BSOD eamon.sys

Hello,

I'm the beginner in the debugging. I'd like to ask if anyone could check the following minidump and tell me if the BSOD was really raised by eamon.sys?


Loading Dump File [C:\Program Files\Support Tools\Mini120109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/...ls*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Dec 1 20:17:26.171 2009 (GMT+1)
System Uptime: 0 days 0:00:40.843
Loading Kernel Symbols
................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {bad0b148, 0, 805bb460, 2}

*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys

Could not read faulting driver name
Probably caused by : eamon.sys ( eamon+4163 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: bad0b148, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 805bb460, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: bad0b148

FAULTING_IP:
nt!ObpRemoveObjectRoutine+cc
805bb460 833800 cmp dword ptr [eax],0

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: ekrn.exe

LAST_CONTROL_TRANSFER: from 805266da to 805bb460

STACK_TEXT:
9a83ec04 805266da e2ed8870 00000000 00000000 nt!ObpRemoveObjectRoutine+0xcc
9a83ec1c 9afbe163 9afbe18e 00000000 9a83ec9c nt!ObfDereferenceObject+0x4c
WARNING: Stack unwind information not available. Following frames may be wrong.
9a83ec5c 80580487 882ec028 00000001 00000000 eamon+0x4163
9a83ed00 80579274 000001e0 00000000 00000000 nt!IopXxxControlFile+0x255
9a83ed34 8054162c 000001e0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
9a83ed34 7c90e514 000001e0 00000000 00000000 nt!KiFastCallEntry+0xfc
052cff24 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
eamon+4163
9afbe163 ??

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: eamon+4163

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: eamon

IMAGE_NAME: eamon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49c2200c

FAILURE_BUCKET_ID: 0x50_BADMEMREF_eamon+4163

BUCKET_ID: 0x50_BADMEMREF_eamon+4163

Followup: MachineOwner
---------

 

When reporting a problem (especially with BSOD), please always enclose information about the build and OS you use. The current build is 4.0.474.