# BSOD - 0x000000f4 - CRITICAL_OBJECT_TERMINATION Daily ntoskrnl.exe



## cnfdnc (Nov 29, 2013)

*Hi everyone,
I got BSOD daily and I cannot figure it out. My config is attached.
WhoCrashed shows about the .dump file the following:
*
crash dump file: C:\Windows\Minidump\112913-6084-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0) 
Bugcheck code: 0xF4 (0x3, 0xFFFFFA8007501960, 0xFFFFFA8007501C40, 0xFFFFF800039867B0)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated. 
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue. 
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. 

The CrystalInfo shows 100% and I checked the RAM with memtest86+ and memory windows diagnostic tool. Also ""error-checking" from the volume options.The sata cable on the SSD is connected to the Sata port (not marvel).
I remembered some of the BDOS: 2 of them were when I connect the headphones in the PC and 1 of them was when I install application. (It maybe just chance but plug&play is installing driver, application was installin things too, I dont know. 

This is the dump file: Download 112913-6084-01.dmp from Sendspace.com - send big files the easy way


----------



## cnfdnc (Nov 29, 2013)

Same dump file: Zippyshare.com - 112913-6084-01.dmp
Forget ot mantioned: I got the newest version of the AHCP/sata controlled installed from Device Manager, also updated my videodrivers.


----------



## cnfdnc (Nov 29, 2013)

Everest does not show all so i added this:
ACPI x64-based PC
Intel i5 -3570 3.40 GHz
2x4GB DDR3-1333 SDRAM 8-8-8-22 @ 609 MHz
BIOS AMI 3/19/12
Nvidia GTX 650 Ti
Intel 6 series/c200 series chipset family 6 port sata ahci controller
ssd corsair force gt ata device 120gb


----------



## cnfdnc (Nov 29, 2013)

here is the archive.
By the way just a minute ago it shows me BDOS two times in row when I enter my username/password to login in windows and click enter


----------



## x BlueRobot (Aug 7, 2013)

Sorry no one has replied to your post, I'll post some analysis now.


----------



## x BlueRobot (Aug 7, 2013)

```
BugCheck F4, {3, fffffa8007daf8c0, fffffa8007dafba0, fffff800039d97b0}

----- ETW minidump data unavailable-----
Probably caused by : wininit.exe
```


```
1: kd> !process fffffa8007daf8c0 3
GetPointerFromAddress: unable to read from fffff8000390c000
PROCESS fffffa8007daf8c0
    SessionId: none  Cid: 0220    Peb: 7fffffd3000  ParentCid: 015c
    DirBase: 1b9171000  ObjectTable: fffff8a002a456d0  HandleCount: <Data Not Accessible>
    Image: wininit.exe
    VadRoot fffffa80080b30b0 Vads 68 Clone 0 Private 614. Modified 174. Locked 2.
    DeviceMap fffff8a000008d80
    Token                             fffff8a002a45920
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         103928
    QuotaPoolUsage[NonPagedPool]      10696
    Working Set Sizes (now,min,max)  (1453, 50, 345) (5812KB, 200KB, 1380KB)
    PeakWorkingSetSize                1453
    VirtualSize                       49 Mb
    PeakVirtualSize                   52 Mb
    PageFaultCount                    1813
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      729
```


```
1: kd> !error 0xc0000005
Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
```
The exception which has happened, can be due to alignment issues or instructions referencing and using invalid memory addresses.


```
1: kd> lmvm eamonm
Browse full module list
start             end                 module name
fffff880`02cfc000 fffff880`02de0000   eamonm   T (no symbols)           
    Loaded symbol image file: eamonm.sys
    Image path: \SystemRoot\system32\DRIVERS\eamonm.sys
    Image name: eamonm.sys
    Timestamp:        Wed Mar 07 14:32:36 2012 (4F577184)
    CheckSum:         0003CBF4
    ImageSize:        000E4000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
```
Your _ESET Amon driver_ is potentially causing problems, please find a updated version of the program, or remove the program completely with the ESET Removal Tool.


```
1: kd> !dpx
Start memory scan  : 0xfffff88004f5be38 ($csp)
End memory scan    : 0xfffff88004f5d000 (Stack Base)

               rax : 0xfffff88004f5bec8 : 0xfffff8000398d674 : nt!NtTerminateProcess+0xf4
               rsp : 0xfffff88004f5be38 : 0xfffff80003a62ab2 : nt!PspCatchCriticalBreak+0x92
               rbp : 0xfffff800039d97b0 :  !da ""Terminating critical process 0x%p (%s).""
               rsi : 0xfffffa8007dafba0 :  !da "wininit.exe"
                r9 : 0xfffffa8007dafba0 :  !da "wininit.exe"
               r11 : 0xfffff88004f5bf48 : 0xfffff800036d3e53 : nt!KiSystemServiceCopyEnd+0x13
0xfffff88004f5be38 : 0xfffff80003a62ab2 : nt!PspCatchCriticalBreak+0x92
0xfffff88004f5be58 : 0xfffffa8007dafba0 :  !da "wininit.exe"
0xfffff88004f5be60 : 0xfffff800039d97b0 :  !da ""Terminating critical process 0x%p (%s).""
0xfffff88004f5bec8 : 0xfffff8000398d674 : nt!NtTerminateProcess+0xf4
0xfffff88004f5bf48 : 0xfffff800036d3e53 : nt!KiSystemServiceCopyEnd+0x13
0xfffff88004f5c0b8 : 0xfffff800036d0410 : nt!KiServiceLinkage
0xfffff88004f5c3f8 : 0xfffff8800123785c : Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
0xfffff88004f5c438 : 0xfffff88001240f89 : Ntfs!NtfsProcessException+0x829 <<< Access Violation?
0xfffff88004f5c518 : 0xfffff88001234594 : Ntfs!NtfsFsdRead+0x2d4
0xfffff88004f5c5b8 : 0xfffff800036b9a72 : nt!EtwpReserveTraceBuffer+0xe2
0xfffff88004f5c628 : 0xfffff8000365f000 : "nt!KiSelectNextThread <PERF> (nt+0x0)"
0xfffff88004f5c830 : 0xfffff8000370f6d4 : nt!KiDispatchException+0x348
0xfffff88004f5c8f8 : 0xfffff800036d4242 : nt!KiExceptionDispatch+0xc2
0xfffff88004f5cad8 : 0xfffff800036d2dba : nt!KiPageFault+0x23a
0xfffff88004f5cae0 : 0x0000000000000001 :  Trap @ fffff88004f5cae0
```
Looking at the raw stack, I believe _Ntfs!NtfsFsdRead_ is used by a file system driver, to dispatch a IRP and then read from a file object.

