C:\WINDOWS\Symbols>"c:\Program Files\Debugging Tools for Windows\kd.exe" -z c:\w indows\MEMORY.DMP -y c:\WINDOWS\Symbols Microsoft (R) Windows Debugger Version 6.6.0007.5 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [c:\windows\MEMORY.DMP] Kernel Complete Dump File: Full address space is available Symbol search path is: c:\WINDOWS\Symbols Executable search path is: Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible Product: Server, suite: Enterprise TerminalServer Built by: 3790.srv03_sp2_rtm.070216-1710 Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8e48 Debug session time: Tue Apr 3 14:16:12.618 2007 (GMT+2) System Uptime: 1 days 6:41:01.262 Loading Kernel Symbols ................................................................................ ........... Loading User Symbols ................................................................................ ..... Loading unloaded module list .................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C5, {66b37824, 2, 1, 8089592f} *** WARNING: Unable to verify checksum for VBoxMRXNP.dll *** ERROR: Module load completed but symbols could not be loaded for VBoxMRXNP.d ll Probably caused by : ntoskrnl.exe ( nt!ExAllocatePoolWithTag+82d ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 66b37824, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 8089592f, address which referenced memory Debugging Details: ------------------ BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExAllocatePoolWithTag+82d 8089592f 897004 mov dword ptr [eax+4],esi DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: explorer.exe TRAP_FRAME: f88d3a74 -- (.trap fffffffff88d3a74) ErrCode = 00000002 eax=66b37820 ebx=808b0a60 ecx=00000000 edx=00000053 esi=808b0d20 edi=8155630f eip=8089592f esp=f88d3ae8 ebp=f88d3b24 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 nt!ExAllocatePoolWithTag+0x82d: 0008:8089592f 897004 mov dword ptr [eax+4],esi ds:0023:66b37824=??? ????? Resetting default scope LAST_CONTROL_TRANSFER: from 8089592f to 80826653 STACK_TEXT: f88d3a74 8089592f badb0d00 00000053 8092b6ab nt!KiTrap0E+0x2a1 f88d3b24 809032d1 00000000 00000000 e36f7250 nt!ExAllocatePoolWithTag+0x82d f88d3b48 80904782 816ec510 30f88d01 00000000 nt!ObpAllocateObject+0xc9 f88d3b7c 8090dd12 30f88d01 817ac040 00000000 nt!ObCreateObject+0x129 f88d3ce4 8091dec1 00f6cec8 001f0fff 00000000 nt!PspCreateProcess+0xd2 f88d3d38 808234cb 00f6cec8 001f0fff 00000000 nt!NtCreateProcessEx+0x7e f88d3d38 7c8285fe 00f6cec8 001f0fff 00000000 nt!KiFastCallEntry+0xf8 00f6cb00 7c826e9b 77e6cf95 00f6cec8 001f0fff ntdll!KiIntSystemCall+0x6 00f6cb04 77e6cf95 00f6cec8 001f0fff 00000000 ntdll!NtCreateProcessEx+0xc 00f6d328 77e424a0 00000000 0276c4f4 0276a25c kernel32!CreateProcessInternalW+0x1 5e5 00f6d360 7c916748 0276c4f4 0276a25c 00000000 kernel32!CreateProcessW+0x2c 00f6dde4 7c916b3d 00030028 00000000 0276c904 SHELL32!_SHCreateProcess+0x387 00f6de38 7c916173 02769008 00f6de58 7c915a6e SHELL32!CShellExecute::_DoExecComma nd+0xb4 00f6de44 7c915a6e 00000000 00117e10 02769008 SHELL32!CShellExecute::_TryInvokeAp plication+0x49 00f6de58 7c915997 00117e10 00117e10 00f6de98 SHELL32!CShellExecute::ExecuteNorma l+0xb1 00f6de6c 7c91592b 00f6de98 0013c6f0 00117e10 SHELL32!ShellExecuteNormal+0x30 00f6de88 7c9252ef 00f6de98 00000000 0000003c SHELL32!ShellExecuteExW+0x8d 00f6ded4 7c924faa 00f6e130 40000000 00f6df04 SHELL32!_InvokePidl+0x9f 00f6e110 7c924e39 00f6e130 00000000 00117e10 SHELL32!CShellExecMenu::_InvokeOne+ 0xa0 00f6e19c 7c924cd2 0013c6f4 00f6e1b8 000d1f80 SHELL32!CShellExecMenu::InvokeComma nd+0xa7 00f6e1fc 7c924c24 001558c8 00f6e21c 00000001 SHELL32!HDXA_LetHandlerProcessComma ndEx+0xa5 00f6e48c 7c926544 000d1f80 00f6e4c4 00000001 SHELL32!CDefFolderMenu::InvokeComma nd+0x17f 00f6e4a8 7c9264fc 0009eb94 00f6e4c4 00f6f0ac SHELL32!CShellLink::TargetContextMe nu::InvokeCommand+0x22 00f6efa0 7c926291 00f6efec 0009eba4 00000000 SHELL32!CShellLink::_InvokeCommandA sync+0x337 00f6efd0 7c924cd2 0009eba4 00f6efec 000ade50 SHELL32!CShellLink::InvokeCommand+0 x259 00f6f030 