Persistent BSODs [Crash Dumps]

I have a new server which is giving me a headache and I greatly appreciate any help you experts out there can offer. First, some background:

Motherboard: Asus A8N-SLI Deluxe
CPU: AMD Athlon 64 3500+
Memory: Matched Corsair 2x512 (*)
Video Card: Sapphire ATI X300SE PCIExpress
Other Card: RocketPort 8 PCI
Sound: Built-in Realtek 97
Storage: JBOD-configured nVidia RAID chipset on 4x250GB SATA II drives
Network: Built-in Marvell Yukon Gigabit LAN (was on the built-in nVidia Gigabit LAN but moved thinking the LAN was the issue)
Software: Windows XP Pro SP2 w/ all auto updates on, .NET 2.0 Framework, UltraVNC, HomeSeer 2.1.75, HomeSeer Speaker 2.1.75, avast! antivirus, Sunbelt Kerio Personal Firewall. Both antivirus and firewall are new -- I was using ZoneAlarm Security Suite but felt it might be causing the crashes as well; guess not.

(*) Memory tested by Monarch prior to shipment of server; Memtest ran successfully onsite for a couple hours

The crashes happen most often right around 4am when my main PC -- running Symantec LiveState Recovery -- begins to back an image of itself up to the network Backups drive on the server. This is a simple Windows Network transfer, there's no IP traffic involved. They happen occasionally at other times, but it's consistently happening after 4am regardless. When I turn off the backup job, I see the crashes much less often.

I have JUST turned on -- at the suggestion of some on this board -- the two registry settings for the Pool issues as I frequently get the BAD_POOL_HEADER. I also get IRQ_NOT_LESS_THAN_EQUAL. I'm hoping this is a driver issue we can point to, although I worry it's also got something to do with .NET 2.0 and/or HomeSeer/Speaker.

I will reply with 4 of the most recent crash dumps. I have more if you think it will help. Only the last two have the special pool turned on. Thanks.

P.S. I'm so new to WinDbg, if I did this wrong I apologize

 

---------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [\\Diablosrv\Backups\Minidumps\Mini060106-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Thu Jun 1 22:40:55.750 2006 (GMT-4)
System Uptime: 0 days 11:37:13.334
Loading Kernel Symbols

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, e13b1c60, e13b1cc8, c0d040d}

GetUlongFromAddress: unable to read from 8055b6f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------
kd> !analyze -v

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: e13b1c60, The pool entry we were looking for within the page.
Arg3: e13b1cc8, The next pool entry.
Arg4: 0c0d040d, (reserved)

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b6f0

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: e13b1c60

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

LAST_CONTROL_TRANSFER: from 80543c86 to 804f8939

STACK_TEXT:
f1e3f07c 80543c86 00000019 00000020 e13b1c60 nt!KeBugCheckEx+0x1b
f1e3f0cc 805b5373 e13b1c68 a079654b 86db08b0 nt!ExFreePoolWithTag+0x2a0
f1e3f0f0 805af53f e13b1c68 00000000 00000000 nt!ObpFreeObject+0x18d
f1e3f108 80521e5b e13b1c80 00000000 000011b4 nt!ObpRemoveObjectRoutine+0xe7
f1e3f12c 805b0537 e13b1c6b 000011b4 e1556368 nt!ObfDereferenceObject+0x5f
f1e3f144 805b6ceb e19cccd0 e13b1c80 000011b4 nt!ObpCloseHandleTableEntry+0x155
f1e3f164 80602c6b e1556368 000011b4 f1e3f1b4 nt!ObpCloseHandleProcedure+0x1f
f1e3f194 805b6de4 e19cccd0 805b6ccc f1e3f1b4 nt!ExSweepHandleTable+0x4f
f1e3f1c0 805c7195 86157790 8614b798 8614b9e0 nt!ObKillProcess+0x5c
f1e3f268 805c73ee 00000000 8614b798 00000000 nt!PspExitThread+0x5e9
f1e3f288 805c75c9 8614b798 00000000 f1e3f2c4 nt!PspTerminateThreadByPointer+0x52
f1e3f2b4 8053c818 00000000 00000000 0012e814 nt!NtTerminateProcess+0x105
f1e3f2b4 7c90eb94 00000000 00000000 0012e814 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012e814 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543c86 8b45f8 mov eax,[ebp-0x8]

