New
#1
Minidump of kiosk style, standalone system
I do not have direct access to this system at the moment. If you need ZIP file from instructions I will have to login during non-business hours on the system and get that information, but for now I do have a DMP log I've ran through Windbg (x64) below.
Any ideas on how to trace this to either bad RAM, HDD or corrupt Windows files?
Code:Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Temp\022815-17752-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer EmbeddedNT SingleUserTS Built by: 7601.18717.amd64fre.win7sp1_gdr.150113-1808 Machine Name: Kernel base = 0xfffff800`01c54000 PsLoadedModuleList = 0xfffff800`01e98890 Debug session time: Sat Feb 28 00:55:27.304 2015 (UTC - 7:00) System Uptime: 0 days 0:00:25.178 Loading Kernel Symbols ............................................................... ............................................................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff82001384b00, 0, fffff80001dff9cc, 5} Could not read faulting driver name Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 ) Followup: Pool_corruption --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff82001384b00, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff80001dff9cc, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001f02100 GetUlongFromAddress: unable to read from fffff80001f021c0 fffff82001384b00 Nonpaged pool FAULTING_IP: nt!ExDeferredFreePool+100 fffff800`01dff9cc 4c8b02 mov r8,qword ptr [rdx] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: lsass.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff88007ff77e0 -- (.trap 0xfffff88007ff77e0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8004864360 rbx=0000000000000000 rcx=fffffa8004864360 rdx=fffff82001384b00 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80001dff9cc rsp=fffff88007ff7970 rbp=0000000000000000 r8=fffff82001384b00 r9=fffff8a0013b88e0 r10=0000000000000001 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!ExDeferredFreePool+0x100: fffff800`01dff9cc 4c8b02 mov r8,qword ptr [rdx] ds:fffff820`01384b00=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80001d46873 to fffff80001cc8ec0 STACK_TEXT: fffff880`07ff7678 fffff800`01d46873 : 00000000`00000050 fffff820`01384b00 00000000`00000000 fffff880`07ff77e0 : nt!KeBugCheckEx fffff880`07ff7680 fffff800`01cc6fee : 00000000`00000000 fffff820`01384b00 fffff8a0`01396000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x43801 fffff880`07ff77e0 fffff800`01dff9cc : 00000000`00000001 00000000`01bdeda0 00000000`00000001 00000000`01bdeda0 : nt!KiPageFault+0x16e fffff880`07ff7970 fffff800`01dff1b1 : 00000000`00000000 fffff8a0`0139a5d0 00000000`00000000 ffffffff`fffffffe : nt!ExDeferredFreePool+0x100 fffff880`07ff7a00 fffff800`01f931be : fffff8a0`01396030 fffff800`01fc229d 00000000`64546553 fffffa80`06950060 : nt!ExFreePoolWithTag+0x411 fffff880`07ff7ab0 fffff800`01cd2f34 : 00000000`00000000 00000000`00000000 fffffa80`06950060 fffffa80`048b0ed0 : nt!SepTokenDeleteMethod+0x7e fffff880`07ff7ae0 fffff800`01fc20b4 : fffffa80`06950060 00000000`00000000 fffffa80`0629d060 00000000`00000000 : nt!ObfDereferenceObject+0xd4 fffff880`07ff7b40 fffff800`01fc2664 : 00000000`0000064c fffffa80`06950060 fffff8a0`00de3780 00000000`0000064c : nt!ObpCloseHandleTableEntry+0xc4 fffff880`07ff7bd0 fffff800`01cc8153 : fffffa80`0629d060 fffff880`07ff7ca0 00000000`01bdee30 00000000`01bdee30 : nt!ObpCloseHandle+0x94 fffff880`07ff7c20 00000000`771f13aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`01bdecd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771f13aa STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+100 fffff800`01dff9cc 4c8b02 mov r8,qword ptr [rdx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExDeferredFreePool+100 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x50_nt!ExDeferredFreePool+100 BUCKET_ID: X64_0x50_nt!ExDeferredFreePool+100 Followup: Pool_corruption ---------