.William.

Blue Screen of Death by oanet.sys

Recommended Posts

Hi.

I am using Online Armor 4.5.1.431

Yesterday my Vista PC crashed, and according to the crash dumps it seems to be caused by online armor, I think.

Here is the analysis by 'Who Crashed' :

On Thu 13-1-2011 2:27:24 GMT your computer crashed

crash dump file: C:\Windows\Minidump\Mini011311-01.dmp

This was probably caused by the following module: oanet.sys (oanet+0x2AE8)

Bugcheck code: 0xC4 (0xCB, 0xFFFFFFFF947BAD40, 0x0, 0x0)

Error: DRIVER_VERIFIER_DETECTED_VIOLATION

file path: C:\Windows\system32\drivers\oanet.sys

product: OA Helper Driver

company: Emsisoft

description: OA Helper Driver

Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.

The driver has attempted to delete an uninitialized lookaside list. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: oanet.sys (OA Helper Driver, Emsisoft).

Google query: oanet.sys Emsisoft DRIVER_VERIFIER_DETECTED_VIOLATION

The crash occured while I was trying to have my PC go to sleep. (sounds funny, crash is not)

An other 'Who Crashed' report from an earlier time of that day :

On Thu 13-1-2011 22:34:47 your computer crashed

This was likely caused by the following module: ndisuio.sys

Bugcheck code: 0xC4 (0xCB, 0x947BAD40, 0x0, 0x0)

Error: DRIVER_VERIFIER_DETECTED_VIOLATION

Dump file: C:\Windows\Minidump\Mini011311-01.dmp

file path: C:\Windows\system32\drivers\ndisuio.sys

product: Microsoft® Windows® Operating System

company: Microsoft Corporation

description: NDIS User mode I/O driver

The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

Blue Screen View gave me the following :

==================================================

Dump File : Mini011311-01.dmp

Crash Time : 13-1-2011 23:34:47

Bug Check String : DRIVER_VERIFIER_DETECTED_VIOLATION

Bug Check Code : 0x000000c4

Parameter 1 : 0x000000cb

Parameter 2 : 0x947bad40

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : ndis.sys

Caused By Address : ndis.sys+26e48

File Description : NDIS 6.0 wrapper driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Processor : 32-bit

Computer Name :

Full Path : C:\Windows\minidump\Mini011311-01.dmp

==================================================

I hope you can help me figure out what's going on.

Strange thing is I only got ONE actual blue screen, but it could be that my system recovered from all crashes but the last one and therefor gave me only one BSoD.

All BSV reports relating to OA :

==================================================

Filename : OADriver.sys

Address In Stack :

From Address : 0x8fa44000

To Address : 0x8fa73600

Size : 0x0002f600

Time Stamp : 0x4cc7154a

Time String : 26-10-2010 18:52:10

Product Name :

File Description :

File Version :

Company :

Full Path : C:\Windows\system32\drivers\OADriver.sys

==================================================

==================================================

Filename : oahlp32.sys

Address In Stack :

From Address : 0x8fa3c000

To Address : 0x8fa43c40

Size : 0x00007c40

Time Stamp : 0x4c1b259e

Time String : 18-6-2010 8:51:58

Product Name :

File Description :

File Version :

Company :

Full Path : C:\Windows\system32\drivers\oahlp32.sys

==================================================

==================================================

Filename : OAmon.sys

Address In Stack :

From Address : 0x8f1e0000

To Address : 0x8f1e9000

Size : 0x00009000

Time Stamp : 0x4cc71550

Time String : 26-10-2010 18:52:16

Product Name : Online Armor Firewall

File Description : TDI Helper Driver

File Version : 4, 1, 0, 0

Company : Emsisoft

Full Path : C:\Windows\system32\drivers\OAmon.sys

==================================================

==================================================

Filename : oanet.sys

Address In Stack :

From Address : 0x8d7f1000

To Address : 0x8d7fb000

Size : 0x0000a000

Time Stamp : 0x4cc71556

Time String : 26-10-2010 18:52:22

Product Name : OA Helper Driver

File Description : OA Helper Driver

File Version : 4, 0, 0, 1

Company : Emsisoft

Full Path : C:\Windows\system32\drivers\oanet.sys

==================================================

Sorry for the long post.

Share this post


Link to post
Share on other sites

Hi .William.,

Can I ask you, why are you running driver verifier?

Do you have minidumps for the BSOD ? (If so - I'd appreciate if you'd send it to oasupport (at) emsisoft (dot) com with the link to this thread somewhere in message body)

Thank you in advance,

Best regards,

Andrey.

Share this post


Link to post
Share on other sites

Can I ask you, why are you running driver verifier?

Do you have minidumps for the BSOD ? (If so - I'd appreciate if you'd send it to oasupport (at) emsisoft (dot) com with the link to this thread somewhere in message body)

I don't know what 'driver verifier' is or why it is running.

When I wanted to collect the minidumps I found they were already cleared by my systems strict cleaning methods.

I changed those settings to keep them saved from now on.

By setting my system back to a restore point I managed to have things resolved for now.

But I would still like to know about this driver verifier, since I don't like any process active that shouldn't be.

Is it a valid part of Online Armor ?

[edit 1: I googled 'driver verifier' so I now know it is part of Windows Vista, but still I do not know if it should be enabled or not and if not, how to disable it]

[edit 2: Start > type verifier in the "Start Search" box and press "Enter" > Delete existing settings > Finish]

[edit 3: Keep in mind that once you enable the Driver Verifier Manager it stays active until you disable it. To do so, follow these steps: Access the Run dialog box by pressing the [Windows]-R keyboard shortcut. In the Open text box, type the command-> Verifier /reset.]

Share this post


Link to post
Share on other sites

I don't know what 'driver verifier' is or why it is running.

When I wanted to collect the minidumps I found they were already cleared by my systems strict cleaning methods.

I changed those settings to keep them saved from now on.

By setting my system back to a restore point I managed to have things resolved for now.

But I would still like to know about this driver verifier, since I don't like any process active that shouldn't be.

Is it a valid part of Online Armor ?

[edit 1: I googled 'driver verifier' so I now know it is part of Windows Vista, but still I do not know if it should be enabled or not and if not, how to disable it]

[edit 2: Start > type verifier in the "Start Search" box and press "Enter" > Delete existing settings > Finish]

[edit 3: Keep in mind that once you enable the Driver Verifier Manager it stays active until you disable it. To do so, follow these steps: Access the Run dialog box by pressing the [Windows]-R keyboard shortcut. In the Open text box, type the command-> Verifier /reset.]

Hi William,

I do not see a single point in running driver verifier if you're not testing some driver.

Just remove its settings and you should be ok.

Surely we'll take a look at the source of this BSOD.

Best regards,

Andrey.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.