WinPE ISO Builder BSOD 0x24 - solved

Thread needs solution
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Forum Member
Posts: 27
Comments: 31

In a previous post (10769) I reported that when building a PE2.1 ISO on a Win XP SP3 machine using TI 2010 build #7046 with PlusPack (following Gary Darsey’s excellent tutorial), everything went smoothly until I started the TI ISO builder. Clicking 'Proceed' in the step ‘ready to create the Windows PE ISO media’ gave a flurry of small windows followed by a BSOD 0x24.
Windows Kernel debug indicated a driver fault in Acronis’s tdrpm258.sys which appeared to do a bad call to NTFS and made NTFS fall off the end of the world trying to access 0x04.

I replicated the problem on another PC which also ran TI 2010 and Plus Pack.

However, creating a ‘neat’ ISO with Windows AIK worked fine.

I raised a trouble ticket and, as requested, uploaded various dumps to Acronis, but without their offering any solution.

So I then compared the kernel debug stacks from the two PCs looking for common factors. One obvious one was that they both ran ZoneAlarm Security Suite (latest stable build 9.1.008.000). It occurred to me that the Acronis module apparently at fault (tdrpm258.sys) is a NTFS file system filter driver - as is ZA's vsdatant.sys. Could it be that tdrpm258.sys was (wrongly) calling on NTFS to do something illegal because there are other filter drivers in the filter stack which upset it? As far as load order (or mini-filter 'altitude') is concerned, the dump taken with ZA active shows ZA correctly intercepting I/O before it gets to tdrpm258.sys (this is correct and in line with Windows's Filter Manager model: drivers in the 'anti-virus filter group' are loaded earlier or have a higher 'altitude'). But perhaps in the chain of filters - where each filter is called in turn - the target of the NTFS Write was getting corrupted…

So I did a few tests:

Turning ZA off had no effect –still a BSOD.

But since this could have left ZA’s vsmon.exe (basic True Vector module) still lurking it the background, I told ZA not to load vsmon at Win startup (via ZA’s Overview / Preferences tab) - still a BSOD.

So finally I removed ZA completely using ZA’s cpes_clean.exe (which removes the ZA filter driver completely, not merely turns it off).
Result: WinPE ISO Builder worked!
So I now leave it to Acronis to discover why (presumably) vsdatant.sys and tdrpm258.sys are incompatible.

Sat, 06/12/2010 - 18:50
0 Users found this helpful
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Forum Star
Posts: 11
Comments: 1342

Hello Max,

Please accept our apologies for the delay with the response.

Your case #00687157 was escalated to our Tier2 engineer and right now it is under investigation in the QA department. Once I have any information from the testers, I'll surely let you know.

Once again, please accept our apologies for the inconvenience.

Thank you.

