The Case of the Crashed Phone Call


David Solomon, my coauthor for the Windows Internals books, was recently in the middle of an important VOIP call on Skype when the audio suddenly garbled. A second later the system blue screened. He called back after the reboot, but a half hour later the person on the other seemed to stop talking mid-word and the system crashed again. The conversation was essentially over anyway, and since he’d explained the first drop, Dave decided not to call back and formally end the call, but to investigate the cause of the crashes. He launched Windbg from the Debugging Tools for Windows package, selected Open Crash Dump from the File menu, and chose %Systemroot%\Memory.dmp.

He’d previously configured Windbg to use the Microsoft public symbol server by entering “srv*c:\symbols*http://msdl.microsoft.com/download/symbols” in the Windbg symbols configuration dialog, so Windbg knew how to interpret the crash dump file.  When Windbg loads a crash dump file, it automatically executes a heuristics-based analysis engine that identifies the driver or system component most likely responsible for the crash. The analysis output pointed at the NETw4v64.sys device driver:

image

When you click on the “!analyze –v” hyperlink in the output, Windbg prints out some of the data it uses in its analysis. The analysis heuristics aren’t perfect, so Dave always clicks the link to look at the additional data, specifically the stack trace at the time of the crash and possibly memory locations associated with the crash. The stack trace records the nesting of function calls on the processor from which the kernel’s crash function, KeBugCheckEx, was called. In this case the stack looked like this:

image

You read the stack from bottom to top to follow the chronology of function calls. The trace shows that some code in NETw4v64 called the kernel’s (“nt”) KeAcquireSpinLockRaiseToDpc function. NETw4v64’s stack frame doesn’t have a text function name, which is expected for drivers that aren’t part of Windows and therefore don’t have symbols on the Microsoft symbol server. The next higher frame indicates that KeAcquireSpinLockRaiseToDpc called KiPageFault, most likely not directly, but as the result of a reference to a virtual memory address that wasn’t currently resident in physical memory. KiPageFault then called KeBugCheckEx with stop code A, which the extended analysis output describes as IRQL_NOT_LESS_OR_EQUAL:

image

Dave hypothesized that the NETw4v64 driver had called the kernel with a corrupted pointer that triggered the invalid memory reference. This particular crash might have been the result of random corruption, even by another driver, so he looked in the %Systemroot%\Minidump directory for the dump file for the first crash. On Windows Vista, the operating system he was running, the system always saves a kernel-memory dump to %Systemroot%\Memory.dmp, overwriting the previous dump, and archives an abbreviated form of the dump, called a minidump, to %Systemroot%\Minidump. He followed the same steps for the second dump and the analysis engine reported the exact same cause for the crash, down to the same corrupted memory pointer value.

Without performing a meticulous manual analysis of a dump, you can’t be certain that the driver the heuristics point at is the culprit, but the first rule of crash mitigation is to make sure you have the latest versions of any implicated drivers. Sometimes Windows Update has optional updates that don’t apply automatically, so Dave went to the %Systemroot%\System32\drivers directory to investigate the NETw4v64.sys file for clues as to what device it was for. The file properties dialog showed that it was version 11.5 of the “Intel Wireless WiFi Link Driver”:

image

Armed with the knowledge that it was an Intel wireless network driver, he opened Device Manager, expanded the Network Adapters node and found a device with a similar name:

image 

He right-clicked and chose “Update Driver Software…” from the context menu to launch the driver update wizard, and told it to check Windows Update for a newer version. Unfortunately, it reported that he had the most current version installed:

image

Sometimes OEMs have drivers posted on their Web sites that they haven’t yet been made available to Windows Update, so Dave next went to Dell, the brand of his laptop, to check the version there. Again, the version he found posted was actually older than the one he had:

image

OEMs often get hardware vendors to create custom versions of hardware tuned for specific cost, power, capability or size requirements. The original hardware vendor will therefore not post drivers for an OEM-only device or post drivers that are generic and might not take advantage of OEM-specific features.  It’s always worth checking, though, so Dave went to Intel’s site. To his chagrin, not only was there a newer version that installed and worked as expected, but the Intel driver was version 12.1, a major release number higher than the one Dell was hosting:

image

Intel also conveniently offered the driver in a “Drivers-Only” download that was a mere 7MB, one tenth the size of the package on Dell’s site that also includes value-add management software. 

Dave couldn’t conclusively close the case because he couldn’t be sure that the Intel driver was the actual cause of the crashes, but the crashes haven’t reoccurred. Even if the Intel driver wasn’t the root cause, Dave was happy that he picked up a newer version that most likely had performance, reliability and maybe even power-management improvements. The case is a great example of simple dump analysis and the lesson that Windows Update and even an OEM’s site might not have the most up-to-date drivers. Hopefully, Dell will start leveraging Windows Update to provide its customers the latest drivers.


Comments (52)

  1. @barrkel

    In fact, this device was customized for Dell and has a Dell-specific hardware ID.

  2. J Schlackman says:

    Imagine my glee when I began reading this and quickly found that not only had I seen the same problem, but I had already used exactly the same method to solve it (as learned following previous posts on your blog). Thanks!

    We have a large number of machines in our organisation using this Intel wireless card and that v11.5.0.32 driver caused this (and other) problems quite frequently. We’ve been upgrading problematic machines to the v12 driver since early December and so far have not experienced any problems with the newer version.

  3. @bw

    I have the same laptop and went through the same upgrade process. You get directed to the same driver for both devices.

  4. Anonymous says:

    Nitpick: you said that "OEMs often get hardware vendors to create custom versions of hardware". This is almost never true; not only would the economies of scale weigh against this, but versions of the hardware different enough to require custom drivers means that the OEM needs to fork the driver source, and take on the task of maintaining it, and merging upstream fixes from the hardware vendor.

    All the usual problems of forking apply (e.g. it’s almost always the wrong idea to fork an open source project, you can find all the good reasons out there), but they apply *triply* to an OEM: not only is the OEM not an expert in the specifics of the hardware, they are usually not experts in creating software either. They’re odds-on to do a third-rate job.

    Moral of the story: wherever possible, go back to the chipset manufacturer to get reference drivers for all your hardware, even in a new PC / laptop.

  5. Matt Crow says:

    And what issues does the latest driver cause ?  Give it a week or two and you will find out !

  6. Jon says:

    Nice work on Dave’s part…Dell’s never really been all that open to providing driver updates, sadly.

  7. Dave says:

    Nice writeup Mark. I always enjoy your posts and this one was informative as ever.

  8. Bluvg says:

    They seem to be very behind in updating their drivers for some systems.  The Intel integrated graphics drivers for their OptiPlex 745 series are *several* revisions behind.  I’ve sat on the phone with their tech support for many hours (over several calls) talking about the easily-reproducible problems with the version listed on their website (from February 2007–almost two *years* old!), but it’s like talking to a wall–no one wants escalate the issue or even register it in their system because "no one else has reported this issue."  Nice conundrum there, huh–they didn’t register my problem in their tracking system because "it’s the first time anyone reported this issue."  So how on earth will it ever get registered?  Someone has to be the first.

    It would be one thing if the situation were like in this article–where you could simply go to Intel’s website and download the updated driver, then install it.  I downloaded the Intel driver, but it performs a check on install and fails when it detects that it’s a Dell system.  The Windows Update driver (also updated several revisions beyond what Dell lists on their website) applies without a problem–but this can only be done manually.  Security patches and other items can be applied automatically, but driver updates require manual intervention through Windows Update.  It would be nice if you could go to the Windows Update catalog and download the driver and apply it manually or script the install, but that’s not possible with the Intel driver… or at least not any way that I can tell (and I’ve tried many, many different ways).

  9. Joel Peterson says:

    I avoid using Windows Update or OEM drivers for this reason. Driver direct from the manufacturer are always more stable, contain the latest features, and are minimalistic. INF and binaries only, please.

  10. Karellen says:

    So, uh, what’s the difference between a "driver" and a "drivers-only driver"?!? According to Wikipedia, there doesn’t appear to be any special meaning of the word "driver" for Windows that would explain this. (unlike, e.g. "virtual memory")

    And how can even a "drivers-only driver", presumably compressed for downloading, still be 7MB in size?!? What might be in it to make it so big?

  11. Jon says:

    I have a similar problem, in that my Dell-supplied ATI graphics driver is somehow causing the Sysinternals tool procmon.exe to hang the machine. No resolution as yet.

    http://forum.sysinternals.com/forum_posts.asp?TID=15782

  12. Brant Gurganus says:

    To answer Karellen, most consumer focused are what are more accurately called driver packages. They include the driver, an installer, and usually supplemental software.

    As an aside, Windows Update will even want to downgrade drivers sometimes. This is the current situation with the nVidia graphics drivers. The latest ones on nVidia’s site are bigger by version number and are WHQL signed. To my knowledge, this means it *should* show up as newer according to the Windows Driver selection rules as I understand them.

    There is a similar issue with the JMicron SATA controller driver. The Device IDs in its INF file aren’t specific enough so left to the driver installation rules, Windows will install it to handle the JMicron PATA controller because the Device ID is more specific than the generic Windows one. I can’t seem to convince JMicron of this issue though.

  13. Tong Shen says:

    This is another excellent example of what Mark and David has taught us before.  I used the same technique yesterday to have narrowed down a problem and updated the Nvidia SATA performance driver on my home computer.

    When I was browsing photos from our holiday vacation using "Windows Live Photo Gallery", the machine froze.  After waited for a few minutes, I used the "Right Ctrl-Scroll Lock-Scroll Lock" keyboard combination to manually cause the system to crash (a technique also learned from Mark).

    After reboot, I loaded up the dump file in WinDbg.  Obvious, the call stack shows that the keyboard driver caused the crash.  So I used "!thread" command to see what kernel threads were running at the time.  Nothing looked suspicious.  I typed in "~0" to switch to CPU 0 and "!thread" again to see what are running there.  "nvstor32" was the one among other "NT" threads.  I looked up the information of nvstor32.sys, it is Nvidia nForce Sata performance driver.  The version number is 5.10.2600.0995.  Similarly, driver update from Device Manager and Windows Update doesn’t find new drivers.  Asus website doesn’t have updated driver either for the Nvidia chipsets on its motherboards.  Actually, this is not the first time this problem occurred to me.  But this time I went further by looking for the nForce driver from Nvidia website.  I found  a newly released set of Vista drivers for the nForce/GeForce chipset.  The new nvstor32.sys version is 10.3.0.42, a super major release version number change.

    I installed the new driver pack and it works smoothly so far.  Now I keep my fingers crossed to see if the problem will ever happen again.

  14. Phileosophos says:

    The real story lesson here, as far as I’m concerned, is how pathetic operating systems remain in the year 2009. Despite all the claims that Windows makes it easy for people to use computers, diagnosing/fixing such common, everyday crashes still requires firing up a debugger, wading through dump files, and scouring multiple web sites for driver updates–all things that the average user is not likely qualified to do.

    I wonder: does it ever occur to Microsoft that maybe, just maybe, requiring this level of nitty gritty to surmount even the most basic issues isn’t such a great idea? I’ve been developing software for roughly thirty years–Windows for nearly twenty of that–and frankly I’m scared to death every time I have to update a driver or install a patch because I know just how much potential pain and suffering I’m bringing down on my head.

    Do you suppose Windows (or any other OS for that matter) will ever truly be usable by the average Joe?

  15. Zian Choy says:

    @Phileosophos

    In the vast majority of the cases, having the drivers regularly get updated would solve the problem. Thus, users have Windows Update in Vista which does exactly that.

    Add that with Secunia PSI’s software monitoring and it’s not too hard to make sure one always has the latest version of all software and drivers.

  16. TraumaPony says:

    "one tenth the size of the package on Dell’s site that also includes value-add management software"

    By ‘value-add management software’, I would have said "buggy bloatware that is better off being uninstalled".

  17. Ovidiu says:

    I suspect it was the Intel driver after all. I have a Lenovo T61 with the same wireless hardware, and during the first few months I had 3 bug checks (mine happened during resume from sleep).

    For all 3 crash dumps, !analyze pointed to the same Intel driver, and it’s been more than a year since I updated the suspected driver and haven’t had a crash. Coincidence? Methinks not.

  18. Craig Butters says:

    This isn’t the first time I’ve heard/seen newer drivers available on the Intel site than those advertised on the vendors/Windows Update site.  

    I had a similar problem with an Intel network driver booting to download an Altiris image – downloading the network driver from the vendor failed everytime, yet only when I ventured to the Intel site did I find a newer driver that worked right out of the box.

  19. nathan_works says:

    Glad this was a readily apparent driver update issue.. When I wrote drivers, and a customer reported a problem, we’d usually get the hardware they were running on as well.. I learned the hard way to always update the other drivers on the machine before trying to debug our driver.. Learned the hard way meant I spent 20 days tracking down a corrupted IRP in our code with no luck. Another driver was re-using the IRP after releasing it, causing the corruption. Hard to track that stuff down..

