flat assembler
Message board for the users of flat assembler.

Index > Heap > KeBugCheck called by AOL?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
I came home from school, leaving my computer on as usual i went to bed for a nap, wake back up as the power went out. Turn on computer, everything's fine until i send an instant message. Computer blue screens. So, ok, i reinstall aol instant messenger, send a text message, and it's fine. Send it to some one else, and crash. I tried changing the page file assuming it got corrupted, and it didn't help. So now i have an updated aim, which gives me a newer, crapier, more resource hungry interface and a problem with my computer that i can't see. Considering that it affected the reinstalled version of aim, that would mean the problem is outside aim and is just waiting to happen again with some other program, which could be more important. It could be Java, could be Flash, could be anything. So, i'm asking for any suggestions anyone has while i start looking through sites that use flash and java.
Post 26 May 2007, 04:06
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Go to %SystemRoot%\minidumps to see if the is one. It it is the case then download WinDbg (and the debugging symbols for better analysis) to open them and try to figure out the bug check number and who has the fault.

Good luck!

PS: The links
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx <- WinDbg
http://www.microsoft.com/whdc/DevTools/Debugging/symbolpkg.mspx <- The symbol packages
Post 26 May 2007, 05:10
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Minidumps dosn't exist. I think it's turned off for me by default, which should prevent corruption of my hd during blue screen... anyway... I decided to look up the error number and microsoft appears to think it might have something to do with the ram getting corrupted. WHich would be bad for me, because my father is paranoid of things online still, and it's unlikely he'll let me buy new stuff from newegg.com... Anyway, i'm gonna go check my RAM and come back, but i'll leave the error number here incase anyone can figure out what's wrong.

0x0000007F
Post 26 May 2007, 05:28
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Here it is the explanation of that bugcheck http://msdn2.microsoft.com/en-us/library/ms795478.aspx

If you are suspecting memory problems then every time you get a BSOD try to take note of the whole information, not only the bugcheck number. If the information is always the same (or comes from the same module) then is very unlikely that defective RAM is the problem.
Post 26 May 2007, 05:48
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
No more giving back...


Last edited by kohlrak on 07 Aug 2008, 15:14; edited 1 time in total
Post 26 May 2007, 06:02
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

Irregardless, that page says divide by 0, which would make no sence as i'm pretty sure windows has an error trap for that which wouldn't panic the kernel.


If a driver divides by zero the kernel can't just skip the DIV/IDIV instruction and pretend that nothing has happened here. It's the driver fault for not providing an exception handler that handles this situation.

BTW, I just downloaded the latest version of WinDBG (the beta version http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.7.05.0.exe ), and it works perfectly here.

But note that if you don't have any crash dump the debugger is useless for you (to analyse your problem).
Post 26 May 2007, 06:53
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Oddly enough AIM works fine on certain other user accounts. My C drive keeps complaining about not having much space left on it, which is weird, cause i keep deleting huge files off of it and for some reson there's still junk on it that's taking up lots of space and i don't know where it's all comming from. Anyway, perhaps what's keeping me from getting that installer program to work has something to do with the crash. Not sure what it could be... See, i tried running a rom in my n64 emulator real quick, and though i didn't run it long enough to test it for much, theoretically if anything was wrong with my sound or video drivers, it would have crashed. Seems to happen only when i instant message certain people.

EDIT: This is interesting. I'm here in safe mode, i IM one of the people who it crashes when i IM, and aim freezes. I close it with task manager, program disappears and everything, but it's still in task manager. All other instances of it see it as still open so i can't open it again. I'm going to reboot and try to see if it does the same thing in safe mode for other people.

EDIT2: Welp, there we go. To top off the weirdness, i im some one else, aim freezes, and i can close it with task manager. Wondering if i could close it after i imed one of the people where things go wrong, now it works... But i'm in safe mode right now, so it's likely that it'll crash on the main account...

EDIT3: Well, i'm narrowing it down further... It appears that this problem only occures on the windows account "Kohlrak," and i still don't know what it is. The reson i like to think it's memory is because that account has alot of high memory using programs set to it, but it appears AOL is the only thing causing the error.
Post 26 May 2007, 07:57
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
I'd say you are looking at a hardisk or harddisk controler related problem. AIM is probably trying to open a log file for the conversation when you IM certain people.

The log file is the one in exactly the same place per user per contact, when you start a conversation with one contact, the log file is opened, the location is bad and viola, BSOD.

By the way, the BSOD should indicate the filename of the offending driver. Which is it?
Post 26 May 2007, 14:43
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
No more giving back...


Last edited by kohlrak on 07 Aug 2008, 15:08; edited 2 times in total
Post 26 May 2007, 14:53
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Simplify things, right click "My computer" and click properties, go to "Advanced" tab and then press "Settings" button of "Startup and Recovery" and on the "Write debugging information" set the combobox to "Small memory dump (64 KB)".

If you have problems with WinDBG, PM me the minidump so I can give it a try.

Don't forget to tell which Windows version you have to know which simbols I have to download.
Post 26 May 2007, 16:24
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
The Olly screenshots you have posted shows two software exceptions and one hardware exception (single step but nothing to worry about, it happens from time to time when you use Olly).

Again please, try to get a crash dump.
Post 26 May 2007, 17:16
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
No more giving back...


Last edited by kohlrak on 07 Aug 2008, 15:07; edited 1 time in total
Post 26 May 2007, 17:30
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
That minidumps shows me this
Code:
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

THREAD_STUCK_IN_DEVICE_DRIVER_M (100000ea)
The device driver is spinning in an infinite loop, most likely waiting for
hardware to become idle. This usually indicates problem with the hardware
itself or with the device driver programming the hardware incorrectly.
If the kernel debugger is connected and running when watchdog detects a
timeout condition then DbgBreakPoint() will be called instead of KeBugCheckEx()
and detailed message including bugcheck arguments will be printed to the
debugger. This way we can identify an offending thread, set breakpoints in it,
and hit go to return to the spinning code to debug it further. Because
KeBugCheckEx() is not called the .bugcheck directive will not return bugcheck
information in this case. The arguments are already printed out to the kernel
debugger. You can also retrieve them from a global variable via
"dd watchdog!g_WdBugCheckData l5" (use dq on NT64).
On MP machines it is possible to hit a timeout when the spinning thread is
interrupted by hardware interrupt and ISR or DPC routine is running at the time
of the bugcheck (this is because the timeout's work item can be delivered and
handled on the second CPU and the same time). If this is the case you will have
to look deeper at the offending thread's stack (e.g. using dds) to determine
spinning code which caused the timeout to occur.
Arguments:
Arg1: 8199dda8, Pointer to a stuck thread object.  Do .thread then kb on it to find
     the hung location.
Arg2: 81965e68, Pointer to a DEFERRED_WATCHDOG object.
Arg3: f9e61cb4, Pointer to offending driver name.
Arg4: 00000001, Number of times "intercepted" bugcheck 0xEA was hit (see notes).

Debugging Details:
------------------

ERROR - could not read driver name for bugcheck parameter 3


FAULTING_THREAD:  8199dda8

FAULTING_IP: 
nv4_disp!bWaitWhileNotifierIsEqualToStatus+c6
bf033176 ??              ???

IMAGE_NAME:  nv4_disp.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  411096d7

MODULE_NAME: nv4_disp

FAULTING_MODULE: bf012000 nv4_disp

DEFAULT_BUCKET_ID:  GRAPHICS_DRIVER_FAULT

CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0xEA

PROCESS_NAME:  csrss.exe

LAST_CONTROL_TRANSFER:  from 806eeca4 to 804dbe82

STACK_TEXT:  
f9ac173c 806eeca4 00000000 e1a51ec7 804dadaf nt!KiDispatchInterrupt+0x7f
f9ac1758 bf033176 badb0d00 81b03cb4 00000034 hal!IoFreeMapRegisters+0x3c
f9ac1780 00232fec f9ac17c4 00000034 f9ac17c4 nv4_disp!bWaitWhileNotifierIsEqualToStatus+0xc6
WARNING: Frame IP not in any known module. Following frames may be wrong.
f9ac1790 81b03cb4 00008000 00008000 e1a7e010 0x232fec
f9ac17c4 00080246 0000018a e1a7e010 00000000 0x81b03cb4
f9ac17c8 00000000 e1a7e010 00000000 f7993000 0x80246


STACK_COMMAND:  .thread 0xffffffff8199dda8 ; kb

FOLLOWUP_IP: 
nv4_disp!bWaitWhileNotifierIsEqualToStatus+c6
bf033176 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nv4_disp!bWaitWhileNotifierIsEqualToStatus+c6

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xEA_IMAGE_nv4_disp.dll_DATE_2004_08_04

BUCKET_ID:  0xEA_IMAGE_nv4_disp.dll_DATE_2004_08_04

Followup: MachineOwner
---------    


This time is a different bugcheck and comes from your nVidia display driver. Do you have your driver updated?

Try uninstalling and then downloading the drivers from nVidia site again.

Since this time you got a different bugcheck you could try http://www.memtest.org/#downiso . However, since you can always reproduce the error with exactly the same steps, RAM malfunction remains unlikely but possible.

