E
Erol Karaseki
One of my friends try to start a video conference/call over Windows Live
Messenger 8.5, my computer causes blue screen and resets itself. I got some
information through WinDbg v6.8. This driver belongs to my webcam as far as I
know. I think it's about the webcam(Inca) I've been using for one year. I got
video calls from my friends many times, but it didn't happen before. That's
interesting. What should I do?
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini011108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Fri Jan 11 17:36:40.546 2008 (GMT+2)
System Uptime: 0 days 6:16:39.250
Loading Kernel Symbols
........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {10, 0, 0, 0}
Unable to load image snp2sxp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for snp2sxp.sys
*** ERROR: Module load completed but symbols could not be loaded for
snp2sxp.sys
Probably caused by : snp2sxp.sys ( snp2sxp+22e5 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA
will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 00000010, caller is freeing a bad pool address
Arg2: 00000000, bad pool address
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_10
POOL_ADDRESS: 00000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: msnmsgr.exe
LAST_CONTROL_TRANSFER: from 80662ac7 to 804f9deb
STACK_TEXT:
b911e748 80662ac7 000000c4 00000010 00000000 nt!KeBugCheckEx+0x1b
b911e76c 80657154 00000000 b911e788 80658169 nt!ExFreePoolSanityChecks+0x17b
b911e778 80658169 00000000 00000000 0000001a nt!VerifierFreePoolWithTag+0x1c
b911e788 f2ab12e5 00000000 86984ff4 86984f48 nt!VerifierFreePool+0x1f
WARNING: Stack unwind information not available. Following frames may be
wrong.
b911e790 86984ff4 86984f48 00000000 8065814a snp2sxp+0x22e5
00000000 00000000 00000000 00000000 00000000 0x86984ff4
STACK_COMMAND: kb
FOLLOWUP_IP:
snp2sxp+22e5
f2ab12e5 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: snp2sxp+22e5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snp2sxp
IMAGE_NAME: snp2sxp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 43cf08c8
FAILURE_BUCKET_ID: 0xc4_10_snp2sxp+22e5
BUCKET_ID: 0xc4_10_snp2sxp+22e5
Followup: MachineOwner
---------
0: kd> lmvm snp2sxp
start end module name
f2aaf000 f346e780 snp2sxp T (no symbols)
Loaded symbol image file: snp2sxp.sys
Image path: snp2sxp.sys
Image name: snp2sxp.sys
Timestamp: Thu Jan 19 05:34:32 2006 (43CF08C8)
CheckSum: 009C337B
ImageSize: 009BF780
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
0: kd> !thread
GetPointerFromAddress: unable to read from 80561114
THREAD 84fa5a20 Cid 1770.10dc Teb: 7ffdf000 Win32Thread: e61a2808 RUNNING
on processor 0
IRP List:
Unable to read nt!_IRP @ 86cbaeb8
Not impersonating
GetUlongFromAddress: unable to read from 80561124
Owning Process 843cbc80 Image: msnmsgr.exe
ffdf0000: Unable to get shared data
Wait Start TickCount 1446352
Context Switch Count 87399 LargeStack
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x004da741
Start Address 0x7c810685
Stack Init b911f000 Current b911e6b0 Base b911f000 Limit b911a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr Args to Child
b911e748 80662ac7 000000c4 00000010 00000000 nt!KeBugCheckEx+0x1b (FPO:
[Non-Fpo])
b911e76c 80657154 00000000 b911e788 80658169 nt!ExFreePoolSanityChecks+0x17b
(FPO: [Non-Fpo])
b911e778 80658169 00000000 00000000 0000001a nt!VerifierFreePoolWithTag+0x1c
(FPO: [Non-Fpo])
b911e788 f2ab12e5 00000000 86984ff4 86984f48 nt!VerifierFreePool+0x1f (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be
wrong.
b911e790 86984ff4 86984f48 00000000 8065814a snp2sxp+0x22e5
00000000 00000000 00000000 00000000 00000000 0x86984ff4
The explanation created by SIGVERIF :
Microsoft Signature Verification
Log file generated on 02.01.2008 at 16:27
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion:
Service Pack 2
Scan Results: Total Files: 248, Signed: 231, Unsigned: 14, Not Scanned: 3
User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers
File Modified Version Status
Catalog Signed By
snp2sxp.sys 19.01.2006 5.1.5.4 Not Signed
N/A
Messenger 8.5, my computer causes blue screen and resets itself. I got some
information through WinDbg v6.8. This driver belongs to my webcam as far as I
know. I think it's about the webcam(Inca) I've been using for one year. I got
video calls from my friends many times, but it didn't happen before. That's
interesting. What should I do?
