explorer.exe ntdll.dll crash

[zbook]

There was a BSOD today.

Dump files were not created.

In the left lower corner search type: system or system control > open system control panel > on the left pane click advanced system settings

a) > on the advanced tab under startup and recovery > click settings > post an image of the startup and recovery window into the thread

b) > on the advanced tab under performance > click on settings > on the performance options window > click on the advanced tab > under virtual memory > click on change > post an image of the virtual memory window into the thread

Read this link on Windows Driver Verifier WDV:
Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 + Vista

 

[Msoub]

 

[Msoub]

and I did the steps for the Driver Verifier.

 

[zbook]

Read these links on Windows driver verifier:

a) learn how to use the Windows Recovery Environment (RE) commands: reset and bootmode to turn off the tool

b) do not use the tool until it is communicated in the thread


Enable and Disable Driver Verifier in Windows 10
Driver Verifier-- tracking down a mis-behaving driver.

Windows driver verifier is designed to stress test drivers.

If there are misbehaving drivers the computer will crash.

If dump files are created they can be debugged.

Misbehaving drivers are then uninstalled or uninstalled and reinstalled.

The tool is run for approximately 48 hours and then an additional 36 hours after the last BSOD.

If there are no further BSOD this concludes the use of the tool.

After each BSOD you must turn off the tool in order to return to the desktop.

Learn the Windows RE commands reset and bootmode.

These are ran in safe mode or safe mode with command prompt.

In case these fail the next option is system restore.

If system restore fails you can restore a backup image or use registry commands.

Start the tool with the 3 customized test settings in the Ten Forums link.

Increase the simultaneous customized test settings by 3 - 5 / hour up to the 19 customized test settings in the Microsoft link.

There can be performance problems and / or slow boot while using the tool.

If necessary the customized test settings can be modified.

Summary:
a) make a new restore point
b) test all non-Microsoft drivers
c) test no Microsoft drivers
d) after each BSOD use the reset command to turn off the tool
e) if the reset command does not work then use the bootmode command
f) only if both reset and bootmode command fail to turn off the tool then use restore
g) start with the 3 customized test settings in the Ten Forums link
h) increase the customized test settings up to the 19 customized test settings in the Microsoft link
i) report any performance problems or very slow boot so that the customized settings can be modified



For any BSOD:

a) run the Sysnative log collector to collect new log files

b) open file explorer> this PC > C: > in the right upper corner search for: C:\Windows\memory.dmp
> if the file size is < 1.5 GB then zip > post a separate share link into the thread using one drive, drop box, or google drive

 

[Msoub]

csgo is what always triggers a crash, but the game is unplayable while the tool is running.

 

[zbook]

Once you have made a new restore point and understand how to turn off the tool you can start using it.

 

[Msoub]

I have the tool running already, do you think it will trigger a crash by itself without running csgo?

 

[zbook]

1) Open administrative command prompt (ACP) and type or copy and paste:

verifier /querysettings

2) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

 

[Msoub]

Microsoft Windows [Version 10.0.19042.572]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Windows\system32>verifier /querysettings

Verifier Flags: 0x0012892b

Standard Flags:

[X] 0x00000001 Special pool.
[X] 0x00000002 Force IRQL checking.
[X] 0x00000008 Pool tracking.
[ ] 0x00000010 I/O verification.
[X] 0x00000020 Deadlock detection.
[ ] 0x00000080 DMA checking.
[X] 0x00000100 Security checks.
[X] 0x00000800 Miscellaneous checks.
[X] 0x00020000 DDI compliance checking.

Additional Flags:

[ ] 0x00000004 Randomized low resources simulation.
[ ] 0x00000200 Force pending I/O requests.
[ ] 0x00000400 IRP logging.
[ ] 0x00002000 Invariant MDL checking for stack.
[ ] 0x00004000 Invariant MDL checking for driver.
[X] 0x00008000 Power framework delay fuzzing.
[ ] 0x00010000 Port/miniport interface checking.
[ ] 0x00040000 Systematic low resources simulation.
[ ] 0x00080000 DDI compliance checking (additional).
[ ] 0x00200000 NDIS/WIFI verification.
[ ] 0x00800000 Kernel synchronization delay fuzzing.
[ ] 0x01000000 VM switch verification.
[ ] 0x02000000 Code integrity checks.

Internal Flags:

[X] 0x00100000 Extended Verifier flags (internal).

[X] Indicates flag is enabled.

Boot Mode:

Persistent

Rules:

All rules are using default settings

Extensions:

wdm: rules.default

Verified Drivers:

amdpsp.sys
vgk.sys
cimfs.sys
tboxdrv.sys
rt640x64.sys
nvlddmkm.sys
ucmcxucsinvppc.sys
amdpcidev.sys
amdgpio2.sys
amdgpio3.sys
nvvad64v.sys
nvmoduletracker.sys
nvvhci.sys
lgbusenum.sys
lgjoyxlcore.sys
nvhda64v.sys
rtkvhd64.sys
dump_diskdump.sys
dump_storahci.sys
dump_dumpfve.sys
mbamchameleon.sys
aow_drv_x64_ev.sys
lgcoretemp.sys
mbamswissarmy.sys
mwac.sys
farflt.sys
mbae64.sys
mbam.sys
lgvirhid.sys

C:\Windows\system32>

 

[zbook]

If there are no performance problems or very slow boot you can add more customized tests.
(Add 5 now).

 

[Msoub]

do I just create new custom settings and add more?
any 5 from the Microsoft link?

 

[zbook]

Each time the tool is turned off you will choose the customized tests for the next run.
You started with 8 tests.
Now add 5 additional tests.
If there are no performance problems or very slow boot keep adding tests so that the drivers are stressed.

 

[Msoub]

It just booted into a blue screen
System_thread_exception_not_handled
After restart: driver verified detected violation.

 

[zbook]

For any BSOD:

a) run the Sysnative log collector to collect new log files

b) open file explorer> this PC > C: > in the right upper corner search for: C:\Windows\memory.dmp
> if the file size is < 1.5 GB then zip > post a separate share link into the thread using one drive, drop box, or google drive

 

[Msoub]

Windows couldn't load correctly, if I go to a restore point, will a .dmp file or the log be useful still?

 

[zbook]

Use the commands to turn off the tool in this order:
a) verifier /reset
b) verifier /bootmode resetonbootfail
c) system restore



See: Enable and Disable Driver Verifier in Windows 10
Disable Driver Verifier via Command Prompt
OPTION ONE
OPTION TWO

 

[Msoub]

didn't work with a and b, did a system restore.

a .dmp file would be useless now?

 

[zbook]

Did you perform a system restore?
If not, then perform a system restore.

Please follow the instructions.

If there are problems with a dump file then another can be generated using the tool.

Customized tests can be modified.



I was waiting for you to post the files and now I'm heading to bed.


For any BSOD:

a) run the Sysnative log collector to collect new log files

b) open file explorer> this PC > C: > in the right upper corner search for: C:\Windows\memory.dmp
> if the file size is < 1.5 GB then zip > post a separate share link into the thread using one drive, drop box, or google drive

 

[Msoub]

yes I had to do a system restore.

sorry I thought the log files would be useless after a system restore.
here's the .dmp file, but isn't it outdated after a system restore ?
MEMORY.DMP

 

[zbook]

Uninstall any software that uses Valorant anti cheat.

The misbehaving driver was vgk.sys

How to uninstall Valorant | Delete Game and Anti-Cheat - GameRevolution



Restart WDV to find any other misbehaving drivers.

vgk.sys      Wed Oct  7 15:20:06 2020 (5F7E22F6)