DarvinArroyo / peerblock

Automatically exported from code.google.com/p/peerblock
Other
0 stars 0 forks source link

PBFILTER.SYS causing BSOD (verified with Driver Verifier running) #375

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Load Peerblock
2. Load Vuze, Stop Vuze
3. Exit Peerblock

What is the expected output? Would like to quit Peerblock

What do you see instead?

"A problem has been detected and Windows has been shut down to prevent damage
to your computer.

The problem seems to be caused by the following file: pbfilter.sys

DRIVER_VERIFIER_DETECTED_VIOLATION

If this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical Information:

*** STOP: 0x000000c4 (0x0000000000000062, 0xfffffa80091b43d8, 
0xfffffa8007ee04f0, 
0x0000000000000001)

*** pbfilter.sys - Address 0xfffff8800a7a9000 base at 0xfffff8800a7a9000 
DateStamp 
0x4cd60dba"

What version of PeerBlock are you using? 

Peerblock 1.1 (autoupdate enabled)

On what operating system? 32- or
64-bit?

Windows 7 Ultimate 64bit

Please provide any additional information below.  Make sure to attach
peerblock.log and/or any screenshots that would help explain your problem.

Minidump analysis:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\123010-27674-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: 
SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03001000 PsLoadedModuleList = 0xfffff800`0323ee50
Debug session time: Thu Dec 30 15:58:54.066 2010 (UTC + 10:00)
System Uptime: 0 days 5:50:51.127
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {62, fffffa80091b43d8, fffffa8007ee04f0, 1}

*** WARNING: Unable to verify timestamp for pbfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for 
pbfilter.sys
Probably caused by : pbfilter.sys

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations 
prior to unloading.
Arg2: fffffa80091b43d8, name of the driver having the issue.
Arg3: fffffa8007ee04f0, verifier internal structure with driver information.
Arg4: 0000000000000001, total # of (paged+nonpaged) allocations that weren't 
freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.

Debugging Details:
------------------

BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  pbfilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4cd60dba

MODULE_NAME: pbfilter

FAULTING_MODULE: fffff8800a7a9000 pbfilter

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8007ee04f0
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  services.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800034fb3dc to fffff80003071740

STACK_TEXT:  
fffff880`0d5fd458 fffff800`034fb3dc : 00000000`000000c4 00000000`00000062 
fffffa80`091b43d8 fffffa80`07ee04f0 : nt!KeBugCheckEx
fffff880`0d5fd460 fffff800`0350a7ea : 00000000`00000001 00000000`00000000 
fffff880`0a7a9000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0d5fd4a0 fffff800`0316a0b0 : 00000000`00000000 00000000`00000000 
fffff880`0336a180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`0d5fd4e0 fffff800`0342eede : fffffa80`091b4320 00000000`00000000 
00000000`00000000 fffff800`03027d45 : nt!VfTargetDriversRemove+0x160
fffff880`0d5fd580 fffff800`0344998c : 00000000`00000000 00000000`00000001 
00000000`0000000a fffffa80`061ec3c8 : nt!VfDriverUnloadImage+0x2e
fffff880`0d5fd5b0 fffff800`03449d3d : 00000000`00000000 fffffa80`091b4320 
00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x1fc
fffff880`0d5fd610 fffff800`034ea421 : 00000000`00000000 fffff880`0d5fd930 
fffffa80`0422f210 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`0d5fd650 fffff800`030768b4 : 00000000`00000000 fffff880`0d5fd930 
fffffa80`0422f210 fffffa80`061ec3c8 : nt!IopDeleteDriver+0x41
fffff880`0d5fd680 fffff800`0345b10e : fffff880`0d5fd930 00000000`00000000 
00000000`c0000001 fffff800`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`0d5fd6e0 fffff800`03070993 : fffffa80`08b2c060 fffff800`0309e4eb 
00000000`00000001 fffff800`031a5646 : nt!IopUnloadDriver+0x45c
fffff880`0d5fd8b0 fffff800`0306cf30 : fffff800`0345ae07 00000000`00000000 
00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0d5fda48 fffff800`0345ae07 : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00ae1bc0 : nt!KiServiceLinkage
fffff880`0d5fda50 fffff800`03070993 : fffffa80`08b2c060 fffff880`0d5fdca0 
00000000`00000000 00000000`00000000 : nt!IopUnloadDriver+0x155
fffff880`0d5fdc20 00000000`774c15ca : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01c1ede8 00000000`00000000 : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : 0x774c15ca

STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_pbfilter.sys

BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_pbfilter.sys

Followup: MachineOwner
---------

Original issue reported on code.google.com by GenePa...@gmail.com on 30 Dec 2010 at 6:20

Attachments:

GoogleCodeExporter commented 8 years ago
I'm getting a similar issue. See the thread in the attached link.

http://social.technet.microsoft.com/Forums/en-CA/w7itprohardware/thread/ec339cc1
-378d-49b8-8461-67d23278110b

Original comment by veloriu...@gmail.com on 14 Feb 2011 at 8:39

GoogleCodeExporter commented 8 years ago
pbfilter.sys calls ExDeleteNPagedLookasideList incorrectly which causes the 
crash.

