| 1 | C:\WINDOWS\Symbols>"c:\Program Files\Debugging Tools for Windows\kd.exe" -z c:\w
|
|---|
| 2 | indows\MEMORY.DMP -y c:\WINDOWS\Symbols
|
|---|
| 3 |
|
|---|
| 4 | Microsoft (R) Windows Debugger Version 6.6.0007.5
|
|---|
| 5 | Copyright (c) Microsoft Corporation. All rights reserved.
|
|---|
| 6 |
|
|---|
| 7 |
|
|---|
| 8 | Loading Dump File [c:\windows\MEMORY.DMP]
|
|---|
| 9 | Kernel Complete Dump File: Full address space is available
|
|---|
| 10 |
|
|---|
| 11 | Symbol search path is: c:\WINDOWS\Symbols
|
|---|
| 12 | Executable search path is:
|
|---|
| 13 | Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible
|
|---|
| 14 | Product: Server, suite: Enterprise TerminalServer
|
|---|
| 15 | Built by: 3790.srv03_sp2_rtm.070216-1710
|
|---|
| 16 | Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8e48
|
|---|
| 17 | Debug session time: Tue Apr 3 14:16:12.618 2007 (GMT+2)
|
|---|
| 18 | System Uptime: 1 days 6:41:01.262
|
|---|
| 19 | Loading Kernel Symbols
|
|---|
| 20 | ................................................................................
|
|---|
| 21 | ...........
|
|---|
| 22 | Loading User Symbols
|
|---|
| 23 | ................................................................................
|
|---|
| 24 | .....
|
|---|
| 25 | Loading unloaded module list
|
|---|
| 26 | ....................
|
|---|
| 27 | *******************************************************************************
|
|---|
| 28 | * *
|
|---|
| 29 | * Bugcheck Analysis *
|
|---|
| 30 | * *
|
|---|
| 31 | *******************************************************************************
|
|---|
| 32 |
|
|---|
| 33 | Use !analyze -v to get detailed debugging information.
|
|---|
| 34 |
|
|---|
| 35 | BugCheck C5, {66b37824, 2, 1, 8089592f}
|
|---|
| 36 |
|
|---|
| 37 | *** WARNING: Unable to verify checksum for VBoxMRXNP.dll
|
|---|
| 38 | *** ERROR: Module load completed but symbols could not be loaded for VBoxMRXNP.d
|
|---|
| 39 | ll
|
|---|
| 40 | Probably caused by : ntoskrnl.exe ( nt!ExAllocatePoolWithTag+82d )
|
|---|
| 41 |
|
|---|
| 42 | Followup: MachineOwner
|
|---|
| 43 | ---------
|
|---|
| 44 |
|
|---|
| 45 | kd> !analyze -v
|
|---|
| 46 | *******************************************************************************
|
|---|
| 47 | * *
|
|---|
| 48 | * Bugcheck Analysis *
|
|---|
| 49 | * *
|
|---|
| 50 | *******************************************************************************
|
|---|
| 51 |
|
|---|
| 52 | DRIVER_CORRUPTED_EXPOOL (c5)
|
|---|
| 53 | An attempt was made to access a pageable (or completely invalid) address at an
|
|---|
| 54 | interrupt request level (IRQL) that is too high. This is
|
|---|
| 55 | caused by drivers that have corrupted the system pool. Run the driver
|
|---|
| 56 | verifier against any new (or suspect) drivers, and if that doesn't turn up
|
|---|
| 57 | the culprit, then use gflags to enable special pool.
