Hello, I'm the beginner in the debugging. I'd like to ask if anyone could check the following minidump and tell me if the BSOD was really raised by eamon.sys? Loading Dump File [C:\Program Files\Support Tools\Mini120109-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/...ls*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp3_gdr.090804-1435 Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720 Debug session time: Tue Dec 1 20:17:26.171 2009 (GMT+1) System Uptime: 0 days 0:00:40.843 Loading Kernel Symbols ................................................................................................................................................................ Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000050, {bad0b148, 0, 805bb460, 2} *** WARNING: Unable to verify timestamp for eamon.sys *** ERROR: Module load completed but symbols could not be loaded for eamon.sys Could not read faulting driver name Probably caused by : eamon.sys ( eamon+4163 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: bad0b148, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 805bb460, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000002, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: bad0b148 FAULTING_IP: nt!ObpRemoveObjectRoutine+cc 805bb460 833800 cmp dword ptr [eax],0 MM_INTERNAL_CODE: 2 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: ekrn.exe LAST_CONTROL_TRANSFER: from 805266da to 805bb460 STACK_TEXT: 9a83ec04 805266da e2ed8870 00000000 00000000 nt!ObpRemoveObjectRoutine+0xcc 9a83ec1c 9afbe163 9afbe18e 00000000 9a83ec9c nt!ObfDereferenceObject+0x4c WARNING: Stack unwind information not available. Following frames may be wrong. 9a83ec5c 80580487 882ec028 00000001 00000000 eamon+0x4163 9a83ed00 80579274 000001e0 00000000 00000000 nt!IopXxxControlFile+0x255 9a83ed34 8054162c 000001e0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a 9a83ed34 7c90e514 000001e0 00000000 00000000 nt!KiFastCallEntry+0xfc 052cff24 00000000 00000000 00000000 00000000 0x7c90e514 STACK_COMMAND: kb FOLLOWUP_IP: eamon+4163 9afbe163 ?? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: eamon+4163 FOLLOWUP_NAME: MachineOwner MODULE_NAME: eamon IMAGE_NAME: eamon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 49c2200c FAILURE_BUCKET_ID: 0x50_BADMEMREF_eamon+4163 BUCKET_ID: 0x50_BADMEMREF_eamon+4163 Followup: MachineOwner ---------
When reporting a problem (especially with BSOD), please always enclose information about the build and OS you use. The current build is 4.0.474.