Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 

Sign in to follow this  
jclarkw

BSOD during WAIK Customization of WinPE Image

Recommended Posts

jclarkw    0

I'm running Windows Automated Installation Kit (the original 2/13/2007 version) on an up-to-date Windows XP SP3 machine, trying to produce a customized WinPE 2.0 image file to boot from CD. If I make no modifications to the original winpe.wim, (for example, following steps in at http://technet.microsoft.com/en-us/library/dd799303), I have no problems.

After imagex is used to mount the original winpe.wim, however, ANY reference to the \mount directory (with Windows Explorer, with 'dir' at the WAIK command prompt, or with another WAIK command such as 'peimg /list /image=c:\winpe\mount' from the more comprehensive steps at http://www.svrops.com/svrops/articles/winvistape2.htm) seems to result in the Blue Screen of Death. (The BSOD says, "STOP 0x00000024..." and mentions ntfs.sys. And yes, I did disable my virus scanner before doing any of this.) I get the same results with WAIK for Windows Vista SP1 (4/9/2009 version), which is also supposed to run on XP, although neither version explicitly mentions SP3.

Old Stuff, but this seems to be the place. Anybody know what I'm doing wrong?

Share this post


Link to post
Share on other sites
jclarkw    0

MagicAndre1981 -- I did that; no joy. Chkdsk did find and fix problems, but the screen flashed by so fast I could not read it. I can't find the log file; where would it be?

Still the same BSOD with the same STOP code at the same sequence. It did a dump of physical memory (3 GB!), but I doubt you would want to see it even if I could find it.

Any other thoughts? -- jclarkw

Share this post


Link to post
Share on other sites
jclarkw    0

>>Have you checked the SMART values of your HDD?<<

Sorry. Now you've lost me. I don't know what 'SMART' values are, how to find them, nor what they would tell me.

>>Also upload the minidump files from C:\Windows\Minidumps, please.<<

Sorry again. That directory is empty. Is there some dump setting that I need to change to get a 'minidump' instead of a 'physical memory dump' (which I can't find anyhow)?

Share this post


Link to post
Share on other sites
Tripredacus    285

It did a dump of physical memory (3 GB!), but I doubt you would want to see it even if I could find it.

It should be c:\windows\MEMORY.DMP

Share this post


Link to post
Share on other sites
jclarkw    0

Thanks for the reference on memory dumps. I assume you still want a 'minidump.' i will try to generate that and post back.

Virtual memory is currently enabled with a paging file size of 4605 MB. 'Pagefile.sys' show up as a comparably large file in C:\.. (As I said, the system contains 3 GB of ram, although I realize that XP cannot use that much.)

Share this post


Link to post
Share on other sites
jclarkw    0

Also upload the minidump files from C:\Windows\Minidumps, please.

"Error You aren't permitted to upload this kind of file"

How am I supposed to upload "Mini113011-01.dmp?" -- jclarkw

Share this post


Link to post
Share on other sites
jclarkw    0

zip it and attach it or use a 1 click hoster like mediafire.com

Dear MagicAndre1981 -- I have finally straightened out my CrashControl settings (they were set to "Complete memory dump"), produced a 'minidump,' and attempted to attach a PKZipped version hereto. The details of the crash are the same as before, running from an 'administrator' account on Windows XP SP3 without loading antivirus: Start/Programs/Windows AIK[original Vista version from 7/13/07]/PE Tools Command Prompt/"copype x86 c:\winpe"<enter>; "imagex /mountrw c:\winpe\winpe.wim 1 c:\winpe\mount"<enter>; "cd mount"<enter>; BSOD, "STOP: 0x00000024... ntfs.sys..." There's no problem with a "dir" from the \winpe directroy that lists the 'mount' directory, but almost anything directly involving the \mount directory itself (e.g., "peimg /list /image=c:\winpe\mount"<enter>) will cause the same crash. Thanks for any help! -- jclarkw

Mini113011-01.zip

Share this post


Link to post
Share on other sites

The issue may be caused by the ShadowProtect snapshot driver (stcvsm.sys):

ChildEBP RetAddr

b51b8f60 b9d1ffef nt!KeBugCheckEx+0x1b

b51b8f90 b9d757d1 Ntfs!NtfsExceptionFilter+0x1cc

b51b8f9c 80539b71 Ntfs!NtfsFsdDispatchSwitch+0x146

b51b8fc4 80546e7e nt!_except_handler3+0x61

b51b8fe8 80546e50 nt!ExecuteHandler2+0x26

b51b9098 804fe5b4 nt!ExecuteHandler+0x24

b51b9454 805420e5 nt!KiDispatchException+0x13e

b51b94bc 80542096 nt!CommonDispatchException+0x4d

b51b94d0 b9d37492 nt!Kei386EoiHelper+0x18a

b51b953c b9d39edc Ntfs!NtfsFsdClose+0x3be

b51b95b0 b9d3849c Ntfs!NtfsCommonQueryInformation+0x56

b51b9614 b9d384d5 Ntfs!NtfsFsdDispatchSwitch+0x12a

b51b9738 804ef19f Ntfs!NtfsFsdDispatchWait+0x1c

b51b9748 b9de1459 nt!IopfCallDriver+0x31

b51b9750 804ef19f sr!SrPassThrough+0x31

b51b9760 b9dbbf9e nt!IopfCallDriver+0x31

WARNING: Stack unwind information not available. Following frames may be wrong.

b51b9774 b9db8109 stcvsm+0x5f9e

b51b9794 b9dbb1ed stcvsm+0x2109

b51b97c8 b9db9fa2 stcvsm+0x51ed

b51b97dc 804ef19f stcvsm+0x3fa2

b51b97ec b9e057a9 nt!IopfCallDriver+0x31

b51b9818 b9e07d56 fltmgr!FltpQueryInformationFile+0x99

So update or uninstall the tool and try it again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×