Avast 5.0.545 aswSP.SYS Driver Verifier Violations

My system is XP Pro SP3. I have been getting occasional bugchecks that aren’t reliably traceable to any certain driver. Because of this I have been experimenting by turning on Driver Verifier for certain drivers. I recently enabled it for aswSP.SYS and received the following:


DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000003c, ObReferenceObjectByHandle is being called with a bad handle.
Arg2: 00000098, bad handle passed in,
Arg3: 00000000, object type,
Arg4: 00000000, 0.

Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

BUGCHECK_STR:  0xc4_3c
DEFAULT_BUCKET_ID:  DRIVER_FAULT
PROCESS_NAME:  nvsvc32.exe
LAST_CONTROL_TRANSFER:  from 8064ee64 to 804f8cc5

STACK_TEXT:
aeacfd00 8064ee64 000000c4 0000003c 00000098 nt!KeBugCheckEx+0x1b
aeacfd20 a6360d70 00000098 00000000 00000000 nt!VerifierReferenceObjectByHandle+0x6c
WARNING: Stack unwind information not available. Following frames may be wrong.
aeacfd48 a6362c88 00000098 0071fcd4 aeacfd64 aswSP+0x6d70
aeacfd58 8053d658 00000098 0071fcd4 7c90e514 aswSP+0x8c88
aeacfd58 7c90e514 00000098 0071fcd4 7c90e514 nt!KiFastCallEntry+0xf8
0071fcd4 00000000 00000000 00000000 00000000 0x7c90e514

STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSP+6d70
a6360d70 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  2
SYMBOL_NAME:  aswSP+6d70
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME:  aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  4be328e2
FAILURE_BUCKET_ID:  0xc4_3c_VRF_aswSP+6d70
BUCKET_ID:  0xc4_3c_VRF_aswSP+6d70

I can see the process name nvsvc32.exe (NVIDIA Driver Helper Service, Version 195.62) mentioned in this particular dump but I have other dumps with different process names listed (drwtsn32.exe, wmiprvse.exe). I like your product and if I can help you stabilize it by uploading any of these crash dumps I would be happy to do so. I have 3 kernel dumps and 2 mini dumps for aswSP+6d70, and 2 kernel dumps and 1 minidump for aswSP+8ad9. Are you interested in examining these dump files?

Sure, please upload the dump to ftp://ftp.avast.com/incoming (write-only access)
BTW I have seen the Verifier producing false positives from time to time, but let’s see what it’s complaining about in this case.

Thanks much,
Vlk

Ok, I’ve uploaded them. I’ll be interested to see if they are false positives.