Author Topic: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!  (Read 11021 times)

0 Members and 1 Guest are viewing this topic.

xiaoyv2

  • Guest
"BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« on: December 06, 2008, 08:15:37 AM »
 :( I think , it's another time for company to fixed aswTdi.sys !!!

Version 4.6.739
December 3, 2005
added a workaround to a small bug in NetBios (might have even caused blue screens in aswTdi.sys)

Version 4.6.665
May 22, 2005
fixed a minor problem in aswTdi.sys (that could theoretically lead even to the "BSOD")

Version 4.5.549
December 2, 2004
fixed rare crashes in aswTdi.sys

Below, there's my minidump signal debug by windbg ! maybe it is usable for your fixing~


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini120608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.080814-1242
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Dec  6 14:27:12.921 2008 (GMT+8)
System Uptime: 0 days 3:02:54.623
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, aa2f9438, a8a747f4, 0}

*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
Probably caused by : aswTdi.SYS ( aswTdi+449 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605        test    byte ptr [eax+6],5

TRAP_FRAME:  a8a747f4 -- (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605        test    byte ptr [eax+6],5         ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Thunder5.exe

LAST_CONTROL_TRANSFER:  from aa2fc0c0 to aa2f9438

STACK_TEXT: 
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ??              ???

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  aswTdi+449

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME:  aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  492d8475

FAILURE_BUCKET_ID:  0x8E_aswTdi+449

BUCKET_ID:  0x8E_aswTdi+449

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605        test    byte ptr [eax+6],5

TRAP_FRAME:  a8a747f4 -- (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605        test    byte ptr [eax+6],5         ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Thunder5.exe

LAST_CONTROL_TRANSFER:  from aa2fc0c0 to aa2f9438

STACK_TEXT: 
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ??              ???

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  aswTdi+449

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME:  aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  492d8475

FAILURE_BUCKET_ID:  0x8E_aswTdi+449

BUCKET_ID:  0x8E_aswTdi+449

Followup: MachineOwner
---------




Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #1 on: December 06, 2008, 08:37:43 AM »
What version of Avast are you running?
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #2 on: December 06, 2008, 10:05:15 AM »
What version of Avast are you running?

 :) 

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #3 on: December 06, 2008, 10:08:27 AM »
Xtreme Toolkit V1.9.4.0
build:Dec2008[4.8.1296]
ActiveSkin V4.2.7.3

VPS: V081215-0


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11860
    • AVAST Software
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #4 on: December 06, 2008, 11:55:12 AM »
Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #5 on: December 06, 2008, 03:43:08 PM »
Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #6 on: December 06, 2008, 03:46:26 PM »
:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .
Which ftp client are you using? Or just Windows Explorer?
Remember, you won't have reading access, just writing. You won't 'see' the files there.
The best things in life are free.

onlysomeone

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #7 on: December 06, 2008, 03:48:32 PM »
Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .


I'd say you copy the link and enter it in your windows explorer; then you copy the the minidump file into that folder/window...


EDIT: Tech was faster  :)

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #8 on: December 06, 2008, 05:33:20 PM »
BSOD  AGAIN !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

我要疯掉了!!!!!111

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11860
    • AVAST Software
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #9 on: December 06, 2008, 08:29:56 PM »
Well, the question remains - can you upload the minidump file?
What exactly happens when you connect to the FTP?

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #10 on: December 07, 2008, 06:23:56 AM »
Well, the question remains - can you upload the minidump file?
What exactly happens when you connect to the FTP?


Sorry ,my computer can't connect the FTP Service ~  so, I am upload the ".dmp" file as an enclosure below ! And I rename the ".dmp" file as ".txt" file so as to fix the " Allowed file types: txt, jpg, gif, png, log" ~
« Last Edit: December 07, 2008, 06:26:20 AM by xiaoyv2 »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11860
    • AVAST Software
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #11 on: December 07, 2008, 10:13:49 AM »
It's not a good idea to upload them as a text format - the file is binary and gets corrupted by the text transfer.
I tried to repair them somehow... and will send them to the appropriate developer.

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #12 on: December 07, 2008, 10:36:11 AM »
Thanks Igor, I will look at the dumps. Just wanted to comment, that the fact, that aswtdi.sys driver in somewhere in the callstack means only that the problem occurred during network access -- since aswtdi.sys is in every network related stack.

In my WinDBG the stack looks like this:

STACK_TEXT: 
f6a3eb28 aa2fc0c0 01000000 00000010 860c002e tcpip!TcpipBufferVirtualAddress+0x8
f6a3eb48 aa2fd973 00029c98 860c6300 862d2ae0 tcpip!XsumSendChain+0x44
f6a3ebc8 aa2fd78b 861e32f0 862d2ae0 862190c0 tcpip!UDPSend+0x3ca
f6a3ebec aa2fd7f1 00a3ec10 86219008 860c6340 tcpip!TdiSendDatagram+0xd5
f6a3ec24 aa2fc149 862190c0 86219130 862190c0 tcpip!UDPSendDatagram+0x4f
f6a3ec40 804f0199 8680a858 862190c0 867acfb0 tcpip!TCPDispatchInternalDeviceControl+0xff
f6a3ec50 f7760449 86219178 00000000 867acf80 nt!IopfCallDriver+0x31
f6a3ecb4 f77607e2 867acf80 862190c0 86219154 aswTdi!TDISendDatagram+0x189
f6a3ed14 804f0199 867acec8 862190c0 8621919c aswTdi!TdiSomething+0x126
f6a3ed24 aa29a7a8 864d5120 861568f8 00000000 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f6a3ed38 aa29d0e1 86754548 862190c0 867acec8 nltdi+0x7a8
f6a3ed5c aa29e573 864d5120 00000000 f6a3eda4 nltdi+0x30e1
f6a3ed70 aa29e5e8 8619f770 f6a3eda4 00000102 nltdi+0x4573
f6a3ed90 aa29e64b f6a3eda4 00000000 8674c3c8 nltdi+0x45e8
f6a3edac 805cfc9e 00000006 00000000 00000000 nltdi+0x464b
f6a3eddc 80546ebe aa29e5f8 00000006 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

Can you please provide some information about the nltdi.sys driver?
« Last Edit: December 07, 2008, 10:41:02 AM by lukor »

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #13 on: December 07, 2008, 10:43:30 AM »
Ahhh, now I know. The Netlimiter!

First thing: does the bug reproduce with Netlimiter uninstalled?
« Last Edit: December 07, 2008, 07:02:58 PM by lukor »

xiaoyv2

  • Guest
Re: "BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!
« Reply #14 on: December 07, 2008, 04:12:59 PM »
Ahhh, now I know. The Netlimiter!

First thing: does the bug reproduces with Netlimiter uninstalled?

Thank you very much for your idea to solve my problem ! you mean the problem maybe focus on the Netlimiter . ok, I'll try it . thanks again!