Friday, June 20, 2008

Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini061608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Mon Jun 16 00:45:48.359 2008 (GMT+3)
System Uptime: 0 days 0:36:56.339
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 660072, e1badb58}

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0
Probably caused by : memory_corruption ( nt!MiRemoveUnusedSegments+3db )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00660072, Memory contents of the pool block
Arg4: e1badb58, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 805637f0
GetUlongFromAddress: unable to read from 805637f0

POOL_ADDRESS: e1badb58

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: TurokGame.exe

LAST_CONTROL_TRANSFER: from 80551fc5 to 80537672

STACK_TEXT:
b5c90aa0 80551fc5 000000c2 00000007 00000cd4 nt!MiRemoveUnusedSegments+0x3db
b5c90af0 8056ec09 e1badb58 00000000 e1011328 nt!KiProfileLock+0x1
b5c90b4c 8056d03b e1011340 00000000 899a53f0 nt!NtQueryInformationToken+0x89b
b5c90bc4 80570402 00000000 b5c90c04 00000040 nt!NtQueryVolumeInformationFile+0x30
b5c90c18 8057c24e 00000000 00000000 00000001 nt!CmpConstructName+0xb3
b5c90c94 8057c31d 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xd88
b5c90cf0 8057c360 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe59
b5c90d30 804dd98f 0203f914 80100080 0203f8b4 nt!NtQuerySystemInformation+0xe9c
b5c90d44 00000000 00000080 00000001 00000001 nt!ZwSetSystemInformation+0x13


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemoveUnusedSegments+3db
80537672 5d pop ebp

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiRemoveUnusedSegments+3db

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 48025de7

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

BUCKET_ID: 0xc2_7_nt!MiRemoveUnusedSegments+3db

Followup: MachineOwner
---------
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)