0
I need some help here with analyzing a windows 7 minidump file. with windbg I got this:
Debugging Details:
BUGCHECK_STR: 0x19_3
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff8000340c70f to fffff800032d9bc0
STACK_TEXT:
fffff88002cfa998 fffff8000340c70f : 0000000000000019 0000000000000003 fffff8a013083150 fffff8a013083150 : nt!KeBugCheckEx
fffff88002cfa9a0 fffff8000340d4f1 : 0000000000000000 fffff8a013a1a000 fffff8a013a1a010 0000000000000ac4 : nt!ExDeferredFreePool+0xcbb
fffff88002cfaa30 fffff800032e2e5c : fffff8a013a1a030 fffffa8007c82060 fffffa80656b6f54 fffffa8003c6cf30 : nt!ExFreePoolWithTag+0x411
fffff88002cfaae0 fffff800035d11f4 : fffffa8007c82060 0000000000000000 fffffa8007d6e060 0000000000000000 : nt!ObfDereferenceObject+0xdc
fffff88002cfab40 fffff800035d17a4 : 00000000000009cc fffffa8007c82060 fffff8a00d92ded0 00000000000009cc : nt!ObpCloseHandleTableEntry+0xc4
fffff88002cfabd0 fffff800032d8e53 : fffffa8007d6e060 fffff88002cfaca0 0000000000000000 0000000000000000 : nt!ObpCloseHandle+0x94
fffff88002cfac20 0000000077a613aa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
00000000026ce758 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x77a613aa
STACK_COMMAND: kb
FOLLOWUP_IP: nt!ExDeferredFreePool+cbb fffff800`0340c70f cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+cbb
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 6.1.7601.18409
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+cbb
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+cbb
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x19_3_nt!exdeferredfreepool+cbb
FAILURE_ID_HASH: {c0c01565-cb93-0237-5ef3-d7ef8da6721e}
Followup: Pool_corruption
So all I can see is a driver problem .. but which one? Since this was my first try analyzing a dmp file with windbg .. here is the dmp file if you can find anything else, plz let me know: minidump and also the xml file that windows claims to be helpful with identifying the problem (useless for me so far): xml
thanks for bothering ;)
Akil
Posted 2014-11-14T12:51:39.517
Reputation: 23
Use something like
BlueScreenViewerto provide us a list of the drivers loaded into memory when the crash happens. The supplied information is extremely hard to use to determine that without access to your computer. – Ramhound – 2014-11-14T14:00:10.993Sometimes this crash happens while booting up, sometimes hours later .. you never know. Isn't BlueScreenViewer for analyzing a minidump? When I use it on the dmp file it marks only ntoskrnl.exe in red. – Akil – 2014-11-17T22:20:31.633