BSoD 0x3B - system doesn't create dump files

For me, this is the list of loaded drivers. I miss those that are responsible for creating memory dumps
 

Attachments

  • 2019-12-29.png
    2019-12-29.png
    1.4 MB · Views: 10
Thanks for the answer. This link only explains how to check when the driver is loading. And I would like to load the missing drivers into a working system. I mean, I want to run them as if
 
I've used 5 different search engines. I'm having a hard time finding anything that remotely explains how to "load" one of these drivers. I can't even find fake ones. Weird. I'm still looking.
 
No. He only mentions that there is a problem and that I can restart my computer. There is no way of dumping memory
 
MrPepka said:
No. He only mentions that there is a problem and that I can restart my computer. There is no way of dumping memory
Click to expand...

When the system crashes, is there a message saying that Windows is attempting to write anything to the disk?
 
I am just saying no. There is no information that Windows is writing a memory dump, not even making such an attempt
 
Curiosity. At the time I wanted to call the blue screen to show the problem with generating memory dumps ... the system generated it without any problem. So as soon as the problem arose, it disappeared as quickly
 
So, just to clarify, when you get a blue screen, it just hangs or restarts? Do you see the percentage increasing?

1577812453980.png
 
MrPepka said:
Curiosity. At the time I wanted to call the blue screen to show the problem with generating memory dumps ... the system generated it without any problem. So as soon as the problem arose, it disappeared as quickly
Click to expand...

I presume that you managed to generate a dump file with notmyfault? It's likely that the a system process may have crashed during the BSOD.
 
As I mentioned, there was no info that the memory dump was being created, but it was something like "The computer encountered a problem and had to be shut down. You can restart it" now. There was no information that "the memory dump is in progress" and there was no information about the progress of the dump generation because, as I mentioned, the system did not try to create this dump. Interestingly, now as I looked at Driver Verifier, the crashdmp.sys driver finally loaded on its own
 
Crasdmp.sys definitely should be loaded, otherwise the kernel can't call Crashdmp!DriverEntry() to initialize dump tables and make copies of the disk driver (diskdmp_<type>.sys). This usually fails due to no paging file found, or it isn't on the same volume as \Windows. Otherwise, if kernel debugging isn't possible from a second machine it would be up to taking a procmon boot trace and seeing if the load is attempted or not on reboot - the call to Crashdmp!DriverEntry() happens after nt!NtCreatePagingFile(), so if that fails or you've configured the system for either no, or too small of, a paging file on C:, you'll potentially hit this.
 
Last edited:
BTW, if anyone was interested in how my problem developed, I would like to inform you that by analyzing the full memory dump and using the! Irpfind command, I was able to find real culprits. These are Logitech drivers:
Code: 
Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff800`30200000 PsLoadedModuleList = 0xfffff800`30648130
Debug session time: Tue Dec 31 18:08:35.322 2019 (UTC + 1:00)
System Uptime: 0 days 4:22:30.084
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0088f018).  Type ".hh dbgerr001" for details
Loading unloaded module list
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`303c14e0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff88d`65de1470=000000000000003b
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000096, Exception code that caused the bugcheck
Arg2: fffff80076c0100b, Address of the instruction which caused the bugcheck
Arg3: fffff88d65de1da0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 2

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-QO9C72C

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 2

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 63

    Key  : Analysis.System
    Value: CreateObject


ADDITIONAL_XML: 1

TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b


BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000096

BUGCHECK_P2: fffff80076c0100b

BUGCHECK_P3: fffff88d65de1da0

BUGCHECK_P4: 0

CONTEXT:  fffff88d65de1da0 -- (.cxr 0xfffff88d65de1da0)
rax=0000000000000001 rbx=0000000000000000 rcx=00000000c0010293
rdx=00000000c0010293 rsi=0000000000000020 rdi=0000000000000020
rip=fffff80076c0100b rsp=fffff88d65de2798 rbp=00007bf552be06f8
r8=00000000c3502580  r9=0000000000000000 r10=ffff840aad41f900
r11=fffff88d65de2700 r12=0000000000000020 r13=0000000000000020
r14=fffff88d65de2878 r15=00007bf552be06f8
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
gdrv2+0x100b:
fffff800`76c0100b 0f32            rdmsr
Resetting default scope

