Newbie
Hi,
I have been getting the following BSOD BAD_POOL_HEADER for a couple of times now and it's really annoying This is what I get from windbg.
BugCheck 19, {20, 86ba9c59, 86baa089, 1a86ba9b}
GetUlongFromAddress: unable to read from 80564c50
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+2a3 )
It seems to be associated with ntkramp.exe. I can post more info from windbg if needed. I am not sure how to fix this. I am using win xp sp2. Any suggestions. Thanks a lot,
Amish
¨*·.¸ «.·°·..·°·.» ¸.·*¨
Is this a new problem? Were things working OK previously? Any new hardware and or software?
On the surface that is a hardware failure. Possibly RAM. You could try MemTest:
http://www.memtest86.com/
If you want to try and analyze the XP errors in more detail:
Go to start | search (type in) .dmp
Note the location of your .dmp files.
Then:
1) Download and install the
Debugging Tools from Microsoft
2) Download and install this
debugwiz
3) Open the Wiz & Browse to, or paste in the path to, your .dmp file.
4) After the Wiz creates a Text document attach it back to this thread.
Newbie
Thanks a lot for your reply. You cannot imagine through how many threads I went through trying to find a solution. Here is the log obtain using debugWiz. This is from the latest crash. It may be related to the BAD_POOL_HEADER. I can already tell you that application.exe is a program I created myself. There must be an array out of bounds somewhere. USA19H2kp.SYS is a driver for the usb to serial converter that I use. Now do you think it is my application causing it or the driver causing it. That is the puzzling thing. I which there was a way to trace the exact memory address that caused the error. I rally appreciate the help here. Thanks a lot:
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32 \drivers
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 8 15:27:28.109 2006 (GMT-4)
System Uptime: 0 days 0:36:57.826
Loading Kernel Symbols
.................................................. .................................................. .....................................
Loading User Symbols
..........
Loading unloaded module list
.................................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 8054a71c, f1a9bb78, 0}
Probably caused by : USA19H2kp.SYS
Followup: MachineOwner
---------
0: kd> !analyze -v;r;kv;lmtn;.logclose;q
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054a71c, The address that the exception occurred at
Arg3: f1a9bb78, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExFreePoolWithTag+43c
8054a71c 668b4b04 mov cx,word ptr [ebx+4]
TRAP_FRAME: f1a9bb78 -- (.trap fffffffff1a9bb78)
.trap fffffffff1a9bb78
ErrCode = 00000000
eax=ffdff120 ebx=00000000 ecx=85524280 edx=00000000 esi=86e59565 edi=80563c20
eip=8054a71c esp=f1a9bbec ebp=f1a9bc20 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExFreePoolWithTag+0x43c:
8054a71c 668b4b04 mov cx,word ptr [ebx+4] ds:0023:00000004=????
.trap
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: application.exe
IRP_ADDRESS: 86e3d008
DEVICE_OBJECT: 85d845b8
DRIVER_OBJECT: 86ad0be0
IMAGE_NAME: USA19H2kp.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 3ef9152e
MODULE_NAME: USA19H2kp
FAULTING_MODULE: eff1b000 USA19H2kp
LAST_CONTROL_TRANSFER: from 804fe507 to 804f9c37
STACK_TEXT:
f1a9b740 804fe507 0000008e c0000005 8054a71c nt!KeBugCheckEx+0x1b
f1a9bb08 80541075 f1a9bb24 00000000 f1a9bb78 nt!KiDispatchException+0x3b1
f1a9bb70 80541026 f1a9bc20 8054a71c badb0d00 nt!CommonDispatchException+0x4d
f1a9bb84 805448a4 85d84702 804f9fae 00000000 nt!Kei386EoiHelper+0x18a
f1a9bc20 804f4940 86e5956d 85524280 00000103 nt!KiUnlockDispatcherDatabase+0x1c
f1a9bc78 8057e6b6 86e3d048 f1a9bcb4 f1a9bcc0 nt!IopCompleteRequest+0xf4
f1a9bca0 8057b761 85d845b8 00000000 8559fe08 nt!IopSynchronousServiceTail+0x96
f1a9bd38 8054060c 000007c0 00000000 00000000 nt!NtReadFile+0x55d
f1a9bd38 7c90eb94 000007c0 00000000 00000000 nt!KiFastCallEntry+0xfc
0076fed4 7c90e288 7c801875 000007c0 00000000 ntdll!KiFastSystemCallRet
0076fed8 7c801875 000007c0 00000000 00000000 ntdll!NtReadFile+0xc
0076ff40 006227a9 000007c0 0076ff88 00000001 kernel32!ReadFile+0x16c
0076ff60 100034d2 0076ff88 0076ff84 5903a7ca communication!readBytes+0x29
0076ffb4 7c80b50b 00420048 0012f9b0 00662558 emulator!readPacket+0x92
0076ffec 00000000 10003440 00420048 00000000 kernel32!BaseThreadStart+0x37
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x8E_IMAGE_USA19H2kp.SYS_DATE_2003_06_24
BUCKET_ID: 0x8E_IMAGE_USA19H2kp.SYS_DATE_2003_06_24
Followup: MachineOwner
---------
eax=ffdff13c ebx=8054a71c ecx=00000000 edx=80545e02 esi=f1a9bb24 edi=00000000
eip=804f9c37 esp=f1a9b728 ebp=f1a9b740 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
804f9c37 5d pop ebp
ChildEBP RetAddr Args to Child
f1a9b740 804fe507 0000008e c0000005 8054a71c nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
f1a9bb08 80541075 f1a9bb24 00000000 f1a9bb78 nt!KiDispatchException+0x3b1 (FPO: [Non-Fpo])
