Showing results 1 to 8 of 8

Thread: Cloaking crashes computer

  1. #1

    Default Cloaking crashes computer

    Using YASU 7080 (also tried 7070) to cloak a daemon tools drive, I get a complete memory dump (the so called "dreaded blue screen of death"). Not being the most technically gifted computer user, I was wondering if anyone has had a similar problem and how I might solve this. Cheers for any help.

  2. #2
    GERMAN TRANSLATOR
    Blazkowicz's Avatar
    Join Date
    09.11.2005
    Posts
    6,401

    Default

    Could you attach the latest minidump (normally c:\windows\minidump where c: is your drive letter and windows is the windows folder which may have another name)
    Make something idiot proof, but then they just make a better idiot
    Peace Through Power

  3. #3

    Default

    I used some Windows debugger program to load up this. Wasn't quite sure what information you need to help so I've just copied it all. I hope it makes more sense to you than it does me, haha. Thanks for replying.


    Loading Dump File [C:\WINDOWS\Minidump\Mini073007-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
    Debug session time: Mon Jul 30 17:07:22.812 2007 (GMT+0)
    System Uptime: 0 days 1:03:18.382
    Loading Kernel Symbols
    .................................................. .................................................. ............................................
    Loading User Symbols
    Loading unloaded module list
    ..............
    Unable to load image mvstdi5x.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for mvstdi5x.sys
    *** ERROR: Module load completed but symbols could not be loaded for mvstdi5x.sys
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 100000D1, {3, 2, 0, f7752917}

    Unable to load image gwausb.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for gwausb.sys
    *** ERROR: Module load completed but symbols could not be loaded for gwausb.sys


    Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000003, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: f7752917, address which referenced memory

    Debugging Details:
    ------------------




    READ_ADDRESS: 00000003

    CURRENT_IRQL: 2

    FAULTING_IP:
    mvstdi5x+2917
    f7752917 8a16 mov dl,byte ptr [esi]

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0xD1

    PROCESS_NAME: Idle

    LAST_CONTROL_TRANSFER: from f775216e to f7752917

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8054fffc f775216e 00000062 8420c164 80550058 mvstdi5x+0x2917
    80550028 f77525a6 834bdf68 80550058 8055005c mvstdi5x+0x216e
    8055004c f7752708 834bdf30 8420c164 00000080 mvstdi5x+0x25a6
    8055006c f7759b38 834bdf30 83501108 00000084 mvstdi5x+0x2708
    80550090 804e3d38 84064738 834c7cd8 841eaf40 mvstdi5x+0x9b38
    805500c0 f2a46ad2 8369eea0 83420e70 83420e74 nt!IopfCompleteRequest+0xa2
    805500d8 f2a4b6ac 834c7cd8 00000000 00000084 tcpip!TCPDataRequestComplete+0xa6
    80550114 f2a4b75f 00000000 00000002 00000000 tcpip!CompleteRcvs+0xf1
    80550138 f2a42a08 00000002 00000002 80550164 tcpip!ProcessPerCpuTCBDelayQ+0x6b
    8055016c f2a4294f 00000002 f2a42901 f2a423d6 tcpip!ProcessTCBDelayQ+0xc4
    80550178 f2a423d6 00000000 84189ad0 f7785058 tcpip!TCPRcvComplete+0x20
    80550184 f7785058 f737ed40 0cabb1e5 f6e16b40 tcpip!IPRcvComplete+0x21
    80550188 f737ed40 0cabb1e5 f6e16b40 8416f908 wanarp!WanNdisReceiveComplete+0x6
    805501d8 f6e1101d 0044f6e8 83cc4c28 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
    805501ec f6e111b4 84189ad0 83cc4c28 00000001 psched!PsFlushReceiveQueue+0x15
    80550210 f6e115f9 8416f910 00000000 84189ad0 psched!PsEnqueueReceivePacket+0xda
    80550228 f737ed40 8416f908 834eb008 8376c498 psched!ClReceiveComplete+0x13
    80550278 f6e27c59 0044f6e8 805502b8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
    805502ac f6e27f15 0276c498 83761130 8376c498 ndiswan!IndicateRecvPacket+0x2af
    805502e0 f6e283c2 8376c498 834ad808 0000003a ndiswan!ProcessPPPFrame+0x193
    805502fc f6e25e51 834c9430 834ad808 841b9b98 ndiswan!ReceivePPP+0x76
    80550320 f73798f5 00000001 83d4d008 0000003a ndiswan!ProtoWanReceiveIndication+0x106
    80550344 f287af5a 80550370 02dd7ad0 00000001 NDIS!NdisMWanIndicateReceive+0x54
    80550368 f28767a4 0000003a 84064c70 83636e30 gwausb+0x4f5a
    80550388 f7374fca 00000000 83dd3008 00000000 gwausb+0x7a4
    805503ac 804dbbd4 83dd3078 83dd3050 186a3b48 NDIS!ndisMTimerDpcX+0x7a
    805503d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
    805503d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    mvstdi5x+2917
    f7752917 8a16 mov dl,byte ptr [esi]