[EDIT]I just downloaded the WinXP SP2 symbols so I edited the WinDbg info, now it shows more info.[/EDIT]
Post 26 May 2007, 18:00
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Reinstalled drivers, no fix. Since it's a loop, it can't be the hardware blowing out, even though i'm pretty sure i have a surge protector on this thing anyway... Last crash didn't leave a dump... I'm gonna keep trying to get one... I just realized that maybe the bug check got generated from when i tooke a time out to play halo, which crashes on me on random moments... I'll keep trying to get a dump, though...
Post 26 May 2007, 19:44
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
So, the BSODs are random or perfectly reproduceable? If the first is the case then pass several hours memtest, if no errors then maybe is time to format HDD and install XP again.
Post 26 May 2007, 20:21
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
I'll run the test, and i don't know what to hope for, bad memory or xp reinstallation.. because that could take a long time because i'll have to buy the CDs to backup everything, i'll have to go through my massive drive to find all the programs i need and such, and that means reading all the source codes i have laying around on my un organized drive... So if i have to reformat, i might not tell you all how it goes for a day or so... Heck of a way to spend a 3 day weekend, eh? And i had work that had to be done...

EDIT: perfectly reproduceable, but the perfect reproduction just adds to the mystery... Oh, and i just remembered i have my HDs partioned so i should be able to just back up the files that i need on C drive (i'm gonna hate doing this because alot of programs are going to stop working... and i'll have to reinstall... Dang power outages...) and be on my way...

EDIT2: Eh, what the heck. i'm not going to waste my weekend on this when all i have to do is create another windows account, i just hope it dosn't happen again. Maybe later on i can figure it out and look at it deeper. Thanks for your help anyway, i'm gonna crack at this again on nights when i'm bored, cause this will annoy me if i never figure out what it is...
Post 26 May 2007, 20:26
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Aaahhh, I just ran "lm" command on WinDbg and I discovered you have installed AVG anti-stability (version 7). This seriously gives credit to DustWolf about accessing HDD because maybe you have a malformed file somewhere and when AVG tries to analyse the file it crashes. The reason for no generating a minidump maybe is because since AVG is in the path to the filesystem, then Windows can't risk to do any filesystem access to the ones that AVG has filter drivers installed.

Try uninstalling the anti-virus or disabling the real time scanning feature.

PS: Note however that the minidump you gave me seems to not have any relationship with AVG problems.
Post 26 May 2007, 22:31
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
That's interesting... Though aol should be the cause of the crash before AVG causes the crash, because AOL would go for the access, which would then have AVG going for the access. Or maybe not... Another thing i noticed was when i opened it up with olly, at certain points i could have sworn i saw it saying that certain exe files were loaded into memory. Which is interesting to me. I don't see why AIM would be loading EXEs (ones that have nothing to do with AOL i might add) into it's memory for any decent purpose. That not only makes me wonder about aim acting as spyware, but perhaps the loading of those exes triggered someting which caused them to open up a corrupted file. I don't know enough about olly to monitor aol to find out what it's doing with those programs. Heck, i could even be mistaken that AIM's what's loading them into memory.
Post 28 May 2007, 07:52
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Sure that OllyDbg specifically told you that AIM has loaded EXEs? Perhaps it told you that AIM has loaded executable MODULES? If the latter is the case then it just loaded DLLs.

Note that tracing BSODs with OllyDbg doesn't help much, it is a user-mode debugger not a kernel-mode one. User-mode executables can't generate BSODs, them only can be resposible for triggering bugged kernel-mode code.

About the malformed file that AVG doesn't handle properly could be anything, JPG, DOC, EXE, JS, VBS, etc. Virus are not found in executables only, nowadays except for TXT seems that everything can contain virus (sometimes because the format allows it, other times because it takes advantage of some vulnerability in the format handler).

If you can still trigger the BSOD with your AIM contact then try removing AVG for a moment and try chat with that contact again to see if the BSOD dissapears.
Post 28 May 2007, 16:04
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Quote:
Sure that OllyDbg specifically told you that AIM has loaded EXEs? Perhaps it told you that AIM has loaded executable MODULES? If the latter is the case then it just loaded DLLs.


It said modules, but here's the thing. I recognized some of those names, and those names were not of DLLs.

Quote:
About the malformed file that AVG doesn't handle properly could be anything, JPG, DOC, EXE, JS, VBS, etc. Virus are not found in executables only, nowadays except for TXT seems that everything can contain virus (sometimes because the format allows it, other times because it takes advantage of some vulnerability in the format handler).


That's the sad part of the world today....

Quote:
If you can still trigger the BSOD with your AIM contact then try removing AVG for a moment and try chat with that contact again to see if the BSOD dissapears.


I'm not comfortable uninstalling and reinstalling considering some of the bugs that i'm sure are waiting dormantly for AVG to shut down. Plus, AVG works with all accounts so it should crash me on this windows account too, but what i did notice rather recently is that certain registry keys can't be edited by my other accounts. I don't know why. Mostly file extension registry key. My crashing account has them fine... So, i think i know the cause now. I better becareful of which keys i change permissions for.
Post 28 May 2007, 19:38
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.