Bad Pool Header recovering files from Sandboxed Firefox

BhargavJ

New Member
Messages
8
The OS is Win 8 Single Language (6.2.9200 Build 9200) x64.

Since the past few days, every time I start Firefox using Sandboxie, and then save a file from the net to the hard disk, this problem occurs wherein as soon as Sandboxie is supposed to give the Recover Files dialog box, everything vanishes and I get this screen with a sad smiley : ( and the messsage that your PC ran into a problem and needs to restart, and it collects some info, and also says the problem is Bad_Pool_Header. This happens just about every time I try to save a file to My Documents from within Sandboxed Firefox, so I started saving it to another drive like E:\. For some reason, Sandboxie has never given me the Recover Files dialog box when I save to another drive. Later, I go to the Sandboxie folder in C:\ and manually recover the file. However, this morning I got a BSOD even when saving a file to E:\.

I'm attaching the .zip file as mentioned in the BSOD Posting Instructions.

Some other info:

When I first searched for BSOD related info, I had come across another site:

How to Analyze a BSOD Crash Dump

I've also followed the instructions given there, and am attaching a text file as instructed there; might be of help. :)

Also, after the computer restarts from the BSOD, it gives this message where it shows the paths where the error files are located:

C:\Windows\Minidump\xxxx.dmp
C:\Users\admin\AppData\Local\Temp\xxxx-sysdata.xml
C:\Windows\MEMORY.DMP

I've never been able to find the sysdata.xml file in that folder, even after enabling the showing of hidden items and protected system files. The first and the last files are there.

Thanks.
 
Hi BhargavJ & welcome to the forums ^_^,

I have analysed your dump files and below has been provided an analysis of the same for informative purposes :-

Code:
[SIZE=4][B][I]BAD_POOL_HEADER (19)[/I][/B][/SIZE]
The pool is already corrupt at the time of the current request. This may or may not be due to the caller.
Let's see if the stack reveals something or not -
Code:
0: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffff880`19ed9a58 fffff802`ae086ba5 nt!KeBugCheckEx
01 fffff880`19ed9a60 fffff880`0418063c nt!ExFreePool+0xadb
02 fffff880`19ed9b40 fffffa80`0a656990 [COLOR=#FF0000][U][B]WinFLAdrv[/B][/U][/COLOR]+0x263c
03 fffff880`19ed9b48 00000000`0041bec0 0xfffffa80`0a656990
04 fffff880`19ed9b50 fffffa80`08fdcb58 0x41bec0
05 fffff880`19ed9b58 00000000`62667431 0xfffffa80`08fdcb58
06 fffff880`19ed9b60 00000000`00000001 0x62667431
07 fffff880`19ed9b68 fffff880`19ed9d70 0x1
08 fffff880`19ed9b70 fffffa80`029801a6 0xfffff880`19ed9d70
09 fffff880`19ed9b78 00000000`00000000 0xfffffa80`029801a6
So according to the dump file, the WinFLAdrv.sys caused the crash. This driver is related to the software titled "Folder Lock" from New Softwares. Kindly remove this driver and see if the problem still persists or not. Furthermore, the driver used by this software is very old.


Let me know how it goes ^_^

-Pranav
 
Back
Top