Minidump of kiosk style, standalone system


  1. ScottN
    Posts : 1
    Windows 7 Ultimate x64
       New #1

    Minidump of kiosk style, standalone system


    I do not have direct access to this system at the moment. If you need ZIP file from instructions I will have to login during non-business hours on the system and get that information, but for now I do have a DMP log I've ran through Windbg (x64) below.

    Any ideas on how to trace this to either bad RAM, HDD or corrupt Windows files?

    Code:
    Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Temp\022815-17752-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer EmbeddedNT SingleUserTS
Built by: 7601.18717.amd64fre.win7sp1_gdr.150113-1808
Machine Name:
Kernel base = 0xfffff800`01c54000 PsLoadedModuleList = 0xfffff800`01e98890
Debug session time: Sat Feb 28 00:55:27.304 2015 (UTC - 7:00)
System Uptime: 0 days 0:00:25.178
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff82001384b00, 0, fffff80001dff9cc, 5}


Could not read faulting driver name
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )

Followup: Pool_corruption
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff82001384b00, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001dff9cc, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001f02100
GetUlongFromAddress: unable to read from fffff80001f021c0
 fffff82001384b00 Nonpaged pool

FAULTING_IP: 
nt!ExDeferredFreePool+100
fffff800`01dff9cc 4c8b02          mov     r8,qword ptr [rdx]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  lsass.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88007ff77e0 -- (.trap 0xfffff88007ff77e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8004864360 rbx=0000000000000000 rcx=fffffa8004864360
rdx=fffff82001384b00 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001dff9cc rsp=fffff88007ff7970 rbp=0000000000000000
 r8=fffff82001384b00  r9=fffff8a0013b88e0 r10=0000000000000001
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ExDeferredFreePool+0x100:
fffff800`01dff9cc 4c8b02          mov     r8,qword ptr [rdx] ds:fffff820`01384b00=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80001d46873 to fffff80001cc8ec0

STACK_TEXT:  
fffff880`07ff7678 fffff800`01d46873 : 00000000`00000050 fffff820`01384b00 00000000`00000000 fffff880`07ff77e0 : nt!KeBugCheckEx
fffff880`07ff7680 fffff800`01cc6fee : 00000000`00000000 fffff820`01384b00 fffff8a0`01396000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x43801
fffff880`07ff77e0 fffff800`01dff9cc : 00000000`00000001 00000000`01bdeda0 00000000`00000001 00000000`01bdeda0 : nt!KiPageFault+0x16e
fffff880`07ff7970 fffff800`01dff1b1 : 00000000`00000000 fffff8a0`0139a5d0 00000000`00000000 ffffffff`fffffffe : nt!ExDeferredFreePool+0x100
fffff880`07ff7a00 fffff800`01f931be : fffff8a0`01396030 fffff800`01fc229d 00000000`64546553 fffffa80`06950060 : nt!ExFreePoolWithTag+0x411
fffff880`07ff7ab0 fffff800`01cd2f34 : 00000000`00000000 00000000`00000000 fffffa80`06950060 fffffa80`048b0ed0 : nt!SepTokenDeleteMethod+0x7e
fffff880`07ff7ae0 fffff800`01fc20b4 : fffffa80`06950060 00000000`00000000 fffffa80`0629d060 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`07ff7b40 fffff800`01fc2664 : 00000000`0000064c fffffa80`06950060 fffff8a0`00de3780 00000000`0000064c : nt!ObpCloseHandleTableEntry+0xc4
fffff880`07ff7bd0 fffff800`01cc8153 : fffffa80`0629d060 fffff880`07ff7ca0 00000000`01bdee30 00000000`01bdee30 : nt!ObpCloseHandle+0x94
fffff880`07ff7c20 00000000`771f13aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01bdecd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771f13aa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExDeferredFreePool+100
fffff800`01dff9cc 4c8b02          mov     r8,qword ptr [rdx]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExDeferredFreePool+100

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID:  X64_0x50_nt!ExDeferredFreePool+100

BUCKET_ID:  X64_0x50_nt!ExDeferredFreePool+100

Followup: Pool_corruption
---------
      My Computer
    Quote Quote

  3. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #2

    Additional information is required.

    1. Download the DM Log Collector application to your desktop by clicking the link below

    DM Log Collector.exe

    2. Run it by double-clicking the icon on your desktop, and follow the prompts.
    3. Locate the .ZIP file that is created on your desktop, and upload it here in your next reply.

      My Computer
    Quote Quote

 

  Related Discussions
MS Standalone System Sweeper
in System Security

I booted with msss_media64.iso and the boot went fine. I ended up in Win 7 with no messages or screens in between. Is that because I had no problems in my OS?
I tried to use Microsoft Standalone System Sweeper, but got a message that it couldn't be loades. Error code: 0x8004cc05 I looked and I didn't have a floppy drive to disable in Windows XP or BIOS any sugestion to get it to work. Thanks Fast :confused:
I tried to use Microsoft Standalone System Sweeper, but got a message that it couldn't be loades. Error code: 0x8004cc05
Is your computer infected and you can't even boot to run an antivirus? The Microsoft Standalone System Sweeper will allow you to produce a CD/DVD/USB stick from which you can boot and sweep the computer of bad guys. Available in 32-bit and 64-bit versions. I strongly recommend this...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:04.
Find Us