Original comment by veloriu...@gmail.com on 14 Feb 2011 at 8:41

GoogleCodeExporter commented 8 years ago
Cool, so we know that it is PB causing the crash...... but anyone have any 
solutions???

Original comment by GenePa...@gmail.com on 14 Feb 2011 at 10:26

GoogleCodeExporter commented 8 years ago
Same error, same diagnosis.

Original comment by ecomania...@gmail.com on 16 Apr 2011 at 12:09

GoogleCodeExporter commented 8 years ago
I can confirm that for me, pbfilter.sys is causing the BSOD. I get no BSODs for 
a while, but once I get one, my computer BSODs just about every hour until I 
tell PeerBlock not to start up with Windows. I made my computer BSOD every time 
I ran PB by testing pbfilter.sys with Driver Verifier.

Original comment by esyp...@gmail.com on 5 Oct 2011 at 9:59

GoogleCodeExporter commented 8 years ago
I also activated Driver Verifier only to discover immediately on the next and 
successive reboots that pbfilter.sys was being goaded into causing a BSOD with 
a 0xC9 bugcheck code.  Happened every single time until I cancelled the 
execution of PeerBlock.

Original comment by mark.a.c...@gmail.com on 10 Dec 2011 at 7:32

GoogleCodeExporter commented 8 years ago
That's interesting that its still occurring. I actually haven't had an issue 
since 2 months ago when i had to do a complete Windows 7 reinstall. Formatted 
everything and started again, haven't had any problems since. Makes me wonder 
if its a driver conflict error. ??? Sorry i can't offer any direct solution. We 
could try comparing specs and see if there's any things in common there, but 
that could take forever with no definitive outcome now mines working fine. By 
chance you're not running NVIDIA drivers are you? As these were the reason i 
ended up having to do a complete reinstall. 

Original comment by GenePa...@gmail.com on 10 Dec 2011 at 12:46

GoogleCodeExporter commented 8 years ago
Nope, using a Radeon graphics card now.  I was previously using an nVidia card 
and for a time the drivers were left installed, but they have been removed now 
in the effort to eliminate the BSODs.  In my case they occur with regularity in 
the original Dawn of War, yet I can play Supreme Commander 2 just fine.  I had 
a very few occur at other random times at the desktop or other truly unexpected 
moments.  Then I activated Driver Verifier and pbfilter.sys stopped being a 
sleeper.  Since I stopped running PeerBlock at boot no other drivers have yet 
been outed by DV, not even the one ususally implicated in the DoW BSODs, 
atikmpag.sys (which are still happening).

Original comment by mark.a.c...@gmail.com on 10 Dec 2011 at 4:47

GoogleCodeExporter commented 8 years ago
I'm similar to Mark (comment 8). I had a GeForce6800 nVidia card and peerblock 
worked fine. The card failed yesterday and I replaced it with a Radeon HD5450 
and now PeerBlock is giving me BSoD whenever I try and run it.

Original comment by ast...@gmail.com on 12 Dec 2011 at 4:18

GoogleCodeExporter commented 8 years ago
Edit: Just realised I'd left on Driver Verifier when I was trying to determine 
the issue with the video card. Turns out verifier was causing the PeerBlock 
crash, I turned it back off and problem solved. 

Original comment by ast...@gmail.com on 12 Dec 2011 at 7:45

GoogleCodeExporter commented 8 years ago
This just started happening on my Windows 7 Ult. Only configuration change I've 
made recently was to have AVG run nightly scans, with the option to scan for 
rootkits enabled. I've disabled the rootkit scan for now to see if makes a 
difference. I also had driver verifier running and it BSOD'd with 
IRQL_NOT_LESS_OR_EQUAL.

Original comment by thereald...@gmail.com on 21 Mar 2012 at 2:17

GoogleCodeExporter commented 8 years ago
This has started happening to me on my win8.1 pro x64 system

Original comment by skull66...@gmail.com on 12 Jan 2014 at 7:37