Bsod bad_pool_header (19)

Page 2 of 3 FirstFirst 123 LastLast
  1.    #11

    Okay, you need to go this directory, and then upload the Minidump if Windows managed to save one:

    Code:
    C:\Windows\Minidump or %systemroot%\Minidump
    IObit Malware Fighter is known to cause problems such as BSODs, and is a very ineffective AV program.

    Don't delete the CBUFS.sys driver, remove the program from the Control Panel or preferably run Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall, Leftovers Uninstaller

    Comodo is causing problems, and needs to be removed, you can use Windows own in-built backup utility or a third-party imaging program:
      My Computer


  2. Posts : 48
    Windows 7 Professional 32-bit
    Thread Starter
       #12

    I did some research on verifier.exe, and your instructions at

    Driver Verifier - Enable and Disable

    are incomplete. They do not say how verifier works, and I did not know. I had followed the instructions, and during the reboot I received a BSOD BAD_POOL_HEADER (19) IMAGE_NAME: ntkrpamp.exe . Your instructions did not tell me how to get out of the problem (by booting into safe mode and resetting the verifier state). I got repeated BSODs, and I eventually went to "system repair" to get my system bootable. I did not know that verifier ran at reboot, and it ran until either it BSODed with a problem
    or I rebooted into safe mode to stop the verifier from running at reboot.

    I have no idea what "system repair" did; I have not looked for any log. I looked at the minidump with "!analyzse -f -v", and the reported IMAGE_NAME is ntkrpamp.exe . I do not know if this mindump (or full dump) will tell me anything about what verifier.exe found. Also, I opened a problem report with Comodo on their cbufs.sys driver to see if they have reports from any other customers on that driver causing BSODs.
    --Barry Finkel
      My Computer

  3.    #13

    Didn't you read this link, which was part of my instructions too? Using Driver Verifier to identify issues with Drivers

    There's three methods within the above link, which show how to disable Driver Verifier, and least three Microsoft links explaining the command line options on how to disable Driver Verifier without needing to do a Startup Repair.

    Can you upload the Minidump file too?
      My Computer


  4. Posts : 48
    Windows 7 Professional 32-bit
    Thread Starter
       #14

    I must have missed the beginning of the verifier page. Sorry. I have uploaded the one mini-dump in a zip file.
    --barry Finkel
      My Computer

  5.    #15

    Code:
    BugCheck 19, {20, a6076f00, a6076f80, a1005e0}
    
    GetPointerFromAddress: unable to read from 82f8184c
    Unable to read MiSystemVaType memory at 82f60e20
    Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+1b1 )
    It seems that the pool header block size is corrupt. The Block Size shows the size of the pool allocation, and the Previous Size indicates the size of the previous pool allocation, therefore the Previous Size of next pool entry should match the Block Size of the current allocation.

    To other debuggers, I would have used the !pool extension, however, this information wasn't available within this dump file (mainly because it's a Minidump)

    Code:
    0: kd> dt nt!_POOL_HEADER a6076f00 <-- Pool Entry We Were Looking For
       +0x000 PreviousSize     : 0y111100000 (0x1e0)
       +0x000 PoolIndex        : 0y0000010 (0x2)
       +0x002 BlockSize        : 0y000010000 (0x10)
       +0x002 PoolType         : 0y0000101 (0x5)
       +0x000 Ulong1           : 0xa1005e0
       +0x004 PoolTag          : 0x6d4e6f49
       +0x004 AllocatorBackTraceIndex : 0x6f49
       +0x006 PoolTagHash      : 0x6d4e
    Code:
    0: kd> dt nt!_POOL_HEADER a6076f80 <-- Next Pool Entry
       +0x000 PreviousSize     : 0y000000000 (0)
       +0x000 PoolIndex        : 0y0000010 (0x2)
       +0x002 BlockSize        : 0y000000100 (0x4)
       +0x002 PoolType         : 0y0000011 (0x3)
       +0x000 Ulong1           : 0x6040400
       +0x004 PoolTag          : 0x74416553
       +0x004 AllocatorBackTraceIndex : 0x6553
       +0x006 PoolTagHash      : 0x7441
    Looking at the raw stack of the thread, we can see that the Comodo software, again seems to be a possible cause and causing problems.

    Code:
    0: kd> lmvm CBUFS
    start    end        module name
    8c37a000 8c3be000   CBUFS    T (no symbols)           
        Loaded symbol image file: CBUFS.sys
        Image path: \SystemRoot\system32\drivers\CBUFS.sys
        Image name: CBUFS.sys
        Timestamp:        Mon Jan 14 12:27:18 2013 (50F3F9A6)
        CheckSum:         0004B8FC
        ImageSize:        00044000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
      My Computer


  6. Posts : 48
    Windows 7 Professional 32-bit
    Thread Starter
       #16

    If your research points to cbufs.exe, then I will wait until I hear back from Comodo before I do anything else. I do have the full dump associated with the mini-dump, but it probably is not worth the effort to look at that dump.
    --Barry Finkel
      My Computer

  7.    #17

    The dump file was quite straight forward, so Minidumps are okay :)

    Wait, until Comodo replies, they may be already be working on patching the program.
      My Computer


  8. Posts : 48
    Windows 7 Professional 32-bit
    Thread Starter
       #18

    I have switched backup programs, and I renamed the cbufs.sys driver file. I have not yet gotten a reply from my posting on the Comodo forum, and I have no idea when to expect a reply. I will wait until I get another BSOD (that is not a VIDEO_TDR_FAILURE (116)). I am currently working with nVIDIA support on those video timeout BSODs. I will wait a week before I mark this problem solved.
    --Barry Finkel
      My Computer

  9.    #19

    Okay thanks for the update :)
      My Computer


  10. Posts : 48
    Windows 7 Professional 32-bit
    Thread Starter
       #20

    I will close this trouble ticket, as the dump was caused by cbufs.sys, which I am no longer using.
    --Barry Finkel
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:26.
Find Us