How to find the source of this BSOD? How to fix it?

8

1

I occasionally (always at the least convenient moment...) receive this BSOD on my Windows 7 desktop PC:

  Problem signature:
  Problem Event Name:   BlueScreen
  OS Version:   6.1.7601.2.1.0.256.1
  Locale ID:    1033

  Additional information about the problem:
  BCCode:   124
  BCP1: 0000000000000000
  BCP2: FFFFFA8007BBB028
  BCP3: 00000000B2000040
  BCP4: 0000000000000800
  OS Version:   6_1_7601
  Service Pack: 1_0
  Product:  256_1

  Files that help describe the problem:
  C:\Windows\Minidump\010812-16578-01.dmp
  C:\Users\al\AppData\Local\Temp\WER-37500-0.sysdata.xml

Trying to find out more information about this seems to be futile because the file C:\Users\al\AppData\Local\Temp\WER-37500-0.sysdata.xml doesn't exist (the folder exists, but not any file that starts with "WER"), and attempting to analyze the minidump file yields the following:

Bug Check Code: 0x00000124
Parameter 1:    00000000`00000000
Parameter 2:    fffffa80`07bbb028
Parameter 3:    00000000`b2000040
Parameter 4:    00000000`00000800
Causing driver: hal.dll
Address:    hal.dll+12a3b
Processor:  x64
Crash address:  ntoskrnl.exe+7cc40
CPU count:  4
Major ver:  15
Minor ver:  7601
Dump size:  283,576 

and:

Filename:       ntoskrnl.exe
Addr. in Stack: ntoskrnl.exe+18d513
From addr:      fffff800`02a18000
To addr:        fffff800`03001000
Size:           0x005e9000
Timestamp:      0x4e02aaa3
Time string:    6/22/2011 9:53:23 PM
Product name:   Microsoft® Windows® Operating System
File desc:      NT Kernel & System
File ver:       6.1.7601.17640 (win7sp1_gdr.110622-1506)
Company:        Microsoft Corporation
Full path:      C:\Windows\system32\ntoskrnl.exe        

Well, hal.dll and ntoskrnl.exe are part of the OS and there doesn't seem to be anything I can do to upgrade those "drivers".

I know that the hardware is perfect (including RAM voltages in BIOS etc) because this same exact system works perfectly with Ubuntu 8 and Ubuntu 10 (triple-boot config). The problem is definitely in the system software, but how do I find out what it is?

Eternal Learner

Posted 2012-01-08T13:11:04.723

Reputation: 460

1We could help you if Windows 7 was open source... – m0skit0 – 2012-01-08T13:56:09.197

3

Do any of the steps from [here](http://www.sevenforums.com/crash-lockup-debug-how/35349-stop-0x124-what-means-what-try.html help?

– AndrejaKo – 2012-01-08T16:39:48.073

2@AndrejaKo This is a great resource. Looks like exactly what I have been looking for. Please re-post as an answer and I will accept it. Thanks +1 for now. – Eternal Learner – 2012-01-08T17:01:02.883

1@Eternal Learner Simply linking to an answer is not considered an answer here at SuperUser, it should remain a comment unless they want to copy the entire content of the answer over to a SuperUser answer. The main reason for this is link rot and websites that disappear from cyberspace. Second reason is SuperUser is not a forum. – Moab – 2012-01-08T17:31:33.543

Answers

4

  1. Install the Debugging Tools for Windows.
  2. After Installing, open WinDbg from start menu.
  3. Click File > Symbol File path and enter SRVC:\SymbolCachehttp://msdl.microsoft.com/download/symbols (replace C:\SymbolCache with path of your choice)
  4. Click File > Open Crashdump and open the memory.dmp file in your %SystemRoot% (usually C:\WINDOWS or C:\WINNT) OR the latest file in %SystemRoot%\Minidump if you have full dumps disabled.
  5. The offending driver will be listed below, similar to this: Probably caused by : usbhub.sys ( usbhub!UsbhTrapFatalTimeout_x9f+28 ), but you can click the !analyze -v link to get detailed stack trace.

kinokijuf

Posted 2012-01-08T13:11:04.723

Reputation: 7 734

This is good for driver developers, not for an admin. – Eternal Learner – 2012-01-09T18:29:51.653

@EternalLearner But it shows you the BSOD source, which is a good thing. – kinokijuf – 2012-01-09T20:42:07.350

Yes it's a good thing but I already get all that information from BlueScreenView. The only advantage of !analyze -v is the ability to show the source code if I have it and since I am not the developer of ntoskrnl.exe, it doesn't help me. Aside from the fact that it's horribly bloated and further compromises the stability of the system. Installing it is only justified when you develop drivers. – Eternal Learner – 2012-01-11T04:45:41.970

@EternalLearner Then I’m afraid it’s impossible to get further info. – kinokijuf – 2012-01-11T06:58:30.550

2

A much simpler way would be to use BlueScreenView. If you look into the "Address In Stack" column you can see where the problematic call originally came from. This is the last row that has an entry in this column.

Taking the driver file name you can back-track the vendor/application/device it belongs to and therefore find the culprit with a high probability.

Robert

Posted 2012-01-08T13:11:04.723

Reputation: 4 857

1BlueScreenView is exactly where I took the information I posted in my question. The back-track stops at what I posted originally: ntoskrnl.exe+18d513. The comment posted by @AndrejaKo is the best answer so far. – Eternal Learner – 2012-01-09T18:31:35.690