T
TomTheFurry
Not sure if this is the correct place to post this, but got a random Bugcheck when doing not much at all. Also not sure where to upload the MEMORY.DMP. I believe this is a nullptr dereference in NTFS system. Posting this DUMP because not sure if this could potancially be exploited or not. The below so some of the WinDbg.exe result:
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\tomle\Desktop\window BSOD\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`17a00000 PsLoadedModuleList = 0xfffff802`1862a390
Debug session time: Mon Feb 15 14:50:36.956 2021 (UTC + 8:00)
System Uptime: 3 days 21:14:33.959
Loading Kernel Symbols
...............................................................
....Page 66dfd2 not present in the dump file. Type ".hh dbgerr004" for details
.......Page 361621 not present in the dump file. Type ".hh dbgerr004" for details
.....................................................
............................................................
Loading User Symbols
Loading unloaded module list
...............................
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8021c73f350, The address that the exception occurred at
Arg3: fffff50e181669f8, Exception Record Address
Arg4: fffff50e18166230, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-JLN4ALO
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 1
Key : Analysis.Memory.CommitPeak.Mb
Value: 72
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8021c73f350
BUGCHECK_P3: fffff50e181669f8
BUGCHECK_P4: fffff50e18166230
EXCEPTION_RECORD: fffff50e181669f8 -- (.exr 0xfffff50e181669f8)
ExceptionAddress: fffff8021c73f350 (Ntfs!NtfsPositionCachedLcnByLength+0x0000000000000158)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000002
Attempt to read from address 0000000000000002
CONTEXT: fffff50e18166230 -- (.cxr 0xfffff50e18166230)
rax=0000000000000000 rbx=000000000000ffff rcx=000000000000ffff
rdx=000000000002fffd rsi=0000000000000000 rdi=ffff8d8a48757000
rip=fffff8021c73f350 rsp=fffff50e18166c30 rbp=ffff8d8a6977bb28
r8=000000000000006f r9=0000000000000060 r10=0000000000000000
r11=000000000000007f r12=0000000000000000 r13=000000000000ffff
r14=0000000000000000 r15=ffff8d8a4afb2790
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
Ntfs!NtfsPositionCachedLcnByLength+0x158:
fffff802`1c73f350 450fb74202 movzx r8d,word ptr [r10+2] ds:002b:00000000`00000002=????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
READ_ADDRESS: 0000000000000002
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000002
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
fffff50e`18166c30 fffff802`1c7d4619 : ffff8d8a`6977000c 00000000`00000002 00000000`00000000 00000000`00000000 : Ntfs!NtfsPositionCachedLcnByLength+0x158
fffff50e`18166c90 fffff802`1c73fb29 : ffff8d8a`6977bb28 00000000`00000001 00000000`187e3e95 fffff50e`18166dc0 : Ntfs!NtfsGetCachedLengthInsertionPoint+0x94dfd
fffff50e`18166ce0 fffff802`1c61ee1d : fffff50e`18166dc0 ffff8d8a`6977bb28 ffff8d8a`6977bb28 00000000`00000000 : Ntfs!NtfsInsertCachedLcnAtIndex+0x29
fffff50e`18166d50 fffff802`1c61ec31 : ffffda01`d0cd0998 ffff8d8a`642de050 ffffda01`d0cd0998 00000000`00000000 : Ntfs!NtfsInsertCachedLcn+0x1c9
fffff50e`18166e00 fffff802`1c7403b3 : ffffda01`d0cd0998 00000000`00000000 ffff8d8a`642de050 00000000`00000000 : Ntfs!NtfsInsertCachedRunInTier+0x55
fffff50e`18166ea0 fffff802`1c78d368 : 00000000`00000000 00000000`0000d000 00000000`187e3ea2 00000000`00000001 : Ntfs!NtfsAddCachedRun+0x12b
fffff50e`18166f20 fffff802`1c78c9fd : ffffda01`d67cf180 ffffda01`d67cf180 00000000`00000000 00000000`00000001 : Ntfs!NtfsScanEntireBitmap+0x2e4
fffff50e`18167360 fffff802`1c7953d4 : ffffda01`d0cd0998 ffffda01`d67cf180 ffffda01`d67cf250 00000000`00000000 : Ntfs!NtfsInitializeClusterAllocation+0x9d
fffff50e`181673e0 fffff802`1c751f23 : ffffda01`d0cd0998 00000000`0191bdda 00000000`1c625700 fffff802`1c632ee9 : Ntfs!NtfsMountVolume+0x1f44
fffff50e`18167850 fffff802`1c625da4 : ffffda01`d0cd0998 fffff802`1c625750 00000000`00000000 ffffda01`d0cd0998 : Ntfs!NtfsCommonFileSystemControl+0xcf
