KERNEL_SECURITY_CHECK_FAILURE error 0x00000139 (Network Steve Forum)

KERNEL_SECURITY_CHECK_FAILURE error 0x00000139

Last month, I was getting a BSOD tied to a KERNEL_SECURITY_CHECK_FAILURE error nearly daily. I originally linked this error to a damaged eSATA cable from my PC to my 5-bay external RAID enclosure. Since replacing the cable, the BSODs went away...until three days ago. I have now gotten 2 BSODs over the last 3 days.

I looked at the minidump files using BlueScreenView and both crashes seemed to have been caused by different drivers: compositebus.sys and basicrender.sys.

Here are the link to the minidump files on my OneDrive:

http://1drv.ms/1B1foSn

http://1drv.ms/1RYHCBB

June 8th, 2015 1:22pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 13 hours 43 minutes ago

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2015 1:40pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator 21 hours 36 minutes ago

June 8th, 2015 5:39pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator Tuesday, June 09, 2015 9:46 AM

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2015 5:39pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator Tuesday, June 09, 2015 9:46 AM
Marked as answer by Bruce WoodingModerator 11 hours 10 minutes ago

June 8th, 2015 5:39pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator Tuesday, June 09, 2015 9:46 AM
Marked as answer by Bruce WoodingModerator Tuesday, June 16, 2015 8:03 PM
Unmarked as answer by cbae 4 hours 26 minutes ago

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2015 5:39pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator Tuesday, June 09, 2015 9:46 AM
Marked as answer by Bruce WoodingModerator Tuesday, June 16, 2015 8:03 PM
Unmarked as answer by cbae Thursday, June 18, 2015 2:58 AM

June 8th, 2015 5:39pm

When I analyze those DMP files in WinDBG I get an error on NETIO.SYS, Google research comes up with ethernet driver issues. But I am sure ZigZag will be along here shortly to correct me :D

Heres what I found in WinDBG:

.

.

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd0011a3de2c0, ffffd0011a3de218, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0011a3de2c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0011a3de218, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

TRAP_FRAME: ffffd0011a3de2c0 -- (.trap 0xffffd0011a3de2c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00043ecd4e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000441124e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8001a88dacd rsp=ffffd0011a3de450 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00043b96bf0
r11=ffffe00043ecd010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`1a88dacd cd29            int     29h
Resetting default scope

EXCEPTION_RECORD: ffffd0011a3de218 -- (.exr 0xffffd0011a3de218)
ExceptionAddress: fffff8001a88dacd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

LAST_CONTROL_TRANSFER: from fffff801cf1e17e9 to fffff801cf1d5ca0

STACK_TEXT:
ffffd001`1a3ddf98 fffff801`cf1e17e9 : 00000000`00000139 00000000`00000003 ffffd001`1a3de2c0 ffffd001`1a3de218 : nt!KeBugCheckEx
ffffd001`1a3ddfa0 fffff801`cf1e1b10 : 00000000`00000000 00000000`00000001 ffffd001`1a3de188 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`1a3de0e0 fffff801`cf1e0d34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`1a3de2c0 fffff800`1a88dacd : 00000000`ffffe000 00000000`00000000 ffffd001`1a3de5c0 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`1a3de450 fffff800`1a984572 : ffffd001`1a3de5c0 ffffe000`4966bc02 ffffe000`4966bc00 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd001`1a3de500 fffff800`1b7b0a25 : 00000000`00000050 ffffd001`00000050 ffffe000`4374bec0 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`1a3de660 fffff800`1b7b0be3 : 00000000`00000000 ffffcf81`a3b2ef70 ffffcf81`a3b2eea0 ffffe000`46639de0 : nsiproxy!NsippGetParameter+0x195
ffffd001`1a3de7f0 fffff801`cf6fe911 : ffffcf81`a3b2eea0 00000000`00000002 ffffe000`41b158f0 fffff801`cf328701 : nsiproxy!NsippDispatch+0x53
ffffd001`1a3de830 fffff801`cf4aa77f : 00000000`00000000 ffffd001`1a3deb80 ffffcf81`a3b2eea0 ffffe000`46639d40 : nt!IovCallDriver+0x3cd
ffffd001`1a3de880 fffff801`cf4a9d22 : ffffd001`1a3dea38 00007ffa`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`1a3dea20 fffff801`cf1e14b3 : ffffe000`458f5080 000000f4`001f0003 000000f4`4465e438 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`1a3dea90 00007ffa`c9ba123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000f4`4465e4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c9ba123a

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`1a984572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

Followup: MachineOwner

Edited by Acreed02 Monday, June 08, 2015 5:39 PM
Proposed as answer by Karen HuMicrosoft contingent staff, Moderator Tuesday, June 09, 2015 9:46 AM
Marked as answer by Bruce WoodingModerator Tuesday, June 16, 2015 8:03 PM
Unmarked as answer by cbae Thursday, June 18, 2015 2:58 AM

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2015 5:39pm

Windbg dows suggest that netio.sys is the cause but from experience it is usually something else killing it.

