Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\032411-18907-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02e1f000 PsLoadedModuleList = 0xfffff800`0305ce50
Debug session time: Thu Mar 24 03:03:24.803 2011 (UTC - 4:00)
System Uptime: 0 days 9:06:20.145
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffff8a004829430, fffff8a004829430, fffff8a004829480}
Unable to load image MpFilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ca0 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff8a004829430, the pool entry being checked.
Arg3: fffff8a004829430, the read back flink freelist value (should be the same as 2).
Arg4: fffff8a004829480, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fc2130 to fffff80002e8f740
STACK_TEXT:
fffff880`03b2bb48 fffff800`02fc2130 : 00000000`00000019 00000000`00000003 fffff8a0`04829430 fffff8a0`04829430 : nt!KeBugCheckEx
fffff880`03b2bb50 fffff800`02fc44c1 : 0000004c`55783c3b fffff8a0`0395a730 fffff880`03b2bc28 00000000`00000000 : nt!ExDeferredFreePool+0xca0
fffff880`03b2bbe0 fffff880`019217cd : 00000000`00000000 fffff880`0191d790 00000000`6d61504d fffff8a0`00000139 : nt!ExFreePoolWithTag+0x411
fffff880`03b2bc90 00000000`00000000 : fffff880`0191d790 00000000`6d61504d fffff8a0`00000139 00000000`00000000 : MpFilter+0x87cd
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+ca0
fffff800`02fc2130 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+ca0
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+ca0
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+ca0
Followup: Pool_corruption
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\032411-14835-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02e15000 PsLoadedModuleList = 0xfffff800`03052e50
Debug session time: Thu Mar 24 19:38:48.119 2011 (UTC - 4:00)
System Uptime: 0 days 0:16:25.101
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff8000316af1c, 0, 4}
Probably caused by : memory_corruption ( nt!MiApplyCompressedFixups+40 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000316af1c, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000004, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiApplyCompressedFixups+40
fffff800`0316af1c 0fb603 movzx eax,byte ptr [rbx]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000004
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030bd0e0
0000000000000004
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: SearchFilterHo
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880084a45d8 -- (.exr 0xfffff880084a45d8)
ExceptionAddress: fffff8000316af1c (nt!MiApplyCompressedFixups+0x0000000000000040)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000004
Attempt to read from address 0000000000000004
TRAP_FRAME: fffff880084a4680 -- (.trap 0xfffff880084a4680)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a00c90d440 rbx=0000000000000000 rcx=fffffa80059a7ab0
rdx=fffff88009b1e000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000316af1c rsp=fffff880084a4810 rbp=000000000000000a
r8=0000000000000004 r9=ffffffffd1a10000 r10=0000000000000fff
r11=fffff88009b1e000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!MiApplyCompressedFixups+0x40:
fffff800`0316af1c 0fb603 movzx eax,byte ptr [rbx] ds:00000000`00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ebfa39 to fffff80002e85740
STACK_TEXT:
fffff880`084a3e08 fffff800`02ebfa39 : 00000000`0000001e ffffffff`c0000005 fffff800`0316af1c 00000000`00000000 : nt!KeBugCheckEx
fffff880`084a3e10 fffff800`02e84d82 : fffff880`084a45d8 00000000`00000004 fffff880`084a4680 ffffffff`d1a10000 : nt!KiDispatchException+0x1b9
fffff880`084a44a0 fffff800`02e838fa : 00000000`00000000 00000000`00000004 00000000`00000000 00001f80`0101cc10 : nt!KiExceptionDispatch+0xc2
fffff880`084a4680 fffff800`0316af1c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
fffff880`084a4810 fffff800`0316ada1 : fffff880`09b1e000 ffffffff`d1a10000 00000000`0000d000 fffffa80`00cc6ab0 : nt!MiApplyCompressedFixups+0x40
fffff880`084a4860 fffff800`03158034 : fffffa80`00000000 fffffa80`05d89060 00000000`00000000 fffffa80`00000000 : nt!MiPerformFixups+0x65
fffff880`084a48b0 fffff800`02e76c4c : fffffa80`00cc6ab0 fffffa80`07927f50 00000000`00000000 fffffa80`079acc00 : nt!MiRelocateImagePfn+0x114
fffff880`084a4910 fffff800`02e7752b : fffffa80`07927e90 fffff880`084a4a80 fffffa80`053d7978 000007fe`f893c8ec : nt!MiWaitForInPageComplete+0x89c
fffff880`084a49f0 fffff800`02ea08bb : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000001 : nt!MiIssueHardFault+0x28b
fffff880`084a4ac0 fffff800`02e8382e : 00000000`00000000 000007fe`f893c8e0 00000000`777b4501 fffffa80`07bed060 : nt!MmAccessFault+0x14bb
fffff880`084a4c20 00000000`776bd2ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`00b9c150 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776bd2ab
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiApplyCompressedFixups+40
fffff800`0316af1c 0fb603 movzx eax,byte ptr [rbx]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiApplyCompressedFixups+40
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!MiApplyCompressedFixups+40
BUCKET_ID: X64_0x1E_c0000005_nt!MiApplyCompressedFixups+40
Followup: MachineOwner
---------