XP Crash problem

Discussion in 'ESET NOD32 Antivirus' started by ialus, Feb 16, 2009.

Thread Status:
Not open for further replies.
  1. ialus

    ialus Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    1
    Hi,
    I have Win Xp , Esed nod32 Antivirus, version 3.0.669.0 .
    I have the following situation:
    - I try to run a foxpro aplication ( exe file) located on anothe machine . When I run the exe file the system shutdown and restarts . I think it's because of antivirus, because before there was not such a problem, maybe I'm wrong...it seems like a eamon.sys problem....
    This is the dmp file :

    Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Documents and Settings\asconta\Desktop\Mini021609-15.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
    Debug session time: Mon Feb 16 17:19:34.250 2009 (GMT+2)
    System Uptime: 0 days 0:17:20.840
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ..................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 10000050, {fffffffe, 0, 864ececa, 0}

    *** WARNING: Unable to verify timestamp for sr.sys

    Could not read faulting driver name
    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    Probably caused by : eamon.sys ( eamon+3d26 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except,
    it must be protected by a Probe. Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffffffe, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 864ececa, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000000, (reserved)

    Debugging Details:
    ------------------


    Could not read faulting driver name

    READ_ADDRESS: fffffffe

    FAULTING_IP:
    +fd
    864ececa 0fb74c48fe movzx ecx,word ptr [eax+ecx*2-2]

    MM_INTERNAL_CODE: 0

    CUSTOMER_CRASH_COUNT: 15

    DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

    BUGCHECK_STR: 0x50

    PROCESS_NAME: NTVDM.EXE

    LAST_CONTROL_TRANSFER: from 864ed020 to 864ececa

    STACK_TEXT:
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    f57f0964 864ed020 863af748 f57f0978 00000000 0x864ececa
    f57f0988 864ed51c f73a2e37 86583020 85ff89e0 0x864ed020
    f57f09b0 f7426876 85ff89f0 85ff89e0 863af718 0x864ed51c
    f57f09fc 864ed585 86584ac0 00000001 85ff89e0 sr!SrCreate+0x150
    f57f0a20 f5ec0d26 85ff89f0 85ff89e0 863af718 0x864ed585
    f57f0a5c 864ed585 86029598 85ff89e0 85ff89e0 eamon+0x3d26
    f57f0a80 80581ec2 86503700 85ea077c f57f0c18 0x864ed585
    f57f0b60 805bdd10 86503718 00000000 85ea06d8 nt!NtQueryInformationProcess+0x454
    f57f0bd8 805ba398 00000000 f57f0c18 00000040 nt!NtCreatePagingFile+0x420
    f57f0c2c 80574e4d 00000000 00000000 00000001 nt!CcPfParametersRead+0x8f
    f57f0ca8 805757c4 0205fde4 00100081 0205fdb4 nt!FsRtlIsNameInExpression+0x56
    f57f0d04 80578f83 0205fde4 00100081 0205fdb4 nt!HvMarkCellDirty+0xd2
    f57f0d44 8054060c 0205fde4 00100081 0205fdb4 nt!NtOpenMutant+0x60
    f57f0d64 7c90eb94 badb0d00 0205fd90 f5938d98 nt!RtlIpv4StringToAddressA+0xfd
    f57f0d78 00000000 00000000 00000000 00000000 0x7c90eb94


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+3d26
    f5ec0d26 ?? o_O

    SYMBOL_STACK_INDEX: 5

    SYMBOL_NAME: eamon+3d26

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5

    FAILURE_BUCKET_ID: 0x50_eamon+3d26

    BUCKET_ID: 0x50_eamon+3d26

    Followup: MachineOwner
    ---------

    Thanxs in advance .
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello ialus,

    Please upgrade to version 684.

    Thank you,
    Richard
     
Thread Status:
Not open for further replies.