 f7a50d80 OPRGHDLR OPRGHDLR.SYS Fri Aug 17 16:57:55 2001 (3B7D8553)
f7a91000 f7a92000 epm_psd epm-psd.sys Mon Jul 19 16:10:49 2004 (40FC2AC9)
f7b3d000 f7b3dd00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
f7b57000 f7b57c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
f7b8a000 f7b8b000 Null Null.SYS unavailable (00000000)
f7ba1000 f7ba1b80 drmkaud drmkaud.sys Sun Apr 13 14:45:13 2008 (480254B9)
Unloaded modules:
f77e7000 f77ec000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f1588000 f158b000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f77c7000 f77cc000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f77b7000 f77be000 Fdc.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000