Question
219 views

Bad_Pool_Header and Kernel_Security_Check Failure BSODs alternating

JonS16 asked on

My Windows 8.1 machine does not and has never had any other antivirus other than Windows Defender on it.  I recently started getting the BPH and KSCF errors listed in the Title after installing a VPN client.  I uninstalled the VPN, but still get the errors.  I've done a system file check and have the driver verify program working now.  How do I upload a dmp file for someone smarter than me to take a look at?  I have about 20 for reference....

Thanks!

1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

Thanks!

We have two consistent bug checks:

BAD_POOL_HEADER (19)

This indicates that a pool header is corrupt.

1: kd> k
ChildEBP RetAddr  
82440e64 8195f06e nt!KeBugCheckEx
82440ee0 819fbb0a nt! ?? ::FNODOBFM::`string'+0x2444c
82440f64 819fbe55 nt!ExFreePoolWithTag+0x6ea
82440f74 8e42b5d7 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
82440f8c 8e42b71a netwlv32+0x25d7
82440f9c 8e436b69 netwlv32+0x271a
82440fe0 8e5c7468 netwlv32+0xdb69
82440ffc 8e439690 netwlv32+0x19e468
8244102c 8e43a525 netwlv32+0x10690
82441044 8e437379 netwlv32+0x11525
82441060 8e5b94f0 netwlv32+0xe379
8244108c 8e6b4b2c netwlv32+0x1904f0
824410ac 8e6c465a netwlv32+0x28bb2c
824410bc 85ce8020 netwlv32+0x29b65a
824410d0 85ce610d ndis!ndisCallReceiveCompleteHandler+0x11
82441118 85ce662c ndis!ndisInvokeNextReceiveCompleteHandler+0xfffffc1d
82441150 85ce5a66 ndis!ndisReturnNetBufferListsInternal+0x10f
82441180 8607e55b ndis!NdisReturnNetBufferLists+0x5c
824411a4 85e0b14a tcpip!FlpReturnNetBufferListChain+0x82
824411e8 860866ce NETIO!NetioDereferenceNetBufferListChain+0x145
82441230 8606eb2b tcpip!TcpFlushDelay+0x13d
824412a4 86080c62 tcpip!TcpPreValidatedReceive+0x49a
824412e0 86080399 tcpip!IppDeliverListToProtocol+0x81
82441328 860807fc tcpip!IppProcessDeliverList+0x60
824413a8 8607ee85 tcpip!IppReceiveHeaderBatch+0x1cd
824414c4 8607e2d6 tcpip!IppFlcReceivePacketsCore+0x795
82441538 8607e623 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x297
8244157c 8188f0bb tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xa1
8244160c 8188ed23 nt!KeExpandKernelStackAndCalloutInternal+0x37b
82441624 8607e49f nt!KeExpandKernelStackAndCalloutEx+0x1f
8244166c 85ce68aa tcpip!FlReceiveNetBufferListChain+0x98
824416dc 85ce6b47 ndis!ndisMIndicateNetBufferListsToOpen+0x24f
82441728 85ce79da ndis!ndisCallReceiveHandler+0x217
82441820 8e434912 ndis!NdisMIndicateReceiveNetBufferLists+0x5c8
82441850 8e5ba632 netwlv32+0xb912
82441888 8e5c5d66 netwlv32+0x191632
824418ac 8e439690 netwlv32+0x19cd66
824418dc 8e43a525 netwlv32+0x10690
824418f4 8e437379 netwlv32+0x11525
82441910 8e5b9b64 netwlv32+0xe379
82441934 8e464d4f netwlv32+0x190b64
82441944 8e495470 netwlv32+0x3bd4f
82441968 8e439690 netwlv32+0x6c470
82441998 8e43a525 netwlv32+0x10690
824419b0 8e437379 netwlv32+0x11525
824419cc 8e4654f9 netwlv32+0xe379
824419f0 8e459a60 netwlv32+0x3c4f9
82441a28 8e459d7e netwlv32+0x30a60
82441a8c 8e45b2ff netwlv32+0x30d7e
82441ac8 8e4537bc netwlv32+0x322ff
82441ad8 8e6b4765 netwlv32+0x2a7bc
82441ae4 85ce733a netwlv32+0x28b765
82441b68 81897456 ndis!ndisInterruptDpc+0x1b8
82441c20 81897053 nt!KiExecuteAllDpcs+0x216
82441d44 81936ae0 nt!KiRetireDpcList+0xf3
82441d4c 81a5644c nt!KiIdleLoop+0x38
82441fc8 00000000 nt!KiInitializeXSave+0xca

The problematic driver in this case causing pool corruption is netwlv32.sys which is the Intel® Wireless WiFi Link driver.

KERNEL_SECURITY_CHECK_FAILURE (139)

This bug check indicates that the kernel has detected the corruption of a critical data structure.

BugCheck 139, {3, 829e3a9c, 829e39c0, 0}

The 1st parameter of the bugcheck is 3 which indicates that a LIST_ENTRY was corrupted. Code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down and indicates that an inconsistency has been introduced into a doubly-linked list (detected when an individual list entry element is added to or removed from the list).

1: kd> k
ChildEBP RetAddr  
829e39a0 81d7974a nt!KiBugCheck2
829e39a0 81cf5fad nt!KiRaiseSecurityCheckFailure+0xf6
829e3b70 81e42b0a nt!ExFreeLargePool+0x7ad
829e3bf4 81e42e55 nt!ExFreePoolWithTag+0x6ea
829e3c04 8d41d5d7 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
829e3c1c 8d41d71a netwlv32+0x25d7
829e3c2c 8d42e3cc netwlv32+0x271a
829e3c54 8d42aede netwlv32+0x133cc
829e3c64 8d429381 netwlv32+0xfede
829e3c7c 8d4574f9 netwlv32+0xe381
829e3ca0 8d44ba60 netwlv32+0x3c4f9
829e3cd8 8d44bd7e netwlv32+0x30a60
829e3d3c 8d44d2ff netwlv32+0x30d7e
829e3d78 8d4457bc netwlv32+0x322ff
829e3d88 8d6a6765 netwlv32+0x2a7bc
829e3d94 85ce333a netwlv32+0x28b765
829e3e18 81cde456 ndis!ndisInterruptDpc+0x1b8
829e3ed0 81cde053 nt!KiExecuteAllDpcs+0x216
829e3ff4 81d7d54e nt!KiRetireDpcList+0xf3
829e3ff8 c7972d78 nt!KiDispatchInterrupt+0x2e
81d7d54e 00000000 0xc7972d78

Same in 0x139.

------------------------

1. Ensure all of your network drivers are up to date via Lenovo's website - http://support.lenovo.com/en_US/downloads/default.page

2. Also, something I see in the loaded modules list that is likely the problem here...

1: kd> lmvm mdmxsdk
start    end        module name
9aa00000 9aa03180   mdmxsdk    (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    Image name: mdmxsdk.sys
    Timestamp:        Mon Jun 19 17:26:59 2006

This is the Conexant Modem Diagnostic Interface x86 driver, and it's way too old to function with Windows 8, etc. You'll need to remove this modem from the system device-wise, and also uninstall the software as there's no update.

Regards,

Patrick

Debugger/Reverse Engineer.
1 person found this helpful

Abuse history


progress