.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8292e71a, af7d6644, 0}
*** WARNING: Unable to verify timestamp for
aswMonFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for
aswMonFlt.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+12a )
Followup: Pool_corruption
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8292e71a, The address that the exception occurred at
Arg3: af7d6644, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExDeferredFreePool+12a
8292e71a 8b10 mov edx,dword ptr [eax]
TRAP_FRAME: af7d6644 -- (.trap 0xffffffffaf7d6644)
ErrCode = 00000000
eax=454c4946 ebx=00000081 ecx=000001ff edx=84e307d0 esi=b705ebf0 edi=84e30280
eip=8292e71a esp=af7d66b8 ebp=af7d66f0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!ExDeferredFreePool+0x12a:
8292e71a 8b10 mov edx,dword ptr [eax] ds:0023:454c4946=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: sidebar.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8292e2e5 to 8292e71a
STACK_TEXT:
af7d66f0 8292e2e5 84e30280 00000083 00000028 nt!ExDeferredFreePool+0x12a
af7d6758 8b79e0f2 b74ccc00 6e664d46 00000000 nt!ExFreePoolWithTag+0x848
af7d6788 8b79edf4 00ff6a30 00000000 84ff6a30 fltmgr!FltpExpandShortNames+0x374
af7d67a4 8b79f505 84ff0000 00000000 84fb415c fltmgr!FltpGetNormalizedFileNameWorker+0xae
af7d67bc 8b79c765 84ff6a30 00000000 84ff6a30 fltmgr!FltpGetNormalizedFileName+0x19
af7d67d4 8b786b21 84ff6a30 00000000 00000000 fltmgr!FltpCreateFileNameInformation+0x81
af7d6804 8b786fa3 86aa978c af7d698c 8525cb70 fltmgr!FltpGetFileNameInformation+0x321
af7d682c 949c8c1f 00378838 00000101 af7d6864 fltmgr!FltGetFileNameInformation+0x12b
WARNING: Stack unwind information not available. Following frames may be wrong.
af7d6888 949ddd86 af7d698c 85378838 af7d6930 aswMonFlt+0x2c1f
af7d6968 8b780324 85378838 af7d698c 00000000 aswMonFlt+0x17d86
af7d69d0 8b783512 003787d8 853787d8 1000000c fltmgr!FltpPerformPostCallbacks+0x24a
af7d69e4 8b783b46 853787d8 852fbca0 af7d6a24 fltmgr!FltpProcessIoCompletion+0x10
af7d69f4 8b78429c 85c938c0 852fbca0 853787d8 fltmgr!FltpPassThroughCompletion+0x98
af7d6a24 8b7978c9 af7d6a44 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a
af7d6a70 82844f44 85c938c0 85c9cae0 8525cbcc fltmgr!FltpCreate+0x2db
af7d6a88 82a18c3d 8803b4e8 af7d6c30 00000000 nt!IofCallDriver+0x63
af7d6b60 82a1be18 85c73578 85ebd650 874f2aa8 nt!IopParseDevice+0xed7
af7d6bdc 82a5a8a2 00000000 af7d6c30 00000040 nt!ObpLookupObjectName+0x4fa
af7d6c38 82a161de 0205b55c 84ebd650 b320fc01 nt!ObOpenObjectByName+0x165
af7d6cb4 82a61257 0205b5b8 80100080 0205b55c nt!IopCreateFile+0x673
af7d6d00 8284b75a 0205b5b8 80100080 0205b55c nt!NtCreateFile+0x34
af7d6d00 77316194 0205b5b8 80100080 0205b55c nt!KiFastCallEntry+0x12a
0205b5c0 00000000 00000000 00000000 00000000 0x77316194
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+12a
8292e71a 8b10 mov edx,dword ptr [eax]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+12a
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0x8E_nt!ExDeferredFreePool+12a
BUCKET_ID: 0x8E_nt!ExDeferredFreePool+12a
Followup: Pool_corruption