NAMEWITHELD12
asked on
Windows 2008 crash dump am i reading this right ?
is this the exe that caused the BSOD , i really have never looked at this stuff in this much detail
WmiApSrv.exe is what i am looking at deeper , am i correct????
rosoft (R) Windows Debugger Version 6.11.0001.402 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\DUMP\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (16 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_g dr.110622- 1503
Machine Name:
Kernel base = 0xfffff800`01a4d000 PsLoadedModuleList = 0xfffff800`01c8ae70
Debug session time: Wed Oct 12 15:43:01.372 2011 (GMT-4)
System Uptime: 0 days 0:06:34.808
Loading Kernel Symbols
.......................... .......... .......... .......... .......
.......................... .......... .......... .......... .Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
..Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
..Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
...
.....................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Loading unloaded module list
....
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa803dd88000, fffffa803dd88380, c380000}
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Probably caused by : WmiApSrv.exe
Followup: MachineOwner
---------
6: kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa803dd88000, The pool entry we were looking for within the page.
Arg3: fffffa803dd88380, The next pool entry.
Arg4: 000000000c380000, (reserved)
Debugging Details:
------------------
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa803dd88000 Nonpaged pool
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WmiApSrv.exe
CURRENT_IRQL: 1
IRP_ADDRESS: fffffa803dd87fc8
LAST_CONTROL_TRANSFER: from fffff80001bf06d3 to fffff80001abd5c0
STACK_TEXT:
fffff880`0b8d3648 fffff800`01bf06d3 : 00000000`00000019 00000000`00000020 fffffa80`3dd88000 fffffa80`3dd88380 : nt!KeBugCheckEx
fffff880`0b8d3650 fffff800`01adcbee : 00000000`a0000003 00000000`0b8d3740 fffff6fb`20206f49 00000000`00000001 : nt!ExDeferredFreePool+0x12 c4
fffff880`0b8d3700 fffff800`01abff76 : fffffa80`3dd88040 fffffa80`00000000 00000000`00000001 fffff8a0`047567f0 : nt!IopCompleteRequest+0x5c e
fffff880`0b8d37d0 fffff800`01d4b7ea : fffffa80`3dad4f20 fffffa80`20707200 fffff880`00800530 00000000`00000000 : nt!IopfCompleteRequest+0x6 f6
fffff880`0b8d38c0 fffff800`01dd5597 : fffffa80`3dad4f20 fffff880`0b8d3ca0 fffff880`0b8d3ca0 fffffa80`3d891910 : nt!WmipIoControl+0xd6
fffff880`0b8d3a10 fffff800`01dd5df6 : 00000000`00000000 00000000`000001e0 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0b8d3b40 fffff800`01abc813 : 00000000`0000044e 00000000`00000001 fffff880`0b8d3bc8 0000007f`ffffffff : nt!NtDeviceIoControlFile+0 x56
fffff880`0b8d3bb0 00000000`775bf72a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+ 0x13
00000000`00d4f168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775bf72a
STACK_COMMAND: kb
PROCESS_OBJECT: fffffa80701d7b30
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WmiApSrv
IMAGE_NAME: WmiApSrv.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_0x19_20_IMAGE_WmiApSrv .exe
BUCKET_ID: X64_0x19_20_IMAGE_WmiApSrv .exe
Followup: MachineOwner
WmiApSrv.exe is what i am looking at deeper , am i correct????
rosoft (R) Windows Debugger Version 6.11.0001.402 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\DUMP\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (16 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_g
Machine Name:
Kernel base = 0xfffff800`01a4d000 PsLoadedModuleList = 0xfffff800`01c8ae70
Debug session time: Wed Oct 12 15:43:01.372 2011 (GMT-4)
System Uptime: 0 days 0:06:34.808
Loading Kernel Symbols
..........................
..........................
..Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
..Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
...
.....................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Loading unloaded module list
....
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa803dd88000, fffffa803dd88380, c380000}
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Probably caused by : WmiApSrv.exe
Followup: MachineOwner
---------
6: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa803dd88000, The pool entry we were looking for within the page.
Arg3: fffffa803dd88380, The next pool entry.
Arg4: 000000000c380000, (reserved)
Debugging Details:
------------------
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Page f95a7d not present in the dump file. Type ".hh dbgerr004" for details
Page 1038a4f not present in the dump file. Type ".hh dbgerr004" for details
Page 7c1dae not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa803dd88000 Nonpaged pool
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WmiApSrv.exe
CURRENT_IRQL: 1
IRP_ADDRESS: fffffa803dd87fc8
LAST_CONTROL_TRANSFER: from fffff80001bf06d3 to fffff80001abd5c0
STACK_TEXT:
fffff880`0b8d3648 fffff800`01bf06d3 : 00000000`00000019 00000000`00000020 fffffa80`3dd88000 fffffa80`3dd88380 : nt!KeBugCheckEx
fffff880`0b8d3650 fffff800`01adcbee : 00000000`a0000003 00000000`0b8d3740 fffff6fb`20206f49 00000000`00000001 : nt!ExDeferredFreePool+0x12
fffff880`0b8d3700 fffff800`01abff76 : fffffa80`3dd88040 fffffa80`00000000 00000000`00000001 fffff8a0`047567f0 : nt!IopCompleteRequest+0x5c
fffff880`0b8d37d0 fffff800`01d4b7ea : fffffa80`3dad4f20 fffffa80`20707200 fffff880`00800530 00000000`00000000 : nt!IopfCompleteRequest+0x6
fffff880`0b8d38c0 fffff800`01dd5597 : fffffa80`3dad4f20 fffff880`0b8d3ca0 fffff880`0b8d3ca0 fffffa80`3d891910 : nt!WmipIoControl+0xd6
fffff880`0b8d3a10 fffff800`01dd5df6 : 00000000`00000000 00000000`000001e0 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0b8d3b40 fffff800`01abc813 : 00000000`0000044e 00000000`00000001 fffff880`0b8d3bc8 0000007f`ffffffff : nt!NtDeviceIoControlFile+0
fffff880`0b8d3bb0 00000000`775bf72a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+
00000000`00d4f168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775bf72a
STACK_COMMAND: kb
PROCESS_OBJECT: fffffa80701d7b30
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WmiApSrv
IMAGE_NAME: WmiApSrv.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: X64_0x19_20_IMAGE_WmiApSrv
BUCKET_ID: X64_0x19_20_IMAGE_WmiApSrv
Followup: MachineOwner
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it happend at about 330 in the afternoon