Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Usra\Downloads\SF_03-03-2014\SF_03-03-2014\030314-10124-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Machine Name:
Kernel base = 0xfffff800`02e03000 PsLoadedModuleList = 0xfffff800`030466d0
Debug session time: Mon Mar 3 20:28:14.489 2014 (UTC + 6:00)
System Uptime: 0 days 0:00:13.816
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa8009cb9980, fffffa8009cb99a0, 4020005}
*** WARNING: Unable to verify timestamp for epfw.sys
*** ERROR: Module load completed but symbols could not be loaded for epfw.sys
Probably caused by : epfw.sys ( epfw+205f0 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8009cb9980, The pool entry we were looking for within the page.
Arg3: fffffa8009cb99a0, The next pool entry.
Arg4: 0000000004020005, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b0100
GetUlongFromAddress: unable to read from fffff800030b01c0
fffffa8009cb9980 Nonpaged pool
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fabcae to fffff80002e78bc0
STACK_TEXT:
fffff880`0e642678 fffff800`02fabcae : 00000000`00000019 00000000`00000020 fffffa80`09cb9980 fffffa80`09cb99a0 : nt!KeBugCheckEx
fffff880`0e642680 fffff880`0b4685f0 : 00000000`00000080 00000000`00000801 fffffa80`636f6c4d 636f6c4d`00000801 : nt!ExDeferredFreePool+0x12da
fffff880`0e642730 00000000`00000080 : 00000000`00000801 fffffa80`636f6c4d 636f6c4d`00000801 fffff880`031d5180 : epfw+0x205f0
fffff880`0e642738 00000000`00000801 : fffffa80`636f6c4d 636f6c4d`00000801 fffff880`031d5180 fffff880`0b455980 : 0x80
fffff880`0e642740 fffffa80`636f6c4d : 636f6c4d`00000801 fffff880`031d5180 fffff880`0b455980 fffff800`030086e0 : 0x801
fffff880`0e642748 636f6c4d`00000801 : fffff880`031d5180 fffff880`0b455980 fffff800`030086e0 00000000`00000801 : 0xfffffa80`636f6c4d
fffff880`0e642750 fffff880`031d5180 : fffff880`0b455980 fffff800`030086e0 00000000`00000801 fffff880`0e6428d8 : 0x636f6c4d`00000801
fffff880`0e642758 fffff880`0b455980 : fffff800`030086e0 00000000`00000801 fffff880`0e6428d8 00000000`00000000 : 0xfffff880`031d5180
fffff880`0e642760 fffff800`030086e0 : 00000000`00000801 fffff880`0e6428d8 00000000`00000000 ffffffff`ffffffff : epfw+0xd980
fffff880`0e642768 00000000`00000801 : fffff880`0e6428d8 00000000`00000000 ffffffff`ffffffff fffff880`0b455a58 : nt!NonPagedPoolDescriptor+0x160
fffff880`0e642770 fffff880`0e6428d8 : 00000000`00000000 ffffffff`ffffffff fffff880`0b455a58 00000000`00000080 : 0x801
fffff880`0e642778 00000000`00000000 : ffffffff`ffffffff fffff880`0b455a58 00000000`00000080 00000000`00000080 : 0xfffff880`0e6428d8
STACK_COMMAND: kb
FOLLOWUP_IP:
epfw+205f0
fffff880`0b4685f0 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: epfw+205f0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: epfw
IMAGE_NAME: epfw.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 520cebd6
FAILURE_BUCKET_ID: X64_0x19_20_epfw+205f0
BUCKET_ID: X64_0x19_20_epfw+205f0
Followup: MachineOwner
---------