"BSOD" IN MYCOMPUTER!!! BECAUSE OF THE "aswTdi.sys" !!!

[xiaoyv2]

  I think , it's another time for company to fixed aswTdi.sys !!!

Version 4.6.739
December 3, 2005
added a workaround to a small bug in NetBios (might have even caused blue screens in aswTdi.sys)

Version 4.6.665
May 22, 2005
fixed a minor problem in aswTdi.sys (that could theoretically lead even to the "BSOD")

Version 4.5.549
December 2, 2004
fixed rare crashes in aswTdi.sys

Below, there's my minidump signal debug by windbg ! maybe it is usable for your fixing~


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini120608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.080814-1242
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Dec  6 14:27:12.921 2008 (GMT+8)
System Uptime: 0 days 3:02:54.623
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, aa2f9438, a8a747f4, 0}

*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
Probably caused by : aswTdi.SYS ( aswTdi+449 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605        test    byte ptr [eax+6],5

TRAP_FRAME:  a8a747f4 -- (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605        test    byte ptr [eax+6],5         ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Thunder5.exe

LAST_CONTROL_TRANSFER:  from aa2fc0c0 to aa2f9438

STACK_TEXT: 
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ??             

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  aswTdi+449

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME:  aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  492d8475

FAILURE_BUCKET_ID:  0x8E_aswTdi+449

BUCKET_ID:  0x8E_aswTdi+449

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605        test    byte ptr [eax+6],5

TRAP_FRAME:  a8a747f4 -- (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605        test    byte ptr [eax+6],5         ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Thunder5.exe

LAST_CONTROL_TRANSFER:  from aa2fc0c0 to aa2f9438

STACK_TEXT: 
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ??             

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  aswTdi+449

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME:  aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  492d8475

FAILURE_BUCKET_ID:  0x8E_aswTdi+449

BUCKET_ID:  0x8E_aswTdi+449

Followup: MachineOwner
---------

[TedNelly]

What version of Avast are you running?

[xiaoyv2]

What version of Avast are you running?

  

[xiaoyv2]

Xtreme Toolkit V1.9.4.0
build:Dec2008[4.8.1296]
ActiveSkin V4.2.7.3

VPS: V081215-0

[igor]

Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

[xiaoyv2]

Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .

[Lisandro]

:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .

Which ftp client are you using? Or just Windows Explorer?
Remember, you won't have reading access, just writing. You won't 'see' the files there.

[onlysomeone]

Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

:-\But how  can i connect the ftp service? I coppy the  ftp://ftp.avast.com/incoming ftp tool, but it cann't connect the service .

I'd say you copy the link and enter it in your windows explorer; then you copy the the minidump file into that folder/window...


EDIT: Tech was faster 

[xiaoyv2]

BSOD  AGAIN !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

我要疯掉了！！！！！111

[igor]

Well, the question remains - can you upload the minidump file?
What exactly happens when you connect to the FTP?

[xiaoyv2]

Well, the question remains - can you upload the minidump file?
What exactly happens when you connect to the FTP?

Sorry ，my computer can't connect the FTP Service ~  so, I am upload the ".dmp" file as an enclosure below ! And I rename the ".dmp" file as ".txt" file so as to fix the " Allowed file types: txt, jpg, gif, png, log" ~

[igor]

It's not a good idea to upload them as a text format - the file is binary and gets corrupted by the text transfer.
I tried to repair them somehow... and will send them to the appropriate developer.

[lukor]

Thanks Igor, I will look at the dumps. Just wanted to comment, that the fact, that aswtdi.sys driver in somewhere in the callstack means only that the problem occurred during network access -- since aswtdi.sys is in every network related stack.

In my WinDBG the stack looks like this:

STACK_TEXT: 
f6a3eb28 aa2fc0c0 01000000 00000010 860c002e tcpip!TcpipBufferVirtualAddress+0x8
f6a3eb48 aa2fd973 00029c98 860c6300 862d2ae0 tcpip!XsumSendChain+0x44
f6a3ebc8 aa2fd78b 861e32f0 862d2ae0 862190c0 tcpip!UDPSend+0x3ca
f6a3ebec aa2fd7f1 00a3ec10 86219008 860c6340 tcpip!TdiSendDatagram+0xd5
f6a3ec24 aa2fc149 862190c0 86219130 862190c0 tcpip!UDPSendDatagram+0x4f
f6a3ec40 804f0199 8680a858 862190c0 867acfb0 tcpip!TCPDispatchInternalDeviceControl+0xff
f6a3ec50 f7760449 86219178 00000000 867acf80 nt!IopfCallDriver+0x31
f6a3ecb4 f77607e2 867acf80 862190c0 86219154 aswTdi!TDISendDatagram+0x189
f6a3ed14 804f0199 867acec8 862190c0 8621919c aswTdi!TdiSomething+0x126
f6a3ed24 aa29a7a8 864d5120 861568f8 00000000 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f6a3ed38 aa29d0e1 86754548 862190c0 867acec8 nltdi+0x7a8
f6a3ed5c aa29e573 864d5120 00000000 f6a3eda4 nltdi+0x30e1
f6a3ed70 aa29e5e8 8619f770 f6a3eda4 00000102 nltdi+0x4573
f6a3ed90 aa29e64b f6a3eda4 00000000 8674c3c8 nltdi+0x45e8
f6a3edac 805cfc9e 00000006 00000000 00000000 nltdi+0x464b
f6a3eddc 80546ebe aa29e5f8 00000006 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

Can you please provide some information about the nltdi.sys driver?

[lukor]

Ahhh, now I know. The Netlimiter!

First thing: does the bug reproduce with Netlimiter uninstalled?

[xiaoyv2]

Ahhh, now I know. The Netlimiter!

First thing: does the bug reproduces with Netlimiter uninstalled?

Thank you very much for your idea to solve my problem ! you mean the problem maybe focus on the Netlimiter . ok, I'll try it . thanks again!