This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 71%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
Continuation of https://learn.microsoft.com/en-us/answers/questions/844927/persistent-bsod-crashes-random-cause.html?childToView=851694#answer-851694
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000000009200f, ID of the 'NdisTimedDataHang' rule that was violated.
Arg2: fffff80675a436e0, A pointer to the string describing the violated rule condition.
Arg3: ffff9406bbd3a870, Address of internal rule state (second argument to !ruleinfo).
Arg4: ffff9406bbd3a8f0, Address of supplemental states (third argument to !ruleinfo).
The error lead to this URL:
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/ndis-ndistimeddatahang
Which leads to using the !ndiskd.nbl command, with the value of Arg2 as the parameter. This leads to:
kd> !ndiskd.nbl fffff80675a436e0
NBL fffff80675a436e0 Next NBL 6d20656854203a30
First NB 2074726f70696e69 Source 6573756150726574
Status Unknown value 0x6e6f6365
Flags [Unrecognized flags 00000020] XLATED_FROM_PACKET,
FREED_BACK_TO_NDIS, MINIPORT_1, MINIPORT_2,
PROTOCOL_000_1, PROTOCOL_002_0, PROTOCOL_010_0,
PROTOCOL_020_0, PROTOCOL_100_0, PROTOCOL_200_0,
PROTOCOL_400_0
NblFlags [Unrecognized flags 74690020] HD_SPLIT, IS_IPV4,
IS_IPV6, IS_UDP, SPLIT_AT_HEADER, SPLIT_AT_PAYLOAD
Parent NBL 72702074276e7361 ChildRefCount 206e6968
Walk the NBL chain Dump data payload [entire chain]
Show out-of-band information Display as Wireshark hex dump
Review NBL history
Search for child NBLs (best effort)
Digging deeper, I have this:
!ndiskd.nbl -handle fffff80675a436e0 -data
Invalid NET_BUFFER at 2074726f70696e69
[Next link in list is not readable; aborting the list traversal]
Further review suggests this is a network comms issue, like a bad driver? That doesn't seem to make a lot of sense, considering that the mobo has been changed, which is where the NIC resides. No separate NIC here, no Wifi.
