Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 16 00:45:48.359 2008 (GMT+3)
System Uptime: 0 days 0:36:56.339
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e1badb58}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e1badb58, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e1badb58
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: TurokGame.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b5c90aa0 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b5c90af0 8056ec09 e1badb58 00000000 e1011328 nt!KiProfileLock+0x1
b5c90b4c 8056d03b e1011340 00000000 899a53f0 nt!NtQueryInformationToken+0x89b
b5c90bc4 80570402 00000000 b5c90c04 00000040 nt!NtQueryVolumeInformationFile+0x30
b5c90c18 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b5c90c94 8057c31d 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xd88
b5c90cf0 8057c360 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe59
b5c90d30 804dd98f 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe9c
b5c90d44 00000000 00000080 00000001 00000001 nt!ZwSetSystemInformation+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Friday, June 20, 2008
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Probably caused by : aswSP.SYS ( aswSP+89c7 )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 16 00:01:55.437 2008 (GMT+3)
System Uptime: 0 days 12:23:47.431
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 6e006f, e17c3980}
Unable to load image aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : aswSP.SYS ( aswSP+89c7 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 006e006f, Memory contents of the pool block
Arg4: e17c3980, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e17c3980
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: msiexec.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
9f949bd8 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
9f949c28 80585703 e17c3980 00000000 d56b2f4c nt!KiProfileLock+0x1
9f949c44 805922ff e1055f08 e10470d8 00000000 nt!CcPfBuildDumpFromTrace+0x47
9f949c9c 8059207f e1055f08 009a0098 06395df4 nt!FsRtlAddToTunnelCache+0x1a6
9f949d14 b762d9c7 00000300 00beee68 28f7fab5 nt!RtlUnicodeToOemN+0x197
WARNING: Stack unwind information not available. Following frames may be wrong.
9f949d54 804dd98f 00000300 00beee68 00beee50 aswSP+0x89c7
9f949d58 00000000 00beee68 00beee50 7c90e4f4 nt!ZwSetSystemInformation+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+89c7
b762d9c7 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: aswSP+89c7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 482cc53e
FAILURE_BUCKET_ID: 0xc2_7_aswSP+89c7
BUCKET_ID: 0xc2_7_aswSP+89c7
Followup: MachineOwner
---------
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jun 15 10:34:01.031 2008 (GMT+3)
System Uptime: 0 days 4:00:44.004
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e35e6508}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e35e6508, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e35e6508
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b9f51a54 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b9f51aa4 8056ec09 e35e6508 00000000 e1616a60 nt!KiProfileLock+0x1
b9f51b00 8056d03b e1616a78 00000000 88111538 nt!NtQueryInformationToken+0x89b
b9f51b78 80570402 00000000 b9f51bb8 00000040 nt!NtQueryVolumeInformationFile+0x30
b9f51bcc 80585018 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b9f51d54 804dd98f 00c8ead4 00c8ea9c 00c8eb00 nt!MiCreateImageFileMap+0x9ba
b9f51d60 00c8eb00 7c90e4f4 badb0d00 00c8ea88 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9f51d64 7c90e4f4 badb0d00 00c8ea88 00000000 0xc8eb00
b9f51d68 badb0d00 00c8ea88 00000000 00000000 0x7c90e4f4
b9f51d6c 00c8ea88 00000000 00000000 00000000 0xbadb0d00
b9f51d70 00000000 00000000 00000000 00000000 0xc8ea88
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Probably caused by : win32k.sys ( win32k!AllocCallbackMessage+3 )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061408-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sat Jun 14 19:04:44.921 2008 (GMT+3)
System Uptime: 0 days 3:25:17.532
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {d, 0, 0, 0}
Probably caused by : win32k.sys ( win32k!AllocCallbackMessage+3 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_d