f1a9bb70 80541026 f1a9bc20 8054a71c badb0d00 nt!CommonDispatchException+0x4d (FPO: [0,20,0])
f1a9bb84 805448a4 85d84702 804f9fae 00000000 nt!Kei386EoiHelper+0x18a
f1a9bc20 804f4940 86e5956d 85524280 00000103 nt!KiUnlockDispatcherDatabase+0x1c
f1a9bc78 8057e6b6 86e3d048 f1a9bcb4 f1a9bcc0 nt!IopCompleteRequest+0xf4 (FPO: [Non-Fpo])
f1a9bca0 8057b761 85d845b8 00000000 8559fe08 nt!IopSynchronousServiceTail+0x96 (FPO: [Non-Fpo])
f1a9bd38 8054060c 000007c0 00000000 00000000 nt!NtReadFile+0x55d (FPO: [Non-Fpo])
f1a9bd38 7c90eb94 000007c0 00000000 00000000 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ f1a9bd64)
0076fed4 7c90e288 7c801875 000007c0 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
0076fed8 7c801875 000007c0 00000000 00000000 ntdll!NtReadFile+0xc (FPO: [9,0,0])
0076ff40 006227a9 000007c0 0076ff88 00000001 kernel32!ReadFile+0x16c (FPO: [Non-Fpo])
0076ff60 100034d2 0076ff88 0076ff84 5903a7ca communication!readBytes+0x29 (FPO: [2,1,0]) (CONV: stdcall)
0076ffb4 7c80b50b 00420048 0012f9b0 00662558 emulator!readPacket+0x92 (FPO: [Uses EBP] [1,13,5]) (CONV: stdcall)
0076ffec 00000000 10003440 00420048 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
start end module name
00380000 003bb000 distanceFilter distanceFilter.dll Wed Jul 19 12:06:02 2006 (44BE586A)
003e0000 003e7000 errorInsertion errorInsertion.dll Tue Aug 01 18:50:33 2006 (44CFDAB9)
00400000 00416000 application application.exe Tue Aug 08 14:05:37 2006 (44D8D271)
00620000 00646000 communication communication.dll Tue Jul 25 23:59:48 2006 (44C6E8B4)
10000000 1002f000 emulator emulator.dll Sat Aug 05 12:43:41 2006 (44D4CABD)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 03:59:14 2004 (41109752)
78130000 781cb000 MSVCR80 MSVCR80.dll Fri Sep 23 02:44:37 2005 (4333A455)
7c420000 7c4a7000 MSVCP80 MSVCP80.dll Fri Sep 23 02:46:56 2005 (4333A4E0)
7c800000 7c8f4000 kernel32 kernel32.dll Wed Aug 04 0336 2004 (411096B4)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 03
804d7000 806e2000 nt ntkrpamp.exe Tue Mar 01 19:34:38 2005 (42250A1E)
806e2000 80702d00 hal halmacpi.dll Wed Aug 04 01:59:09 2004 (41107B2D)
a4c83000 a4ca5080 RDPWD RDPWD.SYS Thu Jun 09 19:52:39 2005 (42A8D647)
a4e81000 a4ec1280 HTTP HTTP.sys Thu Mar 16 19:33:09 2006 (441A03C5)
a55de000 a55f5000 PfModNT PfModNT.sys Wed Dec 22 06:58:12 2004 (41C96154)
a561d000 a566e400 srv srv.sys Fri Apr 21 02:12:25 2006 (444877C9)
a567f000 a5681bc0 secdrv secdrv.sys Mon Jul 01 04:46:43 2002 (3D2016F3)
a5817000 a5826900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)
a593f000 a596b400 mrxdav mrxdav.sys Wed Aug 04 02:00:49 2004 (41107B91)
a5a59000 a5a6d400 wdmaud wdmaud.sys Wed Aug 04 02:15:03 2004 (41107EE7)
a8be5000 a8c08000 Fastfat Fastfat.SYS Wed Aug 04 02:14:15 2004 (41107EB7)
a8c08000 a8cb1ca0 USA19H2k USA19H2k.sys Tue Jun 24 23:30:16 2003 (3EF91748)
a8cb2000 a8d6f7a0 avg7core avg7core.sys Mon May 22 11:18:28 2006 (4471D644)
a8d70000 a8ddea00 mrxsmb mrxsmb.sys Fri May 05 05:41:42 2006 (445B1DD6)
a8ddf000 a8e09a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)
a8e0a000 a8e2bd00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
a8e2c000 a8e4cf00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
a8e4d000 a8e74c00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
a8e75000 a8eccd80 tcpip tcpip.sys Thu Apr 20 07:51:47 2006 (444775D3)
a8ecd000 a8edf400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 20:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
bf9d4000 bfa17000 ati2dvag ati2dvag.dll Tue Mar 21 22
bfa17000 bfa56000 ati2cqag ati2cqag.dll Tue Mar 21 22:12:22 2006 (4420C096)
bfa56000 bfa8c000 atikvmag atikvmag.dll Tue Mar 21 22:18:34 2006 (4420C20A)
bfa8c000 bfd16120 ati3duag ati3duag.dll Tue Mar 21 22:40:09 2006 (4420C719)
bfd17000 bfe2b100 ativvaxx ativvaxx.dll Tue Mar 21 22:33:39 2006 (4420C593)
ebf09000 ebf3c200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
ebf3d000 ebf6d100 rdpdr rdpdr.sys Wed Aug 04 02:01:10 2004 (41107BA6)
ebf6e000 ebf7ee00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
ebf7f000 ebf95680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
ebfa4000 ebfa6580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
ec141000 ec14b200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
ec151000 ec15d880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
ec7ef000 ec7fdd80 sysaudio sysaudio.sys Wed Aug 04 02:15:54 2004 (41107F1A)
ef2dc000 ef326000 vaxscsi vaxscsi.sys Mon Jan 09 16:20:27 2006 (43C2D39B)
ef3d5000 ef3fb000 ctsfm2k ctsfm2k.sys Mon Jan 10 05:15:22 2005 (41E255BA)
ef718000 ef718c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
efc46000 efc4e700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
efc86000 efc8f480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
efc96000 efc9ff00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
efca6000 efcae900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
