Guest JJoubert Posted August 23, 2007 Posted August 23, 2007 Hi, I have a system here that has had a few BSOD, & I am unable to identify why, I always get the same message, here is the crashdump, does anyone have an idea what this is Microsoft ® Windows Debugger Version 6.6.0007.5 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [W:\2006-2007 Projets\Nouveau POS\Technique\11- BSOD test\BSOD sans Solution à garder\Magasin 235 reg2\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows\Symbols*http://msdl.microsoft.com/download/symbols;srv*"C:\Program Files\Debugging Tools for Windows\Symbols"*http://msdl.microsoft.com/download/symbols Executable search path is: c:\windows\System32; c:\windows\system\System32; http://www.alexander.com/SymServe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp2_gdr.050301-1519 Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420 Debug session time: Tue Aug 14 23:32:50.218 2007 (GMT-4) System Uptime: 0 days 23:58:52.843 Loading Kernel Symbols ............................................................................................................ Loading User Symbols PEB is paged out (Peb.Ldr = 7ffd900c). Type ".hh dbgerr001" for details Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C5, {53646156, 2, 1, 8054b88e} Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+57d ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 53646156, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 8054b88e, address which referenced memory Debugging Details: ------------------ BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExFreePoolWithTag+57d 8054b88e 8913 mov dword ptr [ebx],edx DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: lsass.exe TRAP_FRAME: efe02a84 -- (.trap ffffffffefe02a84) ErrCode = 00000002 eax=8222a1a8 ebx=53646156 ecx=000001ff edx=02040001 esi=8222a1b0 edi=80561940 eip=8054b88e esp=efe02af8 ebp=efe02b2c iopl=0 nv up ei ng nz ac pe cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297 nt!ExFreePoolWithTag+0x57d: 8054b88e 8913 mov dword ptr [ebx],edx ds:0023:53646156=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 8054b88e to 804e187f STACK_TEXT: efe02a84 8054b88e badb0d00 02040001 00000001 nt!KiTrap0E+0x233 efe02b2c 805688e4 00000001 00000000 efe02bf0 nt!ExFreePoolWithTag+0x57d efe02bd8 804de7ec ffffffff efe02cb8 efe02cbc nt!NtFreeVirtualMemory+0x4a1 efe02bd8 804dcd49 ffffffff efe02cb8 efe02cbc nt!KiFastCallEntry+0xf8 efe02c60 8057aa24 ffffffff efe02cb8 efe02cbc nt!ZwFreeVirtualMemory+0x11 efe02d14 8057a46a 00000000 00000000 81f9c020 nt!PspExitThread+0x541 efe02d34 8057aa43 81f9c020 00000000 efe02d64 nt!PspTerminateThreadByPointer+0x52 efe02d54 804de7ec 00000000 00000000 00b7ff20 nt!NtTerminateThread+0x70 efe02d54 7c90eb94 00000000 00000000 00b7ff20 nt!KiFastCallEntry+0xf8 WARNING: Frame IP not in any known module. Following frames may be wrong. 00b7ff20 00000000 00000000 00000000 00000000 0x7c90eb94 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExFreePoolWithTag+57d 8054b88e 8913 mov dword ptr [ebx],edx SYMBOL_STACK_INDEX: 1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9 SYMBOL_NAME: nt!ExFreePoolWithTag+57d FAILURE_BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d BUCKET_ID: 0xC5_2_nt!ExFreePoolWithTag+57d Followup: MachineOwner --------- kd> lmvm nt start end module name 804d7000 806eb100 nt (pdb symbols) C:\Program Files\Debugging Tools for Windows\Symbols\ntoskrnl.pdb\32962337F0F646388B39535CD8DD70E82\ntoskrnl.pdb Loaded symbol image file: ntoskrnl.exe Image path: ntoskrnl.exe Image name: ntoskrnl.exe Timestamp: Tue Mar 01 19:59:37 2005 (42250FF9) CheckSum: 002198AF ImageSize: 00214100 File version: 5.1.2600.2622 Product version: 5.1.2600.2622 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntoskrnl.exe OriginalFilename: ntoskrnl.exe ProductVersion: 5.1.2600.2622 FileVersion: 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) FileDescription: NT Kernel & System LegalCopyright: © Microsoft Corporation. All rights reserved.
Recommended Posts