One of my clients is getting a Bad Pool Header Error; I know that it's usually either caused by a driver or RAM. I'm remote so I don't have physical access to the computer but I've ruled out RAM because the Blue Screens occur randomly and consistently at least every 10-20 minutes in normal mode, but are completely gone in safe mode. I was able to run a basic RAM stress test in safe mode which found no errors. I essentially just need help determining which driver is causing this error. Windbg tells me it's caused by ntkrnlmp.exe but it's some other program/driver which depends on it. When I used driver verifier, from what I can tell the system crashed and it asked the user to restore windows from recovery. I guided them into Safe Mode with Networking and disabled verifier. I've attached the zip from the forum program.
Windbg gives me this:
Windbg gives me this:
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.19135.amd64fre.win7sp1_gdr.160121-1718
Machine Name:
Kernel base = 0xfffff800`02a0e000 PsLoadedModuleList = 0xfffff800`02c55730
Debug session time: Wed Mar 30 08:18:36.519 2016 (UTC - 5:00)
System Uptime: 0 days 0:16:10.548
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd7018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002aca79a, fffff880090669e0, 0}
Probably caused by : ntkrnlmp.exe ( nt!FsRtlLookupPerStreamContextInternal+7a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002aca79a, Address of the instruction which caused the bugcheck
Arg3: fffff880090669e0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!FsRtlLookupPerStreamContextInternal+7a
fffff800`02aca79a 48397010 cmp qword ptr [rax+10h],rsiMy Computer
- Computer type
- PC/Desktop
- OS
- Windows 7 Pro x64
rb:
