I’m getting the foolowing error on NT4 SP6:
A fatal system error has occurred.
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {c0000005, 801ae46e, 0, 220}
Probably caused by : ntoskrnl ( nt!HvpDoWriteHive+1e )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
8012ff7c cc int 3
kd> !analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 801ae46e, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 00000220, Parameter 1 of the exception
Debugging Details:
EXCEPTION_CODE: c0000005
FAULTING_IP:
nt!HvpDoWriteHive+1e
801ae46e 8b7e20 mov edi,[esi+0x20]
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000220
READ_ADDRESS: unable to get nt!MmPoolCodeEnd
unable to get nt!MmPoolCodeStart
00000220 Unknown
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 1E
EXCEPTION_RECORD: f9c33e2c – (.exr fffffffff9c33e2c)
ExceptionAddress: 801ae46e (nt!HvpDoWriteHive+0x0000001e)
ExceptionCode: c0000005
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000220
Attempt to read from address 00000220
CONTEXT: f9c33c68 – (.cxr fffffffff9c33c68)
eax=00000001 ebx=00000001 ecx=00009b01 edx=f9c33f6c esi=00000200
edi=00000000
eip=801ae46e esp=f9c33ef4 ebp=f9c33f14 iopl=0 nv up ei pl nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
nt!HvpDoWriteHive+1e:
801ae46e 8b7e20 mov edi,[esi+0x20]
Resetting default context
LAST_CONTROL_TRANSFER: from 801ae41a to 801ae46e
STACK_TEXT:
f9c33f14 801ae41a e1005be8 00000000 e1005d4c nt!HvpDoWriteHive+0x1e
f9c33f24 801ab978 e1005be8 00000001 801abe96 nt!HvSyncHive+0x40
f9c33f30 801abe96 8010b0a7 00000000 f9c33f7c nt!CmpDoFlushAll+0x2a
f9c33f34 8010b0a7 00000000 f9c33f7c 00000000 nt!CmpLazyFlushWorker+0x1a
f9c33f4c 801375f8 00000001 00000000 00000000 nt!ExpWorkerThread+0x73
f9c33f7c 801428f6 8010b034 00000001 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
nt!HvpDoWriteHive+1e
801ae46e 8b7e20 mov edi,[esi+0x20]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!HvpDoWriteHive+1e
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl
STACK_COMMAND: .cxr fffffffff9c33c68 ; kb
BUCKET_ID: 0x1E_nt!HvpDoWriteHive+1e
Followup: MachineOwner
This happens only if AUTOCHK was run during boot. Windows is on
autologon. It bugchecks when desktop is loading before icons appear. My
filter was based on sfilter, completely redesigned later. Can anyone
suggest an explanation to the problem? What is parameter 2 of exception
(Arg4 of bugcheck)?