PROCESS_NAME:  AORUS.exe

STACK_TEXT:
fffff88d`65de2798 00000000`c0010293 : ffff840a`b4a24580 00000000`00000000 00000000`00000001 fffff800`76c019fd : gdrv2+0x100b
fffff88d`65de27a0 ffff840a`b4a24580 : 00000000`00000000 00000000`00000001 fffff800`76c019fd 00000000`00000020 : 0xc0010293
fffff88d`65de27a8 00000000`00000000 : 00000000`00000001 fffff800`76c019fd 00000000`00000020 ffff840a`ad41f900 : 0xffff840a`b4a24580


SYMBOL_NAME:  gdrv2+100b

MODULE_NAME: gdrv2

IMAGE_NAME:  gdrv2.sys

STACK_COMMAND:  .cxr 0xfffff88d65de1da0 ; kb

BUCKET_ID_FUNC_OFFSET:  100b

FAILURE_BUCKET_ID:  0x3B_c0000096_gdrv2!unknown_function

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {821eb9c2-945f-6963-5cdd-389290eb2db3}

Followup:     MachineOwner
---------

0: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
0: kd> !dpx
Start memory scan  : 0xfffff88d65de1468 ($csp)
End memory scan    : 0xfffff88d65de3000 (Kernel Stack Base)

