[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

WinDBG Results.... Well... FileHook.sys ?

From: Edward Kim <won_soon_at_yahoo.com>
Date: Thu, 5 Feb 2009 03:42:32 -0800 (PST)

> Kurt Pruenner wrote:
>
> You need to install windbg and use it to analyze the memory dump:
>
> http://www.microsoft.com/whdc/devtools/debugging/default.mspx
> http://www.networkworld.com/news/2005/041105-windows-crash.html
>
> Just set up the symbol server as shown in the networkworld.com article,
> open your crashdump and run a "!analyze -v". That should tell you which
> driver triggered the crash, but not neccessarily which caused it - as
> BAD_POOL_HEADER errors usually occur when there's already some memory
> corruption...
>

The Following logs shows the result of running WinDbg..

------------------(Start of Log)----------------
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

************************************************************
WARNING: Dump file has been truncated. Data may be missing.
************************************************************
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d9000 PsLoadedModuleList = 0x805654c0
Debug session time: Thu Feb 5 10:05:09.961 2009 (GMT+9)
System Uptime: 0 days 0:08:15.171
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
................................................................
........
Loading unloaded module list
..............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 893597d8, 893598f0, a230001}

*** ERROR: Module load completed but symbols could not be loaded for FileHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AhnFlt2k.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for libapr_tsvn.dll -
*** ERROR: Module load completed but symbols could not be loaded for TortoiseProc.exe

Probably caused by : FileHook.sys ( FileHook+580a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 893597d8, The pool entry we were looking for within the page.
Arg3: 893598f0, The next pool entry.
Arg4: 0a230001, (reserved)

Debugging Details:
------------------

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: 893597d8 Nonpaged pool

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: TortoiseProc.ex

LAST_CONTROL_TRANSFER: from 80553fc5 to 8053967a

STACK_TEXT:
b53c6b68 80553fc5 00000019 00000020 893597d8 nt!KeBugCheckEx+0x1b
b53c6bb8 805533e3 893597e0 00000000 b53c6c5c nt!ExFreePoolWithTag+0x2c1
b53c6bc8 f764c80a 893597e0 89dc8e00 8957098c nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
b53c6c5c f764d19f 89978680 89570790 8a65ef38 FileHook+0x580a
b53c6c98 b6958e51 89695838 89570790 00000000 FileHook+0x619f
b53c6cb0 804e33d9 89695838 89570790 00000000 AhnFlt2k+0xe51
b53c6cc0 805dd2c1 b53c6d64 01fe74dc 805814e5 nt!IopfCallDriver+0x31
b53c6d48 804df99f 00000284 01fe7550 002056d0 nt!NtSetInformationFile+0x533
b53c6d48 7c93e4f4 00000284 01fe7550 002056d0 nt!KiFastCallEntry+0xfc
01fe74bc 7c93dc4c 7c81f8e6 00000284 01fe7550 ntdll!KiFastSystemCallRet
01fe74c0 7c81f8e6 00000284 01fe7550 002056d0 ntdll!ZwSetInformationFile+0xc
01fe7594 7c83568a 01feb5c8 01fe75c8 00000000 kernel32!MoveFileWithProgressW+0x3b4
01fe75b0 6eecc560 01feb5c8 01fe75c8 00000003 kernel32!MoveFileExW+0x17
01fe7614 005c0039 00310037 00310030 0041005c libapr_tsvn!apr_file_rename+0x70
01fe7618 00310037 00310030 0041005c 00500050 TortoiseProc+0x1c0039
01fe761c 00310030 0041005c 00500050 004e0020 0x310037
01fe7620 0041005c 00500050 004e0020 0054004f 0x310030
01fe7624 00500050 004e0020 0054004f 005f0045 TortoiseProc+0x1005c
01fe7628 004e0020 0054004f 005f0045 00310037 TortoiseProc+0x100050
01fe762c 0054004f 005f0045 00310037 00390030 TortoiseProc+0xe0020
01fe7630 005f0045 00310037 00390030 0063005c TortoiseProc+0x14004f
01fe7634 00310037 00390030 0063005c 00740075 TortoiseProc+0x1f0045
01fe7638 00390030 0063005c 00740075 002e0034 0x310037
01fe763c 0063005c 00740075 002e0034 00280030 0x390030
01fe7640 00740075 002e0034 00280030 00310037 TortoiseProc+0x23005c
01fe7644 002e0034 00280030 00310037 00390030 TortoiseProc+0x340075
01fe7648 00280030 00310037 00390030 0020002c 0x2e0034
01fe764c 00310037 00390030 0020002c 00310037 0x280030
01fe7650 00390030 0020002c 00310037 00310030 0x310037
01fe7654 0020002c 00310037 00310030 0020002c 0x390030
01fe7658 00310037 00310030 0020002c 00320035 0x20002c
01fe765c 00310030 0020002c 00320035 00320030 0x310037
01fe7660 0020002c 00320035 00320030 005c0029 0x310030
01fe7664 00320035 00320030 005c0029 00200044 0x20002c
01fe7668 00320030 005c0029 00200044 00450056 0x320035
01fe766c 005c0029 00200044 00450056 00530052 0x320030
01fe7670 00200044 00450056 00530052 004f0049 TortoiseProc+0x1c0029
01fe7674 00450056 00530052 004f0049 0020004e 0x200044
01fe7678 00530052 004f0049 0020004e 00410044 TortoiseProc+0x50056
01fe767c 004f0049 0020004e 00410044 00410054 TortoiseProc+0x130052
01fe7680 0020004e 00410044 00410054 0044005c TortoiseProc+0xf0049
01fe7684 00410044 00410054 0044005c 00560020 0x20004e
01fe7688 00410054 0044005c 00560020 00520045 TortoiseProc+0x10044
01fe768c 0044005c 00560020 00520045 00490053 TortoiseProc+0x10054
01fe7690 00560020 00520045 00490053 004e004f TortoiseProc+0x4005c
01fe7694 00520045 00490053 004e004f c7900020 TortoiseProc+0x160020
01fe7698 00490053 004e004f c7900020 005cb8cc TortoiseProc+0x120045
01fe769c 004e004f c7900020 005cb8cc 00300038 TortoiseProc+0x90053
01fe76a0 c7900020 005cb8cc 00300038 00380038 TortoiseProc+0xe004f
01fe76a4 005cb8cc 00300038 00380038 00300036 0xc7900020
01fe76a8 00300038 00380038 00300036 00420030 TortoiseProc+0x1cb8cc
01fe76ac 00380038 00300036 00420030 0053002d 0x300038
01fe76b0 00300036 00420030 0053002d 00690054 0x380038
01fe76b4 00420030 0053002d 00690054 00310037 0x300036
01fe76b8 0053002d 00690054 00310037 00780078 TortoiseProc+0x20030
01fe76bc 00690054 00310037 00780078 00530020 TortoiseProc+0x13002d
01fe76c0 00310037 00780078 00530020 00690054 TortoiseProc+0x290054
01fe76c4 00780078 00530020 00690054 00320035 0x310037
01fe76c8 00530020 00690054 00320035 00780078 TortoiseProc+0x380078
01fe76cc 00690054 00320035 00780078 00440020 TortoiseProc+0x130020
01fe76d0 00320035 00780078 00440020 00520044 TortoiseProc+0x290054
01fe76d4 00780078 00440020 00520044 00690020 0x320035
01fe76d8 00440020 00520044 00690020 0074006e TortoiseProc+0x380078
01fe76dc 00520044 00690020 0074006e 00720065 TortoiseProc+0x40020
01fe76e0 00690020 0074006e 00720065 00610066 TortoiseProc+0x120044
01fe76e4 0074006e 00720065 00610066 00650063 TortoiseProc+0x290020
01fe76e8 00720065 00610066 00650063 00640020 TortoiseProc+0x34006e
01fe76ec 00610066 00650063 00640020 00730065 TortoiseProc+0x320065
01fe76f0 00650063 00640020 00730065 006e0069 TortoiseProc+0x210066
01fe76f4 00640020 00730065 006e0069 00610020 TortoiseProc+0x250063
01fe76f8 00730065 006e0069 00610020 0064006e TortoiseProc+0x240020
01fe76fc 006e0069 00610020 0064006e 00730020 TortoiseProc+0x330065
01fe7700 00610020 0064006e 00730020 00740065 TortoiseProc+0x2e0069
01fe7704 0064006e 00730020 00740065 00690074 TortoiseProc+0x210020
01fe7708 00730020 00740065 00690074 0067006e TortoiseProc+0x24006e

STACK_COMMAND: kb

FOLLOWUP_IP:
FileHook+580a
f764c80a e9a8f8ffff jmp FileHook+0x50b7 (f764c0b7)

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: FileHook+580a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: FileHook

IMAGE_NAME: FileHook.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4725baeb

FAILURE_BUCKET_ID: 0x19_20_FileHook+580a

BUCKET_ID: 0x19_20_FileHook+580a

Followup: MachineOwner
---------

1: kd> lmvm FileHook
start end module name
f7647000 f7651600 FileHook (no symbols)
    Loaded symbol image file: FileHook.sys
    Image path: FileHook.sys
    Image name: FileHook.sys
    Timestamp: Mon Oct 29 19:50:19 2007 (4725BAEB)
    CheckSum: 0001176D
    ImageSize: 0000A600
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

1: kd> lmv
start end module name
00400000 00a85000 TortoiseProc (no symbols)
    Loaded symbol image file: TortoiseProc.exe
    Image path: C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe
    Image name: TortoiseProc.exe
    Timestamp: Sun Jan 25 07:14:27 2009 (497B92C3)
    CheckSum: 0068C3EB
    ImageSize: 00685000
    File version: 1.5.7.15182
    Product version: 1.5.7.15182
    File flags: 0 (Mask 3F)
    File OS: 4 Unknown Win32
    File type: 1.0 App
    File date: 00000000.00000000
    Translations: 0400.04e4
    CompanyName: http://tortoisesvn.net
    ProductName: TortoiseSVN
    InternalName: TortoiseProc.exe
    OriginalFilename: TortoiseProc.exe
    ProductVersion: 1, 5, 7, 15182
    FileVersion: 1, 5, 7, 15182
    FileDescription: TortoiseSVN client
    LegalCopyright: Copyright (C) 2003-2008 - TortoiseSVN

f7647000 f7651600 FileHook (no symbols)
    Loaded symbol image file: FileHook.sys
    Image path: FileHook.sys
    Image name: FileHook.sys
    Timestamp: Mon Oct 29 19:50:19 2007 (4725BAEB)
    CheckSum: 0001176D
    ImageSize: 0000A600
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
    
------------------(End of Log)----------------

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=1107071

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-02-05 12:43:09 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.