FAULTING_SOURCE_CODE:

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a95

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> !thread
GetPointerFromAddress: unable to read from 80557bb4
THREAD 8614b798 Cid 0120.0124 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 80557bc4
Owning Process 86157790 Image: <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount 2677333
Context Switch Count 5163145 LargeStack
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.0000
KernelTime 00:00:00.0000
Start Address 0x7c810867
Win32 Start Address 0x79011b2b
Stack Init f1e3f560 Current f1e3f054 Base f1e40000 Limit f1e3b000 Call f1e3f560
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f1e3f07c 80543c86 00000019 00000020 e13b1c60 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
f1e3f0cc 805b5373 e13b1c68 a079654b 86db08b0 nt!ExFreePoolWithTag+0x2a0 (FPO: [Non-Fpo])
f1e3f0f0 805af53f e13b1c68 00000000 00000000 nt!ObpFreeObject+0x18d (FPO: [Non-Fpo])
f1e3f108 80521e5b e13b1c80 00000000 000011b4 nt!ObpRemoveObjectRoutine+0xe7 (FPO: [Non-Fpo])
f1e3f12c 805b0537 e13b1c6b 000011b4 e1556368 nt!ObfDereferenceObject+0x5f (FPO: [Non-Fpo])
f1e3f144 805b6ceb e19cccd0 e13b1c80 000011b4 nt!ObpCloseHandleTableEntry+0x155 (FPO: [Non-Fpo])
f1e3f164 80602c6b e1556368 000011b4 f1e3f1b4 nt!ObpCloseHandleProcedure+0x1f (FPO: [Non-Fpo])
f1e3f194 805b6de4 e19cccd0 805b6ccc f1e3f1b4 nt!ExSweepHandleTable+0x4f (FPO: [Non-Fpo])
f1e3f1c0 805c7195 86157790 8614b798 8614b9e0 nt!ObKillProcess+0x5c (FPO: [Non-Fpo])
f1e3f268 805c73ee 00000000 8614b798 00000000 nt!PspExitThread+0x5e9 (FPO: [Non-Fpo])
f1e3f288 805c75c9 8614b798 00000000 f1e3f2c4 nt!PspTerminateThreadByPointer+0x52 (FPO: [Non-Fpo])
f1e3f2b4 8053c818 00000000 00000000 0012e814 nt!NtTerminateProcess+0x105 (FPO: [Non-Fpo])
f1e3f2b4 7c90eb94 00000000 00000000 0012e814 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f1e3f2c4)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012e814 00000000 00000000 00000000 00000000 0x7c90eb94

---------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [\\Diablosrv\Backups\Minidumps\Mini060106-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Thu Jun 1 23:12:45.562 2006 (GMT-4)
System Uptime: 0 days 0:15:02.149
Loading Kernel Symbols

Use !analyze -v to get detailed debugging information.

BugCheck A, {294, 2, 1, 804f74fd}

Probably caused by : ntkrnlpa.exe ( nt!KiAttachProcess+b1 )

Followup: MachineOwner
---------

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000294, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804f74fd, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000294

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiAttachProcess+b1
804f74fd 8902 mov [edx],eax

CUSTOMER_CRASH_COUNT: 6

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 804f74fd to 8053f863

STACK_TEXT:
b88f5af8 804f74fd badb0d00 00000294 00000006 nt!KiTrap0E+0x233
b88f5b78 804f76c7 85ae55b8 85b7fb70 85b7fb00 nt!KiAttachProcess+0xb1
b88f5b98 805a7d69 85b7fb00 b88f5c0c b88f5d00 nt!KeStackAttachProcess+0x7b
b88f5c70 805a8185 85b7fb70 00099008 908e2da0 nt!MiDoMappedCopy+0x65
b88f5ca0 80599c66 85b7fbf0 00099008 908e2da0 nt!MmCopyVirtualMemory+0x63
b88f5d20 80599cc8 00000000 00000368 000c64b8 nt!LpcpCopyRequestData+0x1fc
b88f5d44 8053c818 00000368 000c64b8 00000000 nt!NtReadRequestData+0x1e
b88f5d44 7c90eb94 00000368 000c64b8 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00affdf4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt!KiAttachProcess+b1
804f74fd 8902 mov [edx],eax

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!KiAttachProcess+b1

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a95

FAILURE_BUCKET_ID: 0xA_W_nt!KiAttachProcess+b1

BUCKET_ID: 0xA_W_nt!KiAttachProcess+b1

Followup: MachineOwner
---------

kd> !thread
GetPointerFromAddress: unable to read from 80557bb4
THREAD 85ae55b8 Cid 04dc.0798 Teb: 7ffac000 Win32Thread: 00000000 READY
Not impersonating
GetUlongFromAddress: unable to read from 80557bc4
Owning Process 85b7fb70 Image: <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount 57737
Context Switch Count 4966
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.0000
KernelTime 00:00:00.0000
Start Address 0x7c810856
LPC Server thread working on message Id acf0
Stack Init b88f6000 Current b88f5c4c Base b88f6000 Limit b88f3000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
b88f5c54 b88f5ba8 80603247 b88f5d10 80535020 0x99008
b88f5c58 80603247 b88f5d10 80535020 804d9490 0xb88f5ba8
b88f5ba8 00000000 85b7fb70 00000000 85ae57f0 nt!ExMapHandleToPointerEx+0x21 (FPO: [Non-Fpo])

---------------------------------------------------------------------------

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [\\Diablosrv\Backups\Minidumps\Mini060206-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Thu Jun 1 23:58:43.343 2006 (GMT-4)
System Uptime: 0 days 0:44:28.935
Loading Kernel Symbols

Use !analyze -v to get detailed debugging information.

BugCheck C1, {a4394ff8, a4394fc8, bb8008, 23}

Probably caused by : memory_corruption ( nt!MmFreeSpecialPool+2e3 )

Followup: MachineOwner
---------

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: a4394ff8, address trying to free
Arg2: a4394fc8, address where bits are corrupted
Arg3: 00bb8008, (reserved)
Arg4: 00000023, caller is freeing an address where nearby bytes within the same page have been corrupted

Debugging Details:
------------------

BUGCHECK_STR: 0xC1_23

SPECIAL_POOL_CORRUPTION_TYPE: 23

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 806603a5 to 804f8939

STACK_TEXT:
f1895bdc 806603a5 000000c1 a4394ff8 a4394fc8 nt!KeBugCheckEx+0x1b
f1895c28 80543a30 a4394ff8 96326da0 986a2da8 nt!MmFreeSpecialPool+0x2e3
f1895c68 805c6f1e a4394ff8 f0547350 986a2da8 nt!ExFreePoolWithTag+0x4a
f1895d14 805c73ee 00000000 00000000 986a2da8 nt!PspExitThread+0x372
f1895d34 805c772e 986a2da8 00000000 f1895d64 nt!PspTerminateThreadByPointer+0x52
f1895d54 8053c818 00000000 00000000 0090ffb4 nt!NtTerminateThread+0x70
f1895d54 7c90eb94 00000000 00000000 0090ffb4 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0090ffb4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MmFreeSpecialPool+2e3
806603a5 8b4708 mov eax,[edi+0x8]

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MmFreeSpecialPool+2e3

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a95

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xC1_23_nt!MmFreeSpecialPool+2e3