I would start by upgrading the below drivers from as far back as 2004

SiWinAcc.sys   11/1/2004 3:23:29 PM
SiRemFil.sys   10/18/2006 6:20:39 PM
Si3124r5.sys   1/5/2010 11:00:46 PM
Rt630x64.sys   5/10/2013 5:59:08 AM

If you continue to crash I would run driver verifier to find the underlying cause

These crashes were related to memory corruption (probably caused by a driver).

Please run these two tests to verify your memory and find which driver is causing the problem. Please run verifier first. You do not need to run memtest yet unless verifier does not find the cause, or you want to.

If you are over-clocking anything reset to default before running these tests. In other words STOP!!! If you do not know what this means you probably are not

1-Driver verifier (for complete directions see our wiki here)
2-Memtest. (You can read more about running memtest here)

June 9th, 2015 6:36am

I replaced my eSATA RAID card that uses the Silicon Image drivers with another one that uses a different chip and driver. I got another BSOD the other day. I'll have to check the MiniDump file and upload it again.

Free Windows Admin Tool Kit Click here and download it now

June 17th, 2015 6:18pm

Here are my last two MiniDump files after installing the new RAID card:

http://1drv.ms/1Rb3k2U

http://1drv.ms/1Rb3t6J

June 17th, 2015 11:02pm

Hi cbae,

The dump files reference the netio.sys with the following:

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

As suggested in this link you may benefit from the following hotfix:

https://support.microsoft.com/en-us/kb/3055343

There is a link at the top of the article to request the hotfix.

Free Windows Admin Tool Kit Click here and download it now

June 18th, 2015 5:42am

Hi cbae,

The dump files reference the netio.sys with the following:

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

As suggested in this link you may benefit from the following hotfix:

https://support.microsoft.com/en-us/kb/3055343

There is a link at the top of the article to request the hotfix.

Marked as answer by Bruce WoodingModerator Wednesday, July 01, 2015 1:06 AM

June 18th, 2015 9:40am

That hotfix is for Windows Server 2012R2. I'm running Windows 8.1

Free Windows Admin Tool Kit Click here and download it now

June 19th, 2015 6:06pm

The latest DMPS indicate the same as the first, have you run driver verifier and memtest as per ZigZag's instructions?

June 19th, 2015 6:11pm

Properties Article ID: 3055343 - Last Review: May 18, 2015 - Revision: 2.0

Applies to

Windows Server 2012 R2 Standard
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1
Windows 8.1 Pro
Windows 8.1 Enterprise

Free Windows Admin Tool Kit Click here and download it now

June 19th, 2015 6:12pm

The latest DMPS indicate the same as the first, have you run driver verifier and memtest as per ZigZag's instructions?

Yes, I did that already. My memory sticks are fine, and driver verifier didn't find anything wrong.

June 19th, 2015 10:57pm

That hotfix is for Windows Server 2012R2. I'm running Windows 8.1

The hotfix is for Windows 8.1 as well as Windows Server 2012 R2 (same kernel).

When you request the hotfix it will be for Windows 8.1/Windows Server 2012 R2.

I probably should have been more clear about that.

Your dump files and symptoms seem to match exactly what is described in the blog and article.

I would highly recommend to install the hotfix.

Free Windows Admin Tool Kit Click here and download it now

June 19th, 2015 11:37pm

OK. Installing the hotfix. I report back whether or not this solved the problem.

June 20th, 2015 2:11am

OK, and good luck!

Free Windows Admin Tool Kit Click here and download it now

June 20th, 2015 2:21am

So far, so good. I've had a couple of instances when the keyboard wouldn't work after reboot and rebooting again would cause some kind of BSOD during shutdown, but it might not be related.

July 30th, 2015 10:20am

Could you post the DMP files for the most recent BSOD? We can analyze to see if there is any relation or possible fix.

Free Windows Admin Tool Kit Click here and download it now

July 30th, 2015 10:35am

This topic is archived. No further replies will be accepted.

Other recent topics

Remote Administration For Windows. Easy remote access of Windows 7, XP, 2008, 2000, and Vista Computers

Click here to find out more

Reboot Hundreds of computers, disable flash drives, deploy power managements settings.

Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier