Jump to content

Archived

This topic is now archived and is closed to further replies.

Recommended Posts

Share this post


Link to post
Share on other sites

Hello @Chinese users,

thank you for providing us with the complete dump.

I used another unpacker to extract the dump and it seems O.K., that's weird.

I will pass the dump to be checked as I'm unable to analyze it to be able to find the root cause.

Can you please provide us a new dump to have a look?

Regards. P.R.

Share this post


Link to post
Share on other sites
23 minutes ago, Peter Randziak said:

Hello @Chinese users,

thank you for providing us with the complete dump, but it seems it is corrupt so I'm not able to analyze it.

"Missing image name, possible paged-out or corrupt data.
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete"

...

"***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )"

 

Can you please provide us a new dump to have a look?

Regards. P.R.

I can see the crashed file in windbg, dump is generated from Windows 10 1809 system. Need to use the latest Windows 10 SDK analysis, I will provide new dump and reply later.
The following picture shows me using the latest version of WinDbg to open the dump display provided by my post.

1972654638_TIM20190205181804.thumb.png.62672f40ef3c69403b02e1ff59ac7b13.png

The latest version of Windows 10 SDK download address:

https://developer.microsoft.com/zh-cn/windows/downloads/windows-10-sdk

Share this post


Link to post
Share on other sites

Hello @Chinese users,

sorry for the confusion, I edited my post as the issue seemed to be caused by incorrect memory dump extraction.

I will let you know, once I receive more info from the devs.

Regards, P.R.

tracking note for us: P_ESSW-7768

Share this post


Link to post
Share on other sites
26 minutes ago, Peter Randziak said:

Hello @Chinese users,

sorry for the confusion, I edited my post as the issue seemed to be caused by incorrect memory dump extraction.

I will let you know, once I receive more info from the devs.

Regards, P.R.

tracking note for us: P_ESSW-7768

Thank you. This is the new dump file.My computer blue screen is definitely related to eset, because some software that opens Microsoft Store under ESET boot protection will be blue screen. Other anti-virus software has no problem.

 

https://c-t.work/s/8646a7c9321e44

Share this post


Link to post
Share on other sites

As far as the eelam.sys driver goes, it is Eset's version of the Win 10 early launch anti-malware driver. It loads very early in the boot process; right after all kernel mode device drivers have been loaded. The sole purpose of the early launch anti-malware driver is to load the anti-malware kernel process; i.e. ekrn.exe, prior to the loading of any app based drivers. Once the anti-malware kernel process is loaded, the early launch anti-malware driver terminates and unloads itself from memory. Once the desktop appears indicating that Windows has successfully started, there should be no trace of eelam.sys in the allocated memory for ntoskrnl.exe.

Share this post


Link to post
Share on other sites

Hello @Chinese users

the devs analyzed the dump and the conclusion is that version 12.1.23.0 should address this as it has PreCreate part refactored.

This version is so far available for ESET Insiders only, if you are being interested in participation and early access, please send me a private message with a reference to this topic.

Regards, P.R.

Share this post


Link to post
Share on other sites
15 hours ago, Peter Randziak said:

Hello @Chinese users

the devs analyzed the dump and the conclusion is that version 12.1.23.0 should address this as it has PreCreate part refactored.

This version is so far available for ESET Insiders only, if you are being interested in participation and early access, please send me a private message with a reference to this topic.

Regards, P.R.

Thank you. I need a beta version. I've already sent you a private letter.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...