BSOD

[The_Poena]

Greetings, I have received a BSOD recently. I ran the crash dump through the kernel debug tools for windows and here is what I got.


Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*
Executable search path is: srv*
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`0300b000 PsLoadedModuleList = 0xfffff800`0324f670
Debug session time: Thu Jul 25 04:57:10.157 2013 (UTC - 5:00)
System Uptime: 0 days 4:35:05.001
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff8000336eb51, 0, ffffffffffffffff}

Probably caused by : ntkrnlmp.exe ( nt!ObLogSecurityDescriptor+c2 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000336eb51, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------


READ_ADDRESS: 0000000000000000

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!ObLogSecurityDescriptor+c2
fffff800`0336eb51 8b4614 mov eax,dword ptr [rsi+14h]

BUGCHECK_STR: 0x1E_c0000005_R

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800030cb7e8 to fffff80003080c40

STACK_TEXT:
fffff880`09512c88 fffff800`030cb7e8 : 00000000`0000001e ffffffff`c0000005 fffff800`0336eb51 00000000`00000000 : nt!KeBugCheckEx
fffff880`09512c90 fffff800`030802c2 : fffff880`09513468 00000000`00000000 fffff880`09513510 00019a2f`00000000 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`09513330 fffff800`0307ebca : fffff8a0`0b52af24 fffff8a0`0b52af30 fffffa80`06676c8c 00000000`00000001 : nt!KiExceptionDispatch+0xc2
fffff880`09513510 fffff800`0336eb51 : 00000001`00800002 00000003`00140011 10000000`00000101 00000000`00004000 : nt!KiGeneralProtectionFault+0x10a
fffff880`095136a0 fffff800`0336e2e7 : 00000000`00000104 fffff880`09513740 ffffdcea`00000010 00000000`00000104 : nt!ObLogSecurityDescriptor+0xc2
fffff880`09513710 fffff800`0336f6f7 : fffff880`09513c40 fffffa80`06676c8c fffffa80`06676c40 00000000`00000000 : nt!SeDefaultObjectMethod+0x57
fffff880`09513760 fffff800`0336e572 : fffff8a0`02c77d60 fffffa80`0a6e28e0 00000000`00000000 00000000`00000000 : nt!ObpAssignSecurity+0xc7
fffff880`095137d0 fffff800`03370da3 : ffffffff`ffffffff fffffa80`0a18bb30 fffffa80`06b1cb50 00000000`00000000 : nt!ObInsertObjectEx+0x1e2
fffff880`09513a20 fffff800`033701ae : fffffa80`06b1cb50 fffffa80`0a18bb30 fffff880`09513ec0 fffff880`09513c00 : nt!PspInsertThread+0x2f3
fffff880`09513ba0 fffff800`03374049 : fffff8a0`0865e440 00000000`00000000 00000000`00000001 fffff880`095143d0 : nt!PspCreateThread+0x246
fffff880`09513e20 fffff800`0307fed3 : 00000000`00000000 00000000`00000000 00000000`00f80014 fffff8a0`0c66a7e0 : nt!NtCreateThreadEx+0x25d
fffff880`09514570 fffff800`0307c490 : fffff800`033767c8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`09514778 fffff800`033767c8 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffdcea`65170e74 : nt!KiServiceLinkage
fffff880`09514780 fffff800`03073ec2 : 00000000`0000005c fffff880`09514a28 00000000`00000000 fffffa80`0aa901f0 : nt!RtlpCreateUserThreadEx+0x138
fffff880`095148a0 fffff800`0306c2a8 : 00000000`00000000 fffff880`09514a28 fffff880`09514b00 00000000`00000001 : nt!ExpWorkerFactoryCreateThread+0x92
fffff880`09514960 fffff800`0306c09b : 000007fe`00000001 fffffa80`09a56df0 fffff880`09514b60 00000000`00000000 : nt!ExpWorkerFactoryCheckCreate+0x180
fffff880`095149e0 fffff800`0307fed3 : fffffa80`0aa901f0 00000000`773445c0 00000000`00000000 00000000`0066ee38 : nt!NtWaitForWorkViaWorkerFactory+0x4da
fffff880`09514ae0 00000000`77292c1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0066fad8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77292c1a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ObLogSecurityDescriptor+c2
fffff800`0336eb51 8b4614 mov eax,dword ptr [rsi+14h]

