BSOD BAD_POOL_HEADER

#1
Hi, I have been having a bad pool header bsod lately. I have been trying the process of elimination to find out why but no luck yet. So here is the crash dump file hoping some with more knowledge than me to help analyze it. Thank you
 


Attachments

kemical

Windows Forum Admin
Staff member
Premium Supporter
#2
Looking at your dump now, back shortly..
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#3
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff800034557d0, ffffffffffffd, fffff800034557d0}

Probably caused by : Pool_Corruption ( nt!ExFreePool+503 )

Followup:     Pool_corruption
Hi,
the above means a driver is causing memory corruption (virtual) although I can't see anything named in the dump file.

Looking at your current drivers and one driver literally jumped off the page:
BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility. Please either update the flash utility or uninstall. You can find a later version on your moBos support page:
Hi-Fi A70U3P Ver. 6.0/6.1 AMD

Try running the driver verifier. This stress your drivers on start up and if any are bsod prone then they will likely bsod there and then. This produces a dump with the culprits name attached so worth doing.

Please attach any new dump files.
 


#4
Thanks hope its fixed will
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#5
Thanks hope its fixed will
Hi,
did you run the verifier or just remove the driver i outlined?

If the bsod continues then try the verifier.
 


#6
Hi,
did you run the verifier or just remove the driver i outlined?

If the bsod continues then try the verifier.
Both but can't find any results of the verifier
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#7
So when you run the verifier does the machine actually blue screen on start up? In fact have you had any blue screens at all?

Post any new dump files please.
 


Neemobeer

Windows Forum Team
Staff member
#8
The pool entry is within the memory address range of ntkrnlmp.exe which is part of the kernel. The pool header is at the beginning address of the memory allocated to a driver. If the driver before it wrote to more memory than allocated it would override the header of the next driver. The driver before the kernel is hal which it's unlikely it did that. This could be due to physical memory problems. I would run memtest86 for at least 10 full passes.
 


#10
No bsod yet just some some weird crash on restarting the screen went blue with white lines no text or anything else currently running the memtest86 test with 10 pass will update when done
 


Last edited:

kemical

Windows Forum Admin
Staff member
Premium Supporter
#11
Yeah i'll be surprised if it's the actual memory, personally i feel it's more of a driver issue but still see how your scans go.
 


#12
Yeah i'll be surprised if it's the actual memory, personally i feel it's more of a driver issue but still see how your scans go.
Hi tryed the memtest86 but it turn off my computer halfway through test i think do to over heating will try it again tonight.
I did make it get the bsod by turning off csrss.exe in task manager.
 


Attachments

Neemobeer

Windows Forum Team
Staff member
#13
There should only be one csrss.exe process running per logged in user, if there are more then it's probably a malicious process
 


#14
There should only be one csrss.exe process running per logged in user, if there are more then it's probably a malicious process
there only one running i got the bsod by turning off the only one
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#16
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa8008ee2b10, fffffa8008ee2df0, fffff80003589600}

ETW minidump data unavailable
Probably caused by : csrss.exe

Followup:     MachineOwner
Hi,
as you already know the above was created due to you turning off the csrss.exe process. I did take the opportunity to have a quick look through the dump file as it displays other helpful data too.
I see that this driver is still in the system. If you have an application for flashing the bios please remove.

BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility.

I see your running Bullguard:

BdSpy.sys Wed Sep 23 09:06:34 2015: BullGuard File Monitor, part of the Bullguard security suite. We ask users to remove any third party AV suites and just use Windows Defender or MSE until the source of the bsod is found. You can always install it again but it just cuts down on the variables.

You mentioned that the machine possibly overheated when using memtest86?

It doesn't usually create a huge amount of heat so are you overclocking? If so please return to default values.

If you try running memtest86 again and the same thing happens try running one the one stick and test them individually.

Please post any new dump files.
 


Neemobeer

Windows Forum Team
Staff member
#17
csrss.exe is the client side interface of the Win32 system console and some GUI functionality. It's marked as a critical process so yes killing it will cause a bsod.
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#18
At least that's confirmed then...
 


#19
hi new bsof just happen now but not a bad pool header i update my gup drivers last night
 


Attachments

kemical

Windows Forum Admin
Staff member
Premium Supporter
#20
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 109, {a3a039d89cf9eb03, b3b7465eef76ba29, fffff8000359b900, 1}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!SeQuerySecurityDescriptorInfo+0 )

Followup:     MachineOwner
This bugcheck is generated when the kernel detects that critical kernel code or

data have been corrupted. There are generally three causes for a corruption:

1) A driver has inadvertently or deliberately modified critical kernel code

or data. See Download Windows Server 2003/2003 R2 Retired Content from Official Microsoft Download Center

2) A developer attempted to set a normal kernel breakpoint using a kernel

debugger that was not attached when the system was booted. Normal breakpoints,

"bp", can only be set if the debugger is attached at boot time. Hardware

breakpoints, "ba", can be set at any time.

3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Hi,
please remove these drivers:
BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility.

I see your running Bullguard:

BdSpy.sys Wed Sep 23 09:06:34 2015: BullGuard File Monitor, part of the Bullguard security suite. We ask users to remove any third party AV suites and just use Windows Defender or MSE until the source of the bsod is found. You can always install it again but it just cuts down on the variables.

Did you use the DDU when updating your graphics card?

You mentioned that the machine possibly overheated when using memtest86?

It doesn't usually create a huge amount of heat so are you overclocking? If so please return to default values.

If you try running memtest86 again and the same thing happens try running one the one stick and test them individually.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top