               rsp : 0xfffff88d65de1468 : 0xfffff800303d32e9 : nt!KiBugCheckDispatch+0x69
0xfffff88d65de1468 : 0xfffff800303d32e9 : nt!KiBugCheckDispatch+0x69
0xfffff88d65de1548 : 0xfffff8003031654b : nt!KeCheckStackAndTargetAddress+0x2b
0xfffff88d65de1588 : 0xfffff800303d2d18 : nt!KiSystemServiceCopyEnd+0x28
0xfffff88d65de15a0 : 0xfffff80030728aa8 : "nt!Ports <PERF> (nt+0x528aa8)"
0xfffff88d65de15a8 : 0xfffff800303d273c : nt!KiSystemServiceHandler+0x7c
0xfffff88d65de15c0 : 0xfffff80030740094 : "nt!Ports <PERF> (nt+0x540094)"
0xfffff88d65de15d8 : 0xfffff800307e93f0 : nt!IopXxxControlFile+0xc10
0xfffff88d65de15e0 : 0xfffff800303d26c0 : nt!KiSystemServiceHandler
0xfffff88d65de15e8 : 0xfffff800303ca312 : nt!RtlpExecuteHandlerForException+0x12
0xfffff88d65de15f0 : 0xfffff80030711000 : "nt!Ports <PERF> (nt+0x511000)"
0xfffff88d65de15f8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1610 : 0xfffff88d65de1be0 : 0xfffff800303d2d18 : nt!KiSystemServiceCopyEnd+0x28
0xfffff88d65de1618 : 0xfffff800302c2fa5 : nt!RtlDispatchException+0x4a5
0xfffff88d65de1678 : 0xfffff800300a924c : FLTMGR!FltpAllocateFileNameInformation+0x13c
0xfffff88d65de1998 : 0xfffff80031af708b : Ntfs!TxfAccessCheck+0x1ab
0xfffff88d65de19b8 : 0xfffff80030231701 : nt!IopFreeIrp+0x151
0xfffff88d65de19d8 : 0xfffff80030b48830 : nt!IopFileMapping
0xfffff88d65de1a78 : 0xfffff80030236a7a : nt!ExReleaseResourceLite+0xea
0xfffff88d65de1a98 : 0xfffff8003026b53d : nt!KeQueryCurrentStackInformationEx+0x6d
0xfffff88d65de1ad8 : 0xfffff800302c6e34 : nt!RtlGetExtendedContextLength2+0x3c
0xfffff88d65de1ae8 : 0xfffff800303207a0 : nt!RtlpGetStackLimitsEx+0x14
0xfffff88d65de1b18 : 0xfffff800302c2bfc : nt!RtlDispatchException+0xfc
0xfffff88d65de1b58 : 0xfffff80030b48830 : nt!IopFileMapping
0xfffff88d65de1b70 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1b78 : 0xfffff800303d26c0 : nt!KiSystemServiceHandler
0xfffff88d65de1bd0 : 0xfffff80030728aa8 : "nt!Ports <PERF> (nt+0x528aa8)"
0xfffff88d65de1be0 : 0xfffff800303d2d18 : nt!KiSystemServiceCopyEnd+0x28
0xfffff88d65de1be8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1bf0 : 0xfffff80030728aa8 : "nt!Ports <PERF> (nt+0x528aa8)"
0xfffff88d65de1c10 : 0xfffff800303d26c0 : nt!KiSystemServiceHandler
0xfffff88d65de1c48 : 0xfffff80030231f20 : nt!IofCallDriver
0xfffff88d65de1c58 : 0xfffff80076c00000 : gdrv2
0xfffff88d65de1c68 : 0xfffff80076c00000 : gdrv2
0xfffff88d65de1c78 : 0xfffff80030fa0000 : Wdf01000!_iob
0xfffff88d65de1c80 : 0xfffff80031050aa4 : "Wdf01000!AuxpInitState <PERF> (Wdf01000+0xb0aa4)"
0xfffff88d65de1c88 : 0xfffff80030fa0000 : Wdf01000!_iob
0xfffff88d65de1c90 : 0xfffff80031050a8c : "Wdf01000!AuxpInitState <PERF> (Wdf01000+0xb0a8c)"
0xfffff88d65de1c98 : 0xfffff80030fa0000 : Wdf01000!_iob
0xfffff88d65de1ca0 : 0xfffff800310508ac : "Wdf01000!AuxpInitState <PERF> (Wdf01000+0xb08ac)"
0xfffff88d65de1ca8 : 0xfffff80030fa0000 : Wdf01000!_iob
0xfffff88d65de1cb0 : 0xfffff80031050894 : "Wdf01000!AuxpInitState <PERF> (Wdf01000+0xb0894)"
0xfffff88d65de1cb8 : 0xfffff80030fa0000 : Wdf01000!_iob
0xfffff88d65de1cc0 : 0xfffff80031050c48 : "Wdf01000!AuxpInitState <PERF> (Wdf01000+0xb0c48)"
0xfffff88d65de1cc8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1cd0 : 0xfffff800307137f0 : "nt!Ports <PERF> (nt+0x5137f0)"
0xfffff88d65de1cd8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1ce0 : 0xfffff800307400ac : "nt!Ports <PERF> (nt+0x5400ac)"
0xfffff88d65de1ce8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1cf0 : 0xfffff80030740094 : "nt!Ports <PERF> (nt+0x540094)"
0xfffff88d65de1cf8 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1d00 : 0xfffff80030740088 : "nt!Ports <PERF> (nt+0x540088)"
0xfffff88d65de1d08 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de1d10 : 0xfffff80030728aa8 : "nt!Ports <PERF> (nt+0x528aa8)"
0xfffff88d65de1d28 : 0xfffff800302c78b6 : nt!KdTrap+0x22
0xfffff88d65de1d68 : 0xfffff800302c753e : nt!KiDispatchException+0x16e