efcb6000 efcc1d00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
eff1b000 eff202a0 USA19H2kp USA19H2kp.SYS Tue Jun 24 2318 2003 (3EF9152E)
eff23000 eff27080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
eff43000 eff47880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
f002a000 f002fa00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
f0032000 f0038000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
f004a000 f004e580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
f005a000 f0061000 GEARAspiWDM GEARAspiWDM.sys Wed Feb 02 00:19:49 2005 (420062F5)
f0062000 f0068b00 fdc fdc.sys Wed Aug 04 01:59:25 2004 (41107B3D)
f007a000 f0088080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
f008a000 f0096180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
f009a000 f00a4380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
f00aa000 f00b9d80 serial serial.sys Wed Aug 04 02:15:51 2004 (41107F17)
f00ba000 f00c9180 nic1394 nic1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
f0b3a000 f0b3dc80 serenum serenum.sys Wed Aug 04 01:59:06 2004 (41107B2A)
f1a9c000 f1a9f280 ndisuio ndisuio.sys Wed Aug 04 02:03:10 2004 (41107C1E)
f2218000 f221bf80 MCEIR MCEIR.sys Fri Jun 03 17:23:16 2005 (42A0CA44)
f226c000 f226d380 avgtdi avgtdi.sys Sat Sep 03 20:38:58 2005 (431A4222)
f44d9000 f4509000 ctoss2k ctoss2k.sys Mon Jan 10 05:15:28 2005 (41E255C0)
f4509000 f452c980 portcls portcls.sys Wed Aug 04 02:15:47 2004 (41107F13)
f452d000 f4681a00 P17 P17.sys Tue Sep 13 02:07:01 2005 (43266C85)
f4774000 f4775080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
f4778000 f4779280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
f498b000 f498e780 dump_diskdump dump_diskdump.sys Wed Aug 04 01:59:51 2004 (41107B57)
f4bb5000 f4bba500 TDTCP TDTCP.SYS Wed Aug 04 01:58:52 2004 (41107B1C)
f4bbd000 f4bc4b80 usbccgp usbccgp.sys Wed Aug 04 02:08:45 2004 (41107D6D)
f4c41000 f4c49880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
f59af000 f59bdb80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)
f5a1f000 f5a274a0 oreans32 oreans32.sys Wed Apr 05 06:44:18 2006 (44339F82)
f5cdd000 f5ce3f00 SCDEmu SCDEmu.SYS Sat May 20 06:15:25 2006 (446EEC3D)
f6401000 f6406200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
f6409000 f640ece0 dump_iteraid dump_iteraid.sys Thu Oct 28 23
f6419000 f641f780 USBSTOR USBSTOR.SYS Wed Aug 04 02:08:44 2004 (41107D6C)
f6421000 f6427c80 avg7rsxp avg7rsxp.sys Wed Feb 22 19:40:37 2006 (43FD0485)
f6624000 f6646680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f6647000 f6699a80 atinavrr atinavrr.sys Thu Jan 05 21:34:15 2006 (43BDD727)
f669a000 f66bce80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
f66bd000 f66dbf00 b57xp32 b57xp32.sys Mon Dec 06 20:55:18 2004 (41B50D86)
f6705000 f6718780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
f6719000 f689c000 ati2mtag ati2mtag.sys Tue Mar 21 22
f689c000 f68aa100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
f68ec000 f68f4d80 HIDCLASS HIDCLASS.SYS Wed Aug 04 02:08:18 2004 (41107D52)
f6de0000 f6de2580 hidusb hidusb.sys Fri Aug 17 17:02:16 2001 (3B7D8658)
f6de4000 f6de6f80 mouhid mouhid.sys Fri Aug 17 16:47:57 2001 (3B7D82FD)
f7231000 f7233900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
f7265000 f7268a00 kbdhid kbdhid.sys Wed Aug 04 01:58:33 2004 (41107B09)
f7269000 f726b280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
f7275000 f7277e00 BdaSup BdaSup.SYS Wed Aug 04 02:10:11 2004 (41107DC3)
f72a1000 f72bb580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f72bc000 f72e8a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
f72e9000 f7375480 Ntfs Ntfs.sys Wed Aug 04 02:15:06 2004 (41107EEA)
f7376000 f738c780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
f738d000 f739ef00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)
f739f000 f73bd780 fltMgr fltMgr.sys Wed Aug 04 02:01:17 2004 (41107BAD)
f73be000 f73d5800 SCSIPORT SCSIPORT.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
f73d6000 f73ed480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
f73ee000 f7413700 dmio dmio.sys Wed Aug 04 02:07:13 2004 (41107D11)
f7414000 f7432880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
f7433000 f7443a80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
f7444000 f7471d80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
f7472000 f7489800 SPTD9341 SPTD9341.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
f748a000 f755a000 sptd sptd.sys Sat Dec 03 08:59:59 2005 (4391A4DF)
f765b000 f7663c00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
f766b000 f7679e80 ohci1394 ohci1394.sys Wed Aug 04 02:10:05 2004 (41107DBD)
f767b000 f7688000 1394BUS 1394BUS.SYS Wed Aug 04 02:10:03 2004 (41107DBB)
f768b000 f7695500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
f769b000 f76a7c80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
f76ab000 f76b3e00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
f76bb000 f76c7200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
f76cb000 f76d6080 PxHelp20 PxHelp20.sys Thu Nov 03 12
f771b000 f7723d00 intelppm intelppm.sys Wed Aug 04 01:59:19 2004 (41107B37)
f777b000 f7789d80 arp1394 arp1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
f77ab000 f77b3700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
f78db000 f78e1200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
f78e3000 f78e7900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
f78eb000 f78f0ce0 iteraid iteraid.sys Thu Oct 28 23
f7933000 f7937500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
f79cb000 f79d0000 usbuhci usbuhci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f79d3000 f79d9800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f79eb000 f79f1180 HIDPARSE HIDPARSE.SYS Wed Aug 04 02:08:15 2004 (41107D4F)
f7a13000 f7a1a880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
f7a3b000 f7a3fa80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
f7a43000 f7a48000 flpydisk flpydisk.sys Wed Aug 04 01:59:24 2004 (41107B3C)
f7a6b000 f7a6e000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
f7b4f000 f7b52c80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
f7b5b000 f7b5cb80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
f7b5d000 f7b5e100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f7b5f000 f7b60700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)
f7bbb000 f7bbcf00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
f7bc3000 f7bc4080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
f7bcf000 f7bd0100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
f7bd9000 f7bda0c0 avg7rsw avg7rsw.sys Sun Sep 18 20:09:31 2005 (432E01BB)
f7c0b000 f7c0c080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
f7c23000 f7c23d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
f7c86000 f7c86d00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
f7d26000 f7d26b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
Unloaded modules:
ebf9c000 ebf9d000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5a0c000 a5a36000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
efe4a000 efe57000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec181000 ec18f000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5a36000 a5a59000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b93000 f7b95000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a583b000 a584f000 Parport.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec1a1000 ec1ac000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec191000 ec19c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f786b000 f7876000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
efdfa000 efe05000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
efc76000 efc81000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f77db000 f77e6000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec79f000 ec7aa000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f787b000 f7886000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f499f000 f49a3000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f5f30000 f5f3d000 i8042prt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f798b000 f7990000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f5b9e000 f5ba1000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bcd000 f7bcf000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec161000 ec16c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bc9000 f7bcb000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec171000 ec17c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bbd000 f7bbf000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec181000 ec18c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b63000 f7b65000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec191000 ec19c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f4770000 f4772000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec1a1000 ec1ac000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b65000 f7b67000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f775b000 f7766000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bb7000 f7bb9000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f774b000 f7756000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Newbie
This is a minidump from an actual BAD_POOL_HEADER error. I will try to look into the information to try to make sense out of everything. Any information will be highly appreciated. Thanks :
Opened log file 'c:\debuglog.txt'
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini080806-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32 \drivers
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 8 14:26:41.187 2006 (GMT-4)
System Uptime: 0 days 0:34:04.897
Loading Kernel Symbols
.................................................. .................................................. .....................................
Loading User Symbols
Loading unloaded module list
.................................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 6b, 863, 1aff53f0}
GetUlongFromAddress: unable to read from 80564c50
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+2a3 )
Followup: MachineOwner
---------
0: kd> !analyze -v;r;kv;lmtn;.logclose;q
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 0000006b, The pool entry we were looking for within the page.
Arg3: 00000863, The next pool entry.
Arg4: 1aff53f0, (reserved)
Debugging Details:
------------------
GetUlongFromAddress: unable to read from 80564c50
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: 0000006b
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
IRP_ADDRESS: 86a4ced8
LAST_CONTROL_TRANSFER: from 8054a583 to 804f9c37
STACK_TEXT:
a5975c04 8054a583 00000019 00000020 0000006b nt!KeBugCheckEx+0x1b
a5975c54 804f4940 00000073 00000000 00000000 nt!ExFreePoolWithTag+0x2a3
a5975cac 8057a4dd 86a4cf18 a5975ce4 a5975cf4 nt!IopCompleteRequest+0xf4
a5975d48 8054060c 00000978 012cd81c 012cd82c nt!NtSetInformationFile+0x72f
a5975d48 7c90eb94 00000978 012cd81c 012cd82c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
012cd834 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a3
8054a583 8b45f8 mov eax,dword ptr [ebp-8]
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1e
SYMBOL_NAME: nt!ExFreePoolWithTag+2a3
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a3
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a3
Followup: MachineOwner
---------
eax=ffdff13c ebx=0000006b ecx=00000000 edx=00000000 esi=0000006b edi=86d7eef8
eip=804f9c37 esp=a5975bec ebp=a5975c04 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
804f9c37 5d pop ebp
ChildEBP RetAddr Args to Child
a5975c04 8054a583 00000019 00000020 0000006b nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
a5975c54 804f4940 00000073 00000000 00000000 nt!ExFreePoolWithTag+0x2a3 (FPO: [Non-Fpo])
a5975cac 8057a4dd 86a4cf18 a5975ce4 a5975cf4 nt!IopCompleteRequest+0xf4 (FPO: [Non-Fpo])
a5975d48 8054060c 00000978 012cd81c 012cd82c nt!NtSetInformationFile+0x72f (FPO: [Non-Fpo])
a5975d48 7c90eb94 00000978 012cd81c 012cd82c nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a5975d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
012cd834 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806e2000 nt ntkrpamp.exe Tue Mar 01 19:34:38 2005 (42250A1E)
806e2000 80702d00 hal halmacpi.dll Wed Aug 04 01:59:09 2004 (41107B2D)
a5023000 a5045080 RDPWD RDPWD.SYS Thu Jun 09 19:52:39 2005 (42A8D647)
a529e000 a52de280 HTTP HTTP.sys Thu Mar 16 19:33:09 2006 (441A03C5)
a57df000 a57f6000 PfModNT PfModNT.sys Wed Dec 22 06:58:12 2004 (41C96154)
a59ae000 a59ff400 srv srv.sys Fri Apr 21 02:12:25 2006 (444877C9)
a5a80000 a5a8f900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)
a5acc000 a5acebc0 secdrv secdrv.sys Mon Jul 01 04:46:43 2002 (3D2016F3)
a5ca8000 a5cd4400 mrxdav mrxdav.sys Wed Aug 04 02:00:49 2004 (41107B91)
a5d9a000 a5dae400 wdmaud wdmaud.sys Wed Aug 04 02:15:03 2004 (41107EE7)
a8be5000 a8c08000 Fastfat Fastfat.SYS Wed Aug 04 02:14:15 2004 (41107EB7)
a8c08000 a8cb1ca0 USA19H2k USA19H2k.sys Tue Jun 24 23:30:16 2003 (3EF91748)
a8cb2000 a8d6f7a0 avg7core avg7core.sys Mon May 22 11:18:28 2006 (4471D644)
a8d70000 a8ddea00 mrxsmb mrxsmb.sys Fri May 05 05:41:42 2006 (445B1DD6)
a8ddf000 a8e09a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)
a8e0a000 a8e2bd00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
a8e2c000 a8e4cf00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
a8e4d000 a8e74c00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
a8e75000 a8eccd80 tcpip tcpip.sys Thu Apr 20 07:51:47 2006 (444775D3)
a8ecd000 a8edf400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 20:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
bf9d4000 bfa17000 ati2dvag ati2dvag.dll Tue Mar 21 22
bfa17000 bfa56000 ati2cqag ati2cqag.dll Tue Mar 21 22:12:22 2006 (4420C096)
bfa56000 bfa8c000 atikvmag atikvmag.dll Tue Mar 21 22:18:34 2006 (4420C20A)
bfa8c000 bfd16120 ati3duag ati3duag.dll Tue Mar 21 22:40:09 2006 (4420C719)
bfd17000 bfe2b100 ativvaxx ativvaxx.dll Tue Mar 21 22:33:39 2006 (4420C593)
ebd2b000 ebd5e200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
ebd5f000 ebd8f100 rdpdr rdpdr.sys Wed Aug 04 02:01:10 2004 (41107BA6)
ebd90000 ebda0e00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
ebda1000 ebdb7680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
ec06e000 ec073ce0 dump_iteraid dump_iteraid.sys Thu Oct 28 23
ec076000 ec07db80 usbccgp usbccgp.sys Wed Aug 04 02:08:45 2004 (41107D6D)
ec07e000 ec0832a0 USA19H2kp USA19H2kp.SYS Tue Jun 24 23
ec086000 ec08c780 USBSTOR USBSTOR.SYS Wed Aug 04 02:08:44 2004 (41107D6C)
ec08e000 ec095000 avg7rsxp avg7rsxp.sys unavailable (00000000)
ec0ba000 ec0bc280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
ec0f1000 ec0f9700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
ec101000 ec109880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
ec111000 ec1194a0 oreans32 oreans32.sys Wed Apr 05 06:44:18 2006 (44339F82)
ec121000 ec129700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
ec151000 ec15f100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
ec308000 ec308b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
ec63e000 ec644f00 SCDEmu SCDEmu.SYS Sat May 20 06:15:25 2006 (446EEC3D)