|
|---|
| 58 | Arguments:
|
|---|
| 59 | Arg1: 66b37824, memory referenced
|
|---|
| 60 | Arg2: 00000002, IRQL
|
|---|
| 61 | Arg3: 00000001, value 0 = read operation, 1 = write operation
|
|---|
| 62 | Arg4: 8089592f, address which referenced memory
|
|---|
| 63 |
|
|---|
| 64 | Debugging Details:
|
|---|
| 65 | ------------------
|
|---|
| 66 |
|
|---|
| 67 |
|
|---|
| 68 | BUGCHECK_STR: 0xC5_2
|
|---|
| 69 |
|
|---|
| 70 | CURRENT_IRQL: 2
|
|---|
| 71 |
|
|---|
| 72 | FAULTING_IP:
|
|---|
| 73 | nt!ExAllocatePoolWithTag+82d
|
|---|
| 74 | 8089592f 897004 mov dword ptr [eax+4],esi
|
|---|
| 75 |
|
|---|
| 76 | DEFAULT_BUCKET_ID: DRIVER_FAULT
|
|---|
| 77 |
|
|---|
| 78 | PROCESS_NAME: explorer.exe
|
|---|
| 79 |
|
|---|
| 80 | TRAP_FRAME: f88d3a74 -- (.trap fffffffff88d3a74)
|
|---|
| 81 | ErrCode = 00000002
|
|---|
| 82 | eax=66b37820 ebx=808b0a60 ecx=00000000 edx=00000053 esi=808b0d20 edi=8155630f
|
|---|
| 83 | eip=8089592f esp=f88d3ae8 ebp=f88d3b24 iopl=0 nv up ei pl nz na po nc
|
|---|
| 84 | cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
|
|---|
| 85 | nt!ExAllocatePoolWithTag+0x82d:
|
|---|
| 86 | 0008:8089592f 897004 mov dword ptr [eax+4],esi ds:0023:66b37824=???
|
|---|
| 87 | ?????
|
|---|
| 88 | Resetting default scope
|
|---|
| 89 |
|
|---|
| 90 | LAST_CONTROL_TRANSFER: from 8089592f to 80826653
|
|---|
| 91 |
|
|---|
| 92 | STACK_TEXT:
|
|---|
| 93 | f88d3a74 8089592f badb0d00 00000053 8092b6ab nt!KiTrap0E+0x2a1
|
|---|
| 94 | f88d3b24 809032d1 00000000 00000000 e36f7250 nt!ExAllocatePoolWithTag+0x82d
|
|---|
| 95 | f88d3b48 80904782 816ec510 30f88d01 00000000 nt!ObpAllocateObject+0xc9
|
|---|
| 96 | f88d3b7c 8090dd12 30f88d01 817ac040 00000000 nt!ObCreateObject+0x129
|
|---|
| 97 | f88d3ce4 8091dec1 00f6cec8 001f0fff 00000000 nt!PspCreateProcess+0xd2
|
|---|
| 98 | f88d3d38 808234cb 00f6cec8 001f0fff 00000000 nt!NtCreateProcessEx+0x7e
|
|---|
| 99 | f88d3d38 7c8285fe 00f6cec8 001f0fff 00000000 nt!KiFastCallEntry+0xf8
|
|---|
| 100 | 00f6cb00 7c826e9b 77e6cf95 00f6cec8 001f0fff ntdll!KiIntSystemCall+0x6
|
|---|
| 101 | 00f6cb04 77e6cf95 00f6cec8 001f0fff 00000000 ntdll!NtCreateProcessEx+0xc
|
|---|
| 102 | 00f6d328 77e424a0 00000000 0276c4f4 0276a25c kernel32!CreateProcessInternalW+0x1
|
|---|
| 103 | 5e5
|
|---|
| 104 | 00f6d360 7c916748 0276c4f4 0276a25c 00000000 kernel32!CreateProcessW+0x2c
|
|---|
| 105 | 00f6dde4 7c916b3d 00030028 00000000 0276c904 SHELL32!_SHCreateProcess+0x387
|
|---|
| 106 | 00f6de38 7c916173 02769008 00f6de58 7c915a6e SHELL32!CShellExecute::_DoExecComma
|
|---|
| 107 | nd+0xb4
|
|---|
| 108 | 00f6de44 7c915a6e 00000000 00117e10 02769008 SHELL32!CShellExecute::_TryInvokeAp
|
|---|
| 109 | plication+0x49
|
|---|
| 110 | 00f6de58 7c915997 00117e10 00117e10 00f6de98 SHELL32!CShellExecute::ExecuteNorma
|
|---|
| 111 | l+0xb1
|
|---|
| 112 | 00f6de6c 7c91592b 00f6de98 0013c6f0 00117e10 SHELL32!ShellExecuteNormal+0x30
|
|---|
| 113 | 00f6de88 7c9252ef 00f6de98 00000000 0000003c SHELL32!ShellExecuteExW+0x8d
|
|---|
| 114 | 00f6ded4 7c924faa 00f6e130 40000000 00f6df04 SHELL32!_InvokePidl+0x9f
|
|---|
| 115 | 00f6e110 7c924e39 00f6e130 00000000 00117e10 SHELL32!CShellExecMenu::_InvokeOne+
|
|---|
| 116 | 0xa0
|
|---|
| 117 | 00f6e19c 7c924cd2 0013c6f4 00f6e1b8 000d1f80 SHELL32!CShellExecMenu::InvokeComma
|
|---|
| 118 | nd+0xa7
|
|---|
| 119 | 00f6e1fc 7c924c24 001558c8 00f6e21c 00000001 SHELL32!HDXA_LetHandlerProcessComma
|
|---|
| 120 | ndEx+0xa5
|
|---|
| 121 | 00f6e48c 7c926544 000d1f80 00f6e4c4 00000001 SHELL32!CDefFolderMenu::InvokeComma
|
|---|
| 122 | nd+0x17f
|
|---|
| 123 | 00f6e4a8 7c9264fc 0009eb94 00f6e4c4 00f6f0ac SHELL32!CShellLink::TargetContextMe
|
|---|
| 124 | nu::InvokeCommand+0x22
|
|---|
| 125 | 00f6efa0 7c926291 00f6efec 0009eba4 00000000 SHELL32!CShellLink::_InvokeCommandA
|
|---|
| 126 | sync+0x337
|
|---|
| 127 | 00f6efd0 7c924cd2 0009eba4 00f6efec 000ade50 SHELL32!CShellLink::InvokeCommand+0
|
|---|
| 128 | x259
|
|---|
| 129 | 00f6f030 7c924c24 000c12e0 00f6f050 00000000 SHELL32!HDXA_LetHandlerProcessComma
|
|---|
| 130 | ndEx+0xa5
|
|---|
| 131 | 00f6f2c0 77da33c5 000ade50 00f6f2dc 00000000 SHELL32!CDefFolderMenu::InvokeComma
|
|---|
| 132 | nd+0x17f
|
|---|
| 133 | 00f6f438 77da3473 00030028 00000000 000ade50 SHLWAPI!SHInvokeCommandsOnContextMe
|
|---|
| 134 | nu+0x174
|
|---|
| 135 | 00f6f45c 77da3413 00030028 000ade50 00168170 SHLWAPI!SHInvokeCommand+0x57
|
|---|
| 136 | 00f6f474 0102de87 00030028 0016d608 00168170 SHLWAPI!SHInvokeDefaultCommand+0x15
|
|---|
| 137 |
|
|---|
| 138 | 00f6f488 7ca7e8ca 000c3460 0016d608 00168170 Explorer!CStartMenuHost::ExecItem+0
|
|---|
| 139 | x17
|
|---|
| 140 | 00f6f49c 7ca80a97 00f6f4f0 00000009 00000000 SHELL32!CStartMenuCallback::_ExecIt
|
|---|
| 141 | em+0x17
|
|---|
| 142 | 00f6f4cc 7c94e2f4 000bb470 00f6f4f0 00000009 SHELL32!CStartMenuCallback::Callbac
|
|---|
| 143 | kSM+0xe0
|
|---|
| 144 | 00f6f520 7c93da69 00168170 00000009 00000000 SHELL32!CMenuSFToolbar::CallCB+0xd9
|
|---|
| 145 |
|
|---|
| 146 | 00f6f578 7c936146 00000009 00000009 000af9b4 SHELL32!CMenuSFToolbar::v_ExecItem+
|
|---|
| 147 | 0x8e
|
|---|
| 148 | 00f6f59c 7c9709b9 00000009 00000000 00f6fa84 SHELL32!CMenuToolbarBase::_DropDown
|
|---|
| 149 | OrExec+0xa6
|
|---|
| 150 | 00f6f7cc 7c94e3e0 00f6fa84 00129f40 000af9b4 SHELL32!CMenuToolbarBase::_OnNotify
|
|---|
| 151 | +0x2bf
|
|---|
| 152 | 00f6f7e4 7c93af16 00f6fa84 00129f40 000af8d0 SHELL32!CMenuSFToolbar::_OnNotify+0
|
|---|
| 153 | x109
|
|---|
| 154 | 00f6f7fc 7c94e37f 000af9b4 0007014e 0000004e SHELL32!CMenuToolbarBase::OnWinEven
|
|---|
| 155 | t+0x60
|
|---|
| 156 | 00f6f820 7c94e1c0 000af8d0 0007014e 0000004e SHELL32!CMenuSFToolbar::OnWinEvent+
|
|---|
| 157 | 0x6b
|
|---|
| 158 | 00f6f870 7c96fe0c 00129f40 0007014e 0000004e SHELL32!CMenuBand::OnWinEvent+0x1f8
|
|---|
| 159 |
|
|---|
| 160 | 00f6f8b4 7c96fad2 001500c8 0000004e 00000000 SHELL32!CMenuSite::v_WndProc+0xd9
|
|---|
| 161 | 00f6f8d8 7739b6e3 001500c8 0000004e 00000000 SHELL32!CImpWndProc::s_WndProc+0x65
|
|---|
| 162 |
|
|---|
| 163 | 00f6f904 7739b874 7c96fa93 001500c8 0000004e USER32!InternalCallWinProc+0x28
|
|---|
| 164 | 00f6f97c 7739c2d3 00085654 7c96fa93 001500c8 USER32!UserCallWinProcCheckWow+0x15
|
|---|
| 165 | 1
|
|---|
| 166 | 00f6f9b8 7739c337 004e7778 004c71b8 00000000 USER32!SendMessageWorker+0x4bd
|
|---|
| 167 | 00f6f9d8 7743b07f 001500c8 0000004e 00000000 USER32!SendMessageW+0x7f
|
|---|
| 168 | 00f6fa70 7748f13a 00167d90 fffffffe 00f6fa84 comctl32!CCSendNotify+0xc24
|
|---|
| 169 | 00f6faa4 7749415d 00167d90 00000009 00bd0063 comctl32!TBSendUpClick+0x5f
|
|---|
| 170 | 00f6fac8 77494fb5 00167d90 0007014e 00000202 comctl32!TBOnLButtonUp+0x13b
|
|---|
| 171 | 00f6fb78 7739b6e3 0007014e 00000202 00000000 comctl32!ToolbarWndProc+0xb30
|
|---|
| 172 | 00f6fba4 7739b874 77494485 0007014e 00000202 USER32!InternalCallWinProc+0x28
|
|---|
| 173 | 00f6fc1c 7739bfce 00085654 77494485 0007014e USER32!UserCallWinProcCheckWow+0x15
|
|---|
| 174 | 1
|
|---|
| 175 | 00f6fc4c 7739bf74 77494485 0007014e 00000202 USER32!CallWindowProcAorW+0x98
|
|---|
| 176 | 00f6fc6c 77431848 77494485 0007014e 00000202 USER32!CallWindowProcW+0x1b
|
|---|
| 177 | 00f6fc88 77431b9b 0007014e 00000202 00000000 comctl32!CallOriginalWndProc+0x1a
|
|---|
| 178 | 00f6fce4 77431d5d 0008c740 0007014e 00000202 comctl32!CallNextSubclassProc+0x3c
|
|---|
| 179 | 00f6fd08 7c92a9d2 0007014e 00000202 00000000 comctl32!DefSubclassProc+0x46
|
|---|
| 180 | 00f6fd2c 7c92acbc 0007014e 00000202 00000000 SHELL32!CSFToolbar::_DefWindowProc+
|
|---|
| 181 | 0xb8
|
|---|
| 182 | 00f6fd48 77431b9b 0007014e 00000202 00000000 SHELL32!CNotifySubclassWndProc::_Su
|
|---|
| 183 | bclassWndProc+0x7d
|
|---|
| 184 | 00f6fda4 77431dc0 0008c740 0007014e 00000202 comctl32!CallNextSubclassProc+0x3c
|
|---|
| 185 | 00f6fdf8 7739b6e3 0007014e 00000202 00000000 comctl32!MasterSubclassProc+0x54
|
|---|
| 186 | 00f6fe24 7739b874 77431d6c 0007014e 00000202 USER32!InternalCallWinProc+0x28
|
|---|
| 187 | 00f6fe9c 7739ba92 00085654 77431d6c 0007014e USER32!UserCallWinProcCheckWow+0x15
|
|---|
| 188 | 1
|
|---|
| 189 | 00f6ff04 7739bad0 00f6ff2c 00000000 00f6ff48 USER32!DispatchMessageWorker+0x327
|
|---|
| 190 | 00f6ff14 01001ad7 00f6ff2c 00000000 01046180 USER32!DispatchMessageW+0xf
|
|---|
| 191 | 00f6ff48 010122b6 00000000 00f6ffb8 77da3f12 Explorer!CTray::_MessageLoop+0xd9
|
|---|
| 192 | 00f6ff54 77da3f12 01046180 00000000 00000000 Explorer!CTray::MainThreadProc+0x29
|
|---|
| 193 |
|
|---|
| 194 | 00f6ffb8 77e64829 00000000 00000000 00000000 SHLWAPI!WrapperThreadProc+0x94
|
|---|
| 195 | 00f6ffec 00000000 77da3ea5 0006fdbc 00000000 kernel32!BaseThreadStart+0x34
|
|---|
| 196 |
|
|---|
| 197 |
|
|---|
| 198 | STACK_COMMAND: kb
|
|---|
| 199 |
|
|---|
| 200 | FOLLOWUP_IP:
|
|---|
| 201 | nt!ExAllocatePoolWithTag+82d
|
|---|
| 202 | 8089592f 897004 mov dword ptr [eax+4],esi
|
|---|
| 203 |
|
|---|
| 204 | SYMBOL_STACK_INDEX: 1
|
|---|
| 205 |
|
|---|
| 206 | SYMBOL_NAME: nt!ExAllocatePoolWithTag+82d
|
|---|
| 207 |
|
|---|
| 208 | FOLLOWUP_NAME: MachineOwner
|
|---|
| 209 |
|
|---|
| 210 | MODULE_NAME: nt
|
|---|
| 211 |
|
|---|
| 212 | IMAGE_NAME: ntoskrnl.exe
|
|---|
| 213 |
|
|---|
| 214 | DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a072
|
|---|
| 215 |
|
|---|
| 216 | FAILURE_BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+82d
|
|---|
| 217 |
|
|---|
| 218 | BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+82d
|
|---|
| 219 |
|
|---|
| 220 | Followup: MachineOwner
|
|---|
| 221 | ---------
|
|---|
| 222 |
|
|---|
| 223 | kd>
|
|---|