Help analyzing a minidump file

175 pts.
Blue Screen of Death
A user I support has been having an ongoing bsod problem. I've been analyzing his minidump files for awhile now, and to me, they look to always point to crypto.sys as the problem driver. Crypto.sys is a driver used by Netscreen Remote (VPN client). Apparently, upgrading to the latest version is supposed to resolve this issue - I've upgraded, and it hasn't solved the issue so I'm now wondering if the issue lies elsewhere.

In looking at his minidump, it references crypto.sys, but it also mentions a process name of BTSNTSvc.exe (BizTalk)....does this mean BizTalk is the issue or Netscreen (crypto.sys)?

Here is the file I'm reading:

1: kd> !analyze -v ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * *******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck.  Usually the exception address pinpoints the driver/function that caused the problem.  Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003.  This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG.  This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG.  This will let us see why this breakpoint is happening. Arguments: Arg1: c0000047, The exception code that was not handled Arg2: 804fcdf8, The address that the exception occurred at Arg3: a79ecc90, Trap Frame Arg4: 00000000

Debugging Details: ------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000047 - An attempt was made to release a semaphore such that its maximum count would have been exceeded.

FAULTING_IP: nt!KeReleaseSemaphore+3a 804fcdf8 85db            test    ebx,ebx

TRAP_FRAME:  a79ecc90 -- (.trap 0xffffffffa79ecc90) ESP EDITED! New esp=a79ed040 ErrCode = 00000000 eax=00000000 ebx=00000001 ecx=00000000 edx=00000000 esi=a8e7c778 edi=00000002 eip=804fcdf8 esp=a79ecd04 ebp=a79ed054 iopl=0         nv up ei pl zr na pe nc cs=0000  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246 nt!KeReleaseSemaphore+0x3a: 804fcdf8 85db            test    ebx,ebx Resetting default scope





LAST_CONTROL_TRANSFER:  from a8e180f5 to 804fcdf8

STACK_TEXT:  a79ed054 a8e180f5 a8e7c778 00000000 00000001 nt!KeReleaseSemaphore+0x3a WARNING: Stack unwind information not available. Following frames may be wrong. a79ed080 a8e17b8d a8e8bf60 a79ed098 8054088c Crypto+0x1d0f5 a79ed08c 8054088c 80004ba8 a79ed188 804ff479 Crypto+0x1cb8d a79ed08c 804ff479 80004ba8 a79ed188 804ff479 nt!KiFastCallEntry+0xfc a79ed108 abcad08b 80004ba8 e7ba89d4 a79ed3d4 nt!ZwClose+0x11 a79ed188 abc7a3dc 00000fc8 eb326ba8 e7ba89d4 SPBBCDrv+0x4908b a79ed1b4 abc735a4 e7ba89ac abc81fda abc821c3 SPBBCDrv+0x163dc a79ed1d8 abc82603 a79ed308 00000005 0000000b SPBBCDrv+0xf5a4 a79ed208 abc822e8 a79ed2fc eb4870c0 00000000 SPBBCDrv+0x1e603 a79ed244 abc73335 00000002 a79ed2fc e7ba8848 SPBBCDrv+0x1e2e8 a79ed2a4 abc7470a a79ed3d4 009ed3a8 00000002 SPBBCDrv+0xf335 a79ed324 80534a6d 00000005 a79ed358 e1557484 SPBBCDrv+0x1070a a79ed334 00000000 8a3f83b0 abc6d200 00000000 nt!ExReleaseResourceLite+0x8d


FOLLOWUP_IP: Crypto+1d0f5 a8e180f5 ??              ???


SYMBOL_NAME:  Crypto+1d0f5

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  Crypto.sys


FAILURE_BUCKET_ID:  0x8E_Crypto+1d0f5

BUCKET_ID:  0x8E_Crypto+1d0f5

Followup: MachineOwner




Software/Hardware used:
Windows XP Professional

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: