I'm using KAV 6.0.3.837 for windows workstation on a Vista x64 system (Intel Quad Core processor not IA)
All works well except that when trying to use VS2005 debugger the system lock and a BSOD appear.
All crashes are within windows modules but I tried to remove KAV and all comes to work well again, reinstalling it and using the debugger, it continues crashing.
Since we develop software with VS2005 it is impossible for me to work not using the debugger, I read somewhere about a new beta KAV driver, can this may be solve my problem ?
Where can I eventually get it ?
Thanks in advance
Full Version: BSOD when debugging
Hello recesco and welcome to the forum.
Please put the VS 2k5 into the Trusted Applications list and activate all options there. Does this solve the problem?
Please put the VS 2k5 into the Trusted Applications list and activate all options there. Does this solve the problem?
QUOTE(phr3n1c @ 15.04.2009 16:30) 
Hello recesco and welcome to the forum.
Please put the VS 2k5 into the Trusted Applications list and activate all options there. Does this solve the problem?
Please put the VS 2k5 into the Trusted Applications list and activate all options there. Does this solve the problem?
Sorry, I forgot to mention it before, I already have this setting and does not help.
I just put devenv.exe actually, but I think this is all that's needed, am I correct on this statement ?
Anyone else experiancing the same problem ?
It happens every time I use the debugger when stepping or breaking in the code so it is something very reproduceable.
If I leave the program running in the debugger without breaking all seems to work well even if I did not try it for long time.
I also tried to suspend the protection but it does not help.
Thanks for any help on this.
Is the devenv.exe the file, VS 2k5 is started with? If not, please put that exe to the trusted applications also. If this does not help either, create a full memory dump on crash and open a support-ticket at your local office (or international support). Have to get a look on the file which is responsible for that crash.
QUOTE(phr3n1c @ 15.04.2009 17:37)
Is the devenv.exe the file, VS 2k5 is started with? If not, please put that exe to the trusted applications also. If this does not help either, create a full memory dump on crash and open a support-ticket at your local office (or international support). Have to get a look on the file which is responsible for that crash.
Thanks I will do it.
In the mean time here is the result of the last crash dump, if you want to give a look
MODULE_NAME: nt
FAULTING_MODULE: fffff80001e19000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48d1ba35
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!NtSetInformationProcess+2446
fffff800`02105a16 488b28 mov rbp,qword ptr [rax]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffffffffffffff
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001e47e47 to fffff80001e6e350
STACK_TEXT:
fffffa60`088851e8 fffff800`01e47e47 : 00000000`0000001e ffffffff`c0000005 fffff800`02105a16 00000000`00000000 : nt!KeBugCheckEx
fffffa60`088851f0 fffff800`01e6e1a9 : fffffa60`08885928 fffffa60`0c658570 fffffa60`088859d0 fffffa60`0c658ac8 : nt!RtlSetBit+0x40f
fffffa60`088857f0 fffff800`01e6cd8d : fffff800`01fab8f8 fffffa80`05819ab0 00000000`00000002 fffff800`01f30b82 : nt!ZwUnloadKeyEx+0x2489
fffffa60`088859d0 fffff800`02105a16 : fcc63415`fffffd2f fffffa60`0c658570 00000000`00000000 fffffa60`0c658ac8 : nt!ZwUnloadKeyEx+0x106d
fffffa60`08885b60 fffff800`01e892ed : fffffa60`05498d23 fffffa80`0624bbb0 fffffa60`0c658570 00000000`00000000 : nt!NtSetInformationProcess+0x2446
fffffa60`088860b0 fffff800`01e98392 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeAcquireGuardedMutex+0x865
fffffa60`088861c0 fffff800`01e9c0c3 : fffffa60`088862e0 00000000`00000000 00000000`00000000 fffffa80`0624bbb0 : nt!MmUnlockPages+0xf22
fffffa60`08886260 fffff800`01e77d7c : fffffa80`07b520f9 00000000`00100018 fffffa80`0624bbb0 00000000`086be101 : nt!IoAcquireCancelSpinLock+0x163
fffffa60`088863f8 fffffa80`07b520f9 : 00000000`00100018 fffffa80`0624bbb0 00000000`086be101 fffff800`01e892ed : nt!KeReleaseSpinLock+0xc
fffffa60`08886400 00000000`00100018 : fffffa80`0624bbb0 00000000`086be101 fffff800`01e892ed 00000000`00000000 : 0xfffffa80`07b520f9
fffffa60`08886408 fffffa80`0624bbb0 : 00000000`086be101 fffff800`01e892ed 00000000`00000000 fffffa80`07b41f4c : 0x100018
fffffa60`08886410 00000000`086be101 : fffff800`01e892ed 00000000`00000000 fffffa80`07b41f4c 00000000`0739db40 : 0xfffffa80`0624bbb0
fffffa60`08886418 fffff800`01e892ed : 00000000`00000000 fffffa80`07b41f4c 00000000`0739db40 fffff800`01e19000 : 0x86be101
fffffa60`08886420 fffff800`02104bc5 : fffffa80`0692d630 00000000`00000000 fffffa60`088865b8 00000000`00000000 : nt!KeAcquireGuardedMutex+0x865
fffffa60`08886530 00000000`0001201f : 00000000`086bef98 00000000`00000010 00000000`00000000 00000000`00000000 : nt!NtSetInformationProcess+0x15f5
fffffa60`08886be0 00000000`086bef98 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1201f
fffffa60`08886be8 00000000`00000010 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`7ef37000 : 0x86bef98
fffffa60`08886bf0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`7ef37000 00000000`00000020 : 0x10
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!NtSetInformationProcess+2446
fffff800`02105a16 488b28 mov rbp,qword ptr [rax]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!NtSetInformationProcess+2446
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
When you analyse the dump, there should be a line like "probably caused by". Please specify, what is written in this line. Furthermore, please provide fileversion of klif.sys in folder c:\windows\system32\drivers\
QUOTE(phr3n1c @ 16.04.2009 11:59)
When you analyse the dump, there should be a line like "probably caused by". Please specify, what is written in this line. Furthermore, please provide fileversion of klif.sys in folder c:\windows\system32\drivers\
Here you are : Probably caused by : ntkrnlmp.exe ( nt!NtSetInformationProcess+2446 )
Actually I used the detailed analysys which shows the image of the module that created the crash that you can see in the IMAGE_NAME field.
klif.sys file version is 7.0.0.216
Thanks for you help I appeciated it
Hmm... ntkrnlmp seems to be responsible for power safe and stuff... Please deactivate ACPI in BIOS and reboot the system. Does the problem still occur after the change?
QUOTE(phr3n1c @ 16.04.2009 13:00)
Hmm... ntkrnlmp seems to be responsible for power safe and stuff... Please deactivate ACPI in BIOS and reboot the system. Does the problem still occur after the change?
Are you sure this can be done safely ?
I thought that a very different windows installation is performed if the system is an ACPI system or not, I would not have to reinstall the system ...
Besides that I'm completely sure that removig KAV the problem disappear, then reinstalling it reappear.
I've done it a few times now and this picture is quite clear
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.