7c924c24 000c12e0 00f6f050 00000000 SHELL32!HDXA_LetHandlerProcessComma ndEx+0xa5 00f6f2c0 77da33c5 000ade50 00f6f2dc 00000000 SHELL32!CDefFolderMenu::InvokeComma nd+0x17f 00f6f438 77da3473 00030028 00000000 000ade50 SHLWAPI!SHInvokeCommandsOnContextMe nu+0x174 00f6f45c 77da3413 00030028 000ade50 00168170 SHLWAPI!SHInvokeCommand+0x57 00f6f474 0102de87 00030028 0016d608 00168170 SHLWAPI!SHInvokeDefaultCommand+0x15 00f6f488 7ca7e8ca 000c3460 0016d608 00168170 Explorer!CStartMenuHost::ExecItem+0 x17 00f6f49c 7ca80a97 00f6f4f0 00000009 00000000 SHELL32!CStartMenuCallback::_ExecIt em+0x17 00f6f4cc 7c94e2f4 000bb470 00f6f4f0 00000009 SHELL32!CStartMenuCallback::Callbac kSM+0xe0 00f6f520 7c93da69 00168170 00000009 00000000 SHELL32!CMenuSFToolbar::CallCB+0xd9 00f6f578 7c936146 00000009 00000009 000af9b4 SHELL32!CMenuSFToolbar::v_ExecItem+ 0x8e 00f6f59c 7c9709b9 00000009 00000000 00f6fa84 SHELL32!CMenuToolbarBase::_DropDown OrExec+0xa6 00f6f7cc 7c94e3e0 00f6fa84 00129f40 000af9b4 SHELL32!CMenuToolbarBase::_OnNotify +0x2bf 00f6f7e4 7c93af16 00f6fa84 00129f40 000af8d0 SHELL32!CMenuSFToolbar::_OnNotify+0 x109 00f6f7fc 7c94e37f 000af9b4 0007014e 0000004e SHELL32!CMenuToolbarBase::OnWinEven t+0x60 00f6f820 7c94e1c0 000af8d0 0007014e 0000004e SHELL32!CMenuSFToolbar::OnWinEvent+ 0x6b 00f6f870 7c96fe0c 00129f40 0007014e 0000004e SHELL32!CMenuBand::OnWinEvent+0x1f8 00f6f8b4 7c96fad2 001500c8 0000004e 00000000 SHELL32!CMenuSite::v_WndProc+0xd9 00f6f8d8 7739b6e3 001500c8 0000004e 00000000 SHELL32!CImpWndProc::s_WndProc+0x65 00f6f904 7739b874 7c96fa93 001500c8 0000004e USER32!InternalCallWinProc+0x28 00f6f97c 7739c2d3 00085654 7c96fa93 001500c8 USER32!UserCallWinProcCheckWow+0x15 1 00f6f9b8 7739c337 004e7778 004c71b8 00000000 USER32!SendMessageWorker+0x4bd 00f6f9d8 7743b07f 001500c8 0000004e 00000000 USER32!SendMessageW+0x7f 00f6fa70 7748f13a 00167d90 fffffffe 00f6fa84 comctl32!CCSendNotify+0xc24 00f6faa4 7749415d 00167d90 00000009 00bd0063 comctl32!TBSendUpClick+0x5f 00f6fac8 77494fb5 00167d90 0007014e 00000202 comctl32!TBOnLButtonUp+0x13b 00f6fb78 7739b6e3 0007014e 00000202 00000000 comctl32!ToolbarWndProc+0xb30 00f6fba4 7739b874 77494485 0007014e 00000202 USER32!InternalCallWinProc+0x28 00f6fc1c 7739bfce 00085654 77494485 0007014e USER32!UserCallWinProcCheckWow+0x15 1 00f6fc4c 7739bf74 77494485 0007014e 00000202 USER32!CallWindowProcAorW+0x98 00f6fc6c 77431848 77494485 0007014e 00000202 USER32!CallWindowProcW+0x1b 00f6fc88 77431b9b 0007014e 00000202 00000000 comctl32!CallOriginalWndProc+0x1a 00f6fce4 77431d5d 0008c740 0007014e 00000202 comctl32!CallNextSubclassProc+0x3c 00f6fd08 7c92a9d2 0007014e 00000202 00000000 comctl32!DefSubclassProc+0x46 00f6fd2c 7c92acbc 0007014e 00000202 00000000 SHELL32!CSFToolbar::_DefWindowProc+ 0xb8 00f6fd48 77431b9b 0007014e 00000202 00000000 SHELL32!CNotifySubclassWndProc::_Su bclassWndProc+0x7d 00f6fda4 77431dc0 0008c740 0007014e 00000202 comctl32!CallNextSubclassProc+0x3c 00f6fdf8 7739b6e3 0007014e 00000202 00000000 comctl32!MasterSubclassProc+0x54 00f6fe24 7739b874 77431d6c 0007014e 00000202 USER32!InternalCallWinProc+0x28 00f6fe9c 7739ba92 00085654 77431d6c 0007014e USER32!UserCallWinProcCheckWow+0x15 1 00f6ff04 7739bad0 00f6ff2c 00000000 00f6ff48 USER32!DispatchMessageWorker+0x327 00f6ff14 01001ad7 00f6ff2c 00000000 01046180 USER32!DispatchMessageW+0xf 00f6ff48 010122b6 00000000 00f6ffb8 77da3f12 Explorer!CTray::_MessageLoop+0xd9 00f6ff54 77da3f12 01046180 00000000 00000000 Explorer!CTray::MainThreadProc+0x29 00f6ffb8 77e64829 00000000 00000000 00000000 SHLWAPI!WrapperThreadProc+0x94 00f6ffec 00000000 77da3ea5 0006fdbc 00000000 kernel32!BaseThreadStart+0x34 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExAllocatePoolWithTag+82d 8089592f 897004 mov dword ptr [eax+4],esi SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExAllocatePoolWithTag+82d FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a072 FAILURE_BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+82d BUCKET_ID: 0xC5_2_nt!ExAllocatePoolWithTag+82d Followup: MachineOwner --------- kd>