NOD32 X Vista Ultimate = BSOD

Hi,

Im using windows vista ultimate 32 bits and before instal NOD32 2.7.32 trial sometimes sytem show a BSOD and report a error in win32k.sys, remove NOD32
and no have more BSOD.

Any idea ?

Sorry for my poor english...

 

Hello DosFreak.

win32k.sys is a kernel driver. Have you installed the latest vista drivers for your hardware (chipset, video)?

 

My chipset is a Nforce3 250 motherboarb ABIT NF8-V2 with windows drivers ( Nvidia only have a Alpha drivers from my chipset ) graphics card 6800/XT 256MB with driver 100.65 sound is a AC 97 controler with last realtek driver for vista.

 

BSODs from kernel drivers are in most cases caused by a hardware issue. Try Googling the exact error code (0x.....). That error may have to do something with RAM or video. I don't think it's necessarily a problem with NOD. I had it running on Vista32 without problems.

 

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff98013600000, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff960000c1d9e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


WRITE_ADDRESS: fffff98013600000

FAULTING_IP:
win32k!memmove+25e
fffff960`000c1d9e 48894118 mov qword ptr [rcx+18h],rax

MM_INTERNAL_CODE: 0

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d3d32c

MODULE_NAME: win32k

FAULTING_MODULE: fffff96000000000 win32k

DEFAULT_BUCKET_ID: VISTA_RC

BUGCHECK_STR: 0x50

PROCESS_NAME: nod32kui.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff980135ff850 -- (.trap fffff980135ff850)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=00000000000000fe rbx=fffff900c1d93d60 rcx=fffff980135fffe8
rdx=ffffff80ae70e448 rsi=0000000000000000 rdi=fffff960000c9648
rip=fffff960000c1d9e rsp=fffff980135ff9e8 rbp=fffff980135ffca0
r8=0000000000000030 r9=0000000000000001 r10=0000022801c2886d
r11=fffff980135fffd8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
win32k!memmove+0x25e:
fffff960`000c1d9e 48894118 mov qword ptr [rcx+18h],rax ds:25ff:0000=?
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001854e18 to fffff8000184e250

STACK_TEXT:
fffff980`135ff748 fffff800`01854e18 : 00000000`00000050 fffff980`13600000 00000000`00000001 fffff980`135ff850 : nt!KeBugCheckEx
fffff980`135ff750 fffff800`0184cdd9 : 00000000`00000001 fffff900`c1d0e410 fffff980`135ee000 00000000`00000000 : nt!MmAccessFault+0x137c
fffff980`135ff850 fffff960`000c1d9e : fffff960`000c9d51 fffff900`c1d93d60 fffff980`135ffca0 00000000`00000001 : nt!KiPageFault+0x119
fffff980`135ff9e8 fffff960`000c9d51 : fffff900`c1d93d60 fffff980`135ffca0 00000000`00000001 00000000`00000000 : win32k!memmove+0x25e
fffff980`135ff9f0 fffff960`000c7add : fffff900`c1d93d60 fffff980`135fffd8 00000000`00000000 00000000`00000000 : win32k!xxxReadPostMessage+0x101
fffff980`135ffa70 fffff960`000c7f25 : 00000000`0007e590 fffff960`000025ff 00000000`00000000 fffff960`ffffffff : win32k!xxxRealInternalGetMessage+0x3ed
fffff980`135ffb50 fffff960`000c97e4 : 00000000`00000020 fffff960`000d741d 00000000`0007e590 fffff980`135ffca0 : win32k!xxxInternalGetMessage+0x35
fffff980`135ffb90 fffff800`0184dcf3 : fffffa80`03aa3bb0 00000000`7efdd000 00000000`00000020 00000000`00000020 : win32k!NtUserGetMessage+0x64
fffff980`135ffc20 00000000`75a59f7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007e568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75a59f7a


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!memmove+25e
fffff960`000c1d9e 48894118 mov qword ptr [rcx+18h],rax

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: win32k!memmove+25e

FAILURE_BUCKET_ID: X64_0x50_W_win32k!memmove+25e

BUCKET_ID: X64_0x50_W_win32k!memmove+25e

Followup: MachineOwner



NOD cause a BSOD see Bugcheck Analysis.....

 

Is this issue reproduceable every time you install NOD32? If so, could you create a full memory dump, zip it and upload it to an ftp server I would provide you with?

 

The problem happens with more frequency on vista x86 than x64.

It happened just once in three days using x64 version, but on x86 this occurs with more frequency... every day. But I didnt analyzed the dump logs to check if there is something similar betwen them.

I believe is the same problem because the BSOD messeges are identical (same parameters).

I'll send you the x86 dump log while it does not occur with he x64 again.