  20. usasma says:

    The method works well as described, but I save myself time by visiting the device manufacturer’s website first.

    On occasion I’ve found that the value-added stuff will cause issues with the driver/system.  Going directly to the folks who designed the device is usually the best option.

    There are exceptions to this, but they are rare in my experience (and mostly involve the desire to retain one of the value-added features).

  21. benjamin says:

    If there are any hardware vendors out there, please please *PLEASE* listen to my suggestions, okay? Doing so would make me a customer for life and they’re really simple things that wouldn’t take much effort:

    1) A Microsoft-heavy one: get your drivers WHQL certified, publish driver updates on Windows Update and take part in the crash reporting process. Crash reporting is free bug testing, why not take advantage of it? I used to only buy hardware that was WHQL-certified out of principal; now that all of my systems are 64-bit it’s required.

    2) Offer every driver as an installer for newbies and as a zipped up archive containing only the .inf and the drivers. Worse yet are companies that make funky installers that prevent you from doing even that. I’ll never buy another Ralink-based product[*] because their wireless drivers are in an installer that doesn’t support being decompressed. If I can’t grab the driver and integrate/slipstream it, your hardware is worthless to me. Cut that out.

    [*]: I recently found that a newer version of their RA61 allows you do either do a ‘full’ or ‘driver only’ install, which is an improvement, but they still don’t support decompressing the executable, plus you need to download a 30MB installer just to get a 200KB .inf and .sys file. You hurt me once, Ralink, never again.

  22. frymaster says:

    @Phileosophos:

    Nothing you say is actually _wrong_, but what exactly do you propose?  An OS is always going to be at the mercy of the driver software, and even the relatively modest driver signing requirements in vista64 have met with widespread moans

    microsoft can’t force manufacturers to write watertight code (though driver verification helps), they can’t force manufacturers to put the latest drivers onto windows update, and they can’t force users to only use a short list of ms-approved hardware.  And nor should they.

    the more flexibility people have in terms of software, hardware, and drivers, the more chance there is of something going wrong

  23. Jason Swift England (UK) says:

    …yeah, but are you going to give Dave Solomon a signed copy your new book for submitting this crash dump analysis?!!!  Sorry, I couldn’t resist!  Many thanks again for a very useful blog.  P.S.: Where do I send my own successful troubleshooting analysis files to?!

  24. Grof Luigi says:

    The "value-add management software" term struck me. Wow. Must have thought long and hard to coin a term which will not offend anyone. 🙂

    GL

  25. Nicholas says:

    I use SysPrep and imaging software to create hardware-independent hard drive images for the lab computers at the college where I work, so I’ve had a lot of experience with drivers. I echo the commenters who’ve written that OEM drivers are usually well out of date, and Windows Update tends to be even further behind. Whenever a new model comes in, I do the following to ensure the current image will work with it:

    – Go to the OEM (Dell or Lenovo for my college) and use the serial or part number to see and write down all the posted OEM drivers (e.g., ATI Radeon X400 graphics driver A02; Broadcom Ethernet 5711 driver A04; etc., etc.)

    – Download only the BIOS and audio driver from the OEM (because the integrated audio usually comes from a company that doesn’t post their own drivers).

    – Go to the individual web sites and download the latest .zip version of each driver. If only an .exe is provided, usually the manufacturers are nice enough to unpack the entire driver into a folder you can specify, or at least temporarily unpack it all in the Temp directory, where you can grab a copy of it. Within the uncompressed folder is usually a folder with only the minimum files needed to install the driver (the folder always has at least one .inf and a .cat file).

    – Throw all these minimal drivers into a single folder, copy that into the sysprep folder on my generic image, reimage the computer and see if it installs on the new computer with all drivers correct in the Device Manager (which it does 95% of the time). If they’re OK, I then throw the contents of this single folder into the general drivers folder that ultimately goes on the hardware-independent image.

    This method guarantees a) the newest, most bug-free drivers and b) only the drivers, and not the accompanying "value-added" management software that usually simply slows down the computer and distracts or gets in the way of users.