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!ObLogSecurityDescriptor+c2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 50e79935

FAILURE_BUCKET_ID: X64_0x1E_c0000005_R_nt!ObLogSecurityDescriptor+c2

BUCKET_ID: X64_0x1E_c0000005_R_nt!ObLogSecurityDescriptor+c2

Followup: MachineOwner
---------

3: kd> lmvm nt
start end module name
fffff800`0300b000 fffff800`035f2000 nt (pdb symbols) C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\sym\ntkrnlmp.pdb\B09DFEAFE5F546ECA785C4F8577A2CC02\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Fri Jan 04 21:08:37 2013 (50E79935)
CheckSum: 0054E86D
ImageSize: 005E7000
File version: 6.1.7601.18044
Product version: 6.1.7601.18044
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.18044
FileVersion: 6.1.7601.18044 (win7sp1_gdr.130104-1431)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.

Could someone tell me what my problem is? Thank you.

 

[Bubbaleone]

Welcome to the forums. Analyze that dump file using WhoCrashed and it will pinpoint the driver responsible. Post those results and post a little more detail about what hardware this is occuring on, as well as what you're doing when it happens.

.

 

[The_Poena]

Hi, my system specs are:

Microsoft Windows 7 Home Premium 64-bit
OCZ Vertex 4 512Gb
Seagate 3TB 7200.14 hard drive
Corsair Vengeance 8GB (2x4GB) DDR3 1600
Intel Core i5-3570k 3.4 GHz
Corsair Enthusiast Series TX850M 850W
EVGA GeForce 670 FTW 2GB
Gigabyte GA-Z77-D3H

I ran this thing program called driver verifier before I analyzed with WhoCrashed. (The WhoCrashed website has a page about it). The computer then crashed when I restarted (it wanted me to). Here is what the kernel debug tool gave me when I debugged the crash dump:


Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*
Executable search path is: srv*
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`0300c000 PsLoadedModuleList = 0xfffff800`03250670
Debug session time: Thu Aug 1 17:20:24.736 2013 (UTC - 5:00)
System Uptime: 0 days 0:00:26.579
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols

Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {220, fffff8800129a710, fffff98016af0dc0, fffffa800b71ea90}

*** ERROR: Module load completed but symbols could not be loaded for LGVirHid.sys
Probably caused by : LGVirHid.sys ( LGVirHid+624 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000220, IRP_MJ_SYSTEM_CONTROL has been completed by someone other than the ProviderId.
This IRP should either have been completed earlier or should have been passed
down.
Arg2: fffff8800129a710, The address in the driver's code where the error was detected.
Arg3: fffff98016af0dc0, IRP address.
Arg4: fffffa800b71ea90, ProviderId.

Debugging Details:
------------------


BUGCHECK_STR: 0xc9_220

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 220

FAULTING_IP:
HIDCLASS!HidpMajorHandler+0
fffff880`0129a710 48895c2410 mov qword ptr [rsp+10h],rbx

FOLLOWUP_IP:
LGVirHid+624
fffff880`08744624 8bc3 mov eax,ebx

IRP_ADDRESS: fffff98016af0dc0

DEVICE_OBJECT: fffffa800b5f0170

DRIVER_OBJECT: fffffa800b71b110

IMAGE_NAME: LGVirHid.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b0b38b0

MODULE_NAME: LGVirHid

FAULTING_MODULE: fffff88008744000 LGVirHid

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LOCK_ADDRESS: fffff80003286b80 -- (!locks fffff80003286b80)

Resource @ nt!PiEngineLock (0xfffff80003286b80) Exclusively owned
Contention Count = 12
Threads: fffffa800672c040-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff80003286b80
Thread Count : 1
Thread address: 0xfffffa800672c040
Thread wait : 0x6a7

