Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Monthly Seminars at OSR Headquarters

East Coast USA
Windows Internals and SW Drivers, Dulles (Sterling) VA, 13 November 2017

Kernel Debugging & Crash Analysis for Windows, Nashua (Amherst) NH, 4 December 2017

Writing WDF Drivers I: Core Concepts, Nashua (Amherst) NH, 8 January 2018

WDF Drivers II: Advanced Implementation Techniques, Nashua (Amherst) NH, 15 January 2018

Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 2  
01 Dec 17 20:11
weilin jiang
Join Date: 30 Nov 2017
Posts To This List: 1
BSOD on ndis.sys

See below for information , How can I find what module causes ndis.sys to BSOD ? Need your help , thanks ! SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff800052c5cb6, The address that the exception occurred at Arg3: fffff880057f9858, Exception Record Address Arg4: fffff880057f90c0, Context Record Address Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 7601.23915.amd64fre.win7sp1_ldr.170913-0600 SYSTEM_MANUFACTURER: Main Board SYSTEM_PRODUCT_NAME: MT21B-ZWZN SYSTEM_SKU: To be filled by O.E.M SYSTEM_VERSION: To be filled by O.E.M BIOS_VENDOR: Main Board BIOS_VERSION: NK21B005 BIOS_DATE: 11/14/2017 BASEBOARD_MANUFACTURER: MainBoard BASEBOARD_VERSION: To be filled by O.E.M DUMP_TYPE: 2 BUGCHECK_P1: ffffffffc0000005 BUGCHECK_P2: fffff800052c5cb6 BUGCHECK_P3: fffff880057f9858 BUGCHECK_P4: fffff880057f90c0 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> FAULTING_IP: nt!KeSetEvent+16 fffff800`052c5cb6 f6037f test byte ptr [rbx],7Fh EXCEPTION_RECORD: fffff880057f9858 -- (.exr 0xfffff880057f9858) ExceptionAddress: fffff800052c5cb6 (nt!KeSetEvent+0x0000000000000016) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 000000000013ee21 Attempt to read from address 000000000013ee21 CONTEXT: fffff880057f90c0 -- (.cxr 0xfffff880057f90c0) rax=fffffa8005449000 rbx=000000000013ee21 rcx=0000000000000001 rdx=0000000000000000 rsi=fffff88001ab1110 rdi=0000000000000000 rip=fffff800052c5cb6 rsp=fffff880057f9a90 rbp=0000000000000080 r8=0000000000000000 r9=0000000000000000 r10=fffff80005251000 r11=0000000000000000 r12=0000000000000000 r13=fffff88001a5e500 r14=0000000000000000 r15=fffff88001ab1110 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 nt!KeSetEvent+0x16: fffff800`052c5cb6 f6037f test byte ptr [rbx],7Fh ds:002b:00000000`0013ee21=?? Resetting default scope CPU_COUNT: 4 CPU_MHZ: a98 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: B2'00000000 (cache) B2'00000000 (init) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 000000000013ee21 FOLLOWUP_IP: ndis!ndisDeleteMiniportOnLastDeref+295 fffff880`01a90bf5 488b5c2440 mov rbx,qword ptr [rsp+40h] BUGCHECK_STR: 0x7E READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800054fd100 Unable to get MmSystemRangeStart GetUlongPtrFromAddress: unable to read from fffff800054fd2e8 GetUlongPtrFromAddress: unable to read from fffff800054fd498 GetPointerFromAddress: unable to read from fffff800054fd0b8 000000000013ee21 ANALYSIS_SESSION_HOST: DESKTOP-VA5NCH5 ANALYSIS_SESSION_TIME: 12-02-2017 08:53:23.0097 ANALYSIS_VERSION: 10.0.15063.468 amd64fre LAST_CONTROL_TRANSFER: from fffff88001a90bf5 to fffff800052c5cb6 STACK_TEXT: fffff880`057f9a90 fffff880`01a90bf5 : fffffa80`0ae9f1a0 00000000`00000000 fffff880`01ab1100 00000000`00000000 : nt!KeSetEvent+0x16 fffff880`057f9b00 fffff880`01adafd4 : 00000000`00000001 00000000`00000000 fffff880`01a5e500 fffffa80`0ae9f1a0 : ndis!ndisDeleteMiniportOnLastDeref+0x295 fffff880`057f9b40 fffff880`01af13eb : fffffa80`13808010 fffff880`01ab1101 fffff880`6f6d444e fffffa80`13808010 : ndis! ?? ::DKGKHJNI::`string'+0x1507 fffff880`057f9b80 fffff880`01a5e5fa : 00000000`00000000 00000000`00000080 fffff880`01ab1110 fffffa80`13808168 : ndis!ndisMQueuedFinishClose+0x18b fffff880`057f9bd0 fffff800`0555c622 : fffffa80`05449040 fffffa80`045b4720 fffff880`057f9c70 fffffa80`05449040 : ndis!ndisWorkerThread+0xba fffff880`057f9c00 fffff800`052b3da6 : fffff880`04b71180 fffffa80`05449040 fffff880`04b7bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`057f9c40 00000000`00000000 : fffff880`057fa000 fffff880`057f4000 fffff880`057f9750 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD_SHA1_HASH_MOD_FUNC: 735cec12d5ecae2f0ecf750d80933891c18f2ad7 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 167d696663523452bec0d1a9aac47aa57cba08a0 THREAD_SHA1_HASH_MOD: 60dc341394ccbb3fc971bf4eee9e62e0cf5c4456 FAULT_INSTR_CODE: 245c8b48 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: ndis!ndisDeleteMiniportOnLastDeref+295 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ndis IMAGE_NAME: ndis.sys DEBUG_FLR_IMAGE_TIMESTAMP: 561c7ad7 IMAGE_VERSION: 6.1.7601.19030 STACK_COMMAND: .cxr 0xfffff880057f90c0 ; kb FAILURE_BUCKET_ID: X64_0x7E_ndis!ndisDeleteMiniportOnLastDeref+295 BUCKET_ID: X64_0x7E_ndis!ndisDeleteMiniportOnLastDeref+295 PRIMARY_PROBLEM_CLASS: X64_0x7E_ndis!ndisDeleteMiniportOnLastDeref+295 TARGET_TIME: 2017-11-15T11:43:41.000Z OSBUILD: 7601 OSSERVICEPACK: 1000 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 7 OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2017-09-13 22:55:13 BUILDDATESTAMP_STR: 170913-0600 BUILDLAB_STR: win7sp1_ldr BUILDOSVER_STR: 6.1.7601.23915.amd64fre.win7sp1_ldr.170913-0600 ANALYSIS_SESSION_ELAPSED_TIME: 2fc ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x7e_ndis!ndisdeleteminiportonlastderef+295 FAILURE_ID_HASH: {295460f1-1c88-957f-fa3a-99c397d09403}
  Message 2 of 2  
08 Dec 17 15:22
Scott Noone
Join Date:
Posts To This List: 1341
List Moderator
BSOD on ndis.sys

Quickest thing to do is try "!stacks 2 ndis!" and see if there are any other pending calls into an NDIS miniport. Or reboot the system and run !ndiskd.netreport to check to see which miniports are normally loaded. -scott OSR @OSRDrivers
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 21:40.

Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license