ESET Insiders Chinese users 0 Posted February 5, 2019 ESET Insiders Share Posted February 5, 2019 I'll provide a complete dump for you to analyze and reply to me. I've shut down Windows Defender. But some of the applications that open Microsoft Store will also have a blue screen. I've briefly analyzed some of the drivers and found that they include "eelam. sys". dump:hxxp://mail.qq.com/cgi-bin/ftnExs_download?k=0f32316232519cfbd87a900a4330014b09530954540701541c060255541d075006041c035c02064903500152030706560805065465393329747f7e303c1e041e310f&t=exs_ftn_download&code=121be03d eis log:hxxp://mail.qq.com/cgi-bin/ftnExs_download?k=22633638d8b472928a2b97504536074c5a06575a5600575b4e50525c561b015600561b5a0757514e575a550e01500d515601045d633a35060a1069540c51464d190a46385e&t=exs_ftn_download&code=cc68c65c Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted February 5, 2019 ESET Moderators Share Posted February 5, 2019 (edited) Hello @Chinese users, thank you for providing us with the complete dump. I used another unpacker to extract the dump and it seems O.K., that's weird. I will pass the dump to be checked as I'm unable to analyze it to be able to find the root cause. Can you please provide us a new dump to have a look? Regards. P.R. Edited February 5, 2019 by Peter Randziak correction persian-boy 1 Link to comment Share on other sites More sharing options...
ESET Insiders Chinese users 0 Posted February 5, 2019 Author ESET Insiders Share Posted February 5, 2019 23 minutes ago, Peter Randziak said: Hello @Chinese users, thank you for providing us with the complete dump, but it seems it is corrupt so I'm not able to analyze it. "Missing image name, possible paged-out or corrupt data. *** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000 Unable to add module at 00000000`00000000 WARNING: .reload failed, module list may be incomplete" ... "***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057. Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )" Can you please provide us a new dump to have a look? Regards. P.R. I can see the crashed file in windbg, dump is generated from Windows 10 1809 system. Need to use the latest Windows 10 SDK analysis, I will provide new dump and reply later. The following picture shows me using the latest version of WinDbg to open the dump display provided by my post. The latest version of Windows 10 SDK download address: https://developer.microsoft.com/zh-cn/windows/downloads/windows-10-sdk Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted February 5, 2019 ESET Moderators Share Posted February 5, 2019 Hello @Chinese users, sorry for the confusion, I edited my post as the issue seemed to be caused by incorrect memory dump extraction. I will let you know, once I receive more info from the devs. Regards, P.R. tracking note for us: P_ESSW-7768 Link to comment Share on other sites More sharing options...
ESET Insiders Chinese users 0 Posted February 5, 2019 Author ESET Insiders Share Posted February 5, 2019 26 minutes ago, Peter Randziak said: Hello @Chinese users, sorry for the confusion, I edited my post as the issue seemed to be caused by incorrect memory dump extraction. I will let you know, once I receive more info from the devs. Regards, P.R. tracking note for us: P_ESSW-7768 Thank you. This is the new dump file.My computer blue screen is definitely related to eset, because some software that opens Microsoft Store under ESET boot protection will be blue screen. Other anti-virus software has no problem. https://c-t.work/s/8646a7c9321e44 Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted February 5, 2019 ESET Moderators Share Posted February 5, 2019 O.K. thank you, I attached it to the ticket to be analyzed. Peter Link to comment Share on other sites More sharing options...
itman 1,746 Posted February 5, 2019 Share Posted February 5, 2019 As far as the eelam.sys driver goes, it is Eset's version of the Win 10 early launch anti-malware driver. It loads very early in the boot process; right after all kernel mode device drivers have been loaded. The sole purpose of the early launch anti-malware driver is to load the anti-malware kernel process; i.e. ekrn.exe, prior to the loading of any app based drivers. Once the anti-malware kernel process is loaded, the early launch anti-malware driver terminates and unloads itself from memory. Once the desktop appears indicating that Windows has successfully started, there should be no trace of eelam.sys in the allocated memory for ntoskrnl.exe. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted February 6, 2019 ESET Moderators Share Posted February 6, 2019 Hello @Chinese users, the devs analyzed the dump and the conclusion is that version 12.1.23.0 should address this as it has PreCreate part refactored. This version is so far available for ESET Insiders only, if you are being interested in participation and early access, please send me a private message with a reference to this topic. Regards, P.R. persian-boy 1 Link to comment Share on other sites More sharing options...
ESET Insiders Chinese users 0 Posted February 7, 2019 Author ESET Insiders Share Posted February 7, 2019 15 hours ago, Peter Randziak said: Hello @Chinese users, the devs analyzed the dump and the conclusion is that version 12.1.23.0 should address this as it has PreCreate part refactored. This version is so far available for ESET Insiders only, if you are being interested in participation and early access, please send me a private message with a reference to this topic. Regards, P.R. Thank you. I need a beta version. I've already sent you a private letter. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted February 7, 2019 ESET Moderators Share Posted February 7, 2019 Good, thank you for your interest, will reply you today (our time :-)) P.R. Link to comment Share on other sites More sharing options...
Recommended Posts