I think , it’s another time for company to fixed aswTdi.sys !!!

Version 4.6.739
December 3, 2005
added a workaround to a small bug in NetBios (might have even caused blue screens in aswTdi.sys)

Version 4.6.665
May 22, 2005
fixed a minor problem in aswTdi.sys (that could theoretically lead even to the “BSOD”)

Version 4.5.549
December 2, 2004
fixed rare crashes in aswTdi.sys

Below, there’s my minidump signal debug by windbg ! maybe it is usable for your fixing~

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini120608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRVDownstreamStorehttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.080814-1242
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Dec 6 14:27:12.921 2008 (GMT+8)
System Uptime: 0 days 3:02:54.623
Loading Kernel Symbols
…
Loading User Symbols
Loading unloaded module list
…

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, aa2f9438, a8a747f4, 0}

*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
Probably caused by : aswTdi.SYS ( aswTdi+449 )

Followup: MachineOwner

1: kd> !analyze -v

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - “0x%08lx”

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605 test byte ptr [eax+6],5

TRAP_FRAME: a8a747f4 – (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605 test byte ptr [eax+6],5 ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: Thunder5.exe

LAST_CONTROL_TRANSFER: from aa2fc0c0 to aa2f9438

STACK_TEXT:
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94

STACK_COMMAND: kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ?? ???

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: aswTdi+449

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME: aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 492d8475

FAILURE_BUCKET_ID: 0x8E_aswTdi+449

BUCKET_ID: 0x8E_aswTdi+449

Followup: MachineOwner

1: kd> !analyze -v

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aa2f9438, The address that the exception occurred at
Arg3: a8a747f4, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - “0x%08lx”

FAULTING_IP:
tcpip!TcpipBufferVirtualAddress+8
aa2f9438 f6400605 test byte ptr [eax+6],5

TRAP_FRAME: a8a747f4 – (.trap 0xffffffffa8a747f4)
ErrCode = 00000000
eax=0000005c ebx=00004a2d ecx=00000000 edx=0000001f esi=0000005c edi=00000000
eip=aa2f9438 esp=a8a74868 ebp=a8a74868 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
aa2f9438 f6400605 test byte ptr [eax+6],5 ds:0023:00000062=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: Thunder5.exe

LAST_CONTROL_TRANSFER: from aa2fc0c0 to aa2f9438

STACK_TEXT:
a8a74868 aa2fc0c0 0000005c 00000010 85db0025 tcpip!TcpipBufferVirtualAddress+0x8
a8a74888 aa2fd973 00024689 85dba07c 86624eb8 tcpip!XsumSendChain+0x44
a8a74908 aa2fd78b 865cda48 86624eb8 85ffd0c0 tcpip!UDPSend+0x3ca
a8a7492c aa2fd7f1 00a74950 85ffd008 85dba0bc tcpip!TdiSendDatagram+0xd5
a8a74964 aa2fc149 85ffd0c0 85ffd130 85ffd0c0 tcpip!UDPSendDatagram+0x4f
a8a74980 804f0199 8680b5f8 85ffd0c0 8675d890 tcpip!TCPDispatchInternalDeviceControl+0xff
a8a74990 f7760449 85ffd178 00000000 8675d860 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
a8a749f4 f77607e2 8675d860 85ffd0c0 85ffd154 aswTdi+0x449
a8a74a54 804f0199 8675d7a8 85ffd0c0 85ffd19c aswTdi+0x7e2
a8a74aa8 804f0199 867517d8 85ffd0c0 86237778 nt!IopfCallDriver+0x31
a8a74ab8 aa233787 a8a74ba8 00000008 a8a74b1c nt!IopfCallDriver+0x31
a8a74b10 aa22ab5e 80562134 023ff83c aa22ab5e afd!AfdFastDatagramSend+0x2fd
a8a74c5c 80580325 862623b8 00000001 023ff70c afd!AfdFastIoDeviceControl+0x2a7
a8a74d00 8057917e 00000200 00000bc4 00000000 nt!IopXxxControlFile+0x255
a8a74d34 805423fc 00000200 00000bc4 00000000 nt!NtDeviceIoControlFile+0x2a
a8a74d34 7c92eb94 00000200 00000bc4 00000000 nt!KiFastCallEntry+0xfc
023ff7fc 00000000 00000000 00000000 00000000 0x7c92eb94

STACK_COMMAND: kb

FOLLOWUP_IP:
aswTdi+449
f7760449 ?? ???

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: aswTdi+449

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME: aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 492d8475

FAILURE_BUCKET_ID: 0x8E_aswTdi+449

BUCKET_ID: 0x8E_aswTdi+449

Followup: MachineOwner

What version of Avast are you running?

http://C:\Documents and Settings\Administrator\桌面\未命名.jpg

Xtreme Toolkit V1.9.4.0
build:Dec2008[4.8.1296]
ActiveSkin V4.2.7.3

VPS: V081215-0

Please upload the minidump file(s) to ftp://ftp.avast.com/incoming

:-\But how can i connect the ftp service? I coppy the ftp://ftp.avast.com/incoming ftp tool, but it cann’t connect the service .

Which ftp client are you using? Or just Windows Explorer?
Remember, you won’t have reading access, just writing. You won’t ‘see’ the files there.

I’d say you copy the link and enter it in your windows explorer; then you copy the the minidump file into that folder/window…

EDIT: Tech was faster

BSOD AGAIN !!!

我要疯掉了！！！！！111

Well, the question remains - can you upload the minidump file?
What exactly happens when you connect to the FTP?

Sorry ，my computer can’t connect the FTP Service ~ so, I am upload the “.dmp” file as an enclosure below ! And I rename the “.dmp” file as “.txt” file so as to fix the " Allowed file types: txt, jpg, gif, png, log" ~

It’s not a good idea to upload them as a text format - the file is binary and gets corrupted by the text transfer.
I tried to repair them somehow… and will send them to the appropriate developer.

Thanks Igor, I will look at the dumps. Just wanted to comment, that the fact, that aswtdi.sys driver in somewhere in the callstack means only that the problem occurred during network access – since aswtdi.sys is in every network related stack.

In my WinDBG the stack looks like this:

STACK_TEXT:
f6a3eb28 aa2fc0c0 01000000 00000010 860c002e tcpip!TcpipBufferVirtualAddress+0x8
f6a3eb48 aa2fd973 00029c98 860c6300 862d2ae0 tcpip!XsumSendChain+0x44
f6a3ebc8 aa2fd78b 861e32f0 862d2ae0 862190c0 tcpip!UDPSend+0x3ca
f6a3ebec aa2fd7f1 00a3ec10 86219008 860c6340 tcpip!TdiSendDatagram+0xd5
f6a3ec24 aa2fc149 862190c0 86219130 862190c0 tcpip!UDPSendDatagram+0x4f
f6a3ec40 804f0199 8680a858 862190c0 867acfb0 tcpip!TCPDispatchInternalDeviceControl+0xff
f6a3ec50 f7760449 86219178 00000000 867acf80 nt!IopfCallDriver+0x31
f6a3ecb4 f77607e2 867acf80 862190c0 86219154 aswTdi!TDISendDatagram+0x189
f6a3ed14 804f0199 867acec8 862190c0 8621919c aswTdi!TdiSomething+0x126
f6a3ed24 aa29a7a8 864d5120 861568f8 00000000 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f6a3ed38 aa29d0e1 86754548 862190c0 867acec8 nltdi+0x7a8
f6a3ed5c aa29e573 864d5120 00000000 f6a3eda4 nltdi+0x30e1
f6a3ed70 aa29e5e8 8619f770 f6a3eda4 00000102 nltdi+0x4573
f6a3ed90 aa29e64b f6a3eda4 00000000 8674c3c8 nltdi+0x45e8
f6a3edac 805cfc9e 00000006 00000000 00000000 nltdi+0x464b
f6a3eddc 80546ebe aa29e5f8 00000006 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

Can you please provide some information about the nltdi.sys driver?

Ahhh, now I know. The Netlimiter!

First thing: does the bug reproduce with Netlimiter uninstalled?

Thank you very much for your idea to solve my problem ! you mean the problem maybe focus on the Netlimiter . ok, I’ll try it . thanks again!

Hi xiaoyv2,

could you please change the crash dump type to “kernel memory” and send us the bigger dump file that will get created when the bug re-appears? The minidump contains more or less just the stack trace and it’s hard to guess more.

Thanks a lot,
lukas.

Edit: are there any specific steps that lead to the crash? E.g. some site you might visit just before the PC crashed and displayed the BSOD? Thanks.

OK, I’ll send the bigger dump to you when the BSOD re-appears ~ And thanks for your help ~

Don’t forget to zip it first