LAST_CONTROL_TRANSFER: from fffff800035103dc to fffff80003081c40

STACK_TEXT:
fffff880`035edf68 fffff800`035103dc : 00000000`000000c9 00000000`00000220 fffff880`0129a710 fffff980`16af0dc0 : nt!KeBugCheckEx
fffff880`035edf70 fffff800`0351a47a : fffff800`0350e9f0 fffff880`0129a710 fffff980`16af0dc0 fffffa80`0b71ea90 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`035edfb0 fffff800`0351b0ff : 00000000`00000220 fffffa80`0b71ea90 fffff980`16af0dc0 00000000`ffffffff : nt!ViErrorFinishReport+0xda
fffff880`035ee000 fffff800`035206a7 : fffff980`16af0f20 fffff880`0129a710 00000000`00000000 00000000`00000000 : nt!VfErrorReport10+0x6f
fffff880`035ee0e0 fffff800`0351004e : fffffa80`0b5b21c8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfWmiVerifyIrpStackUpward+0x67
fffff880`035ee110 fffff800`0351cb2d : fffffa80`0b502640 fffffa80`0b5b2010 fffff980`16af0dc0 fffff980`16af0dc0 : nt!VfMajorVerifyIrpStackUpward+0x6e
fffff880`035ee150 fffff800`0352e50d : fffff980`16af0f20 fffff880`035ee340 00000000`c00000bb fffff980`16af0f20 : nt!IovpCompleteRequest2+0xad
fffff880`035ee1c0 fffff800`030856d1 : fffff980`16af0f23 00000000`00000000 00000000`000000ff fffff800`03511eea : nt!IovpLocalCompletionRoutine+0x9d
fffff880`035ee220 fffff800`0352619f : fffff980`16af0dc0 fffff880`012a4400 fffffa80`0b5f0200 00000000`00000000 : nt!IopfCompleteRequest+0x341
fffff880`035ee310 fffff880`08744624 : fffff880`00000013 fffff880`035ee438 00000000`c00000bb fffffa80`0b5f02c0 : nt!IovCompleteRequest+0x19f
fffff880`035ee3e0 fffff880`0129aa0f : 00000000`00000000 fffffa80`0b5f02c0 00000000`00000001 00000000`00000017 : LGVirHid+0x624
fffff880`035ee410 fffff880`0129a7fb : 00000000`00000000 fffffa80`0b5f02c0 fffff980`16af0dc0 fffff880`035ee4c0 : HIDCLASS!HidpIrpMajorDefault+0x8b
fffff880`035ee450 fffff800`0352cc16 : fffff980`00000002 fffff980`16af0dc0 00000000`00000002 fffff800`0352837e : HIDCLASS!HidpMajorHandler+0xeb
fffff880`035ee4c0 fffff800`0352bc42 : fffff980`16af0f68 00000000`00000002 fffffa80`0b71e7f0 fffffa80`0b0aca00 : nt!IovCallDriver+0x566
fffff880`035ee520 fffff800`0352cc16 : fffff980`16af0dc0 00000000`00000002 fffffa80`0b71e6a0 00000000`00000000 : nt!ViFilterDispatchGeneric+0x62
fffff880`035ee550 fffff800`0352bd58 : fffff980`16af0dc0 fffffa80`0b71e6a0 00000000`00000000 fffffa80`0a5a1160 : nt!IovCallDriver+0x566
fffff880`035ee5b0 fffff800`0352be42 : fffffa80`0b71ea90 fffffa80`06760010 fffffa80`0b71ea90 00000000`00000017 : nt!VfIrpSendSynchronousIrp+0xe8
fffff880`035ee620 fffff800`03518faf : fffffa80`0b5f09b0 00000000`000007ff fffff800`031c15b8 fffff800`0341c899 : nt!VfWmiTestStartedPdoStack+0x72
fffff880`035ee6c0 fffff800`03134882 : fffffa80`0b5f09b0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfMajorTestStartedPdoStack+0x5f
fffff880`035ee6f0 fffff800`03470e6c : fffffa80`0b5f09b0 fffffa80`06760010 00000000`00000001 00000000`00000000 : nt!PpvUtilTestStartedPdoStack+0x12
fffff880`035ee720 fffff800`03472a64 : fffffa80`0b5f09b0 fffffa80`0b5f09b0 fffffa80`06760010 00000000`00000001 : nt!PipProcessStartPhase3+0x55c
fffff880`035ee810 fffff800`03473028 : fffff800`03284500 00000000`00000000 00000000`00000010 fffff800`03472f90 : nt!PipProcessDevNodeTree+0x264
fffff880`035eea80 fffff800`03184a07 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`035eead0 fffff800`0308aca9 : fffff800`031846e0 fffff800`0337bc01 fffffa80`0672c000 fffff980`00000299 : nt!PnpDeviceActionWorker+0x327
fffff880`035eeb70 fffff800`0332234a : 00000000`00000000 fffffa80`0672c040 00000000`00000080 fffffa80`066a0b30 : nt!ExpWorkerThread+0x111
fffff880`035eec00 fffff800`03072946 : fffff880`03342180 fffffa80`0672c040 fffff880`0334cfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`035eec40 00000000`00000000 : fffff880`035ef000 fffff880`035e9000 fffff880`035ede90 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: LGVirHid+624