ec646000 ec64d880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
ec64e000 ec652a80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
ec656000 ec65b200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
ec65e000 ec664180 HIDPARSE HIDPARSE.SYS Wed Aug 04 02:08:15 2004 (41107D4F)
ec66e000 ec673000 flpydisk flpydisk.sys Wed Aug 04 01:59:24 2004 (41107B3C)
ec67e000 ec683a00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
ec686000 ec68c000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
ec77b000 ec77ec80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
ec793000 ec795580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
ec981000 ec98a480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
ec991000 ec99af00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
ec9a1000 ec9a9900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
ec9b1000 ec9bcd00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
ec9c1000 ec9cb200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
ec9d1000 ec9dd880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
ecc05000 ecc05c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
ed462000 ed470d80 sysaudio sysaudio.sys Wed Aug 04 02:15:54 2004 (41107F1A)
effa4000 effa5380 avgtdi avgtdi.sys Sat Sep 03 20:38:58 2005 (431A4222)
f012a000 f0138d80 arp1394 arp1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
f0f04000 f0f07280 ndisuio ndisuio.sys Wed Aug 04 02:03:10 2004 (41107C1E)
f22f4000 f22f5080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
f22f6000 f22f7080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
f486b000 f486ea00 kbdhid kbdhid.sys Wed Aug 04 01:58:33 2004 (41107B09)
f487f000 f4881900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
f5512000 f5516580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
f60dd000 f60e5d80 HIDCLASS HIDCLASS.SYS Wed Aug 04 02:08:18 2004 (41107D52)
f6185000 f618a500 TDTCP TDTCP.SYS Wed Aug 04 01:58:52 2004 (41107B1C)
f6244000 f6246f80 mouhid mouhid.sys Fri Aug 17 16:47:57 2001 (3B7D82FD)
f6350000 f639a000 vaxscsi vaxscsi.sys unavailable (00000000)
f644b000 f6471000 ctsfm2k ctsfm2k.sys Mon Jan 10 05:15:22 2005 (41E255BA)
f6471000 f64a1000 ctoss2k ctoss2k.sys Mon Jan 10 05:15:28 2005 (41E255C0)
f64a1000 f64c4980 portcls portcls.sys Wed Aug 04 02:15:47 2004 (41107F13)
f64c5000 f661a000 P17 P17.sys unavailable (00000000)
f661a000 f663c680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f663d000 f6690000 atinavrr atinavrr.sys unavailable (00000000)
f6690000 f66b2e80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
f66b3000 f66d1f00 b57xp32 b57xp32.sys Mon Dec 06 20:55:18 2004 (41B50D86)
f66d2000 f66e5780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
f66e6000 f6869000 ati2mtag ati2mtag.sys Tue Mar 21 22
f724d000 f7250f80 MCEIR MCEIR.sys Fri Jun 03 17:23:16 2005 (42A0CA44)
f7275000 f7278780 dump_diskdump dump_diskdump.sys Wed Aug 04 01:59:51 2004 (41107B57)
f72a1000 f72bb580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f72bc000 f72e8a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
f72e9000 f7375480 Ntfs Ntfs.sys Wed Aug 04 02:15:06 2004 (41107EEA)
f7376000 f738c780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
f738d000 f739ef00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)
f739f000 f73bd780 fltMgr fltMgr.sys Wed Aug 04 02:01:17 2004 (41107BAD)
f73be000 f73d5800 SCSIPORT SCSIPORT.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
f73d6000 f73ed480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
f73ee000 f7413700 dmio dmio.sys Wed Aug 04 02:07:13 2004 (41107D11)
f7414000 f7432880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
f7433000 f7443a80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
f7444000 f7471d80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
f7472000 f7489800 SPTD9341 SPTD9341.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
f748a000 f755a000 sptd sptd.sys unavailable (00000000)
f765b000 f7663c00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
f766b000 f7679e80 ohci1394 ohci1394.sys Wed Aug 04 02:10:05 2004 (41107DBD)
f767b000 f7688000 1394BUS 1394BUS.SYS Wed Aug 04 02:10:03 2004 (41107DBB)
f768b000 f7695500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
f769b000 f76a7c80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
f76ab000 f76b3e00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
f76bb000 f76c7200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
f76cb000 f76d6080 PxHelp20 PxHelp20.sys Thu Nov 03 12
f771b000 f7723d00 intelppm intelppm.sys Wed Aug 04 01:59:19 2004 (41107B37)
f774b000 f7759b80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)
f775b000 f776a180 nic1394 nic1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
f776b000 f777ad80 serial serial.sys Wed Aug 04 02:15:51 2004 (41107F17)
f777b000 f7785380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
f778b000 f7797180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
f779b000 f77a9080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
f78db000 f78e1200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
f78e3000 f78e7900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
f78eb000 f78f0ce0 iteraid iteraid.sys Thu Oct 28 23
f794b000 f794f500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
