Windows 10: BSOD , Message analyzer driver

machine is crashing with following stack .

Any thoughts what is causing this.


PAGE_FAULT_IN_NONPAGED_AREA 50

Invalid system memory was referenced. This cannot be protected by try-except.

Typically the address is just plain bad or it is pointing at freed memory.

Arguments:

Arg1: ffffe0002d21b700, memory referenced.

Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.

Arg3: fffff800d373536f, If non-zero, the instruction address which referenced the bad memory

address.

Arg4: 0000000000000000, reserved



Debugging Details:

------------------





KEY_VALUES_STRING: 1



Key : Analysis.CPU.Sec

Value: 3



Key : Analysis.DebugAnalysisProvider.CPP

Value: Create: 8007007e on IN-5CG0355GRV



Key : Analysis.DebugData

Value: CreateObject



Key : Analysis.DebugModel

Value: CreateObject



Key : Analysis.Elapsed.Sec

Value: 5



Key : Analysis.Memory.CommitPeak.Mb

Value: 65



Key : Analysis.System

Value: CreateObject





BUGCHECK_CODE: 50



BUGCHECK_P1: ffffe0002d21b700



BUGCHECK_P2: 1



BUGCHECK_P3: fffff800d373536f



BUGCHECK_P4: 0



WRITE_ADDRESS: ffffe0002d21b700 Nonpaged pool



MM_INTERNAL_CODE: 0



PROCESS_NAME: System



TRAP_FRAME: ffffd00197751620 -- .trap 0xffffd00197751620

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720

rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030

r8=0000000000000016 r9=0000000000000002 r10=0000000000000000

r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei ng nz na pe nc

pefndis+0x136f:

fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????

Resetting default scope



STACK_TEXT:

ffffd001`97751488 fffff801`9ec678f0 : 00000000`00000050 ffffe000`2d21b700 00000000`00000001 ffffd001`97751620 : nt!KeBugCheckEx

ffffd001`97751490 fffff801`9eacbfb9 : 00000000`00000001 ffffe000`2d21b700 ffffd001`97751620 ffffe000`2d21b700 : nt!MiSystemFault+0x1048

ffffd001`97751520 fffff801`9ebceb9d : 00000000`c0000001 ffffe000`2d20c700 00000000`c0000000 fffff800`d249b57d : nt!MmAccessFault+0x219

ffffd001`97751620 fffff800`d373536f : fffff800`d3738845 ffffe000`2d20c780 00000000`00000000 00000000`c0000001 : nt!KiPageFault+0x31d

ffffd001`977517b8 fffff800`d3738845 : ffffe000`2d20c780 00000000`00000000 00000000`c0000001 00000000`00000088 : pefndis+0x136f

ffffd001`977517c0 fffff800`d37410f2 : ffffe000`2d20c780 ffffd001`97751950 ffffe000`2c897f90 ffffe000`2c897f90 : pefndis+0x4845

ffffd001`97751820 fffff801`9ef20edc : ffffe000`2d20c780 ffffe000`2d06f000 ffffffff`800000c0 ffffffff`00000000 : pefndis+0xd0f2

ffffd001`97751850 fffff801`9f17b08c : ffffe000`2d079f48 ffffe000`2d079f48 ffffd001`97751b70 ffffe000`00000004 : nt!IopLoadDriver+0x558

ffffd001`97751b10 fffff801`9f174932 : fffff801`00000000 ffffc000`cb18e850 00000000`00000000 fffff801`9d3f3550 : nt!IopInitializeSystemDrivers+0x138

ffffd001`97751ba0 fffff801`9ef58d0a : 00000000`00000000 fffff801`9d3f3550 ffffe000`2c898900 ffffc000`ca2052f0 : nt!IoInitSystem+0x16

ffffd001`97751bd0 fffff801`9eb4493e : 00000000`00000001 00000000`00000080 ffffe000`2c898900 fffff801`9ebc46b3 : nt!Phase1Initialization+0x2a

ffffd001`97751c00 fffff801`9ebc8f66 : fffff801`9ed62180 ffffe000`2c820040 fffff801`9edc9a00 fffff801`9d3f3550 : nt!PspSystemThreadStartup+0x18a

ffffd001`97751c60 00000000`00000000 : ffffd001`97752000 ffffd001`9774c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16





SYMBOL_NAME: pefndis+136f



MODULE_NAME: pefndis



IMAGE_NAME: pefndis.sys



IMAGE_VERSION: 0.3.1.0



STACK_COMMAND: .thread ; .cxr ; kb



BUCKET_ID_FUNC_OFFSET: 136f



FAILURE_BUCKET_ID: AV_pefndis!unknown_function



OS_VERSION: 8.1.9600.19880



BUILDLAB_STR: winblue_ltsb



OSPLATFORM_TYPE: x64



OSNAME: Windows 8.1



FAILURE_ID_HASH: {786a9847-50c8-a977-e031-2ec66b6644b2}



Followup: MachineOwner

-----------------------------------------------------------------------


--lmvm pefndis

Browse full module list

start end module name

fffff800`d3734000 fffff800`d3747000 pefndis no symbols

Loaded symbol image file: pefndis.sys

Image path: \SystemRoot\system32\DRIVERS\pefndis.sys

Image name: pefndis.sys

Browse all global symbols functions data

Timestamp: Fri Oct 21 23:07:02 2016 580A523E

CheckSum: 0001C8E1

ImageSize: 00013000

File version: 0.3.1.0

Product version: 0.3.1.0

File flags: 0 Mask 3F

File OS: 4 Unknown Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

Information from resource tables:

CompanyName: Microsoft Corporation

ProductName: Microsoft Message Analyzer NDIS Driver

InternalName: pefndis

OriginalFilename: pefndis.sys

ProductVersion: 0.03.01.00

FileVersion: 0.03.01.00

FileDescription: Message Analyzer -- NDIS 6.0 Monitoring Filter Driver

LegalCopyright: Copyright © 2012-2015 Microsoft Corporation. All rights reserved.




-------------------------------------------------------------------------------------------------------


Start memory scan : 0xffffd00197751488 $csp

End memory scan : 0xffffd00197752000 Kernel Stack Base



0xffffd00197751518 : 0xfffff8019eacbfb9 : nt!MmAccessFault+0x219

0xffffd00197751610 : 0xffffd001977516a0 : !du ""try: Reg""

0xffffd00197751618 : 0xfffff8019ebceb9d : nt!KiPageFault+0x31d

0xffffd00197751620 : 0x00000000c0000001 : Trap @ ffffd00197751620

0xffffd00197751638 : 0xfffff800d249b57d : NDIS!NdisFRegisterFilterDriver+0x3e1

0xffffd00197751690 : 0x0076006900720044 : !du ""DriverEntry: Reg""

0xffffd00197751698 : 0x006e004500720065 : !du ""erEntry: Reg""

0xffffd001977516a0 : 0x003a007900720074 : !du ""try: Reg""

0xffffd00197751708 : 0xfffff8019ed59c88 : nt!NonPagedPoolDescriptor+0x8

0xffffd00197751718 : 0xfffff8019ed59e80 : nt!NonPagedPoolDescriptor+0x200

0xffffd00197751728 : 0xfffff800d373d500 : !du "{BD583A2D-7410-4BD1-B9C0-ECA0E65E6980}"

0xffffd00197751738 : 0xfffff800d373d4f0 : !du "pefndis"

0xffffd001977517e8 : 0xfffff800d373d3a0 : !du ""DriverEntry: Register filter driver failed.""

0xffffd001977517f8 : 0xfffff800d373d550 : !du ""PEF NDISCAP Lightweight Filter Driver""

0xffffd00197751848 : 0xfffff8019ef20edc : nt!IopLoadDriver+0x558

0xffffd00197751898 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13

0xffffd001977518a8 : 0xffffc000cb30e8c0 : !du "\SystemRoot\system32\DRIVERS\pefndis.sys"

0xffffd001977518c0 : 0xffffc000cb2f73a0 : !du "pefndis"

0xffffd001977518e8 : 0xffffe0002d2080d0 : !du "\Driver\pefndis"

0xffffd00197751900 : 0xffffe0002d218af0 : 0xfffff8019ed465d0 : nt!PsLoadedModuleList

0xffffd00197751908 : 0xfffff8019ebd13e3 : nt!KiSystemServiceCopyEnd+0x13

0xffffd00197751918 : 0xfffff800d3734000 : pefndis

0xffffd00197751958 : 0xfffff8019ee622bb : nt!ObOpenObjectByName+0x40b

0xffffd001977519b8 : 0xfffff8019ed0e874 : nt!ExFreePoolWithTag+0x874

0xffffd001977519d8 : 0xfffff8019ed0f48e : nt!ExAllocatePoolWithTag+0x89e

0xffffd00197751a08 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"

0xffffd00197751a38 : 0xffffc000cb20b670 : !du "em32\DRIVERS\pefndis.sys"

0xffffd00197751a58 : 0xfffff8019ee32647 : nt!IopGetRegistryValue+0xdf

0xffffd00197751aa0 : 0xfffff8019f19a5d0 : !du "DependOnGroup"

0xffffd00197751ab8 : 0xfffff8019f17c4be : nt!PipCheckDependencies+0x26

0xffffd00197751ae8 : 0xfffff8019ef58ce0 : nt!Phase1Initialization

0xffffd00197751b08 : 0xfffff8019f17b08c : nt!IopInitializeSystemDrivers+0x138

0xffffd00197751b98 : 0xfffff8019f174932 : nt!IoInitSystem+0x16

0xffffd00197751bc8 : 0xfffff8019ef58d0a : nt!Phase1Initialization+0x2a

0xffffd00197751be8 : 0xffffc000ca2052f0 : !da "*SYSTEM*"

0xffffd00197751bf0 : 0xffffc000ca2052f0 : !da "*SYSTEM*"

