Interpreting a Bug Check Code
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547224(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547224(v=vs.85).aspx
1.1. BugCheck A #
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
f_ih.sys ( Timestamp: Thu Oct 17 15:07:57 2013 (525F7EBD) )
파수 DRM 에서 발생~ RTLCompareUnicodeString에서 trap.
1.2. BugCheck 19 #
BAD_POOL_HEADER
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
npkakl.sys ( Timestamp: Wed Sep 04 09:46:51 2013 (522682FB) )
INCA Internet nProtect KeyCrypt Driver에서 발생
1.3. BugCheck 50 #
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
잘못된 시스템 메모리 참조.
예를 들면 이런 상황.
예를 들면 이런 상황.
char a[200]; char b[300]; memcpy(a, b, sizeof(b));
RC4LSProtect.sys 발생 ( Timestamp: Mon Jun 02 17:44:01 2014 (538C3951) )
NHCAHide.sys 발생 ( Timestamp: Fri Jul 12 13:52:28 2013 (51DF8B8C) )
bmsfile2drv.sys 발생. GRADIUS DLP File Filter Driver ( Timestamp: Mon May 07 16:56:33 2012 (4FA78031) )
NHCAHide.sys 발생 ( Timestamp: Fri Jul 12 13:52:28 2013 (51DF8B8C) )
NHCAHide memcpy에서 trap
JRTDIFW.SYS 발생. XecureCK Firewall ( Timestamp: Wed Jul 04 16:49:53 2012 (4FF3F5A1) )bmsfile2drv.sys 발생. GRADIUS DLP File Filter Driver ( Timestamp: Mon May 07 16:56:33 2012 (4FA78031) )
1.5. BugCheck 9F #
memory_corruption
The DRIVER_POWER_STATE_FAILURE bug check has a value of 0x0000009F. This bug check indicates that the driver is in an inconsistent or invalid power state.
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559329(v=vs.85).aspx
The DRIVER_POWER_STATE_FAILURE bug check has a value of 0x0000009F. This bug check indicates that the driver is in an inconsistent or invalid power state.
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559329(v=vs.85).aspx
1.6. BugCheck C2 #
BAD_POOL_CALLER
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
NDrive(1.0.2.3).sys ( Timestamp: Wed Nov 14 22:36:49 2012 (50A39E71) )
당연히... NDrive에서 발생... ExFreePoolWithTag가 실패한 듯.
1.7. BugCheck D1 #
DRIVER_IRQL_NOT_LESS_OR_EQUAL
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
e1e6032.sys ( Timestmp: Wed Mar 25 03:16:11 2009 (49C9236B) )
Intel(R) PRO/1000 Adapter. UdpDeliverDatagrams에서 트랩
1.8. BugCheck F4 #
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
PROCESS_NAME: wininit.exe
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
PROCESS_NAME: wininit.exe
F4는 기본적으로 저장장치와 관련된 버그체크다. 몇 가지 디스크 체크가 필요하다.
1. Update your SSD's Firmware (skip it, if it is not a SSD)
2. Reseat the sata and power.
3. Run chkdsk /f/r, following the option two of the tutorial Disk Check
4. Seatool for dos: SeaTools | Seagate download
Burn it in a blank cd. boot from the CD, click on "Accept", wait for it to finish detecting the drives, then in the upper left corner select "Basic Tests", then select "Long Test" and let it run.
2. Reseat the sata and power.
3. Run chkdsk /f/r, following the option two of the tutorial Disk Check
4. Seatool for dos: SeaTools | Seagate download
Burn it in a blank cd. boot from the CD, click on "Accept", wait for it to finish detecting the drives, then in the upper left corner select "Basic Tests", then select "Long Test" and let it run.
1.9. BugCheck 1000008E #
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Exception Code 0xc000001d The exception code that was not handled