f79bb000 f79c0000 usbuhci usbuhci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f79c3000 f79c9800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f79cb000 f79d1b00 fdc fdc.sys Wed Aug 04 01:59:25 2004 (41107B3D)
f79e3000 f79ea000 GEARAspiWDM GEARAspiWDM.sys Wed Feb 02 00:19:49 2005 (420062F5)
f79f3000 f79f7880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
f7a23000 f7a27080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
f7a6b000 f7a6e000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
f7b2b000 f7b2d580 hidusb hidusb.sys Fri Aug 17 17:02:16 2001 (3B7D8658)
f7b4b000 f7b4de00 BdaSup BdaSup.SYS Wed Aug 04 02:10:11 2004 (41107DC3)
f7b53000 f7b56c80 serenum serenum.sys Wed Aug 04 01:59:06 2004 (41107B2A)
f7b5b000 f7b5cb80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
f7b5d000 f7b5e100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f7b5f000 f7b60700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)
f7b89000 f7b8a280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
f7b91000 f7b920c0 avg7rsw avg7rsw.sys Sun Sep 18 20:09:31 2005 (432E01BB)
f7bf3000 f7bf4100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
f7c05000 f7c06f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
f7c17000 f7c18080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
f7c23000 f7c23d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
f7da7000 f7da7d00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
Unloaded modules:
ec02e000 ec02f000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5d4d000 a5d77000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f77fb000 f7808000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f5396000 f53a4000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5d77000 a5d9a000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bbd000 f7bbf000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5c6c000 a5c80000 Parport.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f787b000 f7886000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f62b8000 f62c3000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f53f6000 f5401000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f786b000 f7876000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f68f9000 f6904000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
efcfa000 efd05000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f788b000 f7896000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f68b9000 f68c4000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec0be000 ec0c2000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec131000 ec13e000 i8042prt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ec666000 ec66b000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec0c2000 ec0c5000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c09000 f7c0b000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec9e1000 ec9ec000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c15000 f7c17000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ec9f1000 ec9fc000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c01000 f7c03000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eca01000 eca0c000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7be3000 f7be5000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ed3f2000 ed3fd000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b8b000 f7b8d000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f012a000 f0135000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7bab000 f7bad000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f773b000 f7746000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7ba7000 f7ba9000 USBD.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f772b000 f7736000 lvusbsta.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
¨*·.¸ «.·°·..·°·.» ¸.·*¨
If you have multiple dumps see if the faulting app is the same.
The memory read, or lack thereof, was perhaps triggering the earlier BAD_POOL_HEADER
The second dump points to Arg2: 8054a71c, The address that the exception occurred at
While the first is concerned at 80564c50
Your mini shows 8054a583
You can try PSTAT to ID your drivers:
To install Windows Support Tools:Pstat can tell you what driver is loaded at what address. Install the Windows Support Tools from XP's CD. They left it out of the help file.
Just type pstat in a command prompt. The bottom section will list drivers and their memory address. Match your param 4 on this list. Param 1 is memory it tried to read, param 2 is the IRQL, and for param 3 0 means read and 1 write.
You could also try Verifier:You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.
1.
Insert the Windows CD into your CD-ROM drive.
2.
Click No if you are prompted to reinstall Windows.
3.
When the Welcome screen appears, click Browse this CD.
4.
Go to the \Support\Tools folder.
For complete Setup information, refer to the Sreadme.doc file available in this folder.
5.
Double-click Setup.exe.
6.
Follow the instructions that appear on your screen.
Warning
• Certain Support Tools, if used improperly, might cause your computer to stop functioning. It is recommended that only experienced users install and use Support Tools.
Note
• The Support Tools and the Support Tools Help are in English only.
• The Setup program installs all the Support Tools files on your hard disk and requires a maximum of 14 megabytes (MB) of free space.
