Hi,
i run into serious trouble with the CIS Kernel-Land driver. Whenever i hibernate/save my System to disk and then try to restore load the hibernated system back into systems memory, my systems goes 0xC2 (BAD_POOL_CALLER). Thats when it happens. I first made a complete chkdsk /F /V /X /R, then complete RAM Check, hardware check, just to make sure nothing is wrong with my hw. But i get this over and over. Since i am a developer too, i examined the Kernel Dump from the last Bugcheck and the kernel memory and got this:
1: kd> !analyze -v
-
*
-
Bugcheck Analysis *
-
*
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 08530008, Memory contents of the pool block
Arg4: 85811278, Address of the block of pool being deallocated
Debugging Details:
POOL_ADDRESS: 85811278 Nonpaged pool
FREED_POOL_TAG: aPmI
BUGCHECK_STR: 0xc2_7_aPmI
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8252c00c to 8250b0e3
STACK_TEXT:
8b96b524 8252c00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
8b96b598 8aa12370 85811278 00000000 8b96b5e8 nt!ExFreePoolWithTag+0x17f
WARNING: Stack unwind information not available. Following frames may be wrong.
8b96b5a8 8f43d160 85811278 00000000 00000000 ndis!NdisFreeMemory+0x16
8b96b5e8 8aae14b1 8b96b684 8b96b610 87178294 inspect+0x2160
8b96b67c 8aae1129 c0000001 84d5eb10 8aa41918 ndis!TrFilterDprIndicateReceiveComplete+0x2d1d
8b96b708 8aaeff67 86fe10e8 00000000 00000000 ndis!TrFilterDprIndicateReceiveComplete+0x2995
8b96b72c 8aaf01e1 00000000 859d11c4 00000000 ndis!NdisWriteConfiguration+0x2a4
8b96b74c 8f4edfe0 86f75e60 859d1264 859d11c4 ndis!NdisIMInitializeDeviceInstanceEx+0x100
8b96b760 8f4ebf42 859d11c4 8b96b7a4 86fe5d34 VBoxNetFlt+0x5fe0
8b96b774 8f4ebace 00000000 00000000 86fe5d34 VBoxNetFlt+0x3f42
8b96b798 8f4ebb5f 00000000 859d1168 8b96b8ec VBoxNetFlt+0x3ace
8b96b7b4 8f4e91ad 859d1168 8b96b8ec 8b96b810 VBoxNetFlt+0x3b5f
8b96b7d4 8f4e9277 8f4f6cc0 8b96b810 8b96b800 VBoxNetFlt+0x11ad
8b96b7f8 8f4ebbd3 8f4f6cc0 8b96b810 8b96b90c VBoxNetFlt+0x1277
8b96b8fc 8f4ebfdd 8b96b91c 85aa9898 00000000 VBoxNetFlt+0x3bd3
8b96b924 8aae14b1 8b96b9c0 8b96b94c 86fe5d34 VBoxNetFlt+0x3fdd
8b96b9b8 8aae1129 00000000 84d4e820 8aa41918 ndis!TrFilterDprIndicateReceiveComplete+0x2d1d
8b96ba44 8aaeff67 86fe50e8 00000000 00000000 ndis!TrFilterDprIndicateReceiveComplete+0x2995
8b96ba68 8aaf01e1 00000000 85501090 00000000 ndis!NdisWriteConfiguration+0x2a4
8b96ba88 8aba2ada 86f516d0 85a4c4e8 85501090 ndis!NdisIMInitializeDeviceInstanceEx+0x100
8b96bb4c 8aba5d6f 86cafd34 8b96bbe0 8aae14b1 VMNetSrv+0x2ada
00000000 00000000 00000000 00000000 00000000 VMNetSrv+0x5d6f
STACK_COMMAND: kb
FOLLOWUP_IP:
inspect+2160
8f43d160 8b4dfc mov ecx,dword ptr [ebp-4]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: inspect+2160
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: inspect
IMAGE_NAME: inspect.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 491b1a47
FAILURE_BUCKET_ID: 0xc2_7_aPmI_inspect+2160
BUCKET_ID: 0xc2_7_aPmI_inspect+2160
Having a look at the driver gave me this:
Show File Version Info 1, 0, 0, 1 (UNICODE)
Copyright (C) 2008 Kerem Gümrükcü
Contact: kerem.g@arcor.de
License: GNU/GPL
Self MD5: eb2c900a6fab3ff28fa2b812381bfe92
Self SHA1: 22bee01c9b454d94ecb6a2c529e0e40ab8064608
File Version Info for:
“C:\Windows\System32\drivers\inspect.sys”
[FileName]
– C:\Windows\System32\drivers\inspect.sys –
[Language]
– Englisch (USA) –
[CompanyName]
– COMODO –
[FileDescription]
– COMODO Internet Security Firewall Driver –
[FileVersion]
– 3, 5, 55470, 430 built by: WinDDK –
[InternalName]
– inspect.sys –
[LegalCopyright]
– 2005-2008 COMODO. All rights reserved. –
[OriginalFilename]
– inspect.sys –
[ProductName]
– COMODO Internet Security Firewall Driver –
[ProductVersion]
– 3, 5, 55470, 430 –
My (development) system is Windows Vista Ultimate Edition (32-Bit), its Up2Date and runs stable so far, except this. I general work with UAC on and do not modify any OS and Kernel Memory if there is no need for while developing drivers/userland stuff and i really take care what enters the kernel and trys to run in ring0.
I am not a paying customer, but i like your product and i want to help to improve it and free from buggy code. I hope, i can be of any help and I can provide a full kernel-space memory dump if needed,…
Regards
Kerem