Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini061108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Wed Jun 11 12:09:47.015 2008 (GMT+3)
System Uptime: 0 days 1:36:00.625
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 760045, e45823b8}

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00760045, Memory contents of the pool block
Arg4: e45823b8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0

POOL_ADDRESS: e45823b8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: ashServ.exe

LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672

STACK_TEXT:
b72a5a58 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b72a5aa8 8056ec09 e45823b8 00000000 e1604960 nt!KiProfileLock+0x1
b72a5b04 8056d03b e1604978 00000000 87f8db48 nt!NtQueryInformationToken+0x89b
b72a5b7c 80570402 00000000 b72a5bbc 00000040 nt!NtQueryVolumeInformationFile+0x30
b72a5bd0 8057c7c4 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b72a5d54 804dd98f 018da398 018da370 018da3c4 nt!NtQuerySystemInformation+0x48b
b72a5d68 badb0d00 018da35c 88181000 21010500 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b72a5d78 00000000 00000000 00000000 00000000 0xbadb0d00


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

Followup: MachineOwner
---------