0xfffff88d65de1e68 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2078 : 0xfffff800302ac62c : nt!MiWalkPageTables+0x36c
0xfffff88d65de2098 : 0xfffff80030236a8f : nt!ExReleaseResourceLite+0xff
0xfffff88d65de20f0 : 0xfffff8003033c2a0 : nt!HvlWriteApicCommandRegister
0xfffff88d65de20f8 : 0xfffff80030cb7c53 : hal!HalpApicRequestInterrupt+0xa3
0xfffff88d65de2158 : 0xfffff80030cb7b95 : hal!HalSendSoftwareInterrupt+0xf5
0xfffff88d65de21f8 : 0xfffff800302c6e34 : nt!RtlGetExtendedContextLength2+0x3c
0xfffff88d65de2238 : 0xfffff800302c6d2d : nt!RtlGetExtendedContextLength+0x2d
0xfffff88d65de2288 : 0xfffff800302491b4 : nt!KiDeferredReadyThread+0x3c4
0xfffff88d65de23e0 : 0xfffff80030200000 : "nt!SeConvertSecurityDescriptorToStringSecurityDescriptor <PERF> (nt+0x0)"
0xfffff88d65de2418 : 0xfffff800303d341d : nt!KiExceptionDispatch+0x11d
0xfffff88d65de24f8 : 0xfffff800302476a7 : nt!IofCompleteRequest+0x17
0xfffff88d65de25f8 : 0xfffff800303cf1a2 : nt!KiGeneralProtectionFault+0x322
0xfffff88d65de2600 : 0xfffff88d00000000 :  Trap @ fffff88d65de2600
0xfffff88d65de2620 : 0xfffff88d65de28b8 : 0xffff840ab05ba990 :  dt Wdf01000!FxDevice
0xfffff88d65de2658 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2668 : 0xfffff80030fa797c : Wdf01000!FxPkgGeneral::Dispatch+0x44c
0xfffff88d65de26d8 : 0xfffff800307e9a50 : nt!ObpAllocateObject+0x1a0
0xfffff88d65de2728 : 0xfffff80030fa220a : Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0xba
0xfffff88d65de27c8 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2810 : 0xffff840ab068c060 :  dt Wdf01000!FxIoQueue
0xfffff88d65de2858 : 0xfffff80030fa9454 : Wdf01000!FxIoQueue::DispatchRequestToDriver+0x224
0xfffff88d65de2860 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2868 : 0xffff840ab068c060 :  dt Wdf01000!FxIoQueue
0xfffff88d65de28b8 : 0xffff840ab05ba990 :  dt Wdf01000!FxDevice
0xfffff88d65de28d0 : 0xfffff80031037750 : Wdf01000!FxPowerIdleMachine::m_StateTable
0xfffff88d65de28d8 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de28f0 : 0xffff840ab068c060 :  dt Wdf01000!FxIoQueue
0xfffff88d65de28f8 : 0xfffff80030fa8e07 : Wdf01000!FxIoQueue::DispatchEvents+0x657
0xfffff88d65de2928 : 0xfffff800307ea371 : nt!ObpCreateHandle+0x601
0xfffff88d65de29a0 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de29a8 : 0xffff840ab05ba990 :  dt Wdf01000!FxDevice
0xfffff88d65de29c0 : 0xffff840ab068c060 :  dt Wdf01000!FxIoQueue
0xfffff88d65de29d8 : 0xfffff80030fa6fc6 : Wdf01000!FxPkgIo::DispatchStep1+0x536
0xfffff88d65de29e0 : 0xffff840ab068c060 :  dt Wdf01000!FxIoQueue
0xfffff88d65de2a30 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2a88 : 0xffff840aaed5b4e0 :  dt Wdf01000!FxPkgIo
0xfffff88d65de2a98 : 0xfffff80030fa6a7d : Wdf01000!FxPkgIo::Dispatch+0x5d
0xfffff88d65de2aa0 : 0xffff840aaed5b4e0 :  dt Wdf01000!FxPkgIo
0xfffff88d65de2aa8 : 0xffff840ab3ac1100 :  !du "y\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe"
0xfffff88d65de2ab0 : 0xffff840aad41f900 :  dt Wdf01000!FxRequestFromLookaside
0xfffff88d65de2af0 : 0xffff840ab05ba990 :  dt Wdf01000!FxDevice
0xfffff88d65de2af8 : 0xfffff80030faabd2 : Wdf01000!FxDevice::DispatchWithLock+0x112
0xfffff88d65de2b18 : 0xfffff800307f1225 : nt!ObpReferenceObjectByHandleWithTag+0x235
0xfffff88d65de2b58 : 0xfffff80030231f79 : nt!IofCallDriver+0x59
0xfffff88d65de2b98 : 0xfffff800307e95e5 : nt!IopSynchronousServiceTail+0x1a5
0xfffff88d65de2be8 : 0xfffff8003023253e : nt!IopVerifierExAllocatePoolWithQuota+0xfe
0xfffff88d65de2c38 : 0xfffff800307e93f0 : nt!IopXxxControlFile+0xc10
0xfffff88d65de2d58 : 0xfffff800307e87c6 : nt!NtDeviceIoControlFile+0x56
0xfffff88d65de2dc0 : 0xfffff800307e8770 : nt!NtDeviceIoControlFile
0xfffff88d65de2dc8 : 0xfffff800303d2d18 : nt!KiSystemServiceCopyEnd+0x28
0xfffff88d65de2e30 : 0xfffff800307eb160 : nt!NtDelayExecution
0xfffff88d65de2e38 : 0xfffff800303d2d18 : nt!KiSystemServiceCopyEnd+0x28
0xfffff88d65de2e40 : 0x000000000341ee48 :  Trap @ fffff88d65de2e40

