PDA

View Full Version : Cloaking crashes computer



sparetheman
17.12.2007, 13:56
Using YASU 7080 (also tried 7070) to cloak a daemon tools drive, I get a complete memory dump (the so called "dreaded blue screen of death"). Not being the most technically gifted computer user, I was wondering if anyone has had a similar problem and how I might solve this. Cheers for any help.

Blazkowicz
17.12.2007, 19:55
Could you attach the latest minidump (normally c:\windows\minidump where c: is your drive letter and windows is the windows folder which may have another name)

sparetheman
18.12.2007, 12:36
I used some Windows debugger program to load up this. Wasn't quite sure what information you need to help so I've just copied it all. I hope it makes more sense to you than it does me, haha. Thanks for replying.


Loading Dump File [C:\WINDOWS\Minidump\Mini073007-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Mon Jul 30 17:07:22.812 2007 (GMT+0)
System Uptime: 0 days 1:03:18.382
Loading Kernel Symbols
.................................................. .................................................. ............................................
Loading User Symbols
Loading unloaded module list
..............
Unable to load image mvstdi5x.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mvstdi5x.sys
*** ERROR: Module load completed but symbols could not be loaded for mvstdi5x.sys
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {3, 2, 0, f7752917}

Unable to load image gwausb.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for gwausb.sys
*** ERROR: Module load completed but symbols could not be loaded for gwausb.sys


Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Followup: MachineOwner
---------

kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000003, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f7752917, address which referenced memory

Debugging Details:
------------------




READ_ADDRESS: 00000003

CURRENT_IRQL: 2

FAULTING_IP:
mvstdi5x+2917
f7752917 8a16 mov dl,byte ptr [esi]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from f775216e to f7752917

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8054fffc f775216e 00000062 8420c164 80550058 mvstdi5x+0x2917
80550028 f77525a6 834bdf68 80550058 8055005c mvstdi5x+0x216e
8055004c f7752708 834bdf30 8420c164 00000080 mvstdi5x+0x25a6
8055006c f7759b38 834bdf30 83501108 00000084 mvstdi5x+0x2708
80550090 804e3d38 84064738 834c7cd8 841eaf40 mvstdi5x+0x9b38
805500c0 f2a46ad2 8369eea0 83420e70 83420e74 nt!IopfCompleteRequest+0xa2
805500d8 f2a4b6ac 834c7cd8 00000000 00000084 tcpip!TCPDataRequestComplete+0xa6
80550114 f2a4b75f 00000000 00000002 00000000 tcpip!CompleteRcvs+0xf1
80550138 f2a42a08 00000002 00000002 80550164 tcpip!ProcessPerCpuTCBDelayQ+0x6b
8055016c f2a4294f 00000002 f2a42901 f2a423d6 tcpip!ProcessTCBDelayQ+0xc4
80550178 f2a423d6 00000000 84189ad0 f7785058 tcpip!TCPRcvComplete+0x20
80550184 f7785058 f737ed40 0cabb1e5 f6e16b40 tcpip!IPRcvComplete+0x21
80550188 f737ed40 0cabb1e5 f6e16b40 8416f908 wanarp!WanNdisReceiveComplete+0x6
805501d8 f6e1101d 0044f6e8 83cc4c28 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
805501ec f6e111b4 84189ad0 83cc4c28 00000001 psched!PsFlushReceiveQueue+0x15
80550210 f6e115f9 8416f910 00000000 84189ad0 psched!PsEnqueueReceivePacket+0xda
80550228 f737ed40 8416f908 834eb008 8376c498 psched!ClReceiveComplete+0x13
80550278 f6e27c59 0044f6e8 805502b8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
805502ac f6e27f15 0276c498 83761130 8376c498 ndiswan!IndicateRecvPacket+0x2af
805502e0 f6e283c2 8376c498 834ad808 0000003a ndiswan!ProcessPPPFrame+0x193
805502fc f6e25e51 834c9430 834ad808 841b9b98 ndiswan!ReceivePPP+0x76
80550320 f73798f5 00000001 83d4d008 0000003a ndiswan!ProtoWanReceiveIndication+0x106
80550344 f287af5a 80550370 02dd7ad0 00000001 NDIS!NdisMWanIndicateReceive+0x54
80550368 f28767a4 0000003a 84064c70 83636e30 gwausb+0x4f5a
80550388 f7374fca 00000000 83dd3008 00000000 gwausb+0x7a4
805503ac 804dbbd4 83dd3078 83dd3050 186a3b48 NDIS!ndisMTimerDpcX+0x7a
805503d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
805503d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