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xc9_220_VRF_LGVirHid+624

BUCKET_ID: X64_0xc9_220_VRF_LGVirHid+624

Followup: MachineOwner
---------

3: kd> !devobj fffffa800b5f0170 f
Device object (fffffa800b5f0170) is for:
_HID00000007 \Driver\LGVirHid DriverObject fffffa800b71b110
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00002050
Dacl fffff9a10008fe61 DevExt fffffa800b5f02c0 DevObjExt fffffa800b5f0578
ExtensionFlags (0xe0000800) DOE_DEFAULT_SD_PRESENT, DOE_RAW_FDO,
DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
Characteristics (0000000000)
AttachedDevice (Upper) fffffa800b71e6a0 \DRIVER\VERIFIER_FILTER
AttachedTo (Lower) fffffa800b5f0630 \DRIVER\VERIFIER_FILTER
Device queue is not busy.
3: kd> !drvobj fffffa800b71b110 f
Driver object (fffffa800b71b110) is for:
\Driver\LGVirHid
Driver Extension List: (id , addr)
(fffff880012abd80 fffffa800b71b710)
Device Object list:
fffffa800b5f0170

DriverEntry: fffff88008745750 LGVirHid
DriverStartIo: 00000000
DriverUnload: fffff880012a9c14 HIDCLASS!HidpDriverUnload
AddDevice: fffff880012a9818 HIDCLASS!HidpAddDevice

Dispatch routines:
[00] IRP_MJ_CREATE fffff8800129a710 HIDCLASS!HidpMajorHandler
[01] IRP_MJ_CREATE_NAMED_PIPE fffff80003066b70 nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff8800129a710 HIDCLASS!HidpMajorHandler
[03] IRP_MJ_READ fffff8800129a710 HIDCLASS!HidpMajorHandler
[04] IRP_MJ_WRITE fffff8800129a710 HIDCLASS!HidpMajorHandler
[05] IRP_MJ_QUERY_INFORMATION fffff80003066b70 nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff80003066b70 nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff80003066b70 nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff80003066b70 nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff80003066b70 nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff80003066b70 nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff80003066b70 nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff80003066b70 nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff80003066b70 nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff8800129a710 HIDCLASS!HidpMajorHandler
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff8800129a710 HIDCLASS!HidpMajorHandler
[10] IRP_MJ_SHUTDOWN fffff80003066b70 nt!IopInvalidDeviceRequest
[11] IRP_MJ_LOCK_CONTROL fffff80003066b70 nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff80003066b70 nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff80003066b70 nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff80003066b70 nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff80003066b70 nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff8800129a710 HIDCLASS!HidpMajorHandler
[17] IRP_MJ_SYSTEM_CONTROL fffff8800129a710 HIDCLASS!HidpMajorHandler
[18] IRP_MJ_DEVICE_CHANGE fffff80003066b70 nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff80003066b70 nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff80003066b70 nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff8800129a710 HIDCLASS!HidpMajorHandler

3: kd> lmvm LGVirHid
start end module name
fffff880`08744000 fffff880`08746480 LGVirHid (no symbols)
Loaded symbol image file: LGVirHid.sys
Image path: \SystemRoot\system32\drivers\LGVirHid.sys
Image name: LGVirHid.sys
Timestamp: Mon Nov 23 19:36:48 2009 (4B0B38B0)
CheckSum: 00012CDE
ImageSize: 00002480
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

This crash should have nothing to do with the one in my original post. I then turned off driver verifier in safe mode and restarted it back to a normal boot. I then ran the WhoCrashed analyzation, and here are the results for that:

[FONT=Segoe UI, Arial]On Thu 8/1/2013 10:20:24 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\080113-3650-01.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]hidclass.sys[/FONT] (HIDCLASS+0x2710)
Bugcheck code: 0xC9 (0x220, 0xFFFFF8800129A710, 0xFFFFF98016AF0DC0, 0xFFFFFA800B71EA90)
Error: [FONT=Segoe UI, Arial]DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]
file path: C:\Windows\system32\drivers\hidclass.sys
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.


