Author Topic: AVAST BSOD with windebug information  (Read 2584 times)

0 Members and 1 Guest are viewing this topic.

Offline lexiconefx

  • Newbie
  • *
  • Posts: 2
AVAST BSOD with windebug information
« on: June 08, 2012, 01:09:54 AM »
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 835bd487, The address that the exception occurred at
Arg3: 94073740, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
ataport!IdePortDispatchDeviceControl+b
835bd487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  94073740 -- (.trap 0xffffffff94073740)
ErrCode = 00000000
eax=85fa7800 ebx=00000000 ecx=00000000 edx=8523d008 esi=85fa7800 edi=9407381b
eip=835bd487 esp=940737b4 ebp=940737b4 iopl=0         nv up ei ng nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010283
ataport!IdePortDispatchDeviceControl+0xb:
835bd487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82cf601c to 82d1fe9c

STACK_TEXT: 
940732b4 82cf601c 0000008e c0000005 835bd487 nt!KeBugCheckEx+0x1e
940736d0 82c7fe66 940736ec 00000000 94073740 nt!KiDispatchException+0x1ac
94073738 82c7fe1a 940737b4 835bd487 badb0d00 nt!CommonDispatchException+0x4a
94073750 82c0fba9 8558d27c 8558d200 940737a8 nt!KiExceptionExit+0x192
940737b4 82c785be 85fa7800 8523d008 8526aac8 hal!KfLowerIrql+0x61
940737cc 833cc4c7 20786e53 b2a02a58 9407389c nt!IofCallDriver+0x63
94073800 8e43ed85 8526aac8 9407381b 94073880 fltmgr!FltIsVolumeSnapshot+0x81
WARNING: Stack unwind information not available. Following frames may be wrong.
94073810 8e439b5b 0026aac8 b2a02a7c 1a4c41f1 aswSnx+0x6d85
94073880 833c2bf5 9407389c 00000005 b2a02a7c aswSnx+0x1b5b
940738b4 833c3417 8554e5c0 00000005 173ca089 fltmgr!FltpDoInstanceSetupNotification+0x69
94073900 833c37d1 85fa4638 8526aac8 00000005 fltmgr!FltpInitInstance+0x25d
94073970 833c38d7 85fa4638 8526aac8 00000005 fltmgr!FltpCreateInstanceFromName+0x285
940739dc 833cccde 85fa4638 8526aac8 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
94073a2c 833c17f4 8526aac8 85121810 8556d1b0 fltmgr!FltpDoFilterNotificationForNewVolume+0xe0
94073a70 82c785be 86dc2030 8526aac8 8556d20c fltmgr!FltpCreate+0x206
94073a88 82e87427 b2fef708 94073c30 00000000 nt!IofCallDriver+0x63
94073b60 82e66c2e 85fa7800 a50916e0 852732f8 nt!IopParseDevice+0xed7
94073bdc 82e77040 00000000 94073c30 00000040 nt!ObpLookupObjectName+0x4fa
94073c38 82e6db1e 00bae4f0 850916e0 00000001 nt!ObOpenObjectByName+0x165
94073cb4 82e91396 00bae54c 80100080 00bae4f0 nt!IopCreateFile+0x673
94073d00 82c7f27a 00bae54c 80100080 00bae4f0 nt!NtCreateFile+0x34
94073d00 77947094 00bae54c 80100080 00bae4f0 nt!KiFastCallEntry+0x12a
00bae554 00000000 00000000 00000000 00000000 0x77947094


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSnx+6d85
8e43ed85 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  aswSnx+6d85

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSnx

IMAGE_NAME:  aswSnx.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4f56a5e5

FAILURE_BUCKET_ID:  0x8E_aswSnx+6d85

BUCKET_ID:  0x8E_aswSnx+6d85

Followup: MachineOwner
---------

I was getting STOP errors every time I started windows normally.  It was not crashing in safe mode.  I uninstalled avast and installed norton 360, it cleared up the problem.  Please let me know if there is a fix for this soon.  My license for Avast will expire in a couple months.

Avast was completely updated.


Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: AVAST BSOD with windebug information
« Reply #1 on: June 08, 2012, 11:25:58 AM »
Do you still have memory dump (\Windows\memory.dmp)? Thanks.

Offline lexiconefx

  • Newbie
  • *
  • Posts: 2
Re: AVAST BSOD with windebug information
« Reply #2 on: June 09, 2012, 10:08:01 PM »
It is a kernel dump and will need an FTP site. 

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69335
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: AVAST BSOD with windebug information
« Reply #3 on: June 09, 2012, 10:15:18 PM »
It is a kernel dump and will need an FTP site.

Here it is: ftp://ftp.avast.com/incoming/
Win 8.1 [x64] - Avast PremSec 21.2.2451.Beta#2 [UI.599] - EEK - Firefox ESR 78.8 [NS/uBO/PB] - TB 78.8
Avast-Tools: Secure Browser 88.2 - Cleanup P 21.1 - SecureLine 5.9 - Driver Updater 21.1 - CCleaner 5.77
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0