avast4 collide with ext2ifs
引用 Affected Product: Avast4 home edition ext2ifs 1.10c ext2ifs 1.11 Description: avast4 home edition is a free anti-virus tools. In 2008-07-30 it update some files, include some file called ‘aswSP.sys’. According infomation in autoruns, it’s avast self protection module. [Here is info from autoruns.] aswSPavast! self protection module ALWIL Software c:windowssystem32driversaswsp.sys [Here is info from update-log] 2008-7-30 7:36:14 file Direct move of file: C:Program FilesAlwil SoftwareAvast4SetupINFAMD64aswSP.sys 2008-7-30 7:36:14 file Installed file:C:Program FilesAlwil SoftwareAvast4SetupINFAMD64aswSP.sys 2008-7-30 7:36:14 file Direct move of file: C:Program FilesAlwil SoftwareAvast4SetupINFaswSP.sys 2008-7-30 7:36:59 system Reboot set by changed resident C:WINDOWSsystem32driversaswSP.sys 2008-7-30 7:36:59 system Driver file copied: C:WINDOWSsystem32driversaswSP.sys If u use ext2ifs in system for share date with linux, it’ll cause system crash with code BAD_POOL_CALLER. There is not evidence show it has connections with ext2ifs, but the crash always happen when I try to access data in a disk use ext2ifs. When I copy data to ntfs disk, it’ll be all right. Here is dump analyze. ******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 04030401, Memory contents of the pool block
Arg4: e13a7258, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: e13a7258
FREED_POOL_TAG: pSsA
BUGCHECK_STR: 0xc2_7_pSsA
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: _uninst.exe
LAST_CONTROL_TRANSFER: from 80544e86 to 804f9aef
STACK_TEXT:
eb364b68 80544e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
eb364bb8 ee072a0a e13a7258 00000000 8055a584 nt!ExFreePoolWithTag+0x2a0
WARNING: Stack unwind information not available. Following frames may be wrong.
eb364be4 805c5e1c 00000730 0000016c eb364cdc aswSP+0x5a0a
eb364c04 80639346 e3986008 0000016c eb364cdc nt!PsCallImageNotifyRoutines+0x36
eb364d08 805c5bcd 7c810665 00000000 00000000 nt!DbgkCreateThread+0xa2
eb364d50 805421c2 00000000 7c810665 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+5a0a
ee072a0a ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: aswSP+5a0a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4881fba3
FAILURE_BUCKET_ID: 0xc2_7_pSsA_aswSP+5a0a
BUCKET_ID: 0xc2_7_pSsA_aswSP+5a0a
Followup: MachineOwner
The crash happened in aswSP+5a0a.
Resolve solution:
There is not solution to resolve now. Uninstall avast, or uninstall ext2ifs.
以上内容的中文注释:
不要同时使用avast4和ext2ifs,尤其在今天的更新后。
会使用ext2ifs的,上面的东西应该也看得懂了,其余不翻译。