...the memory cannot be "written". 1

[ferndoc]

I am looking for confirmation of the origin of messages containing this phrase or the alternative: the memory cannot be "read". ANY solid information would be appreciated -- feel free to expound!

In the course of a too many hours looking, I can report that more than a little voodoo, witchcraft and melodrama surround the messages. Experimental repair and "expert opinion" includes System restore, Windows re-installation, arcane changes to boot.ini, memory replacement, malware removal and the trashing of vendors big and small. The Microsoft knowledge base cites many circumstances with fewer solutions but I could not locate a more general description.

My current speculation (I have no way to "know") is that the message origin is in DEP or Data Execution Protection where any errant program might be caught attempting to "write" or "read" in an area not within it's allocated execution boundaries. If I am correct then one should focus efforts on resolving the problem within the application cited in the message; avoiding other more tedious and irrelevant distractions which might be suggested. Some published "solutions" allow continued software misconduct with unknowable consequences.

Control panel > system > advanced (tab) > performance settings (button) > Data Execution Prevention (tab) might be the best source of bypass relief after careful perusal of all the DEP information one might Google.

Does anybody actually "know"?

 

[bcastner]

The "... origin of messages containing this phrase or the alternative: the memory cannot be "read"." is explained in the full text of the message.

Start, Run, eventvwr.msc

See if there is a pattern in the STOP errors that, as part of their error message, use the strings you noted.

If you give us the STOP codes the Forum can try to decipher their origin.

Three steps to take:

Right-click My Computer, Properties, Advanced, Startup and Recovery - Settings, and uncheck "Automaticly restart". In addition set the scrolling selector for "Write debugging information" to the kernel debugging dump.

Make the registry edit to at least 0x1002 and preferably 0x3002:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q221833

Download and install the debugging tools for XP, and the symbols library:

http://www.microsoft.com/whdc/devtools/debugging/default.mspx

.

 

[ferndoc]

Thanks for your interest!

Except that it is NOT a stop error, does not have a number, is 100% repeatable, always throws the same addresses and does not hit the error log. That's why I'm trying to be precise about the origin of the message.

In my case it is CORUPD.EXE that fails at each shutdown citing 009e100c as the unwriteable address. The message does not remain on the screen long enough for study (shutdown) but it appears to be identical in every case. Google and the Microsoft KB will reveal that many other programs suffer the same fate.

I really don't care about fixing that program. Like so many others, my first concern was the apparent failure of system board memory on my laptop. I'm now trying be certain that such is NOT the case.

Ironically, this (different) machine just experienced a first time hit of the "read" version of this message from another instance of IE6 which did produce a log entry as follows:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.2937, fault address 0x0002421a.

But the dialog box itself indicated instruction at
0x018d397e could not read
0x01b9c3e8.

I am very interested in fixing the new problem but let's not get distracted -- my question remains: who is trapping the error and posting the message?

 

[bcastner]

Click Start | Programs | CorelDRAW® Graphics Suite 12 | Corel Update. When the Corel Update window opens, select Never Check and click OK

That disables corupd.exe


Users Helping Users

 

[linney]

Does this occur in Safe Mode if it is that repeatable an error?

With fast vanishing messages that can't be caught by disabling automatic restart or fished out of the Event Viewer, you can sometime trap them with a fast finger and a digital camera.

As there is nothing in the Event Viewer, have you tried any DrWatson logs, there might be something in there.

If you want the highly technical cause of a crash look in the Documents and Settings/ All Users/ Application Data/ Microsoft/ Dr Watson/ Drwtsn32.log

Find the entry that is relevant by date and time to the crash you are investigating. The exact cause of the crash is indicated by "FAULT ->" on the left of page next to line of code causing the crash. This, if your as cluey as me, wont tell you much but you can use it to see if it is the same fault all the time, and further up the log you can find what processes and modules are running.


Getting more friendly logs from Drwatson.
thread779-947690

 

[ferndoc]

Now that was an interesting exercise!

But no joy relevant to this thread -- I triggered the curupd.exe ...memory cannot be "written" event with a logoff and then checked Drwtsn32.log as suggested. No data had been added (I have it set to "append")

Either this event handler is breaking all the rules or the fact that it occurs during a shutdown situation is preventing it from completing its task.

Once again, I am keeping this problem "installed" in order to investigate its origin. I do not want to bypass it until I find out whether the message indicates a hardware failure or just a bad application. I strongly suspect the application but don't want to bypass until I know.

If you were to Google (with all quotes) "memory cannot be "written"" you'd see that this error is widespread and very confusing to both those hit by it and all their helpers; with advice ranging from tedious, to risky through extraordinarily expensive. It seems worth nailing down.

 

[satrow]

I am keeping this problem "installed" in order to investigate its origin. I do not want to bypass it until I find out whether the message indicates a hardware failure or just a bad application. I strongly suspect the application but don't want to bypass until I know

Star worthy attitude, ferndoc - I hope you get it narrowed down at least.

 

[bcastner]

Oh please.

If you disable it and the problem continues it certainly rules out the application as the cause, no?



Users Helping Users

 

[ferndoc]

Ah yes! But if I disable the application and hardware is the cause then I will reshuffle boot time memory allocation which could be fatal to some critical system component. The corupd.exe problem at shutdown is benign.

I'm near certain of the software origin of the problem by now but that was my thinking at the outset. I have a solid failure with memory that passes hours of diagnostic testing. This is good!

My teeth are into this because of the evidence of widespread confusion that surrounds the message. Whatever its origin, it is certainly well disguised and insidious.

Believe me, it's quite a thrilling message to receive because memory problems can be big ticket expenditures (particularly for laptop motherboard addresses).

I think the message is issued by a core Windows function which has caught an application trying to read or write outside of its own allocated memory. That would explain why Google finds so many applications hit by this failure (on the other hand, so would random memory hardware bugs).

Its almost criminal that the message provides so little hint about what to do next...

 

[bcastner]

...then I will reshuffle boot time memory allocation which could be fatal to some critical system component. The corupd.exe problem at shutdown is benign."

What in heck are you referring to? You could make an issue for a driver, but you cannot make any "memory allocation" claims for a startup program. Their memory allocation is changing constantly due to XP's idle time optomization.

And, if you had a hard RAM error, you would get a STOP error and not the polite message you are receiving.

Its almost criminal that the message provides so little hint about what to do next...

XP cannot give you what it itself does not know. All it really knows is that the memory address cannot be read or written as the case may be. It usually is something absurd like a ROM address such as 000000000.


Users Helping Users

 

[ferndoc]

What in heck are you referring to?

Hey! Lot's of people read it as a hardware problem. I did too! I learned about memtest86 and ran it for hours based on web advice for resolving the message. I even deferred a planned hard drive upgrade to avoid wasting money on a bad motherboard bet. Ignorance reigns!

Samples from but two of the "about 60,800" Googled hits on "memory cannot be written"
--this sounds like bad RAM
--but if you have at least 2 ram sticks fitted onto your motherboard, try removing and swapping them around see if this helps.
-- Get the manufacturer of your HD and download their testing tools.
-- How much space have you allocated to your virtual memory?
-- Have you checked the processor fan/heatsink/bonding compound?
--Have your CPU clocked or entered the cpu/memory speeds/multiplier manualy into the BIOS

People are spinning their wheels because they don't know how to react to the sudden appearance of this message. They are dispatched to memory testing, restoring, re-installing, Hijacking, msconfig-testing, chasing DrWatson and myriad other tedious and expensive time killing exercises in response to web advice. And I've yet to find anybody who knows the origin.

Let me recap: dynamite message. No log entry. No Dr Watson. No message ID. No module identifier. No Help text. And it looks like it points to hardware that does not fail.

I have a benign repeatable situation that will let me do whatever test you might suggest to find the offended code and nail this thing down once and for all. Any ideas? Or should I just remove the trigger and slink away...

 

[bcastner]

I said not one word about a memory test.

Tell me what this means:

Ah yes! But if I disable the application and hardware is the cause then I will reshuffle boot time memory allocation which could be fatal to some critical system component. The corupd.exe problem at shutdown is benign.

____________________________
Users Helping Users

 

[ferndoc]

Sorry for the delay, off in the boonies of Colorado for a time...

First, let me be clear -- I appreciate all the involvement and am not criticizing any advice. I have cited all the confusion that surrounds these messages to highlight the value in understanding what the heck is going on. As I said 'ignorance reigns'.

What I meant by the text you quoted was that I was trying to freeze the problem for thorough investigation. I was guessing that some memory is 'locked' and that there is a sequence to boot events. Thus, messing with the order of things might have 'released' a bad spot in memory for use by a more critical system component. Perhaps but a figment of my archaic mainframe-tainted mind -- if so please forgive my naivete.

I'm all but convinced that this problem has absolutely nothing to do with hardware. But the questions still remain: Where is the message itself coming from (as in, what Windows component is trapping the error) and what can be done about a situation so misleading?

In the annals of suffering, "about 60,800" sequences of (often) bad advice is beginning to amount to something...

 

[ArmandL]

I am in the same trouble.
Ferndoc did it start recently? For me it begun say a couple of month ago honestly without any good reason
I went through the same memory tests (nothing wrong) software reorg (I notice that depending in which sequence I start things I have the problem or not with the specific VIsual Basic program that never caused a problem before)
I'm really turning crazy not figuring out what to do next
I came coupled with some boot problems (some times the PC get's stuck during boot) and any change in the configuration (eg connecting a USB key) can make the boot go ahead

I'll continue to check carefully to see if somebody figures out wat it is really
MSOft is quite mute on the case (I didn't find much but the allude to VB related issues)

AL

 

[ferndoc]

We're still lacking any specific information on what component of Windows traps the condition and issues the message!

That said, it seems to be related to any program that picks up an erroneous pointer and attempts to refer to memory that it doesn't own. In my case the situation is static -- it doesn't change from incident to incident and though it always fails, it is during shutdown and without consequence. Many others seem not to be so lucky.

Your situation seems maddening!

 

[bcastner]

The processor traps the condition.

Windows does its best to report on the fact.

This is either failing RAM or a faulty hardware device driver. Or both is a possibility.

This has to win an award as the least informed and least interesting technical discussion on this Forum.





____________________________
Users Helping Users

 

[2ffat]

I've seen this error pop up since Win2000. It sometimes seems to be a problem with Windows "talking" to a program or a program "talking" to another program. Windows and Windows' programs can talk to each other using such things as pipes, messages, etc. If one of the programs gets confused and sends a message to a program that is no longer in memory (or has changed memory location), you will get this message. I suspect that this is NOT the only cause of this error. Memory problems (the computer's, not mine) also seem to be a primary cause as bcaster has said.

James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]

 

[ferndoc]

You are absolutely half correct!

Until somebody identifies the module in Windows that "does its best" to report this confusing condition and the circumstances under which it does it I have to agree:

This has to win an award as the least informed ... technical discussion on this Forum.

Since it is not a memory error I still say that ignorance reigns and this message is wreaking havoc with even the most informed users. Which is the point!

Whether that makes it "least interesting" is open to debate...