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from bf8586fa to bf8346ec
STACK_TEXT:
a2fef920 bf8586fa 0000003c 00000001 000003c0 win32k!AllocCallbackMessage+0x3
a2fefbf4 bf813f31 bc78cc10 0000004a 000102c6 win32k!SfnCOPYDATA+0x85
a2fefc3c bf8419f1 0078cc10 0000004a 000102c6 win32k!xxxSendMessageToClient+0x176
a2fefcac bf801eda e326e008 a2fefd64 00000000 win32k!xxxReceiveMessage+0x2b5
a2fefce8 bf8036ec a2fefd14 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x1d7
a2fefd48 804dd98f 0148ff28 00000000 00000000 win32k!NtUserPeekMessage+0x40
a2fefd60 0148fed4 7c90e4f4 badb0d00 0148feb4 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
a2fefd64 7c90e4f4 badb0d00 0148feb4 00000000 0x148fed4
a2fefd68 badb0d00 0148feb4 00000000 00000000 0x7c90e4f4
a2fefd6c 0148feb4 00000000 00000000 00000000 0xbadb0d00
a2fefd70 00000000 00000000 00000000 00000000 0x148feb4
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!AllocCallbackMessage+3
bf8346ec cb retf
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!AllocCallbackMessage+3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48025f2a
FAILURE_BUCKET_ID: 0x7f_d_win32k!AllocCallbackMessage+3
BUCKET_ID: 0x7f_d_win32k!AllocCallbackMessage+3
Followup: MachineOwner
---------
Probably caused by : a347bus.sys ( a347bus+1c2b )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sat Jun 14 15:38:50.828 2008 (GMT+3)
System Uptime: 0 days 3:24:37.800
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e14bca08}
Unable to load image a347bus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for a347bus.sys
*** ERROR: Module load completed but symbols could not be loaded for a347bus.sys
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : a347bus.sys ( a347bus+1c2b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e14bca08, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e14bca08
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b7596a68 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b7596ab8 8056ec09 e14bca08 00000000 e100a3d8 nt!KiProfileLock+0x1
b7596b14 8056d03b e100a3f0 00000000 879def30 nt!NtQueryInformationToken+0x89b
b7596b8c 80570402 00000000 b7596bcc 00000040 nt!NtQueryVolumeInformationFile+0x30
b7596be0 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b7596c5c 8057c31d 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0xd88
b7596cb8 8057c4cb 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0xe59
b7596cf8 f75afc2b 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0x192
WARNING: Stack unwind information not available. Following frames may be wrong.
b7596d0c 00000000 00004021 b7596d64 00c8e12c a347bus+0x1c2b
STACK_COMMAND: kb
FOLLOWUP_IP:
a347bus+1c2b
f75afc2b ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: a347bus+1c2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: a347bus
IMAGE_NAME: a347bus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4091f40d
FAILURE_BUCKET_ID: 0xc2_7_a347bus+1c2b
BUCKET_ID: 0xc2_7_a347bus+1c2b
Followup: MachineOwner
---------
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Thu Jun 12 19:05:03.906 2008 (GMT+3)
System Uptime: 0 days 9:03:26.523
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e4045270}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e4045270, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e4045270
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b7cefa58 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b7cefaa8 8056ec09 e4045270 00000000 e1572e18 nt!KiProfileLock+0x1
b7cefb04 8056d03b e1572e30 00000000 8805f128 nt!NtQueryInformationToken+0x89b
b7cefb7c 80570402 00000000 b7cefbbc 00000040 nt!NtQueryVolumeInformationFile+0x30
b7cefbd0 8057c7c4 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b7cefd54 804dd98f 0148dda4 0148dd7c 0148ddd0 nt!NtQuerySystemInformation+0x48b
b7cefd68 badb0d00 0148dd68 00000000 00000000 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b7cefd78 00000000 00000000 00000000 00000000 0xbadb0d00
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Probably caused by : ntoskrnl.exe ( nt!RtlPrefetchCopyMemory32+2f )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061108-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Wed Jun 11 13:05:27.593 2008 (GMT+3)
System Uptime: 0 days 0:55:12.187
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e3a90ffc, 1, 804dafed, 1}