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: mvstdi5x+2917

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: mvstdi5x

    IMAGE_NAME: mvstdi5x.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 41377210

    FAILURE_BUCKET_ID: 0xD1_mvstdi5x+2917

    BUCKET_ID: 0xD1_mvstdi5x+2917

    Followup: MachineOwner
    ---------

  4. #4
    GERMAN TRANSLATOR
    Blazkowicz's Avatar
    Join Date
    09.11.2005
    Posts
    6,401

    Default

    You don't have a newer minidump as this one from Jul 30 2007?
    Make something idiot proof, but then they just make a better idiot
    Peace Through Power

  5. #5

    Default

    My bad. Here's one from today.

    Loading Dump File [C:\WINDOWS\Minidump\Mini121807-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
    Debug session time: Tue Dec 18 12:53:20.046 2007 (GMT+0)
    System Uptime: 0 days 1:06:41.627
    Loading Kernel Symbols
    .................................................. .................................................. .................................................
    Loading User Symbols
    Loading unloaded module list
    ...............
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000007E, {c0000005, 805d4a1a, ef98b934, ef98b630}

    Unable to load image drvmcdb.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for drvmcdb.sys
    *** ERROR: Module load completed but symbols could not be loaded for drvmcdb.sys


    Probably caused by : drvmcdb.sys ( drvmcdb+d8ac )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 805d4a1a, The address that the exception occurred at
    Arg3: ef98b934, Exception Record Address
    Arg4: ef98b630, Context Record Address

    Debugging Details:
    ------------------




    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    FAULTING_IP:
    nt!RtlpCallQueryRegistryRoutine+149
    805d4a1a 668b01 mov ax,word ptr [ecx]

    EXCEPTION_RECORD: ef98b934 -- (.exr 0xffffffffef98b934)
    ExceptionAddress: 805d4a1a (nt!RtlpCallQueryRegistryRoutine+0x00000149)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 00000000
    Attempt to read from address 00000000

    CONTEXT: ef98b630 -- (.cxr 0xffffffffef98b630)
    eax=00000001 ebx=e1162898 ecx=00000000 edx=ef98bce8 esi=00000000 edi=e1162898
    eip=805d4a1a esp=ef98b9fc ebp=ef98ba28 iopl=0 nv up ei pl zr na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
    nt!RtlpCallQueryRegistryRoutine+0x149:
    805d4a1a 668b01 mov ax,word ptr [ecx] ds:0023:00000000=????
    Resetting default scope

    CUSTOMER_CRASH_COUNT: 2

    PROCESS_NAME: System

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    READ_ADDRESS: 00000000

    BUGCHECK_STR: 0x7E

    DEFAULT_BUCKET_ID: NULL_DEREFERENCE

    LAST_CONTROL_TRANSFER: from 8059693f to 805d4a1a

    STACK_TEXT:
    ef98ba28 8059693f ef98bce8 00000000 ef98ba88 nt!RtlpCallQueryRegistryRoutine+0x149
    ef98ba8c f733a8ac c0000034 00000084 00000001 nt!RtlQueryRegistryValues+0x26f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ef98bd34 f733c3b0 00000da4 f7340380 00000002 drvmcdb+0xd8ac
    ef98bdac 8057d0f1 f1ee59f8 00000000 00000000 drvmcdb+0xf3b0
    83d2c9e0 00000000 83d2c9e8 83d2c9e8 83d2c9f0 nt!PspSystemThreadStartup+0x34


    FOLLOWUP_IP:
    drvmcdb+d8ac
    f733a8ac ?? ???

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: drvmcdb+d8ac

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: drvmcdb

    IMAGE_NAME: drvmcdb.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 4269810a

    STACK_COMMAND: .cxr 0xffffffffef98b630 ; kb

    FAILURE_BUCKET_ID: 0x7E_drvmcdb+d8ac

    BUCKET_ID: 0x7E_drvmcdb+d8ac

    Followup: MachineOwner
    ---------

  6. #6
    Customer Terramex's Avatar
    Join Date
    06.09.2004
    Posts
    2,566

    Default

    @sparetheman
    Please have a look at this thread.
    Maybe you have a smiliar problem with some Sonic product.

  7. #7
    Master
    Jito463's Avatar
    Join Date
    24.05.2005
    Posts
    1,626

    Default

    Might want to check out the comments from the link below about that file, too.

    http://www.file.net/process/drvmcdb.sys.html

  8. #8

    Default

    Thanks a lot for the advice guys. I think I've sorted it out now.

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •