Bad Pool Caller Vista X64

Discussion in 'ESET NOD32 Antivirus' started by Zardoc, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. Zardoc

    Zardoc Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    61
    Hi Guys,

    Just got another mem dump with Eamon.sys file just like the one that was an issue with X64 Vista machine a while ago. :eek:

    I have the latest version 672.

    Here is the dump file. Can someone please check and comment? o_O


    Thanks,

    Zardoc


    Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\Zardoc\Mini102108-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is:
    C:\Users\Zardoc;SRV**http://msdl.microsoft.com/download/symbols
    Executable search path is: H:\VISTA IMAGE
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free
    x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612
    Kernel base = 0xfffff800`01c62000 PsLoadedModuleList = 0xfffff800`01e27db0
    Debug session time: Tue Oct 21 18:22:12.299 2008 (GMT-4)
    System Uptime: 0 days 11:16:14.068
    Loading Kernel Symbols
    .........................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *
    *
    * Bugcheck Analysis
    *
    *
    *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, 110b, 402000a, fffffa8007498440}

    Unable to load image eamon.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for
    eamon.sys
    GetPointerFromAddress: unable to read from fffff80001e8b080
    Probably caused by : eamon.sys ( eamon+1ff5 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *
    *
    * Bugcheck Analysis
    *
    *
    *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad
    IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 000000000000110b, (reserved)
    Arg3: 000000000402000a, Memory contents of the pool block
    Arg4: fffffa8007498440, Address of the block of pool being deallocated

    Debugging Details:
    ------------------


    POOL_ADDRESS: fffffa8007498440

    FREED_POOL_TAG: None

    BUGCHECK_STR: 0xc2_7_None

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: svchost.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from fffff80001d96fa8 to fffff80001cb7350