Could not read faulting driver name
Probably caused by : ntoskrnl.exe ( nt!RtlPrefetchCopyMemory32+2f )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e3a90ffc, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 804dafed, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: e3a90ffc
FAULTING_IP:
nt!RtlPrefetchCopyMemory32+2f
804dafed f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: iPodService.exe
LAST_CONTROL_TRANSFER: from 8056d84a to 804dafed
STACK_TEXT:
b6197bcc 8056d84a e3a9102a e3a91014 0000003c nt!RtlPrefetchCopyMemory32+0x2f
b6197c2c 8056d03b e1713330 8a1af708 89e40a20 nt!HvpGetCellMap+0xc
b6197c40 00000000 b6197ce4 b6197c70 00000000 nt!NtQueryVolumeInformationFile+0x30
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!RtlPrefetchCopyMemory32+2f
804dafed f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!RtlPrefetchCopyMemory32+2f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
FAILURE_BUCKET_ID: 0x50_W_nt!RtlPrefetchCopyMemory32+2f
BUCKET_ID: 0x50_W_nt!RtlPrefetchCopyMemory32+2f
Followup: MachineOwner
---------
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini061108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Wed Jun 11 12:09:47.015 2008 (GMT+3)
System Uptime: 0 days 1:36:00.625
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 760045, e45823b8}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00760045, Memory contents of the pool block
Arg4: e45823b8, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e45823b8
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: ashServ.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b72a5a58 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b72a5aa8 8056ec09 e45823b8 00000000 e1604960 nt!KiProfileLock+0x1
b72a5b04 8056d03b e1604978 00000000 87f8db48 nt!NtQueryInformationToken+0x89b
b72a5b7c 80570402 00000000 b72a5bbc 00000040 nt!NtQueryVolumeInformationFile+0x30
b72a5bd0 8057c7c4 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b72a5d54 804dd98f 018da398 018da370 018da3c4 nt!NtQuerySystemInformation+0x48b
b72a5d68 badb0d00 018da35c 88181000 21010500 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b72a5d78 00000000 00000000 00000000 00000000 0xbadb0d00
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Probably caused by : aswMon2.SYS ( aswMon2+65a9 )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060908-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 9 21:02:12.625 2008 (GMT+3)
System Uptime: 0 days 0:10:53.611
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e35c2738}
Unable to load image aswMon2.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswMon2.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswMon2.SYS
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : aswMon2.SYS ( aswMon2+65a9 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e35c2738, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e35c2738
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b766d69c 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b766d6ec 8056ec09 e35c2738 00000000 e1557138 nt!KiProfileLock+0x1
b766d748 8056d03b e1557150 00000000 899fc288 nt!NtQueryInformationToken+0x89b
b766d7c0 80570402 00000000 b766d800 00000040 nt!NtQueryVolumeInformationFile+0x30
b766d814 8057c24e 00000000 00000000 b94bf000 nt!CmpConstructName+0xb3
b766d890 80584cc6 b766d9f4 00120089 b766d950 nt!NtQuerySystemInformation+0xd88
b766d8d8 b68415a9 b766d9f4 00120089 b766d950 nt!MiCreateImageFileMap+0xa24
WARNING: Stack unwind information not available. Following frames may be wrong.
b766da18 b68419a4 898e0a60 898e0888 b766da4f aswMon2+0x65a9
b766da50 b683b83c 89ab0020 008e0888 804e13c9 aswMon2+0x69a4
b766db4c 8056d03b 8a14cc78 00000000 880bdd08 aswMon2+0x83c
b766dbc4 80570402 00000000 b766dc04 00000040 nt!NtQueryVolumeInformationFile+0x30
b766dc18 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b766dc94 8057c31d 0012e898 00100001 0012e858 nt!NtQuerySystemInformation+0xd88
b766dcf0 8057c360 0012e898 00100001 0012e858 nt!NtQuerySystemInformation+0xe59
b766dd30 804dd98f 0012e898 00100001 0012e858 nt!NtQuerySystemInformation+0xe9c
b766dd44 00000000 00000080 00000003 00000002 nt!ZwSetSystemInformation+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
aswMon2+65a9
b68415a9 ?? ???