[/FONT]
[FONT=Segoe UI, Arial]On Thu 8/1/2013 10:20:24 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]lgvirhid.sys[/FONT] (LGVirHid+0x624)
Bugcheck code: 0xC9 (0x220, 0xFFFFF8800129A710, 0xFFFFF98016AF0DC0, 0xFFFFFA800B71EA90)
Error: [FONT=Segoe UI, Arial]DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]
file path: C:\Windows\system32\drivers\lgvirhid.sys
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: lgvirhid.sys .
Google query: [FONT=Segoe UI, Arial]lgvirhid.sys DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]


[/FONT]
[FONT=Segoe UI, Arial]On Thu 7/25/2013 9:57:10 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\072513-5007-01.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]ntoskrnl.exe[/FONT] (nt+0x75C40)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF8000336EB51, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: [FONT=Segoe UI, Arial]KMODE_EXCEPTION_NOT_HANDLED[/FONT]
file path: C:\Windows\system32\ntoskrnl.exe
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
[/FONT]
Just in case you didn't notice the top two analyzations are for the same crash (the one I got after turning on driver verifier). As for the original crash, I was just browsing the web when it happened.

 

[Bubbaleone]

WinDbg and WhoCrashed both identify C:\Windows\System32\DRIVERS\lgvirhid.sys as the faulting driver:

Product: Logitech GamePanel Software
Company: Logitech Inc.
Description: Logitech GamePanel Virtual Hid Device Driver
Version: 3.4.131.0
MD5: 94b29ce153765e768f004fb3440be2b0
SHA1: 85d2b5b171c0139c9a39e492fafea2af8e3ddc81
SHA256: e74c01cebda589cdde35cbcbaa18700e3742dd3b48a90db3630992467ffc5024
Size: 16008
Directory: C:\Windows\System32\DRIVERS\lgvirhid.sys

If you have this software installed you should check if Logitech has an update available, or temporarily uninstall to test if the BSOD stops occuring.

.

 

[The_Poena]

Hi, When I uninstalled the logitech driver and restarted the pc with driver verifier on, it didn't crash. I then installed a more up to date version of the driver, and it did crash with the verifier running. Just for more information I also choose the standard settings of driver verifier. Here are the analyzations of WhoCrashed:

[FONT=Segoe UI, Arial]On Thu 8/15/2013 2:23:47 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\081413-4243-01.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]hidclass.sys[/FONT] (HIDCLASS+0x2710)
Bugcheck code: 0xC9 (0x220, 0xFFFFF880057E0710, 0xFFFFF98019F8CDC0, 0xFFFFFA800B429C80)
Error: [FONT=Segoe UI, Arial]DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]
file path: C:\Windows\system32\drivers\hidclass.sys
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.


[/FONT]
[FONT=Segoe UI, Arial]On Thu 8/15/2013 2:23:47 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]lgvirhid.sys[/FONT] (LGVirHid+0x624)
Bugcheck code: 0xC9 (0x220, 0xFFFFF880057E0710, 0xFFFFF98019F8CDC0, 0xFFFFFA800B429C80)
Error: [FONT=Segoe UI, Arial]DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]
file path: C:\Windows\system32\drivers\lgvirhid.sys
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: lgvirhid.sys .
Google query: [FONT=Segoe UI, Arial]lgvirhid.sys DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]


[/FONT]
[FONT=Segoe UI, Arial]On Thu 8/1/2013 10:20:24 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\080113-3650-01.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]hidclass.sys[/FONT] (HIDCLASS+0x2710)
Bugcheck code: 0xC9 (0x220, 0xFFFFF8800129A710, 0xFFFFF98016AF0DC0, 0xFFFFFA800B71EA90)
Error: [FONT=Segoe UI, Arial]DRIVER_VERIFIER_IOMANAGER_VIOLATION [/FONT]
file path: C:\Windows\system32\drivers\hidclass.sys
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.


