BSoD DRIVER_VERIFIER_DETECTED_VIOLATION

3

2

I'm having a lot of BSoD's lately, so I ran Driver Verifier (verifier in command line). It generated DRIVER_VERIFIER_DETECTED_VIOLATIONBSoD. Analyzing the dump with WinDbg:

!analyze -v

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught.  This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 000000000009400b, subclass of driver violation. Arg2: fffff8014749aba0 Arg3: ffffe0002413ff20 Arg4: ffffe0002413ff78

Debugging Details:
------------------


ADDITIONAL_DEBUG_TEXT:  Failed to find the associated rule. Please upgrade your debugger (ext.dll).

BUGCHECK_STR:  0xc4_9400b

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8014748e487 to fffff80334de1fa0

STACK_TEXT:   
nt!KeBugCheckEx 
VerifierExt!SLIC_StatefulAbort+0x22b 
VerifierExt!Ndis_OnTimerExpire+0x442 
VerifierExt!XdvPassiveTimerRoutine+0x43
nt!IopProcessWorkItem+0x76
nt!ExpWorkerThread+0x293
nt!PspSystemThreadStartup+0x58
nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:  nt!IopProcessWorkItem+76 fffff803`34ce0ffa f7058410300000000008 test dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff803`34fe2088)],8000000h

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!IopProcessWorkItem+76

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5318053f

BUCKET_ID_FUNC_OFFSET:  76

FAILURE_BUCKET_ID:  0xc4_9400b_VRF_nt!IopProcessWorkItem

BUCKET_ID:  0xc4_9400b_VRF_nt!IopProcessWorkItem

Followup: MachineOwner

lmvm nt

start             end                 module name
fffff803`34c8e000 fffff803`35417000   nt         (pdb symbols)          c:\symbols\ntkrnlmp.pdb\D67FECD43A49492C87EC845789255D641\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: c:\symbols\ntoskrnl.exe\5318053F789000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Thu Mar 06 06:18:55 2014 (5318053F)
    CheckSum:         00721D34
    ImageSize:        00789000
    File version:     6.3.9600.17041
    Product version:  6.3.9600.17041
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.3.9600.17041
    FileVersion:      6.3.9600.17041 (winblue_gdr.140305-1710)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

Do you have any ideas as how to proceed with this? And maybe what to do with Please upgrade your debugger (ext.dll)?

alex

Posted 2014-05-16T13:58:23.217

Reputation: 550

Are your display drivers been updated to a driver that specifically supports 8.1? BlueScreenViewer will provide better details to determine the cause. – Ramhound – 2014-05-16T14:56:24.537

can you share the dmp files? – magicandre1981 – 2014-05-16T18:10:33.063

No answers

Asked: 2014-05-16T13:58:23.217

Viewed: 722 times

Active: 2014-05-16T18:07:44.147