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: aswMon2+65a9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswMon2
IMAGE_NAME: aswMon2.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 482c3a50
FAILURE_BUCKET_ID: 0xc2_7_aswMon2+65a9
BUCKET_ID: 0xc2_7_aswMon2+65a9
Followup: MachineOwner
---------
Probably caused by : sr.sys ( sr!SrpGetFileName+b4 )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060908-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 9 20:50:51.265 2008 (GMT+3)
System Uptime: 0 days 7:04:13.866
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
Unable to load image sr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sr.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {d, 0, 0, 0}
Probably caused by : sr.sys ( sr!SrpGetFileName+b4 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_d
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: ashWebSv.exe
LAST_CONTROL_TRANSFER: from f74178ae to 804daf84
STACK_TEXT:
b075b6d4 f74178ae b075b7fc b075b7d2 0000004e nt!RtlPrefetchCopyMemory+0x31
b075b6f4 f7418723 0000002e 0000007c 00000052 sr!SrpGetFileName+0xb4
b075b708 f74187a0 8a03dc80 87a22778 00040020 sr!SrpExpandFileName+0x45
b075b730 f74113e2 8a03dc80 87a22778 0141b500 sr!SrIsFileEligible+0x5a
b075b8d0 f7411aef 8a03dc80 87a22778 00040020 sr!SrCreateContext+0x13e
b075b8fc f7415169 00000000 8a03dd78 00040020 sr!SrGetContext+0xc9
b075b948 f7413a22 8a03dc80 00040020 87a22778 sr!SrHandleEvent+0x35
b075b9ac 804e13c9 00000000 00000002 87956bf0 sr!SrCreate+0x2fc
b075b9ac 87946008 00000000 00000002 87956bf0 nt!KiTrap0D+0x483
WARNING: Frame IP not in any known module. Following frames may be wrong.
87956dc8 00000000 00000000 00000000 00000000 0x87946008
STACK_COMMAND: kb
FOLLOWUP_IP:
sr!SrpGetFileName+b4
f74178ae ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: sr!SrpGetFileName+b4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sr
IMAGE_NAME: sr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 480252c2
FAILURE_BUCKET_ID: 0x7f_d_sr!SrpGetFileName+b4
BUCKET_ID: 0x7f_d_sr!SrpGetFileName+b4
Followup: MachineOwner
---------
Probably caused by : a347bus.sys ( a347bus+dfbc
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 9 01:22:51.250 2008 (GMT+3)
System Uptime: 0 days 10:00:52.869
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 66004f, e6e7f008}
Unable to load image a347bus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for a347bus.sys
*** ERROR: Module load completed but symbols could not be loaded for a347bus.sys
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : a347bus.sys ( a347bus+dfbc )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 0066004f, Memory contents of the pool block
Arg4: e6e7f008, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e6e7f008
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: services.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b51dc8fc 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b51dc94c 8059afb6 e6e7f008 00000000 e3c43968 nt!KiProfileLock+0x1
b51dc9a0 8057771f e1035758 b51dcc30 e3c43968 nt!RtlpSetSecurityObject+0x45c
b51dcb78 80572e68 80000020 00000000 881700b8 nt!NtFlushInstructionCache+0xfc
b51dcbf0 80570402 00000028 b51dcc30 00000040 nt!IopQueryOperationAccess+0x8
b51dcc44 80572cfe 00000000 8a1d6040 0007e301 nt!CmpConstructName+0xb3
b51dcd18 f75bbfbc 0007e460 00020019 0007e3b8 nt!NtQueryInformationFile+0xbe
WARNING: Stack unwind information not available. Following frames may be wrong.
