Monday 7 October 2013

Debugging Stop 0x24 - SPTD.sys and Filter Drivers

STPD.sys is a driver which is part of Daemon Tools and the Alcohol products, this driver is well-known to cause problems and should be removed. In this example, I wanted to demonstrate the usefulness of searching Windows Driver API documentation and look at the types of drivers which are known to cause Stop 0x24 bugchecks.

The second parameter usually refers to the exception record and the third parameter usually refers to the context record, you can use the .exr and .cxr debugger commands to gain information from these parameters.

We can see that the instruction which caused the access violation was nt!FsRtlLookupPerFileObjectContext which is documented within the Windows Driver API.


FsRtlLookupPerFileObjectContext, is used by filter drivers to receive the context of a previous file object; a file object can refer to an actual file or physical hard disk. The IRQL level is fine here, so no functions were being called at the incorrect IRQL level.

From another bugcheck, it was revealed that SPTD.sys was causing problems, and then was removed, this has ended the Stop 0x24 bugchecks, although, the overall issue still continues and seems to be related to drivers.

Programs which interact with the file system drivers and the storage stack (especially anti-virus programs) tend to be the cause for Stop 0x24 related bugchecks.

Full Thread is here -

No comments:

Post a Comment