    I think the manufacturers have the best driver because they have the incentive; you can really see this with ATI and nVidia. They have to keep tweaking their drivers to fix small bugs and get maximum performance from their products. Dell and Lenovo only care if the products crash or there are major complaints, so they’ll stop updating with the first really stable release. I’m sure someone has to pay Microsoft to post drivers on Windows Update, and if they aren’t automatically installed, the vast majority of users will never know they’re there. So what’s the point?

    As to the issue of manufacturers creating OEM-branded versions of hardware (like this wireless card), there doesn’t seem to be any functional difference in the actual hardware or software, only in the PnP number and in advertising.

    The only exception seems to be discrete laptop graphics cards; ATI and nVidia specifically don’t post these drivers and point you to the OEM, which may indicate some differences (perhaps because of the architecture of each laptop?). However, even then I’ve found that the the manufacturer’s desktop graphics driver will work with a little haranguing.

    Anyway, the moral is: if you want a working computer, always get the drivers from the manufacturer.

  26. Aaron Tiensivu says:

    I would bet his issues are gone. The 11.x series from Intel were well known for blue screen errors unfortunately. I always try to go to the maker of the device/chipset to get reference drivers. Unfortunately, OEMs are notorious for lagging behind. I’m happy NVidia are finally offering mobile graphics drivers without resorting to .inf hacks. I’m glad Intel does the same.

  27. bw says:

    According to the article the Wireless card was an Intel 4965AGN but Dave downloaded a driver for 3945AGN which is a different card! I hope it worked for him.

  28. Michael Grier [MSFT] says:

    Another diagnosis technique to use here is to turn on the driver verifier (windows+r, %systemroot%system32verifier.exe).  Turn on verifier first for any devices where you suspect that the updates are not available via Windows Update, reboot.  Make sure that crash dumps are enabled.

    This won’t fix your problem but can help find and attribute problems (e.g. the improperly reused IRPs mentioned above) more quickly.  Nothing’s going to help find a random memory corrupter but at least this helps with the majority of the common driver defects authored.

  29. david bartlett says:

    Excellent! i very much enjoy reading your blog.

    Also i watched one of your videos the other day

    and i was enthralled. (i didn’t fall asleep)

    amazing. Very clear,logical and well presented

    and easy to understand. Hopefully you’ll maintain your clear style and not get too bogged down in MicroSpeak (TM) now you have joined the Big Baddys.

    I’ve got so interested in troubleshooting now

    i downloaded MS debugging tools and now just to

    get XP to crash!

    MS gets a lot of bad press, but i am very very pleased with my windows XP (sp3), i throw a lot

    of (questionable) software at it and it handles

    most everything! brilliant!

    And what a gaming system! roll on windows 7

  30. Jason says:

    BLEH! The Intel 3945ABG wifi card is ok but the software for it is junk. Using a profile with LEAP encryption and NTLM authentication, change your AD password and see if it picks it up. Chances are slim…

  31. Chima says:

    Not many Windows users have the technical know how to perform the diagnostic steps that Mark and David have been performing using their excellent sysinternals tools.

    Now that Mark works for Microsoft maybe he can convince the company to build basic diagnostic facilities (that work!) into Windows.

    I am going to reimage my vista-based HP Pavilion because over an eight month time period, my machine has gotten a lot slower and my applications have been crashing a lot more often. This is an Intel 3ghz quad core computer that now operates slower than my previous 2Ghz AMD Athlon 64.

    I have some ideas for a diagnostic utility to help with what some now call "Windows Rot" – the condition where a Windows PC grows slower and more unreliable as time passes and applications are installed/uninstalled.

    During my "Windows Rot" investigations I’ve always wanted to know a few key things:

    1. What process/service/dll, right now is hogging the hard disk? What files is it reading/writing to? What is the I/O rate? What is the I/O pattern (random read/write versus sequential scanning)

    2. How much of my current disk I/O is due to paging as opposed to normal file I/O? How much paging is really going on? Why?

    3. What processes/files/threads/dlls are frequently active when my disk performance goes down the drain?

    4. What processes/files/threads/dlls are frequently active when my virtual memory performance goes down the drain?

    A Windows Rot detector ™ would sit as a driver/service combo and monitor performance of memory, disk and primary network stack. It would sample these every so often and record who/what is going on. When a degradation is detected too many times in a short period, it snapshots the activity of all the threads in all running processes and drivers and attempt to determine which one(s) are responsible.  

