Windows 10: BSOD - How to locate driver in dump file?

MEMORY dmp

Minidump File


0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************DRIVER_VERIFIER_DETECTED_VIOLATION c4A device driver attempting to corrupt the system has been caught. This isbecause the driver was specified in the registry as being suspect by theadministrator and the kernel has enabled substantial checking of this driver.If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA willbe among the most commonly seen crashes.Arguments:Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. Expected: NonPagedPoolNxArg2: fffff804dee61d93, The address in the driver's code where the error was detected.Arg3: 0000000000000000, Pool Type.Arg4: 0000000000726274, Pool Tag if provided.Debugging Details:------------------KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2015 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on ASI-2018-01 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 2627 Key : Analysis.Memory.CommitPeak.Mb Value: 78 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1ADDITIONAL_XML: 1OS_BUILD_LAYERS: 1BUGCHECK_CODE: c4BUGCHECK_P1: 2000BUGCHECK_P2: fffff804dee61d93BUGCHECK_P3: 0BUGCHECK_P4: 726274BLACKBOXNTFS: 1 !blackboxntfsPROCESS_NAME: SystemSTACK_TEXT: fffffe01`616075a8 fffff800`2c5dee34 : 00000000`000000c4 00000000`00002000 fffff804`dee61d93 00000000`00000000 : nt!KeBugCheckExfffffe01`616075b0 fffff800`2c1acda5 : fffff800`2c823c20 00000000`00002000 fffff804`dee61d93 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0xe0fffffe01`616075f0 fffff800`2c5d5df4 : 00000000`00726274 fffff800`2c823c20 fffff804`dee61d93 00000000`00000000 : nt!VfReportIssueWithOptions+0x101fffffe01`61607640 fffff800`2c5e2ff2 : 00000000`00000000 fffffe01`61607940 00000000`00000018 00000000`00000000 : nt!VfCheckPoolType+0x90fffffe01`61607680 fffff804`dee61d93 : 00000000`00000000 ffffca09`265f8d90 00000000`00000000 00000000`00000000 : nt!VerifierExAllocatePoolWithTag+0x62fffffe01`616076d0 fffff804`dee61cf4 : 00000000`00000000 fffffe01`61607940 ffffca09`265f8d90 ffffca09`2658c880 : ene+0x1d93fffffe01`61607700 fffff804`dee614c7 : 00000000`00000000 ffffca09`265f8d90 00000000`00000000 00000000`00000000 : ene+0x1cf4fffffe01`61607730 fffff804`dee66020 : ffffca09`1dff5000 fffff800`2bf7302a ffffca09`2658c630 fffff800`2be60e50 : ene+0x14c7fffffe01`616077b0 fffff800`2c36bcf4 : ffffca09`1dff5000 00000000`00000000 00000000`00000002 fffffe01`61607808 : ene+0x6020fffffe01`616077e0 fffff800`2c336c2d : 00000000`00000014 00000000`00000000 00000000`00000000 00000000`00001000 : nt!PnpCallDriverEntry+0x4cfffffe01`61607840 fffff800`2c66789f : ffffca09`1d0f2248 ffffca09`1d0f2248 fffffe01`61607a80 00000000`00000000 : nt!IopLoadDriver+0x4e5fffffe01`61607a10 fffff800`2c6703fa : ffffffff`00000000 ffffb006`9bc2efd0 00000000`00000000 fffff800`2a2e0750 : nt!IopInitializeSystemDrivers+0x157fffffe01`61607ab0 fffff800`2c3abe2b : fffff800`2a2e0750 fffff800`2c857f68 fffff800`2c3abdf0 fffff800`2a2e0750 : nt!IoInitSystem+0x2efffffe01`61607ae0 fffff800`2bf28e25 : ffffca09`182a9040 fffff800`2c3abdf0 fffff800`2a2e0750 00000000`00000000 : nt!Phase1Initialization+0x3bfffffe01`61607b10 fffff800`2c00ddd8 : fffff800`2a64a180 ffffca09`182a9040 fffff800`2bf28dd0 00000000`00000000 : nt!PspSystemThreadStartup+0x55fffffe01`61607b60 00000000`00000000 : fffffe01`61608000 fffffe01`61601000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28SYMBOL_NAME: ene+1d93MODULE_NAME: eneIMAGE_NAME: ene.sysSTACK_COMMAND: .thread ; .cxr ; kbBUCKET_ID_FUNC_OFFSET: 1d93FAILURE_BUCKET_ID: 0xc4_2000_VRF_ene!unknown_functionOS_VERSION: 10.0.19041.1BUILDLAB_STR: vb_releaseOSPLATFORM_TYPE: x64OSNAME: Windows 10FAILURE_ID_HASH: {8c7175c3-41d7-9412-c64e-e43d9572bd5c}Followup: MachineOwner

:)

 

Driver verifier dump file BSOD

The Memory dump you uploaded was had a bugcheck of 50, not C4(Driver verifier Detected Violation). Nothing constructive was found in the dump, though.

Step 1:

Configure your PC to generate MiniDumps:

Configure Windows 10 to Create Minidump on BSOD

Step 2:

Do a memory Test:

http://answers.microsoft.com/en-us/...mpletely/21c3f63f-f570-4522-b2ef-ecc7b7ff6461

 

Driver verifier not creating dump file

I'm getting frequent BSOD. I started the driver verifier as suggested.

At first, windows stuck at the boot loop, It didn't even show any BSOD. It just kept booting and turning off again and again. It didn't go past motherboard logo.

After some changes in the verifier, It was able to show windows logo but crashed before fully booting to "Driver verifier detected violation"

And it didn't even create any dump file. (All dump file setting are correct one ) As it is known that a driver is causing BSOD. How to know which one?

 

BAD_POOL_HEADER BSOD, Dump File attached


Hi Groggubus,

Welcome to the 10forums

Please remove / disable items from the startup in taskmanager
These programs could interfere with the boot process giving you trouble and increase the boot time.

Daemon tools, Alcohol 120% and Power Archiver Pro uses SCSI Pass Through Direct (SPTD), which is a well known cause for BSOD's.
Please remove Daemon Tools and run the SPTD pass through remover.

1. Uninstall Daemon Tools
2. Download the SPTD standalone installer and follow these steps:
   • Double click the executable to open it
   • Click on the button shown below

If the button is grayed out, like in the image, there is no more SPTD installation on your system, and you can close the window

Please follow this suggestion for the BSOD

1. Please open BitDefender and go to the modules,
2. Go to the firewall settings,
3. Uncheck 'Block port scans in the network',
4. Reboot your system <-- IMPORTANT