I analyzed the dump file that was submitted to me via email and got this:
Quote
Microsoft ® Windows Debugger Version 6.8.0004.0 AMD64
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\FUBAR\Desktop\Mini082208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Thu Aug 21 20:30:24.380 2008 (GMT-4)
System Uptime: 1 days 11:12:42.831
Loading Kernel Symbols
..................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 113d, 0, b6139008}
GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
*** WARNING: Unable to verify timestamp for PxHelp20.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
*** WARNING: Unable to verify timestamp for iastor.sys
*** ERROR: Module load completed but symbols could not be loaded for iastor.sys
*** WARNING: Unable to verify timestamp for iastorv.sys
*** ERROR: Module load completed but symbols could not be loaded for iastorv.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
*** WARNING: Unable to verify timestamp for OEM02Vfx.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Vfx.sys
*** WARNING: Unable to verify timestamp for bcm4sbxp.sys
*** ERROR: Module load completed but symbols could not be loaded for bcm4sbxp.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for btwrchid.sys
*** ERROR: Module load completed but symbols could not be loaded for btwrchid.sys
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for avgmfx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgmfx86.sys
*** WARNING: Unable to verify timestamp for rimmptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimmptsk.sys
*** WARNING: Unable to verify timestamp for rimsptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rimsptsk.sys
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for SynTP.sys
*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys
*** WARNING: Unable to verify timestamp for rixdptsk.sys
*** ERROR: Module load completed but symbols could not be loaded for rixdptsk.sys
*** WARNING: Unable to verify timestamp for HSXHWAZL.sys
*** ERROR: Module load completed but symbols could not be loaded for HSXHWAZL.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for stwrt.sys
*** ERROR: Module load completed but symbols could not be loaded for stwrt.sys
*** WARNING: Unable to verify timestamp for NETw4v32.sys
*** ERROR: Module load completed but symbols could not be loaded for NETw4v32.sys
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** WARNING: Unable to verify timestamp for igdkmd32.sys
*** ERROR: Module load completed but symbols could not be loaded for igdkmd32.sys
*** WARNING: Unable to verify timestamp for HSX_CNXT.sys
*** ERROR: Module load completed but symbols could not be loaded for HSX_CNXT.sys
*** WARNING: Unable to verify timestamp for HSX_DPV.sys
*** ERROR: Module load completed but symbols could not be loaded for HSX_DPV.sys
*** WARNING: Unable to verify timestamp for OEM02Dev.sys
*** ERROR: Module load completed but symbols could not be loaded for OEM02Dev.sys
*** WARNING: Unable to verify timestamp for avgldx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgldx86.sys
*** WARNING: Unable to verify timestamp for btwavdt.sys
*** ERROR: Module load completed but symbols could not be loaded for btwavdt.sys
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
*** WARNING: Unable to verify timestamp for btwaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for btwaudio.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for TSDDD.dll
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
*** WARNING: Unable to verify timestamp for avgwfpx.sys
*** ERROR: Module load completed but symbols could not be loaded for avgwfpx.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for spsys.sys -
*** WARNING: Unable to verify timestamp for mdmxsdk.sys
*** ERROR: Module load completed but symbols could not be loaded for mdmxsdk.sys
*** WARNING: Unable to verify timestamp for xaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for xaudio.sys
GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000113d, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: b6139008, Address of the block of pool being deallocated
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
POOL_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
b6139008
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81ce7ce8 to 81cd8681
STACK_TEXT:
8866bb2c 81ce7ce8 000000c2 00000007 0000113d nt!KeBugCheckEx+0x1e
8866bba0 81dd37bc b6139008 00000000 00000000 nt!ExFreePoolWithTag+0x17f
8866bbd4 81cb077e 848f0118 b68c38d8 00000000 nt!MiSegmentDelete+0x135
8866bbf8 81cb3c3b 848f0118 b68c3800 b68c38c0 nt!MiCheckControlArea+0x8f
8866bc10 81dd392c 848f0118 00000000 00000000 nt!MiDereferenceControlAreaBySection+0x2d
8866bc34 81ded505 848f0118 81fa7104 b68c38c0 nt!MiSectionDelete+0x101
8866bc50 81c478c8 b68c38d8 00000000 a7b50238 nt!ObpRemoveObjectRoutine+0x100
8866bc78 81cc4613 00010000 a7b5027c a7b50238 nt!ObfDereferenceObject+0xa1
8866bca0 81c24777 00000001 846f7618 a9591e60 nt!CcDeleteSharedCacheMap+0x192
8866bcec 81cbc2f3 a7b50238 8866bd10 00000000 nt!CcWriteBehind+0x40f
8866bd44 81c78fa0 83a75ff0 00000000 83a6cd78 nt!CcWorkerThread+0x1bd
8866bd7c 81e254e0 83a75ff0 88660680 00000000 nt!ExpWorkerThread+0xfd
8866bdc0 81c9159e 81c78ea3 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+17f
81ce7ce8 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExFreePoolWithTag+17f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 471ea39c
FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+17f
Followup: MachineOwner
The debugger wasn't able to verify the timestamps for a whole bunch of drivers (could the time be set wrong on the system?) so that may cause some loss of information. Dunno how to fix it for future dumps - that's gonna take some research on my part.
The error was generated when something tried to free memory - and it seems that the memory was already freed - and that caused the crash.
So, IMO, the first step would be to use Driver Verifier to see what it'll report. Here's a link on how to use it:
http://www.microsoft.com/whdc/DevTools/too...taverifier.mspx
Here's a link for XP (which is similar and easier to use):
http://support.microsoft.com/kb/244617
Essentially, you'll open Driver Verifier by going to start and typing "verifier" (without the quotes) and pressing Enter.
In the first screen you'll want to "Create standard settings" and then press the "Next" button
In the next screen you'll want to "Automatically select unsigned drivers" and then press the "Next" button.
In the next screen you'll just press the "Finish" button (this verifies which unsigned drivers have been selected)
Then reboot the system. In some cases this'll generate a crash immediately (this is a good thing), and in other cases it won't crash immediately (not so good). IME, the immediate crashes will give us the best info about what's crashing, while the delayed crashes may require some more research.
Also, Driver Verifier loads stuff on the system to monitor the drivers - so some minor slowdown is to be expected (and is why we don't verify all the drivers - it'll slow the system to a crawl). Once you're finished with Driver Verifier, it's essential that you go back into the program and "Delete existing settings" to free up the resources.
As it's a memory error, I'd suggest running this free, bootable utility:
http://www.memtest86.com/
There's plenty of other things that this could be - but this'll give us a start. And the dump file from the next BSOD will likely be more helpful.
Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Back to top
