• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Windows XP Pro Blue Screen of Death lol

0

03bigMark03

Guest
#1
Hiya all. On my Dad's office computer we have recently been getting a bsod. The computer is running Windows XP Pro and a similar configuration to my PC that is also running Windows XP Pro. Though my PC is a lot older.

Wen you least expect it the computer in the office gets this error message. I couldn't screen capture it as it all locked up as BSOD's do that. So I took a quick photo of it with my dad's digital camera.

I recently tried to rid of the problem by updating the modem drivers, updating from XP SP1 tp XP SP1A but all the drivers seemed to be up to date so that's really how far I could get.

There's Norton System Works on it, we defragment reguarly and do all the Norton checks and have the latest definations, I did a full system vrius scan the other day.

I don't have the full specifcation of the PC yet but to get you started look at the attached image.
 
M

m4dh0

Guest
#3
heres the bugcheck output which seems to point to symevent.sys

ps. change the crashdump mode to kernel memory dump then next time it happens you will get more info

the debugger tools are available from
http://www.microsoft.com/whdc/ddk/debugging/default.mspx


JSIInc tip 4981 has how to read them

Code:
Loading Dump File [Mini080203-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\windows\symbols\winxp*[url]http://msdl.microsoft.com/do[/url]
wnload/symbols
Executable search path is: C:\TEMP\xp_cd\I386
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Sat Aug 02 16:36:37 2003
System Uptime: 0 days 5:20:31.367
Loading Kernel Symbols
................................................................................
..........................................
Loading unloaded module list
.........
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, c3e, b86f, ffb72be0}

!analyze -v
Bad allocation size @ffb72bd8, zero is invalid

***
*** An error (or corruption) in the pool was detected;
*** Pool Region unknown (0xFFFFFFFFFFB72BD8)
***
*** Use !poolval ffb72000 for more details.
***

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SY
S
Probably caused by : SYMEVENT.SYS ( SYMEVENT+6264 )

Followup: MachineOwner
---------

kd> ****************************************************************************
***
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQ
L level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 0000b86f, Memory contents of the pool block
Arg4: ffb72be0, Address of the block of pool being deallocated

Debugging Details:
------------------

Bad allocation size @ffb72bd8, zero is invalid

***
*** An error (or corruption) in the pool was detected;
*** Pool Region unknown (0xFFFFFFFFFFB72BD8)
***
*** Use !poolval ffb72000 for more details.
***


BUGCHECK_STR:  0xc2_7

DEFAULT_BUCKET_ID:  DRIVER_FAULT

LAST_CONTROL_TRANSFER:  from 8053d4a1 to 805266db

STACK_TEXT:
f9987a00 8053d4a1 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x19
f9987a48 baeed80d ffb72be0 00000000 8134c898 nt!ExFreePoolWithTag+0x237
f9987a70 baec1b70 ff915838 f9987aa0 f9987aa5 Ntfs!NtfsDeleteFcb+0x76
f9987ac0 baeedac7 ff915838 8134c738 e11065d8 Ntfs!NtfsTeardownFromLcb+0x1ff
f9987b18 baebcf02 ff915838 e11066a0 00000000 Ntfs!NtfsTeardownStructures+0x127
f9987b44 baedd8a7 ff915838 011066a0 00000000 Ntfs!NtfsDecrementCloseCounts+0x9c
f9987bcc baedd715 ff915838 e11066a0 e11065d8 Ntfs!NtfsCommonClose+0x37a
f9987c6c 804eca36 8134c658 ff744678 f9987cc4 Ntfs!NtfsFsdClose+0x1f3
f9987c7c f640d264 00000000 f9987cc4 811c6108 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f9987d28 8057e49d 00b3f5f0 ffb3f5d8 00000000 SYMEVENT+0x6264
f9987d44 804ecc07 ffb3f5f0 00000000 806c9158 nt!ObpRemoveObjectRoutine+0xdd
f9987d68 804e6e38 8054c478 ffb3f878 806c9190 nt!ObfDereferenceObject+0x5d
f9987d8c 804dfecb e1117370 00000000 8133cda8 nt!MiSegmentDelete+0xdb
f9987dac 8057c73a 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9c
f9987ddc 805124c1 804dfe37 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
SYMEVENT+6264
f640d264 ??               ???

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  SYMEVENT+6264

MODULE_NAME:  SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  3ec1d807

STACK_COMMAND:  kb

BUCKET_ID:  0xc2_7_SYMEVENT+6264

Followup: MachineOwner
 
0

03bigMark03

Guest
#4
Thanks for debuging guys. I set it to kernal dump, it's bound to do it some time to. Here is the hard ware exported from System Information, should have everything you need.

I checked for the Blaster virus "no virus found" few and also installed a load od XP Updates. Just going to see how well it performs for a while now.
 
M

m4dh0

Guest
#6
Originally posted by ViperSnake
Ahhh someone forgot to close a tag with ],
The ending tag was supposed to be [/CODE]
i had a little too much to drink that night ......
 
0

03bigMark03

Guest
#7
Well the updates did nothing to improve the problem, at least it's protected by the blaster worm virus. Well I had to create a cach in order to get a kernal dump on the root of c (it was on d) so gona have to wait a lil while for it to crash.
 
0

03bigMark03

Guest
#8
Well well well. Not a crash in a while. Though it did crash a few days ago. Maybe the updates for his XP Pro system are working. I've set it all up to kernal dump so ill bump this post wen it crashes.
 
0

03bigMark03

Guest
#10
Hi. I went to check Dad's PC and were the folder is stored to see if there is a kernal dump. Wuhey there's one, it was 40meg so I packed it up in rar format and uploaded it to my host. It's about 11meg in rar format. See wat you can do with it please.

Kernal Dump
 
M

m4dh0

Guest
#11
The Stop 0xC2 error message indicates that a kernel-mode process or driver incorrectly attempted to perform a memory operation. This error message is typically caused by a faulty device driver or software.

i know its a pain but try to find updated versions of the drivers

here is the debug output


you could also try the driver verifier on the system

Code:
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQ
L level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 000068ce, Memory contents of the pool block
Arg4: 811982d8, Address of the block of pool being deallocated

Debugging Details:
------------------

Bad allocation size @811982d0, zero is invalid

***
*** An error (or corruption) in the pool was detected;
*** Attempting to diagnose the problem.
***
*** Use !poolval 81198000 for more details.
***

Pool page [ 81198000 ] is INVALID.

Analyzing linked list...
[ 81198278 --> 81198310 (size = 0x98 bytes)]: Corrupt region


Scanning for single bit errors...

None found


BUGCHECK_STR:  0xc2_7

DEFAULT_BUCKET_ID:  DRIVER_FAULT

LAST_CONTROL_TRANSFER:  from 8053428f to 804f404f

STACK_TEXT:
f69b4bc4 8053428f 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x19
f69b4c0c 80507c3e 811982d8 00000000 ffb323d8 nt!ExFreePoolWithTag+0x237
f69b4c48 805ac3e9 01b323d8 8127a2f8 40010004 nt!MmCleanProcessAddressSpace+0x26e

f69b4cf0 805ac5ac 40010004 ffa31598 804f81b5 nt!PspExitThread+0x668
f69b4cfc 804f81b5 8127a2f8 f69b4d48 f69b4d3c nt!PsExitSpecialApc+0x20
f69b4d4c 8052d4ba 00000001 00000000 f69b4d64 nt!KiDeliverApc+0x1ad
f69b4d4c 7ffe0304 00000001 00000000 f69b4d64 nt!KiServiceExit+0x58
0006ff90 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4


FOLLOWUP_IP:
nt!ExFreePoolWithTag+237
8053428f 8b45f8           mov     eax,[ebp-0x8]

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  nt!ExFreePoolWithTag+237

MODULE_NAME:  nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  3e39bded

STACK_COMMAND:  kb

BUCKET_ID:  0xc2_7_nt!ExFreePoolWithTag+237

Followup: MachineOwner
---------
 
0

03bigMark03

Guest
#12
Cool thanks for trying to look at the problem. I'm just wondering if there is anyway as to how you can see in that error message which driver it actualy is thats causing the problem. Thanks if you can help guys.
 
M

m4dh0

Guest
#13
unfortunatly the bugcheck stops at ntoskrnl.exe, just out of intrest what version of the file do you have ?
 
M

m4dh0

Guest
#15
via my computer go into the drive with windows directory, then into system32. right click on ntoskrnl.exe, goto properties then the version tab

mine shows
File Version: 5.1.2600.1224
Description: NT Kernel & System
 
0

03bigMark03

Guest
#19
Hey all. Installed the patched (finaly) and it's at 5.1.2600.1159. We still get the crash. Also wen we use the scanner we've noticed it crashing a lot then. I just wondered if it might be a problem with the twain drivers (or a newer version). His scanner is a Trust Easy Connect 19200 chained with an Epson Style Photo printer (using the printer style connections).
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies