level 1
Microsoft (R) Windows Debugger Version 10.0.17134.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zzj\Desktop\Mini071618-018-167.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.130704-0421
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Mon Jul 16 09:36:55.258 2018 (UTC + 8:00)
System Uptime: 0 days 1:44:06.149
Loading Kernel Symbols
...............................................................
..........................................
Loading User Symbols
Loading unloaded module list
..................
Unable to load image mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000C5, {ffff, 2, 0, 8054cfcb}
*** WARNING: Unable to verify timestamp for mfeavfk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfeavfk.sys
Probably caused by : mfehidk.sys ( mfehidk+4fbb4 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000ffff, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054cfcb, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 2600.xpsp_sp3_qfe.130704-0421
SYSTEM_MANUFACTURER: LENOVO
SYSTEM_PRODUCT_NAME: 10C00023CW
SYSTEM_SKU: LENOVO_PN_10C00023CW
SYSTEM_VERSION: ThinkCentre E73
BIOS_VENDOR: LENOVO
BIOS_VERSION: FCKT43AUS
BIOS_DATE: 09/25/2013
BASEBOARD_MANUFACTURER: LENOVO
BASEBOARD_VERSION: NOK
DUMP_TYPE: 2
BUGCHECK_P1: ffff
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffff8054cfcb
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+663
8054cfcb 8b06 mov eax,dword ptr [esi]
CPU_COUNT: 2
CPU_MHZ: bb1
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 16'00000000 (cache) 16'00000000 (init)
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: explorer.exe
ANALYSIS_SESSION_HOST: DESKTOP-KU547QI
ANALYSIS_SESSION_TIME: 07-16-2018 12:40:47.0627
ANALYSIS_VERSION: 10.0.17134.1 amd64fre
LAST_CONTROL_TRANSFER: from b7ec7bb4 to 8054cfcb
STACK_TEXT:
b4122724 b7ec7bb4 00000000 00000001 3045464d nt!ExAllocatePoolWithTag+0x663
WARNING: Stack unwind information not available. Following frames may be wrong.
b4122738 b7ecf3d5 000007d0 b41227cc b7e84c1e mfehidk+0x4fbb4
b4122744 b7e84c1e b412278c 000003e8 00000017 mfehidk+0x573d5
b41227cc b7e85da4 89b61c20 b4122824 00000017 mfehidk+0xcc1e
b41227f8 b7e9a321 89b61c20 b4122824 00000000 mfehidk+0xdda4
b4122834 b7e98345 00000000 00000000 00000000 mfehidk+0x22321
b4122858 b6c71852 00000001 b412288c 00000000 mfehidk+0x20345
b41228a0 b6c5daec b4122904 87597d18 89bd1c80 mfeavfk+0x1d852
b412290c b6c59f47 89bd1c80 87597d18 00000000 mfeavfk+0x9aec
b4122948 b7e992a9 00000000 87597d18 87597d84 mfeavfk+0x5f47
b4122968 b7e8997b 00000002 87597d18 87597d84 mfehidk+0x212a9
b4122990 b7e8c61a b4122a40 00000002 89be7470 mfehidk+0x1197b
b4122a28 b7ec9709 b4122a40 88060640 8a482a58 mfehidk+0x1461a
b4122a5c 804f01f9 01503cd0 88060630 88060630 mfehidk+0x51709
b4122a6c 80584232 8a3c0bf0 89be42f4 b4122c04 nt!IopfCallDriver+0x31
b4122b4c 805c04bc 8a3c0c08 00000000 89be4250 nt!IopParseDevice+0xa12
b4122bc4 805bca48 00000000 b4122c04 00000040 nt!O
bp
LookupObjectName+0x53c
b4122c18 80577051 00000000 00000000 00000101 nt!ObOpenObjectByName+0xea
b4122c94 805779c8 0244c720 80100080 0244c6c0 nt!IopCreateFile+0x407
b4122cf0 8057a0d2 0244c720 80100080 0244c6c0 nt!IoCreateFile+0x8e
b4122d30 805427e8 0244c720 80100080 0244c6c0 nt!NtCreateFile+0x30
b4122d30 7c92e514 0244c720 80100080 0244c6c0 nt!KiSystemServicePostCall
0244c718 00000000 00000000 00000000 00000000 0x7c92e514
THREAD_SHA1_HASH_MOD_FUNC: 914d6b24b9dae506c2f5405df7e5c86b20e9d96e
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 3d1a49331e9c9a5d12e6b5fb42d5ba5ee36534d5
THREAD_SHA1_HASH_MOD: a82f62f10fc1cb01fd98d558fec72a6fa855e11f
FOLLOWUP_IP:
mfehidk+4fbb4
b7ec7bb4 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: mfehidk+4fbb4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mfehidk
IMAGE_NAME: mfehidk.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4fc78b14
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xC5_2_mfehidk+4fbb4
BUCKET_ID: 0xC5_2_mfehidk+4fbb4
PRIMARY_PROBLEM_CLASS: 0xC5_2_mfehidk+4fbb4
TARGET_TIME: 2018-07-16T01:36:55.000Z
OSBUILD: 2600
OSSERVICEPACK: 3000
SERVICEPACK_NUMBER: 3
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x86
OSNAME: Windows XP
OSEDITION: Windows XP WinNt (Service Pack 3) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2013-07-04 10:08:15
BUILDOSVER_STR: 5.1.2600.xpsp_sp3_qfe.130704-0421
ANALYSIS_SESSION_ELAPSED_TIME: 1a3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc5_2_mfehidk+4fbb4
FAILURE_ID_HASH: {760c8df9-9837-236b-294f-be0f792b1129}
Followup: MachineOwner
--------
0: kd> lmvm mfehidk
Browse full module list
start end module name
b7e78000 b7eea320 mfehidk T (no symbols)
Loaded symbol image file: mfehidk.sys
Image path: mfehidk.sys
Image name: mfehidk.sys
Browse all global symbols functions data
Timestamp: Thu May 31 08:15:32 2012 (4FC78B14)
CheckSum: 0008334F
ImageSize: 00072320
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
2018年07月16日 08点07分