[/FONT]
[FONT=Segoe UI, Arial]On Thu 7/25/2013 9:57:10 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\072513-5007-01.dmp
This was probably caused by the following module: [FONT=Segoe UI, Arial]ntoskrnl.exe[/FONT] (nt+0x75C40)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF8000336EB51, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: [FONT=Segoe UI, Arial]KMODE_EXCEPTION_NOT_HANDLED[/FONT]
file path: C:\Windows\system32\ntoskrnl.exe
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

You'll notice that the second analyzation of my second post has disappeared although the second analyzation of this post has many similarities to it. I am also wondering if you have any idea what could have caused the crash in my original post as well.
[/FONT]

 

[The_Poena]

bump

 

[Ketchup]

Hello Poena, the hidclass.sys error is somewhat generic from what I have seen. Can you tell us about what you have connected to the computer externally? Devices such as game pads, web cams, printers, etc. You'll want to make sure these devices have updated drivers/software as well.

Also, are your running your CPU, Video Card, or RAM overclocked?

 

[The_Poena]

Hi, I have an hp psc 1209 all-in-one printer, a corsair vengeance 1500 headset, a logitech g110 keyboard, and a logitech g300 mouse. I have the latest drivers for them installed. I suppose I should forget about the first crash as I wasn't doing anything that would seem to cause a problem. I don't understand what is wrong with the logitech driver however to cause it the second crash only when I have driver verifier enabled.

 

[Ketchup]

Any special software for the headset? Have you checked for sound card updates recently?

 

[The_Poena]

I have the latest corsair stuff for my headset installed. I also have the latest driver for my motherboard's built in sound card (even though I don't think it is used at all for my headset).

 

[Bubbaleone]

Hi, I have an hp psc 1209 all-in-one printer, a corsair vengeance 1500 headset, a logitech g110 keyboard, and a logitech g300 mouse. I have the latest drivers for them installed. I suppose I should forget about the first crash as I wasn't doing anything that would seem to cause a problem. I don't understand what is wrong with the logitech driver however to cause it the second crash only when I have driver verifier enabled.

If you're saying that the Logitech driver now crashes only when you have driver verifier enabled, but it doesn't crash if driver verifier isn't running in the background, quit running it because it sounds like your computer is running normally now. Driver verifier is generally intended for use by developers when they're debugging new drivers they've written, and it's an advanced tool intended to be run simultaneously with a kernel debugger attached. If you are in fact a software developer then please forgive me for asking this question: Since you didn't even know how to analyze a crash dump, how is that you think you know how to properly use driver verifier? I know I sure don't.

.

 

[The_Poena]

I'm not a developer, and I didn't know anything about verifier. I just followed the instructions on this page: http://www.resplendence.com/whocrashed_verifier

Thank you everyone for your help.

 

[Bubbaleone]

I'm not a developer, and I didn't know anything about verifier. I just followed the instructions on this page: http://www.resplendence.com/whocrashed_verifier

Thank you everyone for your help.

If I sounded harsh, I sincerely apologize to you...my wife's been yelling at me that I've been a grumpy old man all day today. Nearly all of Microsoft's advancd diagnostic tools require a fair degree of technical education to understand when and how to use them effectively. Whether one acquires that technical knowledge in the classroom, on the job, or is self-taught isn't as important as how much dedication and effort one applies to studying the material, then testing how much they've really learned by constantly practicing the concepts and making mistakes.

I applaud you for wanting to learn about new tools and encourage you to keep asking questions, studying, practicing, and making mistakes because that's how real-world technical knowledge is acquired. The point I meant to make in my previous post is that when one is in the early stages of learning how to use a new tool, it's very easy to quickly get ahead of oneself and thus lose sight of the process. When that happens it's time to stop and backup to where the process is understood, then start again. Learn to crawl before you walk and walk before you run.


.

 

[The_Poena]

No offence taken, and thanks for the encouragement. I have gone too far sometimes when I should pause a bit more.