STACK_COMMAND: kb

FOLLOWUP_IP:
mvstdi5x+2917
f7752917 8a16 mov dl,byte ptr [esi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mvstdi5x+2917

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mvstdi5x

IMAGE_NAME: mvstdi5x.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41377210

FAILURE_BUCKET_ID: 0xD1_mvstdi5x+2917

BUCKET_ID: 0xD1_mvstdi5x+2917

Followup: MachineOwner
---------

Blazkowicz
18.12.2007, 15:17
You don't have a newer minidump as this one from Jul 30 2007?

sparetheman
18.12.2007, 17:39
My bad. Here's one from today.

Loading Dump File [C:\WINDOWS\Minidump\Mini121807-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Tue Dec 18 12:53:20.046 2007 (GMT+0)
System Uptime: 0 days 1:06:41.627
Loading Kernel Symbols
.................................................. .................................................. .................................................
Loading User Symbols
Loading unloaded module list
...............
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {c0000005, 805d4a1a, ef98b934, ef98b630}

Unable to load image drvmcdb.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for drvmcdb.sys
*** ERROR: Module load completed but symbols could not be loaded for drvmcdb.sys


Probably caused by : drvmcdb.sys ( drvmcdb+d8ac )

Followup: MachineOwner
---------

kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805d4a1a, The address that the exception occurred at
Arg3: ef98b934, Exception Record Address
Arg4: ef98b630, Context Record Address

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!RtlpCallQueryRegistryRoutine+149
805d4a1a 668b01 mov ax,word ptr [ecx]

EXCEPTION_RECORD: ef98b934 -- (.exr 0xffffffffef98b934)
ExceptionAddress: 805d4a1a (nt!RtlpCallQueryRegistryRoutine+0x00000149)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

CONTEXT: ef98b630 -- (.cxr 0xffffffffef98b630)
eax=00000001 ebx=e1162898 ecx=00000000 edx=ef98bce8 esi=00000000 edi=e1162898
eip=805d4a1a esp=ef98b9fc ebp=ef98ba28 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!RtlpCallQueryRegistryRoutine+0x149:
805d4a1a 668b01 mov ax,word ptr [ecx] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 00000000

BUGCHECK_STR: 0x7E

DEFAULT_BUCKET_ID: NULL_DEREFERENCE

LAST_CONTROL_TRANSFER: from 8059693f to 805d4a1a

STACK_TEXT:
ef98ba28 8059693f ef98bce8 00000000 ef98ba88 nt!RtlpCallQueryRegistryRoutine+0x149
ef98ba8c f733a8ac c0000034 00000084 00000001 nt!RtlQueryRegistryValues+0x26f
WARNING: Stack unwind information not available. Following frames may be wrong.
ef98bd34 f733c3b0 00000da4 f7340380 00000002 drvmcdb+0xd8ac
ef98bdac 8057d0f1 f1ee59f8 00000000 00000000 drvmcdb+0xf3b0
83d2c9e0 00000000 83d2c9e8 83d2c9e8 83d2c9f0 nt!PspSystemThreadStartup+0x34


FOLLOWUP_IP:
drvmcdb+d8ac
f733a8ac ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: drvmcdb+d8ac

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: drvmcdb

IMAGE_NAME: drvmcdb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4269810a

STACK_COMMAND: .cxr 0xffffffffef98b630 ; kb

FAILURE_BUCKET_ID: 0x7E_drvmcdb+d8ac

BUCKET_ID: 0x7E_drvmcdb+d8ac

Followup: MachineOwner
---------

Terramex
18.12.2007, 22:40
@sparetheman
Please have a look at this (http://www.daemon-tools.cc/dtcc/yasu-cases-restart-loading-disc-t18877.html) thread.
Maybe you have a smiliar problem with some Sonic product.

Jito463
19.12.2007, 01:35
Might want to check out the comments from the link below about that file, too.

http://www.file.net/process/drvmcdb.sys.html

sparetheman
19.12.2007, 11:16
Thanks a lot for the advice guys. I think I've sorted it out now.