• Setup creates a Windows Support Tools folder within the Programs folder on the Start menu. For information about individual tools, click Tools Help. Tools with Windows interfaces can be selected from the Tools menu.
Type verifier in Start - Run and follow the wizard. This will make
all drivers slower but error messages should contain the driver's name
and all drivers get checked as they work. The error code may change as
Windows is strict with drivers.
Newbie
I will try everything out and post the info tomorrow. Are the drivers always loaded at the same memory location. So comparing the driver location now to a minidump that happened yesterday would be meaningful or should I run pstat, collect the info and then wait for a BSOD to compare memory locations. Thanks a lot for the help
Amish
Last edited by axr0284; 09-08-2006 at 05:32 AM.
Newbie
Hi,
I have encountered another BSOD. I thought the last one was caused by the usb to serial converter I was using so I changed it to another one of a different brand. This time I did pstat after running the program that always gives the error. After it crashed I used debugWiz. I have attached both logfiles to this message. The main things I think is of value I've put below for quick browsing:
FROM DEBUGLOG.TXT
BugCheck A, {f78b, 2, 1, 806e4a8e}
Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_DoneTransfer+f6 )
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000f78b, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 806e4a8e, address which referenced memory
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: receiver.exe
THESE ARE ALL THE DLLS LOADED BY RECEIVER.EXE
00380000 003bb000 distanceFilter distanceFilter.dll Wed Jul 19 12:06:02 2006 (44BE586A)
003e0000 003e7000 errorInsertion errorInsertion.dll Tue Aug 01 18:50:33 2006 (44CFDAB9)
00400000 00416000 receiver receiver.exe Tue Aug 08 19:40:20 2006 (44D920E4)
00620000 00646000 communication communication.dll Tue Jul 25 23:59:48 2006 (44C6E8B4)
10000000 1002f000 emulator emulator.dll Sat Aug 05 12:43:41 2006 (44D4CABD)
ec388000 ec392700 ser2pl ser2pl.sys Mon Jun 28 00:08:53 2004 (40DF99D5)
f6406000 f6428e80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
FROM PSTAT
User Time Kernel Time Ws Faults Commit Pri Hnd Thd Pid Name
0:00:10.500 0:00:00.015 3000 767 1736 8 29 11 3788 receiver.exe
pid:ecc pri: 8 Hnd: 29 Pf: 767 Ws: 3000K receiver.exe
tid pri Ctx Swtch StrtAddr User Time Kernel Time State
844 11 445 7C810867 0:00:00.000 0:00:00.015 Wait:LpcReply
f28 10 1820 7C810856 0:00:00.000 0:00:00.000 WaitelayExecution
f24 8 614 7C810856 0:00:00.000 0:00:00.000 Wait
f2c 8 1105 7C810856 0:00:02.765 0:00:00.000 Wait
f30 8 585 7C810856 0:00:00.000 0:00:00.000 Wait
59c 8 1186 7C810856 0:00:02.171 0:00:00.000 Running
f3c 8 579 7C810856 0:00:00.000 0:00:00.000 Wait
ce8 8 708 7C810856 0:00:00.000 0:00:00.000 Wait
23c 8 1431 7C810856 0:00:05.546 0:00:00.000 Ready
3c0 8 716 7C810856 0:00:00.000 0:00:00.000 Wait
f48 8 597 7C810856 0:00:00.000 0:00:00.000 Wait
ModuleName Load Addr Code Data Paged LinkDate
------------------------------------------------------------------------------
ser2pl.sys EC388000 35968 512 0 Mon Jun 28 00:08:53 2004
USBPORT.SYS F6406000 119808 1024 10752 Wed Aug 04 02:08:34 2004
I sincerely hope someone can take the time to look into the info. Next thing I will try the verifier program. Not too sure how it works though. Thanks again for your help,
Amish
¨*·.¸ «.·°·..·°·.» ¸.·*¨
receiver.exe
Is this part of the program that you wrote? Otherwise:
http://www.2-spyware.com/file-receiver-exe.htmlreceiver.exe is an executable file that starts a malicious process, launches certain parasite components or runs a destructive payload. Even if the receiver.exe file does nothing suspicious, its presence indicates that your computer is infected with a particular threat.
The receiver.exe file is installed and used by Big Brother 3.5.1.
You are highly advised to scan the system, delete executable receiver.exe and terminate all the processes it started. Please note that the receiver.exe file actually may be a fully legitimate part of the operating system or legitimate software. Often parasites use files with unsuspicious names, but malicious functionality. You should always carefully check the file before deleting it. It may not be related with malware, but can be required by your essential programs to work properly.
I can say that it is NOT an XP file.
As a first response you might want to post a HijackThis log for review by our Pros in that section:
Please follow the instructions HERE & then post your log in a new thread in the Spyware, Adware, Viruses and HijackThis Logs section.
(Not in this section please).
Please specify what issues you appear to be experiencing along with your log.
Newbie
receiver.exe is a program I wrote and it's not a virus.
Amish
¨*·.¸ «.·°·..·°·.» ¸.·*¨
Can you remove that program just to see if the problems persist?
