343
130 shares, 343 points

We had previously looked at how to do the basic blue screen analysis with you. In this guide, we dig a little deeper and identify the driver that is causing the Driver Power State Failure blue screen error.

https: // www. YouTube. com / watch? v = I7ZqDpv0Rjw

Although blue screen errors are generally hardware related, they can also be caused by faulty or outdated drivers that are incompatible with current Windows 10 versions. There is a similar situation in this guide. To detect the problem, we first download the shared Minidump files. We open the downloaded files with WinDbg Preview and start the analysis by saying analyze-v.

If we look at the first result, it is not possible to identify an exact driver, but the problem is Stream. It can be understood to be related to sys:

DRIVER_POWER_STATE_FAILURE (9f) A driver has failed to complete a power IRP within a specific time. Arguments: Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time Arg2: ffffbd0f618aa570, Physical Device Object of the stack Arg3: fffff80367fe87b0, nt! TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack Arg4 : ffffbd0f695e19e0, The blocked IRP Debugging Details: —————— Implicit thread is now ffffbd0f`671ef040 *** WARNING: Unable to verify timestamp for win32k. sys KEY_VALUES_STRING: 1 Key: Analysis. CPU. mSec Value: 2968 Key: Analysis. DebugAnalysisProvider. CPP Value: Create: 8007007e on DESKTOP-1IBQR0U Key: Analysis. DebugData Value: CreateObject Key: Analysis. DebugModel Value: CreateObject Key: Analysis. Elapsed. mSec Value: 12698 Key: Analysis. Memory. CommitPeak. Mb Value: 76 Key: Analysis. System Value: CreateObject Key: WER. OS. Branch Value: 19h1_release Key: WER. OS. Timestamp Value: 2019-03-18T12: 02: 00Z Key: WER. OS. Version Value: 10. 0 18362. 1 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 BUGCHECK_CO: 9f BUGCHECK_P1: 3 BUGCHECK_P2: ffffbd0f618aa570 BUGCHECK_P3: fffff80367fe87b0 BUGCHECK_P4: ffffbd0f695e19e0 in DRVPOWERSTATE_SUBCO: 3 FAULTING_THREAD: ffffbd0f671ef040 BLACKBOXBSD: 1 (! Blackboxbsd) BLACKBOXNTFS: 1 (! Blackboxntfs ) BLACKBOXPNP: 1 (! Blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: fffffc03`dd0c7540 fffff803`6211507d: ffffe080`00000001 fffffff00 : ffffbd0f`671ef040 00000000`00000000 ffff121e`511c7353 00000000`00000000: nt! kiswapthread + 0xbfd fffffc03`dd0c7720 fffff803`621136a5: ffffbd0f`5fbbd060 fffffc03`00000000 00000000`00000000 00000000`00000000: nt! kicommitthreadwait + 0x144 fffffc03`dd0c77c0 fffff803`7cf73920 : ffffbd0f`5fbbd4a0 00000000`00000000 ffffbd0f`695e1900 ffffbd0f`5fbbd000: nt! KeWaitForSingleObject + 0x255 fffffc03`dd0c78a0 fff ff803`621739 by: ffffbd0f`695e19e0 ffffbd0f`695e19e0 fffffc03`dd0c7a20 ffffbd0f`695e1f30: STREAM! streamclasspow Air + 0x4c0 fffffc03`dd0c7930 fffff803`6210a940: 00000000`00000008 fffffc03`dd0c7950 00000000`00000008 fffffc03`dd0c7990: nt! ıoppohandleırp + 0x36 fffffc03`dd0c7960 fffff803`62175ef9: 00680074`0073006b 0000006b`006e0075 00000000`00000000 00000000`00000000: nt! ıofcalldriv Air + 0x70 fffffc03`dd0c79a0 fffff803`7bd616cd: fffff803`6243ad00 fffff803`62111c32 ffffbd0f`532bd000 00000000`00000000: nt! IoCallDriver + 0x9 fffffc03`dd0c79d0 fffff803`7bd61023: ffffbd0f`5ffc5c40 00000000`00000000 ffffbd0f`00000000 ffffbd0f`695e19e0: ksth Link! ckernelfilterdevi by fffffc03`dd0c7a30 fffff803`6217a04f :: dispatchırp + 0x249: fffff803`62444fe0 00000000`00000000 ffffbd0f`61a1cc00 ffffbd0f`532bd000: ksth Link! ckernelfilterdevi by :: DispatchIrpBridge + 0x13 fffffc03`dd0c7a60 fffff803`6206bcd5: ffffffff`fa0a1f00 ffffbd0f`671ef040 fffff803`62179e70 00000000`00000001: nt! PopIrpWorker + 0x1df`fffddc03 fffff803`621c9998 b10: fffff803`5f50f180 ffffbd0f`671ef040 fffff803`6206bc80 00000000`00000246: nt! pspsystemthreadstartup + 0x55 fffffc03`dd0c7b60 00000000`00000000: fffffc03`dd0c8000 fffffc03`dd0c1000 00000000`00000000 00000000`00000000: nt! kistartsystemthread + 0x28 STACK_COMMAND: . thread 0xffffbd0f671ef040; kb SYMBOL_NAME: STREAM! StreamClassPower + 4c0 MODULE_NAME: STREAM IMAGE_NAME: STREAM. SYS IMAGE_VERSION: 10.0. Followup: MachineOwner ———