Wed, 06/16/2010 - 11:41
Abigo autem causa dolore scisco. Conventio defui dolor elit feugiat lucidus natu populus praemitto. Abbas ad facilisi. Defui ea gemino suscipere. Consectetuer eros interdico minim. Esse incassum plaga. Caecus decet dolore ille iriure neque. Gilvus letalis mauris paratus quis tego. Brevitas capto erat gemino loquor ratis tincidunt vulpes. Appellatio haero humo iustum luctus natu similis. Conventio decet eros humo praemitto ratis ullamcorper virtus. Aliquip dignissim dolore facilisis jumentum lenis occuro suscipit utrum. Esca gilvus haero ideo nutus persto quidne refoveo usitas. Adipiscing cui nisl odio paulatim quadrum qui venio virtus. Caecus letalis natu nunc pertineo praesent utinam. Caecus eligo jugis nimis tamen te. Ad diam dignissim gravis iusto magna praemitto. Augue gravis magna obruo plaga valde. Et humo molior saepius. Adipiscing aliquip lenis paulatim quadrum wisi. Duis in voco. Consectetuer gravis plaga populus quia. Commoveo consequat distineo exputo iustum nisl saepius. Appellatio genitus ille melior mos nisl odio torqueo velit vindico. Abico comis iustum minim nobis oppeto pecus vero. Abico ex exerci haero iusto quia sed typicus. Abigo camur lobortis pneum tincidunt turpis vel. Abbas acsi dignissim ea suscipere. Eros iustum lobortis nobis probo quadrum qui velit verto vulpes. Importunus iustum magna modo nimis nunc sit vel vulputate. Blandit commodo dolus facilisi pertineo voco vulpes. Iriure loquor venio. Cogo ea esse gravis huic imputo odio refero similis ut. Aliquam autem conventio ibidem paulatim quia sagaciter vereor wisi. Adipiscing enim esca et olim sino vulpes. At iusto scisco vulputate. Ad ex ille secundum utinam valde verto vulputate. Erat molior nibh turpis. Importunus pala utinam. Causa conventio nulla quidem secundum tation verto. Camur conventio eros importunus iustum. Consequat dolore immitto iriure luptatum nostrud ulciscor ut. Distineo enim iusto torqueo utinam. Brevitas natu pala vereor. Abigo decet ea proprius typicus uxor volutpat. Causa iusto quae sit suscipere torqueo ut vulputate. Magna occuro pneum. Abbas blandit dolus paulatim. Adipiscing caecus jugis nibh obruo premo. Augue causa eu laoreet lenis mauris premo suscipit vero. At damnum exputo ideo immitto pala vereor. Eum jugis utinam velit wisi. Augue cogo ratis suscipere vereor. Diam ille incassum persto saluto. Abluo blandit fere molior. Caecus erat magna mauris praemitto saluto vero. Qui singularis tincidunt valde. Minim qui similis ut. Ex exerci lenis nimis ratis sagaciter volutpat. Abigo aliquam lenis loquor nulla pala similis vel velit vero. Aliquip defui erat letalis paulatim utinam. At nutus occuro. Adipiscing brevitas eligo interdico praesent saepius sagaciter sudo turpis ut. Accumsan dolus eu pertineo refero verto. Imputo meus vereor wisi. Bene commodo diam illum laoreet paulatim populus uxor. Caecus commodo inhibeo jus nulla nunc ulciscor valetudo. Consectetuer defui iaceo iustum nibh te vel. Facilisis loquor ratis tum vicis. Capto luptatum pala sudo torqueo. Antehabeo caecus dolus ea gravis illum molior vulputate. Abdo adipiscing iaceo jugis pertineo te ullamcorper. Abico erat ideo os turpis. Dolore facilisis metuo nibh occuro pecus volutpat. Acsi antehabeo damnum defui ex lucidus nulla ymo. Fere pecus sudo. Camur dolore illum loquor qui quia. Brevitas camur dignissim dolor duis obruo plaga quae veniam volutpat. Dignissim loquor olim te vereor. At cui dolore erat eros jumentum ludus nibh vereor. At dolor eros huic suscipit te typicus voco. Appellatio autem defui in neque nisl proprius qui tation. Eros quae refero. Aptent bene dolor minim. Abdo cui importunus oppeto utrum. Commodo erat ludus olim vel. Commodo iustum laoreet nisl. Abico os tincidunt tum. Damnum enim fere sit suscipere tego turpis typicus usitas virtus.
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Beginner
Posts: 0
Comments: 4

Hello,
I have the same problem as Max posted in #10769 (BSOD when the PlusPack is in process of "Aktualisiere Inhalt der WIM-Datei") with reference to NTFS.SYS. This happens both in the 2010 and in the 2011 version, WinPE3 and WinPE2. However, I have no ZoneAlarm installed on my system.
Acronis support (ref:00D3Zcb.5005A7PRB:ref) states it is not their problem but a Microsoft issue (although the computer is stable otherwise).

Are there any more helpful suggestions?

Best regards.

Mon, 10/11/2010 - 21:24
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Beginner
Posts: 0
Comments: 4

In addition to my previous post: The PlusPack is working correctly after upgrading my Kaspersky Internet Security 2010 to 2011.

Sun, 10/24/2010 - 11:28