0: kd> .cxr 0xfffff88d65de1da0
rax=0000000000000001 rbx=0000000000000000 rcx=00000000c0010293
rdx=00000000c0010293 rsi=0000000000000020 rdi=0000000000000020
rip=fffff80076c0100b rsp=fffff88d65de2798 rbp=00007bf552be06f8
r8=00000000c3502580  r9=0000000000000000 r10=ffff840aad41f900
r11=fffff88d65de2700 r12=0000000000000020 r13=0000000000000020
r14=fffff88d65de2878 r15=00007bf552be06f8
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
gdrv2+0x100b:
fffff800`76c0100b 0f32            rdmsr
0: kd> !pte 0000000000000020
Levels not implemented for this platform
0: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
# RetAddr           : Args to Child                                                           : Call Site
00 00000000`c0010293 : ffff840a`b4a24580 00000000`00000000 00000000`00000001 fffff800`76c019fd : gdrv2+0x100b
01 ffff840a`b4a24580 : 00000000`00000000 00000000`00000001 fffff800`76c019fd 00000000`00000020 : 0xc0010293
02 00000000`00000000 : 00000000`00000001 fffff800`76c019fd 00000000`00000020 ffff840a`ad41f900 : 0xffff840a`b4a24580
0: kd> .thread
Implicit thread is now ffff840a`b2008080
0: kd> !irpfind

Scanning large pool allocation table for tag 0x3f707249 (Irp?) (ffff840aaae30000 : ffff840aaafb0000)

  Irp            [ Thread ]         irpStack: (Mj,Mn)   DevObj          [Driver]         MDL Process
ffff840aacfb50c0 [0000000000000000] Irp is complete (CurrentLocation 23 > StackCount 22)
ffff840ab6c06010 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0xffff840ab2904300
ffff840ab5d7f2c0 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aaeb4a060 [ffff840ab1e84080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab382a7b0 [ffff840ab1e6f080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab0c63b60 [ffff840ab2843080] irpStack: ( e,20)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840ab284b080
ffff840ab649e560 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab01c6cf0 [ffff840ab0519080] irpStack: ( e,20)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840aaef15380
ffff840ab647c010 [ffff840aaed76040] irpStack: ( e, 6)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840aaeb570c0
ffff840ab6467560 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aabc45af0 [0000000000000000] Irp is complete (CurrentLocation 7 > StackCount 6)
ffff840ab6a3ba90 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab0247c70 [0000000000000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x0000000a00000000
ffff840aacc324d0 [0000000000000000] Irp is complete (CurrentLocation 23 > StackCount 22)
ffff840ab0cfe060 [ffff840ab0ed6080] irpStack: ( e, 0)  ffff840aae008e00 [ \FileSystem\bowser]
ffff840ab751c010 [ffff840ab34e1080] irpStack: ( 3, 0)  ffff840aad008060 [ \Driver\HidUsb] 0xffff840aae46b080
ffff840aacfb00c0 [0000000000000000] irpStack: ( 3, 0)  ffff840aad02c060 [ \Driver\HidUsb] 0x0000000000000000
ffff840ab8c9e010 [ffff840ab16bd080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aac044820 [0000000000000000] Irp is complete (CurrentLocation 11 > StackCount 10)
ffff840ab75702b0 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0xffff840ab8bb74c0
ffff840ab0ce3060 [ffff840ab0235080] irpStack: ( 3, 0)  ffff840aa7925b00 [ \FileSystem\Npfs]
ffff840ab359fa30 [ffff840aa586f080] irpStack: ( e,31)  ffff840aa79265f0 [ \Driver\AFD]
ffff840ab3258d80 [0000000000000000] irpStack: ( 3, 0)  ffff840ab325e110 [ \Driver\logi_joy_vir_hid] 0x0000000000000000
ffff840ab6998a90 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aaec82820 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840ab69f9460 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aab6aaa30 [0000000000000000] Irp is complete (CurrentLocation 12 > StackCount 11) 0x0000000000000000
ffff840ab8cd41e0 [ffff840ab1e6f080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab5a0e550 [ffff840ab16bd080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab8aa6a60 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aaec800a0 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840aaec80390 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840aaec80680 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840aaec80970 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840aaec80c60 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840ab64f7010 [ffff840ab16bd080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab0220030 [ffff840ab1656080] Irp is complete (CurrentLocation 6 > StackCount 4) 0xffff840ab154e080
ffff840ab3a52060 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab3a52630 [ffff840ab2ad5080] irpStack: ( e,2d)  ffff840aa79265f0 [ \Driver\AFD]
ffff840ab61a8aa0 [ffff840ab3c0f080] irpStack: ( e, 9)  ffff840aa79265f0 [ \Driver\AFD]
ffff840aacfba0c0 [0000000000000000] Irp is complete (CurrentLocation 14 > StackCount 13)
ffff840aad0060c0 [0000000000000000] Irp is complete (CurrentLocation 23 > StackCount 22)
ffff840aaec36820 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840aaec36b10 [ffff840aae8725c0] irpStack: ( e, 0)  ffff840aadfb9e10 [ \Driver\HTTP] 0xffff840aaeb570c0
ffff840ab6cb7010 [ffff840ab16bd080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab0c849f0 [ffff840ab055c080] irpStack: ( d, 0)  ffff840aa7925b00 [ \FileSystem\Npfs]
ffff840aacc0aa40 [0000000000000000] irpStack: ( f, 0)  ffff840aab1cc060 [ \Driver\USBXHCI]
ffff840abb830a30 [ffff840ab1461080] irpStack: ( e, 6)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840aaeb570c0
ffff840ab70962b0 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0x0000000000000000
ffff840ab37d3440 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab8b28aa0 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab2df0270 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840aad0150c0 [0000000000000000] Irp is complete (CurrentLocation 26 > StackCount 25)
ffff840ab6af79e0 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0x0000000000000000
ffff840aac055a30 [0000000000000000] Irp is complete (CurrentLocation 7 > StackCount 6)
ffff840aac0415b0 [0000000000000000] irpStack: ( f, 0)  ffff840aab1cc060 [ \Driver\USBXHCI]
ffff840ab756c9a0 [ffff840ab233c080] irpStack: ( d, 0)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab325ad80 [0000000000000000] irpStack: ( f, 0)  ffff840ab30437d0 [ \Driver\logi_joy_bus_enum]
ffff840ab0243a70 [0000000000000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x0000000a00000000
ffff840ab01a3d00 [ffff840ab0518080] irpStack: ( e,20)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840aaef15380
ffff840ab1b9ca60 [ffff840ab39230c0] irpStack: ( e, 9)  ffff840aa79265f0 [ \Driver\AFD]
ffff840ab61d3550 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0x0000000000000000
ffff840ab0d06860 [ffff840ab0235080] irpStack: ( 3, 0)  ffff840aa7925b00 [ \FileSystem\Npfs]
ffff840ab0366ce0 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4)
ffff840ab536c1f0 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0x0000000000000000
ffff840aa7a5d900 [0000000000000000] Irp is complete (CurrentLocation 7 > StackCount 6)
ffff840ab051fc60 [ffff840ab0519080] irpStack: ( e,20)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840aaef15380
ffff840ab41bc010 [ffff840aae309040] irpStack: ( d, 0)  ffff840aab6a8030 [ \FileSystem\Ntfs] 0x0000000000000000
ffff840ab16af9a0 [ffff840ab00e7080] irpStack: ( e, 9)  ffff840aa79265f0 [ \Driver\AFD]
ffff840ab756c9a0 [ffff840ab233c080] irpStack: ( d, 0)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab8b20a30 [0000000000000000] Irp is complete (CurrentLocation 5 > StackCount 4) 0x4141413442674141
ffff840ab6d32560 [ffff840ab172e080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]
ffff840ab6ef5aa0 [ffff840aa3f4a040] irpStack: ( e, 6)  ffff840aa79265f0 [ \Driver\AFD] 0xffff840ab011f380
ffff840ab8d731a0 [ffff840aae886040] irpStack: ( e, 0)  ffff840aa3f0e070 [ \Driver\WMIxWDM]
ffff840ab325cd80 [0000000000000000] irpStack: ( 3, 0)  ffff840ab3260110 [ \Driver\logi_joy_vir_hid] 0x0000000000000000
ffff840ab61db9a0 [ffff840ab00df080] irpStack: ( e, 9)  ffff840aa79265f0 [ \Driver\AFD]
ffff840aab69a9c0 [ffff840aa3ed2080] Irp is complete (CurrentLocation 12 > StackCount 11) 0x0000000000000000
ffff840ab6cb4010 [ffff840aae03e080] irpStack: ( 3, 0)  ffff840aacfbe060 [ \Driver\kbdclass]
ffff840ab94e8aa0 [ffff840ab16bd080] irpStack: ( c, 2)  ffff840aab6a8030 [ \FileSystem\Ntfs]

Searching nonpaged pool (ffff840000000000 : ffff940000000000) for tag 0x3f707249 (Irp?)
The problem has been reported to Logitech, but I don't expect them to solve their problems soon. I think I will have to throw some software out of the system :mad:
I also put a link to my crash dump:
MEMORY (1).DMP
 
Last edited:
Rich (BB code): 
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000096, Exception code that caused the bugcheck
Arg2: fffff80076c0100b, Address of the instruction which caused the bugcheck
Arg3: fffff88d65de1da0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Rich (BB code): 
0: kd> !error c0000096
Error code: (NTSTATUS) 0xc0000096 (3221225622) - {EXCEPTION}  Privileged instruction.