At this stage, we can click on it for even more information about Stream:

Browse full module list start end module name fffff803`7cf70000 fffff803`7cf8c000 STREAM # (pdb symbols) C: ProgramData Dbg sym stream. pdb E7568AE2DAC2E2120D05008A22ADD4681 stream. pdb Loaded symbol image file: STREAM. SYS Mapped memory image file: C: ProgramData Dbg sym STREAM. SYS 5BD8D9831c000 STREAM. SYS Image path: SystemRoot system32 DRIVERS STREAM. SYS Image name: STREAM. SYS Browse all global symbols functions data Image was built with / Brepro flag. Timestamp: 5BD8D983 (This is a reproducible build file hash, not a timestamp) CheckSum: 00019079 ImageSize: 0001C000 File version: 10. 0. 18362.904 Product version: 10. 0. 18362.904 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3. 7 Driver File date: 00000000. 00000000 Translations: 0000. 04b0 Information from resource tables: CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: stream. sys OriginalFilename: stream. sys ProductVersion: 10. 0. 18362. 904 FileVersion: 10. 0. 18362. 904 (WinBuild. 160101. 0800) FileDescription: WDM CODEC Class Device Driver 2.0 LegalCopyright: © Microsoft Corporation. All rights reserved.

As a result we learn that this is WDM CODEC Class Device Driver 2.0. So this is a video encoding driver. However, this driver is unlikely to cause problems because Windows current and blue screen errors are not usually caused by Windows’ own drivers. In this context, we take a look at Microsoft’s DRIVER_POWER_STATE_FAILURE article for deeper analysis. The article bases that this problem has more than one derivative. The version we live in is called nt! TRIAGE_9F_POWER. There is also a blocked Interrup Request Package, namely the IRP command. This IRP command can cause a blue screen. In this context, we enter the command! Irp together with Arg4 in the Minidump file for more information about this blocked command:! Irp ffffbd0f695e19e0

Finally, we can get detailed information:

Irp is active with 18 stacks 16 is current (= 0xffffbd0f695e1ee8) No Mdl: No System Buffer: Thread 00000000: Irp stack trace. cmd flg cl Device File Completion-Context (N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0) ] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [N / A (0), N / A (0)] 0 0 00000000 00000000 Args: 00000000 00000000 00000000 00000000> [IRP_MJ_POWER ( 16), IRP_MN_SET_POWER (2)] 0 0 ffffbd0f5fbbd060 00000000 00000000-00000000 Unable to load image SystemRoot system32 DRIVERS VX1000. sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for VX1000. sys Driver VX1000 Args: 00015600 00000000 00000005 00000003 [IRP_MJ_POWER (16), IRP_MN_SET_POWER (2)] 0 e1 ffffbd0f5ffc5c40 00000000 fffff8036259d130-ffffbd0f6152cb00 Error! (0), N / A (0)] 0 0 00000000 00000000 00000000-ffffbd0f6152cb00 Args: 00000000 00000000 00000000 00000000

Solution

Here is VX1000. sys driver catches our attention. This driver is the driver of the webcam used and this is what causes the problem. The LifeCam VX-1000 is one of Microsoft’s older webcams. The user manually installed the driver and this driver is causing the problem because it conflicts with the current 2004 version of Windows 10. The problem disappears with uninstalling the driver.

On the other hand, to get more detailed information, we enter the command! Devstack with Arg2 into WinDbg:! Devstack ffffbd0f618aa570

! Devobj! Drvobj! Devext ObjectName ffffbd0f5ffc5c40 Driver ksth Link ffffbd0f5ffc5d90 ınfomask field notes found for _OBJECT_HEAD at ffffbd0f5ffc5c10 ffffbd0f5fbbd060 Driver VX1000 ffffbd0f5fbbd1b0 ınfomask field notes found for _OBJECT_HEAD at ffffbd0f5fbbd030> ffffbd0f618aa570 Driver usbccgp ffffbd0f618aa6c0 Can not read the info offsets from nt! ObpInfoMaskToOffset! DevNode ffffbd0f61860340: DeviceInst is “USB VID_045E & PID_00F7 & MI_00 6 & 2ce57e50 & 0 & 0000” ServiceName is “VX1000”

This gives us the Hardware ID of the device directly causing the problem.


Like it? Share with your friends!

343
130 shares, 343 points

What's Your Reaction?

hate hate
613
hate
confused confused
122
confused
fail fail
981
fail
fun fun
858
fun
geeky geeky
736
geeky
love love
368
love
lol lol
490
lol
omg omg
122
omg
win win
981
win

0 Comments

Your email address will not be published. Required fields are marked *