blin
February 5th, 2009, 05:47 AM
Microsoft (R) Windows Debugger Version 6.10.0003.233 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\WinDDK\Dumps\Fi\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*d:\winddk\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c09000 PsLoadedModuleList = 0x81d20c70
Debug session time: Sat Jan 24 13:43:19.071 2009 (GMT+0)
System Uptime: 0 days 0:01:22.930
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Loading unloaded module list
....
*** ERROR: Symbol file could not be found. Defaulted to export symbols for eamon.sys -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {bad0b0b0, 81222b88, 2, 81d0b824}
Page 600db not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Probably caused by : eamon.sys ( eamon+31d8 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18 )
Arguments:
Arg1: bad0b0b0, Object type of the object whose reference count is being lowered
Arg2: 81222b88, Object whose reference count is being lowered
Arg3: 00000002, Reserved
Arg4: 81d0b824, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
Page 600db not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: MSASCui.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 9d6681d8 to 81c5a88e
STACK_TEXT:
9fead8ec 9d6681d8 81221258 81221238 81287ee0 nt!ObfDereferenceObject+0x66
WARNING: Stack unwind information not available. Following frames may be wrong.
9feada28 9d66a092 9feada40 9feada58 81221238 eamon+0x31d8
9feada5c 9d668c5a 81221238 00000000 81c4b601 eamon+0x5092
9feadab0 81cc4fd3 00000d08 81253330 811bc554 eamon+0x3c5a
9feadac8 81e29d11 05e64055 811bfdc4 87369df8 nt!IofCallDriver+0x63
9feadb98 81e4f3ff 87369e10 00000000 811bfd20 nt!IopParseDevice+0xf61
9feadc28 81e270f6 00000000 9feadc80 00000040 nt!ObpLookupObjectName+0x5a8
9feadc88 81e28bf3 000ff17c 00000000 00000001 nt!ObOpenObjectByName+0x13c
9feadcfc 81e19639 000ff1a8 00100021 000ff17c nt!IopCreateFile+0x63b
9feadd44 81c60a1a 000ff1a8 00100021 000ff17c nt!NtOpenFile+0x2a
9feadd44 77839a94 000ff1a8 00100021 000ff17c nt!KiFastCallEntry+0x12a
000ff19c 00000000 00000000 00000000 00000000 0x77839a94
STACK_COMMAND: kb
FOLLOWUP_IP:
eamon+31d8
9d6681d8 b868d6699d mov eax,offset eamon!PsGetThreadProcessId+0x333f4 (9d69d668)
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: eamon+31d8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: eamon
IMAGE_NAME: eamon.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5
FAILURE_BUCKET_ID: 0x18_BADMEMREF_eamon+31d8
BUCKET_ID: 0x18_BADMEMREF_eamon+31d8
Followup: MachineOwner
---------
1: kd> lmvm eamon
start end module name
9d665000 9d6b2000 eamon (export symbols) eamon.sys
Loaded symbol image file: eamon.sys
Image path: \SystemRoot\system32\DRIVERS\eamon.sys
Image name: eamon.sys
Timestamp: Tue Jul 01 07:51:01 2008 (4869D3D5)
CheckSum: 00018854
ImageSize: 0004D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\WinDDK\Dumps\Fi\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*d:\winddk\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c09000 PsLoadedModuleList = 0x81d20c70
Debug session time: Sat Jan 24 13:43:19.071 2009 (GMT+0)
System Uptime: 0 days 0:01:22.930
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Loading unloaded module list
....
*** ERROR: Symbol file could not be found. Defaulted to export symbols for eamon.sys -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {bad0b0b0, 81222b88, 2, 81d0b824}
Page 600db not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Probably caused by : eamon.sys ( eamon+31d8 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18 )
Arguments:
Arg1: bad0b0b0, Object type of the object whose reference count is being lowered
Arg2: 81222b88, Object whose reference count is being lowered
Arg3: 00000002, Reserved
Arg4: 81d0b824, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
Page 600db not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: MSASCui.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 9d6681d8 to 81c5a88e
STACK_TEXT:
9fead8ec 9d6681d8 81221258 81221238 81287ee0 nt!ObfDereferenceObject+0x66
WARNING: Stack unwind information not available. Following frames may be wrong.
9feada28 9d66a092 9feada40 9feada58 81221238 eamon+0x31d8
9feada5c 9d668c5a 81221238 00000000 81c4b601 eamon+0x5092
9feadab0 81cc4fd3 00000d08 81253330 811bc554 eamon+0x3c5a
9feadac8 81e29d11 05e64055 811bfdc4 87369df8 nt!IofCallDriver+0x63
9feadb98 81e4f3ff 87369e10 00000000 811bfd20 nt!IopParseDevice+0xf61
9feadc28 81e270f6 00000000 9feadc80 00000040 nt!ObpLookupObjectName+0x5a8
9feadc88 81e28bf3 000ff17c 00000000 00000001 nt!ObOpenObjectByName+0x13c
9feadcfc 81e19639 000ff1a8 00100021 000ff17c nt!IopCreateFile+0x63b
9feadd44 81c60a1a 000ff1a8 00100021 000ff17c nt!NtOpenFile+0x2a
9feadd44 77839a94 000ff1a8 00100021 000ff17c nt!KiFastCallEntry+0x12a
000ff19c 00000000 00000000 00000000 00000000 0x77839a94
STACK_COMMAND: kb
FOLLOWUP_IP:
eamon+31d8
9d6681d8 b868d6699d mov eax,offset eamon!PsGetThreadProcessId+0x333f4 (9d69d668)
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: eamon+31d8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: eamon
IMAGE_NAME: eamon.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5
FAILURE_BUCKET_ID: 0x18_BADMEMREF_eamon+31d8
BUCKET_ID: 0x18_BADMEMREF_eamon+31d8
Followup: MachineOwner
---------
1: kd> lmvm eamon
start end module name
9d665000 9d6b2000 eamon (export symbols) eamon.sys
Loaded symbol image file: eamon.sys
Image path: \SystemRoot\system32\DRIVERS\eamon.sys
Image name: eamon.sys
Timestamp: Tue Jul 01 07:51:01 2008 (4869D3D5)
CheckSum: 00018854
ImageSize: 0004D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4