It seems that a driver has attempted to execute an instruction which is reserved for privileged access.

Rich (BB code): 
0: kd> u fffff80076c0100b
gdrv2+0x100b:
fffff800`76c0100b 0f32            rdmsr << Read MSR
fffff800`76c0100d 488905943f0000  mov     qword ptr [gdrv2+0x4fa8 (fffff800`76c04fa8)],rax
fffff800`76c01014 488915853f0000  mov     qword ptr [gdrv2+0x4fa0 (fffff800`76c04fa0)],rdx
fffff800`76c0101b 5a              pop     rdx
fffff800`76c0101c 59              pop     rcx
fffff800`76c0101d 5b              pop     rbx
fffff800`76c0101e 58              pop     rax
fffff800`76c0101f c3              ret

Rich (BB code): 
0: kd> .cxr 0xfffff88d65de1da0
rax=0000000000000001 rbx=0000000000000000 rcx=00000000c0010293
rdx=00000000c0010293 rsi=0000000000000020 rdi=0000000000000020
rip=fffff80076c0100b rsp=fffff88d65de2798 rbp=00007bf552be06f8
 r8=00000000c3502580  r9=0000000000000000 r10=ffff840aad41f900
r11=fffff88d65de2700 r12=0000000000000020 r13=0000000000000020
r14=fffff88d65de2878 r15=00007bf552be06f8
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
gdrv2+0x100b:
fffff800`76c0100b 0f32            rdmsr

Dumping the instruction address and the context record, you can see that the instruction was executed by a third-party driver, which may be related to Gigabyte Tools?

Rich (BB code): 
0: kd> lmvm gdrv2
Browse full module list
start             end                 module name
fffff800`76c00000 fffff800`76c0b000   gdrv2      (no symbols)           
    Loaded symbol image file: gdrv2.sys
    Image path: \??\C:\Windows\gdrv2.sys
    Image name: gdrv2.sys
    Browse all global symbols  functions  data
    Timestamp:        Mon Apr 15 00:45:51 2019 (5CB436AF)
    CheckSum:         0000F92A
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

I'm really not sure why you were searching through IRPs?!
 
OK, but somehow it's hard for me to believe that the Gigabyte driver (from the APP center) spills when running the AORUS Engine program also from Gigabyte. That's why I searched the IRP to find some other clues and as you can see it paid off. The more that before both programs (APP Center and AORUS Engine) could be launched at once and the blue screen was not
 
MrPepka said:
OK, but somehow it's hard for me to believe that the Gigabyte driver (from the APP center) spills when running the AORUS Engine program also from Gigabyte.
Click to expand...

That is what appears to be happening in the bugcheck. Have you tried removing the associated tools to see if that resolves the issue?

MrPepka said:
That's why I searched the IRP to find some other clues and as you can see it paid off.
Click to expand...

How? I'm sorry, but I don't understand how using !irpfind is helpful in this situation? Did you check the context record? The purpose of it is to save the thread state just before the crash.

MrPepka said:
he more that before both programs (APP Center and AORUS Engine) could be launched at once and the blue screen was not
Click to expand...

It's not unusual for programs to be crash sporadically.
 
If I remove the APP Center, the problem will disappear naturally, but I'm using a program called @BIOS to update the BIOS that requires having an APP Center, so this solution does not work for me. You mentioned occasional failures, for me every start of the AORUS Engine program ends with BSoD where as I mentioned earlier the program worked great
As for IRP, I was just looking for any tip because, as I mentioned earlier, both programs (APP Center and AORUS Engine) worked together seamlessly, and there were no updates in the meantime. Yes, I know that it looked like shooting from a cannon, but I also know that Driver Verifier will not work with Gigabyte drivers, so this method of analysis allowed even to check what else worked at the time of failure (what drivers)
 
Last edited:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top