On Thursday (August 06, 2009), my colleague called me up saying that an important PC at the client site for having external communications got a problem with the Windows XP mechanism to detect whether a particular Windows XP is an authorized or unauthorized copy (http://www.gnu.org/philosophy/words-to-avoid.html#Piracy). Specifically, althought the Windows XP installed on the PC is an authorized copy, the mechanism insisted that it was not. Since I don't deal with a proprietary system, I have no idea on that kind of matter, and so, my colleague called Microsoft up. On the following day, the computer couldn't be logged in because everytime Windows XP started, the following error message appeared just before the login screen was displayed:
The instruction at "0x0060024D" referenced memory at "0x0060024D". The memory could not be "written". Click on OK to terminate the program. Click on Cancel to debug the program.
Since the staff really needed the PC to be up and running as quickly as possible, I decided to investigate this problem. Of course, the first step is to image the whole partition containing the Windows XP installation by using `dd' run on a GNU/Linux Live CD. This way I don't have to worry to break something. The second step is to start the investigation from the lowest part of the PC: the BIOS settings. Here I found an interesting feature under `Advanced BIOS Features' as follows:
No-Execute Memory Protect When disabled, forces the NX feature flag to always return 0
Since the error message was related to this feature by the words "instruction" and "could not be written", I switched the BIOS option to `Disabled'. That solved the problem within an hour. The backup process took the longest time, of course.
Googling for the error message by removing all the quotes and the addresses, I found many articles, one of which is: http://www.geekstogo.com/forum/memory-could-not-written-t4911.html that says that DEP may also be the cause of the problem.
To conclude, when encountering a high-level error, it is best to start your investigation from the lowest one: checking your BIOS setting.