0xffffd00197751bf8 : 0xfffff8019eb4493e : nt!PspSystemThreadStartup+0x18a

0xffffd00197751c18 : 0xfffff8019ebc46b3 : nt!SwapContext_PatchStMxCsr+0x54

0xffffd00197751c50 : 0xfffff8019ede3010 : nt!KiSystemStartup

0xffffd00197751c58 : 0xfffff8019ebc8f66 : nt!KiStartSystemThread+0x16

0xffffd00197751c60 : 0xfffff8019ed62180 : nt!KiInitialPCR+0x180

0xffffd00197751c70 : 0xfffff8019edc9a00 : nt!KiInitialThread

-----------------------------------------------------------------------------------------------

0: kd> .trap ffffd00197751620;knL

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffe0002d21ae00 rbx=0000000000000000 rcx=ffffe0002d21b720

rdx=00001800a6521ca0 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800d373536f rsp=ffffd001977517b8 rbp=0000000000000030

r8=0000000000000016 r9=0000000000000002 r10=0000000000000000

r11=ffffe0002d21b700 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei ng nz na pe nc

pefndis+0x136f:

fffff800`d373536f 660f7f41e0 movdqa xmmword ptr [rcx-20h],xmm0 ds:ffffe000`2d21b700=????????????????????????????????

*** Stack trace for last set context - .thread/.cxr resets it

# Child-SP RetAddr Call Site

00 ffffd001`977517b8 fffff800`d3738845 pefndis+0x136f

01 ffffd001`977517c0 fffff800`d37410f2 pefndis+0x4845

02 ffffd001`97751820 fffff801`9ef20edc pefndis+0xd0f2

03 ffffd001`97751850 fffff801`9f17b08c nt!IopLoadDriver+0x558

04 ffffd001`97751b10 fffff801`9f174932 nt!IopInitializeSystemDrivers+0x138

05 ffffd001`97751ba0 fffff801`9ef58d0a nt!IoInitSystem+0x16

06 ffffd001`97751bd0 fffff801`9eb4493e nt!Phase1Initialization+0x2a

07 ffffd001`97751c00 fffff801`9ebc8f66 nt!PspSystemThreadStartup+0x18a

08 ffffd001`97751c60 00000000`00000000 nt!KiStartSystemThread+0x16



Thank you

Manju

:)

 

BSOD hidclass with driver verifier

Hi Doc_Samson,



Thank you for writing to Microsoft Community Forums.



I understand that you receive Blue Screen error with hidclass.sys. In order to get to the root cause of the issue, we will need the Dump files, so that we can analyze them and assist you accordingly. I have sent a private message to you, please share
the Dump files over the private message.



To access Private Message click on your Profile on the top right corner, then click on the ellipses, and select
View Private Messages.



However, the hidclass.sys is a driver file for Human Interface Devices, which are basically, keyboard/mouse or gaming controllers. I would suggest you to disconnect all the external devices and see if that helps.



I would suggest you to refer the steps mentioned below and see if that helps:



Method 1: Update drivers



I suggest you to update the drivers on the computer, to make sure that all the drivers are up to date including Keyboard, Mouse, USB and HID Drivers. In addition, you may also update the chipset drivers from the computer manufacturer’s websites. Kindly
refer the article
Update drivers in Windows 10.



Method 2: Check hard disk for errors



I would suggest you to run chkdsk utility to check any errors in the hard drive. Refer the steps mentioned below:

1. Type command prompt in the search bar on the
   Taskbar.
   
2. Right click on the command prompt icon and select
   Run as administrator.
   
3. Now, paste the following command and hit Enter: chkdsk/f C:
   
4. Select Yes and restart the computer.
   

Note: While performing chkdsk on the hard drive if any bad sectors are found on the hard drive when chkdsk tries to repair that sector if any data available on that might be lost



Method 3: Windows Memory Diagnostic



You can also run Memory Diagnostic on the computer to check for any memory corruption errors. Follow the steps mentioned below:

1. Press Windows key + R, to open
   Run dialog box.
   
2. Type mdsched and click on
   OK.
   
3. Click on Restart now and check for problems.
   

You may want to refer the troubleshooting steps mentioned in the article

Troubleshoot blue screen errors.



You can also refer the suggestions provided by auggy replied on May 15, 2018 in the thread

BSOD Hidclass.sys.



Let us know how it goes.



Regards,

Nikhar Khare

Microsoft Community - Moderator

 

BSOD- atikmpag.sys

This is most likely due to an installation/upgrade error with ATI driver's. I suggest doing DriveSweeper and the following:

• Drivesweeper all drivers & in Safe Mode
• Unistall all drivers that aren't used in DriveSweeper (CCC Profiler Updates, MSI AfterBurner, anything related to ATI that use's it's drivers.)
• After you do this, the first thing you need to do is go into Device Manager and Unistall your ATI Drivers

Once your done, restart the PC and then try installing the latest drivers.


I had several issues with this in the past, but I overcame it with logical reasoning and whenever I have a driver issue, I just use these steps and I always overcome the problem.

Best of luck! *Toast :toast:

 

PC reboots regularly with no warning - no BSOD


Still the question remains why driver verifier was used, a dump or a few dumps contain in most cases enough for a different step than driver verifier.

If you indeed had multiple BSOD crashes, I would want you to upload a zip from the DM Log Collector so the dumps can be analyzed, a single dump is than inappropriate to suggest something properly.