b51dcd50 804dd98f 0007e460 00020019 0007e3b8 a347bus+0xdfbc
b51dcd54 0007e460 00020019 0007e3b8 0007e3f8 nt!ZwSetSystemInformation+0x13
b51dcd64 7c90e4f4 badb0d00 0007e3a0 b51dcd98 0x7e460
b51dcd68 badb0d00 0007e3a0 b51dcd98 b51dcdcc 0x7c90e4f4
b51dcd6c 0007e3a0 b51dcd98 b51dcdcc 00000000 0xbadb0d00
b51dcd70 b51dcd98 b51dcdcc 00000000 00000000 0x7e3a0
b51dcd74 b51dcdcc 00000000 00000000 00000000 0xb51dcd98
b51dcd98 00000000 00000168 00000000 0007f2cc 0xb51dcdcc
STACK_COMMAND: kb
FOLLOWUP_IP:
a347bus+dfbc
f75bbfbc ?? ???
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: a347bus+dfbc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: a347bus
IMAGE_NAME: a347bus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4091f40d
FAILURE_BUCKET_ID: 0xc2_7_a347bus+dfbc
BUCKET_ID: 0xc2_7_a347bus+dfbc
Followup: MachineOwner
---------
Probably caused by : a347bus.sys ( a347bus+1c2b )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060808-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jun 8 14:06:56.546 2008 (GMT+3)
System Uptime: 0 days 1:15:52.167
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..................................................................................................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 69006c, e44873e0}
Unable to load image a347bus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for a347bus.sys
*** ERROR: Module load completed but symbols could not be loaded for a347bus.sys
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : a347bus.sys ( a347bus+1c2b )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 0069006c, Memory contents of the pool block
Arg4: e44873e0, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e44873e0
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b6cd7a68 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b6cd7ab8 8056ec09 e44873e0 00000000 e1035130 nt!KiProfileLock+0x1
b6cd7b14 8056d03b e1035148 00000000 88034448 nt!NtQueryInformationToken+0x89b
b6cd7b8c 80570402 00000000 b6cd7bcc 00000040 nt!NtQueryVolumeInformationFile+0x30
b6cd7be0 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b6cd7c5c 8057c31d 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0xd88
b6cd7cb8 8057c4cb 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0xe59
b6cd7cf8 f75afc2b 00c8e194 00100001 00c8e138 nt!NtQuerySystemInformation+0x192
WARNING: Stack unwind information not available. Following frames may be wrong.
b6cd7d0c 00000000 00004021 b6cd7d64 00c8e12c a347bus+0x1c2b
STACK_COMMAND: kb
FOLLOWUP_IP:
a347bus+1c2b
f75afc2b ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: a347bus+1c2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: a347bus
IMAGE_NAME: a347bus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4091f40d
FAILURE_BUCKET_ID: 0xc2_7_a347bus+1c2b
BUCKET_ID: 0xc2_7_a347bus+1c2b
Followup: MachineOwner
---------
Probably caused by : a347bus.sys ( a347bus+1c2b )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060808-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sun Jun 8 00:58:09.875 2008 (GMT+3)
System Uptime: 0 days 5:36:08.876
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 660072, e1317a20}
Unable to load image a347bus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for a347bus.sys
*** ERROR: Module load completed but symbols could not be loaded for a347bus.sys
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : a347bus.sys ( a347bus+1c2b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e1317a20, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e1317a20
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b6fb0a68 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b6fb0ab8 8056ec09 e1317a20 00000000 e15e2aa8 nt!KiProfileLock+0x1
b6fb0b14 8056d03b e15e2ac0 00000000 89e773d8 nt!NtQueryInformationToken+0x89b
b6fb0b8c 80570402 00000000 b6fb0bcc 00000040 nt!NtQueryVolumeInformationFile+0x30
b6fb0be0 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b6fb0c5c 8057c31d 0053e0b4 00100001 0053e058 nt!NtQuerySystemInformation+0xd88
b6fb0cb8 8057c4cb 0053e0b4 00100001 0053e058 nt!NtQuerySystemInformation+0xe59
b6fb0cf8 f75afc2b 0053e0b4 00100001 0053e058 nt!NtQuerySystemInformation+0x192
WARNING: Stack unwind information not available. Following frames may be wrong.
