Shell's Home

Jul 31, 2008 - 2 minute read - Comments

avast4 collide with ext2ifs

引用 Affected Product: Avast4 home edition ext2ifs 1.10c ext2ifs 1.11 Description: avast4 home edition is a free anti-virus tools. In 2008-07-30 it update some files, include some file called ‘aswSP.sys’. According infomation in autoruns, it’s avast self protection module. [Here is info from autoruns.] aswSPavast! self protection module ALWIL Software c:windowssystem32driversaswsp.sys [Here is info from update-log] 2008-7-30 7:36:14 file Direct move of file: C:Program FilesAlwil SoftwareAvast4SetupINFAMD64aswSP.sys 2008-7-30 7:36:14 file Installed file:C:Program FilesAlwil SoftwareAvast4SetupINFAMD64aswSP.sys 2008-7-30 7:36:14 file Direct move of file: C:Program FilesAlwil SoftwareAvast4SetupINFaswSP.sys 2008-7-30 7:36:59 system Reboot set by changed resident C:WINDOWSsystem32driversaswSP.sys 2008-7-30 7:36:59 system Driver file copied: C:WINDOWSsystem32driversaswSP.sys If u use ext2ifs in system for share date with linux, it’ll cause system crash with code BAD_POOL_CALLER. There is not evidence show it has connections with ext2ifs, but the crash always happen when I try to access data in a disk use ext2ifs. When I copy data to ntfs disk, it’ll be all right. Here is dump analyze. ******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 04030401, Memory contents of the pool block
Arg4: e13a7258, Address of the block of pool being deallocated

Debugging Details:
------------------

POOL_ADDRESS:  e13a7258

FREED_POOL_TAG:  pSsA

BUGCHECK_STR:  0xc2_7_pSsA

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  _uninst.exe

LAST_CONTROL_TRANSFER:  from 80544e86 to 804f9aef

STACK_TEXT:
eb364b68 80544e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
eb364bb8 ee072a0a e13a7258 00000000 8055a584 nt!ExFreePoolWithTag+0x2a0
WARNING: Stack unwind information not available. Following frames may be wrong.
eb364be4 805c5e1c 00000730 0000016c eb364cdc aswSP+0x5a0a
eb364c04 80639346 e3986008 0000016c eb364cdc nt!PsCallImageNotifyRoutines+0x36
eb364d08 805c5bcd 7c810665 00000000 00000000 nt!DbgkCreateThread+0xa2
eb364d50 805421c2 00000000 7c810665 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSP+5a0a
ee072a0a ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  aswSP+5a0a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSP

IMAGE_NAME:  aswSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4881fba3

FAILURE_BUCKET_ID:  0xc2_7_pSsA_aswSP+5a0a

BUCKET_ID:  0xc2_7_pSsA_aswSP+5a0a

Followup: MachineOwner

The crash happened in aswSP+5a0a.

Resolve solution:
There is not solution to resolve now. Uninstall avast, or uninstall ext2ifs.

以上内容的中文注释:

不要同时使用avast4和ext2ifs,尤其在今天的更新后。

会使用ext2ifs的,上面的东西应该也看得懂了,其余不翻译。