Friday, June 20, 2008

Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini061208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Thu Jun 12 19:05:03.906 2008 (GMT+3)
System Uptime: 0 days 9:03:26.523
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 660072, e4045270}

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e4045270, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0

POOL_ADDRESS: e4045270

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672

STACK_TEXT:
b7cefa58 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b7cefaa8 8056ec09 e4045270 00000000 e1572e18 nt!KiProfileLock+0x1
b7cefb04 8056d03b e1572e30 00000000 8805f128 nt!NtQueryInformationToken+0x89b
b7cefb7c 80570402 00000000 b7cefbbc 00000040 nt!NtQueryVolumeInformationFile+0x30
b7cefbd0 8057c7c4 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b7cefd54 804dd98f 0148dda4 0148dd7c 0148ddd0 nt!NtQuerySystemInformation+0x48b
b7cefd68 badb0d00 0148dd68 00000000 00000000 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
b7cefd78 00000000 00000000 00000000 00000000 0xbadb0d00


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

Followup: MachineOwner
---------
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)