    It can then produce a user alert informing them that their computer’s stability and/or performance is being degraded by <insert-guilty-party-here>

    If a particular dll or method in a dll is always found on the stack when degradation occurs and this occurs across processes, then it can narrow the problem down to that dll/component. If only one specific process is involved with that dll during degradations then it can say that it may be a compatibility problem between the app and that dll/component.

    Same thing with drivers.

    I think that PC’s, like cars, should have obvious gauges of system performance and health. For most Windows Rot problems have had to do with the hard disk (creeping or outright failure, anti-virus and file scanning applications including system restore and NTFS which becomes extremely slow once you use up more than 50% of your disk space), Shell extensions, drivers that periodically micro-hang the system, virtual memory abuse (leaks. Adobe Lightroom can you hear me?) and then the run of the mill viruses, trojans and badly written installers/uninstallers.

  32. Dave Ashton says:

    In what world is a 75Mb wireless card driver acceptable?  300K of code and 74Mb+ of crap.

  33. Mike Foley says:

    Nice to see Dave’s skills in VMS crash analysis haven’t gone to waste. 🙂

    mike

    (who worked in the VMS group with Dave many years ago and took one of his first NT Internals courses!)

  34. Paul D says:

    Great post Mark+Dave! To Dave who’s a Windows internals subject matter expert, the problem is clearly caused by Intel WiFi drivers. To the average user experiencing the same problem, the cause is "darn Windows Vista". Microsoft really need to bring the hammer down on OEM’s and hardware manufacturers who don’t put their latest stable drivers on Windows Update.

  35. John says:

    Been building custom machines for a long, long time.  On a clean machine build (includes new builds, rebuilds of existing hardware and resurrection of older hardware) I always go to several places to get the most current hardware drivers:

    1.  OEMs of motherboard, graphics card, and peripheral cards.

    2.  OEMs of chipsets used on the motherboard, graphics and peripherals.

    I don’t use "brand" name desktop machines, just laptops and do the same with them, plus obtain laptop OEM drivers if I wipe the laptop for a clean installation.  I’ve noticed in the past that the issue of outdated hardware drivers isn’t just Dell, all the major brands including HP and Gateway also suffer this problem.  In addition, once a motherboard, graphics card or peripheral card is out of production, many motherboard (and graphics and peripheral) OEMs stop updating chipset drivers for them very shortly thereafter.  The chipset OEM’s drivers are usually the newest and the best, but not always.  It’s why I go after them all and sometimes evaluate board OEM versus chipset OEM.

  36. Alex Railean says:

    Hi Mark,

    I have two questions.

    Why is there a "#2" at the end of the name of the network adapters on the examined system? I know that it means that there is another device with the same name, so the new one is indexed; but in practice there is no "#1" device – we can see that on the screenshot. Is there an explanation?

    Some time ago I wrote two guides that explain how to troubleshoot blue-screens; one of them  is focused on the Autoruns tool; the other explains what minidumps, how to interpret them, and what to do with the information shown on the blue screen.

    The guides are high-level ones, they target people with no programming skills; some of my friends have successfully solved their problems after reading those articles (which I wrote after reading guides written by you).

    So far there are two of them: http://www.lazybit.com/index.php/2007/12/14/windows_blue_screen_troubleshooting_tips?blog=2

    Can these be "traded" for an autographed book?

  37. Craig B says:

    Thanks for the lesson and I’m glad it got resolved.  I have found though that many times on Dell related equipment the manufacturer driver (such as Intel in this case) causes other problems with Dell.  I have also found Dell is extremly slow in releasing updated drivers, a year plus after the manufacturer release.

    In a future "Case of…" article could you go over how to figure out what files are being used in a virus.  I had a computer with Anti-Virus 2009 on it and I managed to find and get rid of some of it but somehow it kept coming back, until we reimaged the system.

  38. Adam Fazio says:

    This the quintessential example of the advantage of Apple’s model vs. MS. The vast majority of people will not go to Windows Update, the EOM’s site, or the hardware manufacturer to check for drivers. The vast majority don’t even really know what a driver is, nor should they. What they will do is continue to blue-screen and tell all their friends, family and strangers in the supermarket checkout line how crappy Windows is. And, in this day & age, they would have a pretty good reason to be fed up. This problem should be solved by now.

    Can’t we find a way to get the latest drivers on WU and ultimately onto the 1+ billion PCs out there? It’s time.

  39. David says:

    Nothing to do with the crashed phone call, but

    i just read some free chapters from your excellent windows internals book.

