BSOD eamon.sys

Discussion in 'ESET Smart Security' started by gonzyone, Dec 2, 2009.

Thread Status:
Not open for further replies.
  1. gonzyone

    gonzyone Registered Member

    Joined:
    Dec 2, 2009
    Posts:
    1
    Hello,

    I'm the beginner in the debugging. I'd like to ask if anyone could check the following minidump and tell me if the BSOD was really raised by eamon.sys?


    Loading Dump File [C:\Program Files\Support Tools\Mini120109-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/...ls*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp3_gdr.090804-1435
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Tue Dec 1 20:17:26.171 2009 (GMT+1)
    System Uptime: 0 days 0:00:40.843
    Loading Kernel Symbols
    ................................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 10000050, {bad0b148, 0, 805bb460, 2}

    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys

    Could not read faulting driver name
    Probably caused by : eamon.sys ( eamon+4163 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except,
    it must be protected by a Probe. Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: bad0b148, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 805bb460, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000002, (reserved)

    Debugging Details:
    ------------------


    Could not read faulting driver name

    READ_ADDRESS: bad0b148

    FAULTING_IP:
    nt!ObpRemoveObjectRoutine+cc
    805bb460 833800 cmp dword ptr [eax],0

    MM_INTERNAL_CODE: 2

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0x50

    PROCESS_NAME: ekrn.exe

    LAST_CONTROL_TRANSFER: from 805266da to 805bb460

    STACK_TEXT:
    9a83ec04 805266da e2ed8870 00000000 00000000 nt!ObpRemoveObjectRoutine+0xcc
    9a83ec1c 9afbe163 9afbe18e 00000000 9a83ec9c nt!ObfDereferenceObject+0x4c
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9a83ec5c 80580487 882ec028 00000001 00000000 eamon+0x4163
    9a83ed00 80579274 000001e0 00000000 00000000 nt!IopXxxControlFile+0x255
    9a83ed34 8054162c 000001e0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    9a83ed34 7c90e514 000001e0 00000000 00000000 nt!KiFastCallEntry+0xfc
    052cff24 00000000 00000000 00000000 00000000 0x7c90e514


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+4163
    9afbe163 ?? o_O

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+4163

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 49c2200c

    FAILURE_BUCKET_ID: 0x50_BADMEMREF_eamon+4163

    BUCKET_ID: 0x50_BADMEMREF_eamon+4163

    Followup: MachineOwner
    ---------
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    When reporting a problem (especially with BSOD), please always enclose information about the build and OS you use. The current build is 4.0.474.
     
Thread Status:
Not open for further replies.