BUCKET_ID: 0xC1_23_nt!MmFreeSpecialPool+2e3

Followup: MachineOwner
---------

kd> !thread
GetPointerFromAddress: unable to read from 80557bb4
THREAD 986a2da8 Cid 0438.0fe0 Teb: 7ffd8000 Win32Thread: 00000000 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 80557bc4
Owning Process 96326da0 Image: <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount 170811
Context Switch Count 2
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.0000
KernelTime 00:00:00.0000
Start Address 0x7c810856
Win32 Start Address 0x77e76be9
Stack Init f1896000 Current f1895c70 Base f1896000 Limit f1893000 Call 0
Priority 16 BasePriority 9 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f1895bdc 806603a5 000000c1 a4394ff8 a4394fc8 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
f1895c28 80543a30 a4394ff8 96326da0 986a2da8 nt!MmFreeSpecialPool+0x2e3 (FPO: [Non-Fpo])
f1895c68 805c6f1e a4394ff8 f0547350 986a2da8 nt!ExFreePoolWithTag+0x4a (FPO: [Non-Fpo])
f1895d14 805c73ee 00000000 00000000 986a2da8 nt!PspExitThread+0x372 (FPO: [Non-Fpo])
f1895d34 805c772e 986a2da8 00000000 f1895d64 nt!PspTerminateThreadByPointer+0x52 (FPO: [Non-Fpo])
f1895d54 8053c818 00000000 00000000 0090ffb4 nt!NtTerminateThread+0x70 (FPO: [Non-Fpo])
f1895d54 7c90eb94 00000000 00000000 0090ffb4 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f1895d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0090ffb4 00000000 00000000 00000000 00000000 0x7c90eb94

--------------------------------------------------------------------------------
Loading Dump File [\\Diablosrv\Backups\Minidumps\Mini060206-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Invalid directory table base value 0x0
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Fri Jun 2 06:15:03.421 2006 (GMT-4)
System Uptime: 0 days 4:18:29.000
Loading Kernel Symbols

Use !analyze -v to get detailed debugging information.

BugCheck A, {2c8, 2, 1, 804f74fd}

Probably caused by : ntkrnlpa.exe ( nt!KiAttachProcess+b1 )

Followup: MachineOwner
---------

kd> !analyze -v

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000002c8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804f74fd, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 000002c8

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiAttachProcess+b1
804f74fd 8902 mov [edx],eax

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 804f74fd to 8053f863

STACK_TEXT:
f2080af8 804f74fd badb0d00 000002c8 00000006 nt!KiTrap0E+0x233
f2080b78 804f76c7 85b0d5c0 9e90ade0 9e90ad00 nt!KiAttachProcess+0xb1
f2080b98 805a7d69 9e90ad00 f2080c0c f2080d00 nt!KeStackAttachProcess+0x7b
f2080c70 805a8185 9e90ade0 00090a38 96df4da0 nt!MiDoMappedCopy+0x65
f2080ca0 80599c66 9e90ae60 00090a38 96df4da0 nt!MmCopyVirtualMemory+0x63
f2080d20 80599cc8 00000000 00000370 000da690 nt!LpcpCopyRequestData+0x1fc
f2080d44 8053c818 00000370 000da690 00000000 nt!NtReadRequestData+0x1e
f2080d44 7c90eb94 00000370 000da690 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00cbfdf4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nt!KiAttachProcess+b1
804f74fd 8902 mov [edx],eax

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!KiAttachProcess+b1

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a95

FAILURE_BUCKET_ID: 0xA_W_nt!KiAttachProcess+b1

BUCKET_ID: 0xA_W_nt!KiAttachProcess+b1

Followup: MachineOwner
---------

kd> !thread
GetPointerFromAddress: unable to read from 80557bb4
THREAD 85b0d5c0 Cid 04dc.04e4 Teb: 7ffd7000 Win32Thread: 00000000 READY
Not impersonating
GetUlongFromAddress: unable to read from 80557bc4
Owning Process 9e90ade0 Image: <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount 992576
Context Switch Count 89611
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.0000
KernelTime 00:00:00.0000
Start Address 0x7c810856
LPC Server thread working on message Id 5eedd
Stack Init f2081000 Current f2080c4c Base f2081000 Limit f207e000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
f2080c54 f2080ba8 80603247 f2080d10 80535020 0x90a38
f2080c58 80603247 f2080d10 80535020 804d9490 0xf2080ba8
f2080ba8 0005eedd 9e90ade0 00000000 85b0d7f8 nt!ExMapHandleToPointerEx+0x21 (FPO: [Non-Fpo])
f2080d20 80599cc8 00000000 00000370 000da690 0x5eedd
f2080d44 8053c818 00000370 000da690 00000000 nt!NtReadRequestData+0x1e (FPO: [Non-Fpo])
f2080d44 7c90eb94 00000370 000da690 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f2080d64)
00cbfdf4 00000000 00000000 00000000 00000000 0x7c90eb94
---------------------------------------------------------