J
JJoubert
Guest
Hi,
I have a system here that has had a few BSOD, & I am unable to identify why,
I always get the same message, here is the crashdump, does anyone have an
idea what this is
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [W:\2006-2007 Projets\Nouveau POS\Technique\11- BSOD
test\BSOD sans Solution à garder\Magasin 235 reg2\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for
Windows\Symbols*http://msdl.microsoft.com/download/symbols;srv*"C:\Program
Files\Debugging Tools for
Windows\Symbols"*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\System32; c:\windows\system\System32;
http://www.alexander.com/SymServe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Aug 14 23:32:50.218 2007 (GMT-4)
System Uptime: 0 days 23:58:52.843
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd900c). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {53646156, 2, 1, 8054b88e}
Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+57d )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 53646156, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054b88e, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExFreePoolWithTag+57d
8054b88e 8913 mov dword ptr [ebx],edx
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: lsass.exe
TRAP_FRAME: efe02a84 -- (.trap ffffffffefe02a84)
ErrCode = 00000002
eax=8222a1a8 ebx=53646156 ecx=000001ff edx=02040001 esi=8222a1b0 edi=80561940
eip=8054b88e esp=efe02af8 ebp=efe02b2c iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExFreePoolWithTag+0x57d:
8054b88e 8913 mov dword ptr [ebx],edx
ds:0023:53646156=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8054b88e to 804e187f
STACK_TEXT:
efe02a84 8054b88e badb0d00 02040001 00000001 nt!KiTrap0E+0x233
efe02b2c 805688e4 00000001 00000000 efe02bf0 nt!ExFreePoolWithTag+0x57d
efe02bd8 804de7ec ffffffff efe02cb8 efe02cbc nt!NtFreeVirtualMemory+0x4a1
efe02bd8 804dcd49 ffffffff efe02cb8 efe02cbc nt!KiFastCallEntry+0xf8
efe02c60 8057aa24 ffffffff efe02cb8 efe02cbc nt!ZwFreeVirtualMemory+0x11
efe02d14 8057a46a 00000000 00000000 81f9c020 nt!PspExitThread+0x541
efe02d34 8057aa43 81f9c020 00000000 efe02d64
nt!PspTerminateThreadByPointer+0x52
efe02d54 804de7ec 00000000 00000000 00b7ff20 nt!NtTerminateThread+0x70
efe02d54 7c90eb94 00000000 00000000 00b7ff20 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b7ff20 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+57d
8054b88e 8913 mov dword ptr [ebx],edx
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
SYMBOL_NAME: nt!ExFreePoolWithTag+57d
FAILURE_BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d
BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d
Followup: MachineOwner
---------
kd> lmvm nt
start end module name
804d7000 806eb100 nt (pdb symbols) C:\Program
Files\Debugging Tools for
Windows\Symbols\ntoskrnl.pdb\32962337F0F646388B39535CD8DD70E82\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Tue Mar 01 19:59:37 2005 (42250FF9)
CheckSum: 002198AF
ImageSize: 00214100
File version: 5.1.2600.2622
Product version: 5.1.2600.2622
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntoskrnl.exe
OriginalFilename: ntoskrnl.exe
ProductVersion: 5.1.2600.2622
FileVersion: 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
I have a system here that has had a few BSOD, & I am unable to identify why,
I always get the same message, here is the crashdump, does anyone have an
idea what this is
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [W:\2006-2007 Projets\Nouveau POS\Technique\11- BSOD
test\BSOD sans Solution à garder\Magasin 235 reg2\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for
Windows\Symbols*http://msdl.microsoft.com/download/symbols;srv*"C:\Program
Files\Debugging Tools for
Windows\Symbols"*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\System32; c:\windows\system\System32;
http://www.alexander.com/SymServe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Aug 14 23:32:50.218 2007 (GMT-4)
System Uptime: 0 days 23:58:52.843
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd900c). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {53646156, 2, 1, 8054b88e}
Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+57d )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 53646156, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054b88e, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExFreePoolWithTag+57d
8054b88e 8913 mov dword ptr [ebx],edx
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: lsass.exe
TRAP_FRAME: efe02a84 -- (.trap ffffffffefe02a84)
ErrCode = 00000002
eax=8222a1a8 ebx=53646156 ecx=000001ff edx=02040001 esi=8222a1b0 edi=80561940
eip=8054b88e esp=efe02af8 ebp=efe02b2c iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExFreePoolWithTag+0x57d:
8054b88e 8913 mov dword ptr [ebx],edx
ds:0023:53646156=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8054b88e to 804e187f
STACK_TEXT:
efe02a84 8054b88e badb0d00 02040001 00000001 nt!KiTrap0E+0x233
efe02b2c 805688e4 00000001 00000000 efe02bf0 nt!ExFreePoolWithTag+0x57d
efe02bd8 804de7ec ffffffff efe02cb8 efe02cbc nt!NtFreeVirtualMemory+0x4a1
efe02bd8 804dcd49 ffffffff efe02cb8 efe02cbc nt!KiFastCallEntry+0xf8
efe02c60 8057aa24 ffffffff efe02cb8 efe02cbc nt!ZwFreeVirtualMemory+0x11
efe02d14 8057a46a 00000000 00000000 81f9c020 nt!PspExitThread+0x541
efe02d34 8057aa43 81f9c020 00000000 efe02d64
nt!PspTerminateThreadByPointer+0x52
efe02d54 804de7ec 00000000 00000000 00b7ff20 nt!NtTerminateThread+0x70
efe02d54 7c90eb94 00000000 00000000 00b7ff20 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b7ff20 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+57d
8054b88e 8913 mov dword ptr [ebx],edx
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
SYMBOL_NAME: nt!ExFreePoolWithTag+57d
FAILURE_BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d
BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d
Followup: MachineOwner
---------
kd> lmvm nt
start end module name
804d7000 806eb100 nt (pdb symbols) C:\Program
Files\Debugging Tools for
Windows\Symbols\ntoskrnl.pdb\32962337F0F646388B39535CD8DD70E82\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Tue Mar 01 19:59:37 2005 (42250FF9)
CheckSum: 002198AF
ImageSize: 00214100
File version: 5.1.2600.2622
Product version: 5.1.2600.2622
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntoskrnl.exe
OriginalFilename: ntoskrnl.exe
ProductVersion: 5.1.2600.2622
FileVersion: 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.