Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 16 00:45:48.359 2008 (GMT+3)
System Uptime: 0 days 0:36:56.339
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e1badb58}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e1badb58, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e1badb58
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: TurokGame.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b5c90aa0 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b5c90af0 8056ec09 e1badb58 00000000 e1011328 nt!KiProfileLock+0x1
b5c90b4c 8056d03b e1011340 00000000 899a53f0 nt!NtQueryInformationToken+0x89b
b5c90bc4 80570402 00000000 b5c90c04 00000040 nt!NtQueryVolumeInformationFile+0x30
b5c90c18 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b5c90c94 8057c31d 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xd88
b5c90cf0 8057c360 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe59
b5c90d30 804dd98f 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe9c
b5c90d44 00000000 00000080 00000001 00000001 nt!ZwSetSystemInformation+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Friday, June 20, 2008
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Probably caused by : aswSP.SYS ( aswSP+89c7 )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 16 00:01:55.437 2008 (GMT+3)
System Uptime: 0 days 12:23:47.431
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 6e006f, e17c3980}
Unable to load image aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : aswSP.SYS ( aswSP+89c7 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 006e006f, Memory contents of the pool block
Arg4: e17c3980, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e17c3980
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: msiexec.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
9f949bd8 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
9f949c28 80585703 e17c3980 00000000 d56b2f4c nt!KiProfileLock+0x1
9f949c44 805922ff e1055f08 e10470d8 00000000 nt!CcPfBuildDumpFromTrace+0x47
9f949c9c 8059207f e1055f08 009a0098 06395df4 nt!FsRtlAddToTunnelCache+0x1a6
9f949d14 b762d9c7 00000300 00beee68 28f7fab5 nt!RtlUnicodeToOemN+0x197
WARNING: Stack unwind information not available. Following frames may be wrong.
9f949d54 804dd98f 00000300 00beee68 00beee50 aswSP+0x89c7
9f949d58 00000000 00beee68 00beee50 7c90e4f4 nt!ZwSetSystemInformation+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+89c7
b762d9c7 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: aswSP+89c7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 482cc53e
FAILURE_BUCKET_ID: 0xc2_7_aswSP+89c7
BUCKET_ID: 0xc2_7_aswSP+89c7
Followup: MachineOwner
---------
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jun 15 10:34:01.031 2008 (GMT+3)
System Uptime: 0 days 4:00:44.004
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e35e6508}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e35e6508, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e35e6508
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b9f51a54 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b9f51aa4 8056ec09 e35e6508 00000000 e1616a60 nt!KiProfileLock+0x1
b9f51b00 8056d03b e1616a78 00000000 88111538 nt!NtQueryInformationToken+0x89b
b9f51b78 80570402 00000000 b9f51bb8 00000040 nt!NtQueryVolumeInformationFile+0x30
b9f51bcc 80585018 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b9f51d54 804dd98f 00c8ead4 00c8ea9c 00c8eb00 nt!MiCreateImageFileMap+0x9ba
b9f51d60 00c8eb00 7c90e4f4 badb0d00 00c8ea88 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9f51d64 7c90e4f4 badb0d00 00c8ea88 00000000 0xc8eb00
b9f51d68 badb0d00 00c8ea88 00000000 00000000 0x7c90e4f4
b9f51d6c 00c8ea88 00000000 00000000 00000000 0xbadb0d00
b9f51d70 00000000 00000000 00000000 00000000 0xc8ea88
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Subscribe to:
Posts (Atom)