Recently I've been having issues with my PC kicking me out of games with only a Windows has stopped working error. I have receive various BSOD. I've had some pool_corruption BSOD and now I received a new one. I have been checking my RAM with memtest and swapped out sticks. I still have 1 more to test out but I don't think it is my ram. Anyone have any ideas what my issue could be? I ran windows debugger on my most recent BSOD. Here are the results.
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8800f27be10, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8800f27bd68, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
TRAP_FRAME: fffff8800f27be10 -- (.trap 0xfffff8800f27be10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800958c750 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8014381c8f9 rsp=fffff8800f27bfa0 rbp=0000000000000000
r8=0000000000000000 r9=fffff780000003b0 r10=fffff78000000008
r11=fffffa8009535200 r12=0000000000000000 r13=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt! ?? ::FNODOBFM::`string'+0x11515:
fffff801`4381c8f9 cd29 int 29h
Resetting default scope
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
LAST_CONTROL_TRANSFER: from fffff8014388d669 to fffff8014388e340
Most likely a driver bug where a driver tried to free the same kernel memory object twice. Or something corrupted the list of memory objects. (this can be caused by issues with RAM, or a bad driver that overwrites into memory that is should not)
the problem is hard to track down because by default the checks are not done at the time the driver asks to free the memory but at some time later when the system actually tries to free up blocks of memory.
if you know what driver you suspect, you can run driver verifier on it and turn on checking and it will bugcheck when the actual problem occurs. Problem is for a graphics driver it will really slow down your driver and may actually obscure the issue and make it harder to find.
-and again it can be other drivers that actually stomp on memory and change links in the linked list data structure.
- and it can be virus that do this on purpose to gain access to kernel data structures.
I generally do the following:
check your OS files by running
then start updating 3rd party software that has device drivers
free virus scanners screw up a lot, then old software that has drivers.
as to if this is a hardware issue, you can rotate your RAM to new memory slots. You do this in the hopes that if one of your ram sticks has a issue you can move the issue from kernel memory space to user memory space. (crashing a usermode program just causes a app fault. much better than crashing a kernel mode program that will bugcheck your OS)
-I would update my ati graphics driver.
- also, windows 8 does more checking of memory structures (to fight off virus attacks)
and will bugcheck rather than just ignore the bad kernel call.