G
Gary Roach
I'm debugging a machine running XP Pro SP2. It gives a blue screen
occasionally with a c5 stop error. It seems I'm supposed to run the driver
verifier utility to deal with this. I don't know which drivers to monitor
and monitoring them all slows the system down so much that it's unusable.
I've analyzed the minidump from the crash (output included afterwards) and
it tells me the problem is in Internet Explorer. Which drivers should I
monitor? Thanks for any help.
--
Gary Roach
ADB Services
--------------------------------------- Minidump
Output --------------------------------------
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [p:\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)
System Uptime: 2 days 7:32:40.075
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000C5, {0, 2, 1, 8054a10d}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )
Followup: Pool_corruption
---------
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054a10d, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: iexplore.exe
LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d
STACK_TEXT:
b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107
b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f
b953fd48 805409ac 00000005 0221fedc 00000001
nt!NtWaitForMultipleObjects+0x2f5
b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
SYMBOL_NAME: nt!ExDeferredFreePool+107
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107
Followup: Pool_corruption
---------
occasionally with a c5 stop error. It seems I'm supposed to run the driver
verifier utility to deal with this. I don't know which drivers to monitor
and monitoring them all slows the system down so much that it's unusable.
I've analyzed the minidump from the crash (output included afterwards) and
it tells me the problem is in Internet Explorer. Which drivers should I
monitor? Thanks for any help.
--
Gary Roach
ADB Services
--------------------------------------- Minidump
Output --------------------------------------
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [p:\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)
System Uptime: 2 days 7:32:40.075
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000C5, {0, 2, 1, 8054a10d}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )
Followup: Pool_corruption
---------
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054a10d, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: iexplore.exe
LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d
STACK_TEXT:
b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107
b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f
b953fd48 805409ac 00000005 0221fedc 00000001
nt!NtWaitForMultipleObjects+0x2f5
b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
SYMBOL_NAME: nt!ExDeferredFreePool+107
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107
Followup: Pool_corruption
---------