    STACK_TEXT:
    fffffa60`0ce57f78 fffff800`01d96fa8 : 00000000`000000c2 00000000`00000007
    00000000`0000110b 00000000`0402000a : nt!KeBugCheckEx
    fffffa60`0ce57f80 fffffa60`0d5b2ff5 : fffffa80`0827da20 fffffa80`0827da20
    fffffa80`08434010 00000000`00000000 : nt!ExFreePool+0x462
    fffffa60`0ce58030 fffffa80`0827da20 : fffffa80`0827da20 fffffa80`08434010
    00000000`00000000 fffffa80`07ce0aa8 : eamon+0x1ff5
    fffffa60`0ce58038 fffffa80`0827da20 : fffffa80`08434010 00000000`00000000
    fffffa80`07ce0aa8 fffffa60`0d5b5570 : 0xfffffa80`0827da20
    fffffa60`0ce58040 fffffa80`08434010 : 00000000`00000000 fffffa80`07ce0aa8
    fffffa60`0d5b5570 00000000`00000000 : 0xfffffa80`0827da20
    fffffa60`0ce58048 00000000`00000000 : fffffa80`07ce0aa8 fffffa60`0d5b5570
    00000000`00000000 00000000`00000000 : 0xfffffa80`08434010
    fffffa60`0ce58050 fffffa80`07ce0aa8 : fffffa60`0d5b5570 00000000`00000000
    00000000`00000000 fffffa80`07ce0aa8 : 0x0
    fffffa60`0ce58058 fffffa60`0d5b5570 : 00000000`00000000 00000000`00000000
    fffffa80`07ce0aa8 fffffa80`0827da20 : 0xfffffa80`07ce0aa8
    fffffa60`0ce58060 00000000`00000000 : 00000000`00000000 fffffa80`07ce0aa8
    fffffa80`0827da20 fffffa80`07ce0a10 : eamon+0x4570
    fffffa60`0ce58068 00000000`00000000 : fffffa80`07ce0aa8 fffffa80`0827da20
    fffffa80`07ce0a10 fffff800`00000030 : 0x0
    fffffa60`0ce58070 fffffa80`07ce0aa8 : fffffa80`0827da20 fffffa80`07ce0a10
    fffff800`00000030 ffffffff`00000000 : 0x0
    fffffa60`0ce58078 fffffa80`0827da20 : fffffa80`07ce0a10 fffff800`00000030
    ffffffff`00000000 00000000`00000000 : 0xfffffa80`07ce0aa8
    fffffa60`0ce58080 fffffa80`07ce0a10 : fffff800`00000030 ffffffff`00000000
    00000000`00000000 00000000`00000040 : 0xfffffa80`0827da20
    fffffa60`0ce58088 fffff800`00000030 : ffffffff`00000000 00000000`00000000
    00000000`00000040 00000000`00000000 : 0xfffffa80`07ce0a10
    fffffa60`0ce58090 ffffffff`00000000 : 00000000`00000000 00000000`00000040
    00000000`00000000 fffffa80`07c9ad50 : 0xfffff800`00000030
    fffffa60`0ce58098 00000000`00000000 : 00000000`00000040 00000000`00000000
    fffffa80`07c9ad50 00000000`00000000 : 0xffffffff`00000000
    fffffa60`0ce580a0 00000000`00000040 : 00000000`00000000 fffffa80`07c9ad50
    00000000`00000000 fffffa80`07ce0a10 : 0x0
    fffffa60`0ce580a8 00000000`00000000 : fffffa80`07c9ad50 00000000`00000000
    fffffa80`07ce0a10 fffffa80`0827da20 : 0x40
    fffffa60`0ce580b0 fffffa80`07c9ad50 : 00000000`00000000 fffffa80`07ce0a10
    fffffa80`0827da20 fffffa80`07ce0aa8 : 0x0
    fffffa60`0ce580b8 00000000`00000000 : fffffa80`07ce0a10 fffffa80`0827da20
    fffffa80`07ce0aa8 fffffa80`08434010 : 0xfffffa80`07c9ad50
    fffffa60`0ce580c0 fffffa80`07ce0a10 : fffffa80`0827da20 fffffa80`07ce0aa8
    fffffa80`08434010 00000000`00000040 : 0x0
    fffffa60`0ce580c8 fffffa80`0827da20 : fffffa80`07ce0aa8 fffffa80`08434010
    00000000`00000040 fffff800`01f3cd83 : 0xfffffa80`07ce0a10
    fffffa60`0ce580d0 fffffa80`07ce0aa8 : fffffa80`08434010 00000000`00000040
    fffff800`01f3cd83 00000000`00000004 : 0xfffffa80`0827da20
    fffffa60`0ce580d8 fffffa80`08434010 : 00000000`00000040 fffff800`01f3cd83
    00000000`00000004 00000000`00000004 : 0xfffffa80`07ce0aa8
    fffffa60`0ce580e0 00000000`00000040 : fffff800`01f3cd83 00000000`00000004
    00000000`00000004 00000000`00000040 : 0xfffffa80`08434010
    fffffa60`0ce580e8 fffff800`01f3cd83 : 00000000`00000004 00000000`00000004
    00000000`00000040 00000000`00000000 : 0x40
    fffffa60`0ce580f0 fffff800`01f36a59 : fffffa80`05d806c0 00000000`00000000
    fffffa80`07c188e0 fffffa80`00000000 : nt!IopParseDevice+0x5e3
    fffffa60`0ce58290 fffff800`01f3a944 : 00000000`00000000 fffffa80`07780700
    fffffa80`00000040 00000000`00000000 : nt!ObpLookupObjectName+0x5eb
    fffffa60`0ce583a0 fffff800`01f46ee0 : 00000000`00100001 fffffa60`0ce588d8
    fffffa60`0ce58600 fffffa80`05e84de0 : nt!ObOpenObjectByName+0x2f4
    fffffa60`0ce58470 fffff800`01f47a0c : fffffa60`0ce58940 00000000`00100001
    00000000`00000006 fffffa60`0ce58890 : nt!IopCreateFile+0x290
    fffffa60`0ce58510 fffff800`01cb6df3 : fffffa80`059b6490 fffffa60`0ce586a0
    00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x78
    fffffa60`0ce585a0 fffff800`01cb7300 : fffffa60`0d5b2f17 00000000`00000000
    00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    fffffa60`0ce587a8 fffffa60`0d5b2f17 : 00000000`00000000 00000000`00000000
    00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
    fffffa60`0ce587b0 00000000`00000000 : 00000000`00000000 00000000`00000000
    00000000`00000000 fffffa60`0ce58948 : eamon+0x1f17
    fffffa60`0ce587b8 00000000`00000000 : 00000000`00000000 00000000`00000000
    fffffa60`0ce58948 00000000`00000000 : 0x0
    fffffa60`0ce587c0 00000000`00000000 : 00000000`00000000 fffffa60`0ce58948
    00000000`00000000 00000000`00000001 : 0x0
    fffffa60`0ce587c8 00000000`00000000 : fffffa60`0ce58948 00000000`00000000
    00000000`00000001 fffff800`00000001 : 0x0
    fffffa60`0ce587d0 fffffa60`0ce58948 : 00000000`00000000 00000000`00000001
    fffff800`00000001 fffffa60`00000160 : 0x0
    fffffa60`0ce587d8 00000000`00000000 : 00000000`00000001 fffff800`00000001
    fffffa60`00000160 00000000`00000000 : 0xfffffa60`0ce58948
    fffffa60`0ce587e0 00000000`00000001 : fffff800`00000001 fffffa60`00000160
    00000000`00000000 00000000`00000000 : 0x0
    fffffa60`0ce587e8 fffff800`00000001 : fffffa60`00000160 00000000`00000000
    00000000`00000000 00000000`00013d74 : 0x1
    fffffa60`0ce587f0 fffffa60`00000160 : 00000000`00000000 00000000`00000000
    00000000`00013d74 00000000`00000bf0 : 0xfffff800`00000001
    fffffa60`0ce587f8 00000000`00000000 : 00000000`00000000 00000000`00013d74
    00000000`00000bf0 00000000`00000000 : 0xfffffa60`00000160
    fffffa60`0ce58800 00000000`00000000 : 00000000`00013d74 00000000`00000bf0
    00000000`00000000 00000000`00000000 : 0x0
    fffffa60`0ce58808 00000000`00013d74 : 00000000`00000bf0 00000000`00000000
    00000000`00000000 fffffa60`0d5b4cf9 : 0x0
    fffffa60`0ce58810 00000000`00000bf0 : 00000000`00000000 00000000`00000000
    fffffa60`0d5b4cf9 00000000`00000160 : 0x13d74
    fffffa60`0ce58818 00000000`00000000 : 00000000`00000000 fffffa60`0d5b4cf9
    00000000`00000160 00000000`00100001 : 0xbf0
    fffffa60`0ce58820 00000000`00000000 : fffffa60`0d5b4cf9 00000000`00000160
    00000000`00100001 fffffa80`07d6db40 : 0x0
    fffffa60`0ce58828 fffffa60`0d5b4cf9 : 00000000`00000160 00000000`00100001
    fffffa80`07d6db40 fffffa60`0ce586a0 : 0x0
    fffffa60`0ce58830 00000000`00000160 : 00000000`00100001 fffffa80`07d6db40
    fffffa60`0ce586a0 fffffa60`0ce58948 : eamon+0x3cf9
    fffffa60`0ce58838 00000000`00100001 : fffffa80`07d6db40 fffffa60`0ce586a0
    fffffa60`0ce58948 00000000`00000000 : 0x160
    fffffa60`0ce58840 fffffa80`07d6db40 : fffffa60`0ce586a0 fffffa60`0ce58948
    00000000`00000000 00000000`00000001 : 0x100001
    fffffa60`0ce58848 fffffa60`0ce586a0 : fffffa60`0ce58948 00000000`00000000
    00000000`00000001 00000000`00000001 : 0xfffffa80`07d6db40