b6fb0d0c 00000000 00004021 b6fb0d64 0053e04c a347bus+0x1c2b
STACK_COMMAND: kb
FOLLOWUP_IP:
a347bus+1c2b
f75afc2b ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: a347bus+1c2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: a347bus
IMAGE_NAME: a347bus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4091f40d
FAILURE_BUCKET_ID: 0xc2_7_a347bus+1c2b
BUCKET_ID: 0xc2_7_a347bus+1c2b
Followup: MachineOwner
---------
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060708-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sat Jun 7 13:54:31.921 2008 (GMT+3)
System Uptime: 0 days 2:14:23.521
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 760045, e23bb728}
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00760045, Memory contents of the pool block
Arg4: e23bb728, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e23bb728
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b9eeda54 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b9eedaa4 8056ec09 e23bb728 00000000 e1547958 nt!KiProfileLock+0x1
b9eedb00 8056d03b e1547970 00000000 87b893a0 nt!NtQueryInformationToken+0x89b
b9eedb78 80570402 00000000 b9eedbb8 00000040 nt!NtQueryVolumeInformationFile+0x30
b9eedbcc 80585018 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b9eedd54 804dd98f 006aea44 006aea0c 006aea70 nt!MiCreateImageFileMap+0x9ba
b9eedd60 006aea70 7c90e4f4 badb0d00 006ae9f8 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9eedd64 7c90e4f4 badb0d00 006ae9f8 00000000 0x6aea70
b9eedd68 badb0d00 006ae9f8 00000000 32210020 0x7c90e4f4
b9eedd6c 006ae9f8 00000000 32210020 00000000 0xbadb0d00
b9eedd70 00000000 32210020 00000000 00000000 0x6ae9f8
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db
Followup: MachineOwner
---------
Probably caused by : a347bus.sys ( a347bus+1c2b )
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\Mini060708-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sat Jun 7 01:36:58.984 2008 (GMT+3)
System Uptime: 0 days 3:06:07.973
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..............................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 630061, e47a1290}
Unable to load image a347bus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for a347bus.sys
*** ERROR: Module load completed but symbols could not be loaded for a347bus.sys
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : a347bus.sys ( a347bus+1c2b )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00630061, Memory contents of the pool block
Arg4: e47a1290, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 805637f0
POOL_ADDRESS: e47a1290
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672
STACK_TEXT:
b6733a68 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b6733ab8 8056ec09 e47a1290 00000000 e1546ab8 nt!KiProfileLock+0x1
b6733b14 8056d03b e1546ad0 00000000 8795f650 nt!NtQueryInformationToken+0x89b
b6733b8c 80570402 00000000 b6733bcc 00000040 nt!NtQueryVolumeInformationFile+0x30
b6733be0 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b6733c5c 8057c31d 0114e194 00100001 0114e138 nt!NtQuerySystemInformation+0xd88
b6733cb8 8057c4cb 0114e194 00100001 0114e138 nt!NtQuerySystemInformation+0xe59
b6733cf8 f75afc2b 0114e194 00100001 0114e138 nt!NtQuerySystemInformation+0x192
WARNING: Stack unwind information not available. Following frames may be wrong.
b6733d0c 00000000 00004021 b6733d64 0114e12c a347bus+0x1c2b
STACK_COMMAND: kb
FOLLOWUP_IP:
a347bus+1c2b
f75afc2b ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: a347bus+1c2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: a347bus
IMAGE_NAME: a347bus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4091f40d
FAILURE_BUCKET_ID: 0xc2_7_a347bus+1c2b
BUCKET_ID: 0xc2_7_a347bus+1c2b
Followup: MachineOwner
---------
Thursday, June 19, 2008
How to debug Blue Screens
Hello boys and girls, let me tell you my problem.
A month ago I've upgraded to this new system:
Intel Quad Core Q9300
AsRock Penryl 1600SLI-110DB
Nvidia Gforce 9600 GT
I've kept the RAM, low quality DDR2 RAM (I think this is the reason for my BSODs).
I've got also a Firewire PCI card and an Audigy SE soundcard.
Until I'll show you my blue screen and my debug information I'll tell you how to debug Blue Screen Of Death information to see what is wrong.
I'll copy some information from Microsoft support website, I hope they don't mind because they are the good guys.
1) After the first blue screen go to your windows partition and look in windows directory for a subdirectory named minidump and see if you've got any files win there.
If you've got files like that MiniMMDDYY-01.dmp (Month, Day, Year), even if you don't see .dmp you are alright.
2) Now that you know you have files to debug download first Windows Symbol Packages (you'll see the link for your OS at the bottom of the page) and install it, usually installs itself on c:\windows\symbols if C is your windows drive and "windows" is your windows directory.
3) Install Debugging tools for Windows 32-bit version or 64-bit versio, make sure you've downloaded the right one for your OS.
4) (from Microsoft)
1. Click Start, click Run, type
2. Change to the Debugging Tools for Windows folder. To do this, copy and pasting the following at the command prompt, and then press ENTER:
or
3. To load the dump file into a debugger, type one of the following commands, and then press ENTER:
windbg -y SymbolPath -i ImagePath -z DumpFilePath
If you have the windows installed on C drive and in directory Windows just modify and copy this line:
windbg -y c:\windows\symbols -i c:\windows\i386 -z c:\windows\minidump\MiniMMDDYY-XX.dmp
Replace MiniMMDDYY-01.dmp with your minidump file name and a windows like this will appear:
And at the end of the page you'll see for example:
After that you can post everything on a forum and ask for help.
You can click
A month ago I've upgraded to this new system:
Intel Quad Core Q9300
AsRock Penryl 1600SLI-110DB
Nvidia Gforce 9600 GT
I've kept the RAM, low quality DDR2 RAM (I think this is the reason for my BSODs).
I've got also a Firewire PCI card and an Audigy SE soundcard.
Until I'll show you my blue screen and my debug information I'll tell you how to debug Blue Screen Of Death information to see what is wrong.
I'll copy some information from Microsoft support website, I hope they don't mind because they are the good guys.
1) After the first blue screen go to your windows partition and look in windows directory for a subdirectory named minidump and see if you've got any files win there.
If you've got files like that MiniMMDDYY-01.dmp (Month, Day, Year), even if you don't see .dmp you are alright.
2) Now that you know you have files to debug download first Windows Symbol Packages (you'll see the link for your OS at the bottom of the page) and install it, usually installs itself on c:\windows\symbols if C is your windows drive and "windows" is your windows directory.
3) Install Debugging tools for Windows 32-bit version or 64-bit versio, make sure you've downloaded the right one for your OS.
4) (from Microsoft)
1. Click Start, click Run, type
cmd, and then click OK.2. Change to the Debugging Tools for Windows folder. To do this, copy and pasting the following at the command prompt, and then press ENTER:
cd c:\program files\debugging tools for windows (x86)or
cd c:\program files\debugging tools for windows (x64)3. To load the dump file into a debugger, type one of the following commands, and then press ENTER:
windbg -y SymbolPath -i ImagePath -z DumpFilePath
If you have the windows installed on C drive and in directory Windows just modify and copy this line:
windbg -y c:\windows\symbols -i c:\windows\i386 -z c:\windows\minidump\MiniMMDDYY-XX.dmp
Replace MiniMMDDYY-01.dmp with your minidump file name and a windows like this will appear:
And at the end of the page you'll see for example:
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {d, 0, 0, 0}
Probably caused by : ntoskrnl.exe ( nt!RtlPrefetchCopyMemory+31 )
Followup: MachineOwnerAfter that you can post everything on a forum and ask for help.
You can click
!analyze -v for a deep inspection.
Subscribe to:
Posts (Atom)