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini011108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Fri Jan 11 17:36:40.546 2008 (GMT+2)
System Uptime: 0 days 6:16:39.250
Loading Kernel Symbols
........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {10, 0, 0, 0}
Unable to load image snp2sxp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for snp2sxp.sys
*** ERROR: Module load completed but symbols could not be loaded for
snp2sxp.sys
Probably caused by : snp2sxp.sys ( snp2sxp+22e5 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA
will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 00000010, caller is freeing a bad pool address
Arg2: 00000000, bad pool address
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_10
POOL_ADDRESS: 00000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: msnmsgr.exe
LAST_CONTROL_TRANSFER: from 80662ac7 to 804f9deb
STACK_TEXT:
b911e748 80662ac7 000000c4 00000010 00000000 nt!KeBugCheckEx+0x1b
b911e76c 80657154 00000000 b911e788 80658169 nt!ExFreePoolSanityChecks+0x17b
b911e778 80658169 00000000 00000000 0000001a nt!VerifierFreePoolWithTag+0x1c
b911e788 f2ab12e5 00000000 86984ff4 86984f48 nt!VerifierFreePool+0x1f
WARNING: Stack unwind information not available. Following frames may be
wrong.
b911e790 86984ff4 86984f48 00000000 8065814a snp2sxp+0x22e5
00000000 00000000 00000000 00000000 00000000 0x86984ff4
STACK_COMMAND: kb
FOLLOWUP_IP:
snp2sxp+22e5
f2ab12e5 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: snp2sxp+22e5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snp2sxp
IMAGE_NAME: snp2sxp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 43cf08c8
FAILURE_BUCKET_ID: 0xc4_10_snp2sxp+22e5
BUCKET_ID: 0xc4_10_snp2sxp+22e5
Followup: MachineOwner
---------
0: kd> lmvm snp2sxp
start end module name
f2aaf000 f346e780 snp2sxp T (no symbols)
Loaded symbol image file: snp2sxp.sys
Image path: snp2sxp.sys
Image name: snp2sxp.sys
Timestamp: Thu Jan 19 05:34:32 2006 (43CF08C8)
CheckSum: 009C337B
ImageSize: 009BF780
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
0: kd> !thread
GetPointerFromAddress: unable to read from 80561114
THREAD 84fa5a20 Cid 1770.10dc Teb: 7ffdf000 Win32Thread: e61a2808 RUNNING
on processor 0
IRP List:
Unable to read nt!_IRP @ 86cbaeb8
Not impersonating
GetUlongFromAddress: unable to read from 80561124
Owning Process 843cbc80 Image: msnmsgr.exe
ffdf0000: Unable to get shared data
Wait Start TickCount 1446352
Context Switch Count 87399 LargeStack
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x004da741
Start Address 0x7c810685
Stack Init b911f000 Current b911e6b0 Base b911f000 Limit b911a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr Args to Child
b911e748 80662ac7 000000c4 00000010 00000000 nt!KeBugCheckEx+0x1b (FPO:
[Non-Fpo])
b911e76c 80657154 00000000 b911e788 80658169 nt!ExFreePoolSanityChecks+0x17b
(FPO: [Non-Fpo])
b911e778 80658169 00000000 00000000 0000001a nt!VerifierFreePoolWithTag+0x1c
(FPO: [Non-Fpo])
b911e788 f2ab12e5 00000000 86984ff4 86984f48 nt!VerifierFreePool+0x1f (FPO:
[Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be
wrong.
b911e790 86984ff4 86984f48 00000000 8065814a snp2sxp+0x22e5
00000000 00000000 00000000 00000000 00000000 0x86984ff4
The explanation created by SIGVERIF :
Microsoft Signature Verification
Log file generated on 02.01.2008 at 16:27
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion:
Service Pack 2
Scan Results: Total Files: 248, Signed: 231, Unsigned: 14, Not Scanned: 3
User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers
File Modified Version Status
Catalog Signed By
snp2sxp.sys 19.01.2006 5.1.5.4 Not Signed
N/A