    fffffa60`0ce58850 fffffa60`0ce58948 : 00000000`00000000 00000000`00000001
    00000000`00000001 00000000`00000160 : 0xfffffa60`0ce586a0
    fffffa60`0ce58858 00000000`00000000 : 00000000`00000001 00000000`00000001
    00000000`00000160 00000000`00000000 : 0xfffffa60`0ce58948
    fffffa60`0ce58860 00000000`00000001 : 00000000`00000001 00000000`00000160
    00000000`00000000 00000000`00000000 : 0x0
    fffffa60`0ce58868 00000000`00000001 : 00000000`00000160 00000000`00000000
    00000000`00000000 fffffa80`07e8f601 : 0x1
    fffffa60`0ce58870 00000000`00000160 : 00000000`00000000 00000000`00000000
    fffffa80`07e8f601 fffffa80`07b3a320 : 0x1
    fffffa60`0ce58878 00000000`00000000 : 00000000`00000000 fffffa80`07e8f601
    fffffa80`07b3a320 fffffa60`00a10e17 : 0x160
    fffffa60`0ce58880 00000000`00000000 : fffffa80`07e8f601 fffffa80`07b3a320
    fffffa60`00a10e17 fffffa60`008c008a : 0x0
    fffffa60`0ce58888 fffffa80`07e8f601 : fffffa80`07b3a320 fffffa60`00a10e17
    fffffa60`008c008a fffffa80`07d6db68 : 0x0
    fffffa60`0ce58890 fffffa80`07b3a320 : fffffa60`00a10e17 fffffa60`008c008a
    fffffa80`07d6db68 fffffa80`059b69e0 : 0xfffffa80`07e8f601
    fffffa60`0ce58898 fffffa60`00a10e17 : fffffa60`008c008a fffffa80`07d6db68
    fffffa80`059b69e0 fffffa80`05e84de0 : 0xfffffa80`07b3a320
    fffffa60`0ce588a0 fffffa60`00a100dd : 00000000`00000000 00000000`00000480
    fffffa80`059b6403 fffffa80`079c1820 :
    fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x227
    fffffa60`0ce58910 fffffa80`07c9aea0 : fffffa80`07e8f6b0 00000000`00000000
    fffffa80`07e8f6b0 00000000`00000000 : fltmgr!FltpDispatch+0xcd
    fffffa60`0ce58970 fffffa80`07e8f6b0 : 00000000`00000000 fffffa80`07e8f6b0
    00000000`00000000 fffffa80`059b6490 : 0xfffffa80`07c9aea0
    fffffa60`0ce58978 00000000`00000000 : fffffa80`07e8f6b0 00000000`00000000
    fffffa80`059b6490 fffffa60`0d5b5745 : 0xfffffa80`07e8f6b0
    fffffa60`0ce58980 fffffa80`07e8f6b0 : 00000000`00000000 fffffa80`059b6490
    fffffa60`0d5b5745 fffffa80`059b69e0 : 0x0
    fffffa60`0ce58988 00000000`00000000 : fffffa80`059b6490 fffffa60`0d5b5745
    fffffa80`059b69e0 fffffa80`00000000 : 0xfffffa80`07e8f6b0
    fffffa60`0ce58990 fffffa80`059b6490 : fffffa60`0d5b5745 fffffa80`059b69e0
    fffffa80`00000000 fffffa80`079c1820 : 0x0
    fffffa60`0ce58998 fffffa60`0d5b5745 : fffffa80`059b69e0 fffffa80`00000000
    fffffa80`079c1820 fffffa80`07780600 : 0xfffffa80`059b6490
    fffffa60`0ce589a0 fffffa80`059b69e0 : fffffa80`00000000 fffffa80`079c1820
    fffffa80`07780600 00000000`00000001 : eamon+0x4745
    fffffa60`0ce589a8 fffffa80`00000000 : fffffa80`079c1820 fffffa80`07780600
    00000000`00000001 00000000`00000000 : 0xfffffa80`059b69e0
    fffffa60`0ce589b0 fffffa80`079c1820 : fffffa80`07780600 00000000`00000001
    00000000`00000000 00000001`07060000 : 0xfffffa80`00000000
    fffffa60`0ce589b8 fffffa80`07780600 : 00000000`00000001 00000000`00000000
    00000001`07060000 fffffa60`0ce589d8 : 0xfffffa80`079c1820


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+1ff5
    fffffa60`0d5b2ff5 ??
    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+1ff5

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 48a95947

    FAILURE_BUCKET_ID: X64_0xc2_7_None_eamon+1ff5

    BUCKET_ID: X64_0xc2_7_None_eamon+1ff5

    Followup: MachineOwner
    ---------
     
  2. Zardoc

    Zardoc Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    61
    Wow,

    No one for a heads up?

    Aryeh my friend, you there?

    :ninja:
     
Thread Status:
Not open for further replies.