    On an idle system there should be no registy

    polling…so i ran procmon..guess what?

    That systray network connection icon is STILL

    polling the DHCP stuff in the registry

    (windows xp sp3).

    — you complained about this back in APR 2005!

    i guess nobody was listening (or maybe there

    just is no other way?)

    I know i can stop it being displayed, but its handy.

  40. NonW00t says:

    "The case is a great example of simple dump analysis" — Too bad the average user would be forever frustrated in the dark about such a case. LOL

  41. Yuhong Bao says:

    "Not many Windows users have the technical know how to perform the diagnostic steps that Mark and David have been performing using their excellent sysinternals tools."

    And Debugging Tools for Windows as well.

    Yep, that is why there is Online Crash Analysis (OCA). It works by mapping a OCA bucket to a resolution, which can be a driver update, which the vendor must provide.

  42. Volk1234 says:

    So in this case i advise to turn off WiFi adapter if it don’t use temporally.

    I always use on client’s computers 5 steps:

    1. Run HelpCtr.exe (system info)

    2. Find PNP ID of devise needed drivers

    3. Use Google to find some like: ‘VEN_1012&DEV_1982’

    4. Go to website of vendor.

    5. Download latest driver.

  43. Nick Mullins says:

    "In what world is a 75Mb wireless card driver acceptable?  300K of code and 74Mb+ of crap.

    Thursday, January 08, 2009 6:04 PM by Dave Ashton "

    AMEN to that!

  44. Yuhong Bao says:

    " 300K of code and 74Mb+ of crap."

    Not all of the rest is crap, though some of it may be crap

    "now that all of my systems are 64-bit it’s required."

    Signing a driver so it will load on 64-bit Vista do not require WHQL certification.

  45. Mike Devonport says:

    Just so happens my otherwise stable XP Dell X1 system (which hasn’t BSOD for as long as I can remember) crashed last night using Skype in just the same way.

    The only problems I’ve ever had with it have been tracked down to the wireless drivers in the past.  Its a very good bet that is the cause and shall also be updating the drivers today.

    Thanks, excellent article.

  46. mrnathan says:

    I don’t think "chagrin" means what the article’s author thinks it means.

  47. aaron says:

    mrnathan,

    That sentence makes perfect sense.  He’s annoyed that Dell didn’t have the newest Intel drivers by a whole major revision.

    Maybe he should have been relieved or happy he found a solution, but he was annoyed he found Dell was so far out of date.

  48. tom says:

    My knowledge of drivers and their permissions is apparently out of date. I thought in NT 4, all drivers still ran in user-mode and only the video driver was moved to ring 0 to improve system performance.

    Why is the Intel non-video driver able to bluescreen the system?

    In fact, since it did something clearly illegal, the OS should theoretically be able to recognize that and kill+restart the driver for you automatically. Instead of a bluescreen you’d get a glitch in your call.

    Microsoft may catch a lot of crap for code it didn’t write, but that doesn’t mean the crap is undeserved.

  49. JWN says:

    "Hopefully, Dell will start leveraging Windows Update to provide its customers the latest drivers."

    What is the point of this last sentence? The previous sentence stated that even Windows Update did not have the latest driver from Intel. What does it matter if Dell uses WU to deliver drivers, if the device manufacturer doesn’t use WU themselves?

  50. Inigo Montoya says:

    I don’t think Aaron knows what "chagrin" means either.  Perhaps he should try using a dictionary.

    (You killed my language; prepare to die)

  51. Spirit of 76 says:

    Having worked as a validation engineer for one of the largest hardware vendors, I can tell you the issue is with the respective OEM.  As part of the offical QA and release process, we provided all of our major OEM copies of the beta and RC code for evaluation.  In many instances, code was witheld from being designated ‘GA’ because of changes an OEM wanted.  

    To eliminate having to produce multiple versions of drivers, most vendors work from a single code set but have switches that tweak the install for one OEM’s hardware or another.  A good example is HP verse Dell.

    As for what is available on the OEM website is dependant on a lot of factors, including the company’s policy on postsale support.  This, policy, in of itself, is the most likely reason why you will see some OEM’s websites having more current drivers then others.  Also, many companies support their business products in a totally different maner than their consumer products – so this is a differentiator as well.  

    Bottom line, is is always best to go to the hardware/software vendors support site for the most current.  But as always, make sure that you have a good, current backup of your system before applying the update – just in case.