I wasn't completely sure what _Ntfs!NtfsExtendedCompleteRequestInternal_ did, what it seems to have most likely completed the IRP on the stack frame just below it. It removes from data from the stack, and then moves from data between _rsp_ register and _rbx_ register.


```
1: kd> u Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
Ntfs!NtfsExtendedCompleteRequestInternal+0x11c:
fffff880`0123785c 488b5c2450      mov     rbx,qword ptr [rsp+50h]
fffff880`01237861 4883c420        add     rsp,20h
fffff880`01237865 415d            pop     r13
fffff880`01237867 5e              pop     rsi
fffff880`01237868 5d              pop     rbp
fffff880`01237869 c3              ret
fffff880`0123786a 4584e4          test    r12b,r12b
fffff880`0123786d 0f8567ffffff    jne     Ntfs!NtfsExtendedCompleteRequestInternal+0x9a (fffff880`012377da)
```


----------



## cnfdnc (Nov 29, 2013)

Thanks bro , I try to update/change ESET, but can you be more specifc about wininit or the ntfs issue because I am not such a specialist and I dont understand


----------



## x BlueRobot (Aug 7, 2013)

With a Stop 0xF4, WinDbg (the debugger) will always conclude the probably caused by line to be the process which terminated unexpectedly, this process is a very important Windows process, and therefore closing it unexpectedly is going to cause a bugcheck. It's not the problem here, you may notice in other bugchecks it always blames the NT Kernel, because there isn't a straight forward conclusive bug or problem.

_wininit.exe_ is the Service Control Manager, it's used to control services running on Windows.

Now, to NTFS, or more commonly New Technology File System, NT is a family of Window operating systems from Windows 2000 to Windows 8, and the server editions in between. NTFS consists of more than one component, and only forms one part of what is called the storage stack. To keep things simple, the file system organises files and gives a disk a file structure, so the operating system can access your files.

Let me know if you want me to explain anything else :icon_bigg


----------



## cnfdnc (Nov 29, 2013)

I didnt mean NTFS, but Ntfs!NtfsFsdRead. Anyway thank you I think I fixed the problem. It was the SSD. I switched to SATA3 marvell controller.


----------



## x BlueRobot (Aug 7, 2013)

_Ntfs!NtfsFsdRead _isn't widely documented, so I've had to make some assumptions based on some driver code found here - Development | www.reactos.org

The file object can refer to a device object, like your SSD. It's good to know that you've found a solution. You mark the thread as solved if you like.


----------