fffff50e`18167920 fffff802`17c25975 : ffffda01`d53ce040 ffffda01`d53ce040 ffffda01`bfa937f0 ffffda01`00000000 : Ntfs!NtfsFspDispatch+0x654
fffff50e`18167a70 fffff802`17d17e25 : ffffda01`d53ce040 00000000`00000080 ffffda01`bfaa8040 00000000`00000000 : nt!ExpWorkerThread+0x105
fffff50e`18167b10 fffff802`17dfd0d8 : ffffa181`047d7180 ffffda01`d53ce040 fffff802`17d17dd0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffff50e`18167b60 00000000`00000000 : fffff50e`18168000 fffff50e`18161000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: Ntfs!NtfsPositionCachedLcnByLength+158
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
IMAGE_VERSION: 10.0.19041.804
STACK_COMMAND: .cxr 0xfffff50e18166230 ; kb
BUCKET_ID_FUNC_OFFSET: 158
FAILURE_BUCKET_ID: AV_Ntfs!NtfsPositionCachedLcnByLength
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {52a2066e-ad61-9d2e-3f73-2941a33fb6fc}
Followup: MachineOwner
---------
3: kd> !blackboxbsd
Version: 176
Product type: 1
Auto advanced boot: FALSE
Advanced boot menu timeout: 30
Last boot succeeded: TRUE
Last boot shutdown: FALSE
Sleep in progrees: FALSE
Power button timestamp: 0
System running: TRUE
Connected standby in progress: FALSE
User shutdown in progress: FALSE
System shutdown in progress: FALSE
Sleep in progress: 0
Connected standby scenario instance id: 0
Connected standby entry reason: 0
Connected standby exit reason: 0
System sleep transitions to on: 7
Last reference time: 0x1d70340b2773287
Last reference time checksum: 0x5f2c04f6
Last update boot id: 47
Boot attempt count: 1
Last boot checkpoint: TRUE
Checksum: 0xa9
Last boot id: 47
Last successful shutdown boot id: 46
Last reported abnormal shutdown boot id: 46
Error info boot id: 0
Error info repeat count: 0
Error info other error count: 0
Error info code: 0
Error info other error count: 0
Power button last press time: 0
Power button cumulative press count: 0
Power button last press boot id: 0
Power button last power watchdog stage: 0
Power button watchdog armed: FALSE
Power button shutdown in progress: FALSE
Power button last release time: 0
Power button cumulative release count: 0
Power button last release boot id: 0
Power button error count: 0
Power button current connected standby phase: 0
Power button transition latest checkpoint id: 0
Power button transition latest checkpoint type: 0
Power button transition latest checkpoint sequence number: 0
3: kd> !blackboxntfs
NTFS Blackbox Data
0 Slow I/O Timeout Records Found
0 Oplock Break Timeout Records Found
3: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132577628684205557
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\DAFUPnPProvider\uuid:19a577e7-175b-455f-9759-b6757a43b521
VetoString :
3: kd> lmvm Ntfs
Browse full module list
start end module name
fffff802`1c600000 fffff802`1c8d9000 Ntfs (pdb symbols) c:\windows\symbol_cache\ntfs.pdb\30F114E4EFF4527B4FB599B6B8E107811\ntfs.pdb
Loaded symbol image file: Ntfs.sys
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: B1068108 (This is a reproducible build file hash, not a timestamp)
CheckSum: 002C225D
ImageSize: 002D9000
File version: 10.0.19041.804
Product version: 10.0.19041.804
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 10.0.19041.804
FileVersion: 10.0.19041.804 (WinBuild.160101.0800)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
Side note:
1 - I have windows file history/backup enabled, saving into the Backup Drive, and after restarting the computer, Windows prompted me about drive errrors on my Backup Drive. ChkDsk reports that it discovered free space marked as allocated in the volume bitmap, and fixed it afterwards. The Backup Drive(B
is a HDD. Main Drive(C is a m.2 SSD. Have another 2 drives (D: E. E drive stores old system data, and the drive is reported multiple times to be failing, though sometimes the error count resetted itself. It stills work fine in normal use however.
2 - I have a Bugcheck a week before about PageHashError - CRC error (Hash Mismatch), with one bit fliped. Doing a memory check (from Windows) reports problems with memory. However, using the trusty MemCheck86 reports no errors after 4 passes. So I believed that was just a cosmic bit flip, as I don't have ECC memory.
Continue reading...
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\tomle\Desktop\window BSOD\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`17a00000 PsLoadedModuleList = 0xfffff802`1862a390
Debug session time: Mon Feb 15 14:50:36.956 2021 (UTC + 8:00)
System Uptime: 3 days 21:14:33.959
Loading Kernel Symbols
...............................................................
....Page 66dfd2 not present in the dump file. Type ".hh dbgerr004" for details
.......Page 361621 not present in the dump file. Type ".hh dbgerr004" for details
.....................................................
............................................................
Loading User Symbols
Loading unloaded module list
...............................
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8021c73f350, The address that the exception occurred at
Arg3: fffff50e181669f8, Exception Record Address
Arg4: fffff50e18166230, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-JLN4ALO
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 1
Key : Analysis.Memory.CommitPeak.Mb
Value: 72
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8021c73f350
BUGCHECK_P3: fffff50e181669f8
BUGCHECK_P4: fffff50e18166230
EXCEPTION_RECORD: fffff50e181669f8 -- (.exr 0xfffff50e181669f8)
ExceptionAddress: fffff8021c73f350 (Ntfs!NtfsPositionCachedLcnByLength+0x0000000000000158)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000002
Attempt to read from address 0000000000000002
CONTEXT: fffff50e18166230 -- (.cxr 0xfffff50e18166230)
rax=0000000000000000 rbx=000000000000ffff rcx=000000000000ffff
rdx=000000000002fffd rsi=0000000000000000 rdi=ffff8d8a48757000
rip=fffff8021c73f350 rsp=fffff50e18166c30 rbp=ffff8d8a6977bb28
r8=000000000000006f r9=0000000000000060 r10=0000000000000000
r11=000000000000007f r12=0000000000000000 r13=000000000000ffff
r14=0000000000000000 r15=ffff8d8a4afb2790
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
Ntfs!NtfsPositionCachedLcnByLength+0x158:
fffff802`1c73f350 450fb74202 movzx r8d,word ptr [r10+2] ds:002b:00000000`00000002=????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
READ_ADDRESS: 0000000000000002
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000002
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
fffff50e`18166c30 fffff802`1c7d4619 : ffff8d8a`6977000c 00000000`00000002 00000000`00000000 00000000`00000000 : Ntfs!NtfsPositionCachedLcnByLength+0x158
fffff50e`18166c90 fffff802`1c73fb29 : ffff8d8a`6977bb28 00000000`00000001 00000000`187e3e95 fffff50e`18166dc0 : Ntfs!NtfsGetCachedLengthInsertionPoint+0x94dfd
fffff50e`18166ce0 fffff802`1c61ee1d : fffff50e`18166dc0 ffff8d8a`6977bb28 ffff8d8a`6977bb28 00000000`00000000 : Ntfs!NtfsInsertCachedLcnAtIndex+0x29
fffff50e`18166d50 fffff802`1c61ec31 : ffffda01`d0cd0998 ffff8d8a`642de050 ffffda01`d0cd0998 00000000`00000000 : Ntfs!NtfsInsertCachedLcn+0x1c9
fffff50e`18166e00 fffff802`1c7403b3 : ffffda01`d0cd0998 00000000`00000000 ffff8d8a`642de050 00000000`00000000 : Ntfs!NtfsInsertCachedRunInTier+0x55
fffff50e`18166ea0 fffff802`1c78d368 : 00000000`00000000 00000000`0000d000 00000000`187e3ea2 00000000`00000001 : Ntfs!NtfsAddCachedRun+0x12b
fffff50e`18166f20 fffff802`1c78c9fd : ffffda01`d67cf180 ffffda01`d67cf180 00000000`00000000 00000000`00000001 : Ntfs!NtfsScanEntireBitmap+0x2e4
fffff50e`18167360 fffff802`1c7953d4 : ffffda01`d0cd0998 ffffda01`d67cf180 ffffda01`d67cf250 00000000`00000000 : Ntfs!NtfsInitializeClusterAllocation+0x9d
fffff50e`181673e0 fffff802`1c751f23 : ffffda01`d0cd0998 00000000`0191bdda 00000000`1c625700 fffff802`1c632ee9 : Ntfs!NtfsMountVolume+0x1f44
fffff50e`18167850 fffff802`1c625da4 : ffffda01`d0cd0998 fffff802`1c625750 00000000`00000000 ffffda01`d0cd0998 : Ntfs!NtfsCommonFileSystemControl+0xcf
fffff50e`18167920 fffff802`17c25975 : ffffda01`d53ce040 ffffda01`d53ce040 ffffda01`bfa937f0 ffffda01`00000000 : Ntfs!NtfsFspDispatch+0x654
fffff50e`18167a70 fffff802`17d17e25 : ffffda01`d53ce040 00000000`00000080 ffffda01`bfaa8040 00000000`00000000 : nt!ExpWorkerThread+0x105
fffff50e`18167b10 fffff802`17dfd0d8 : ffffa181`047d7180 ffffda01`d53ce040 fffff802`17d17dd0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffff50e`18167b60 00000000`00000000 : fffff50e`18168000 fffff50e`18161000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: Ntfs!NtfsPositionCachedLcnByLength+158
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
IMAGE_VERSION: 10.0.19041.804
STACK_COMMAND: .cxr 0xfffff50e18166230 ; kb
BUCKET_ID_FUNC_OFFSET: 158
FAILURE_BUCKET_ID: AV_Ntfs!NtfsPositionCachedLcnByLength
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {52a2066e-ad61-9d2e-3f73-2941a33fb6fc}
Followup: MachineOwner
---------
3: kd> !blackboxbsd
Version: 176
Product type: 1
Auto advanced boot: FALSE
Advanced boot menu timeout: 30
Last boot succeeded: TRUE
Last boot shutdown: FALSE
Sleep in progrees: FALSE
Power button timestamp: 0
System running: TRUE
Connected standby in progress: FALSE
User shutdown in progress: FALSE
System shutdown in progress: FALSE
Sleep in progress: 0
Connected standby scenario instance id: 0
Connected standby entry reason: 0
Connected standby exit reason: 0
System sleep transitions to on: 7
Last reference time: 0x1d70340b2773287
Last reference time checksum: 0x5f2c04f6
Last update boot id: 47
Boot attempt count: 1
Last boot checkpoint: TRUE
Checksum: 0xa9
Last boot id: 47
Last successful shutdown boot id: 46
Last reported abnormal shutdown boot id: 46
Error info boot id: 0
Error info repeat count: 0
Error info other error count: 0
Error info code: 0
Error info other error count: 0
Power button last press time: 0
Power button cumulative press count: 0
Power button last press boot id: 0
Power button last power watchdog stage: 0
Power button watchdog armed: FALSE
Power button shutdown in progress: FALSE
Power button last release time: 0
Power button cumulative release count: 0
Power button last release boot id: 0
Power button error count: 0
Power button current connected standby phase: 0
Power button transition latest checkpoint id: 0
Power button transition latest checkpoint type: 0
Power button transition latest checkpoint sequence number: 0
3: kd> !blackboxntfs
NTFS Blackbox Data
0 Slow I/O Timeout Records Found
0 Oplock Break Timeout Records Found
3: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132577628684205557
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\DAFUPnPProvider\uuid:19a577e7-175b-455f-9759-b6757a43b521
VetoString :
3: kd> lmvm Ntfs
Browse full module list
start end module name
fffff802`1c600000 fffff802`1c8d9000 Ntfs (pdb symbols) c:\windows\symbol_cache\ntfs.pdb\30F114E4EFF4527B4FB599B6B8E107811\ntfs.pdb
Loaded symbol image file: Ntfs.sys
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: B1068108 (This is a reproducible build file hash, not a timestamp)
CheckSum: 002C225D
ImageSize: 002D9000
File version: 10.0.19041.804
Product version: 10.0.19041.804
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 10.0.19041.804
FileVersion: 10.0.19041.804 (WinBuild.160101.0800)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
Side note:
1 - I have windows file history/backup enabled, saving into the Backup Drive, and after restarting the computer, Windows prompted me about drive errrors on my Backup Drive. ChkDsk reports that it discovered free space marked as allocated in the volume bitmap, and fixed it afterwards. The Backup Drive(B
is a HDD. Main Drive(C is a m.2 SSD. Have another 2 drives (D: E. E drive stores old system data, and the drive is reported multiple times to be failing, though sometimes the error count resetted itself. It stills work fine in normal use however.2 - I have a Bugcheck a week before about PageHashError - CRC error (Hash Mismatch), with one bit fliped. Doing a memory check (from Windows) reports problems with memory. However, using the trusty MemCheck86 reports no errors after 4 passes. So I believed that was just a cosmic bit flip, as I don't have ECC memory.
Continue reading...