Access Violation message while shutting down vista

Discussion in 'Windows Vista Drivers' started by krish, Oct 16, 2008.

  1. krish

    krish Guest

    HI, I’m struggling with a strange error message when I try to shutdown
    my machine with my upper disk class filter driver installed. If WinDbg
    is not open, system shuts down without any problem. Help! Thanks.

    NOTE: the addresses keep changing everytime but the error message is
    same. Also sometimes it is LocalSystemNetworkRestricted and sometime
    is is netscvs.


    *** An Access Violation occurred in C:\Windows\System32\svchost.exe -k
    LocalSystemNetworkRestricted:



    The instruction at 73B534CF tried to write to an invalid address,
    3603F200



    *** enter .exr 0021F870 for the exception record

    *** enter .cxr 0021F88C for the context

    *** then kb to get the faulting stack



    Break instruction exception - code 80000003 (first chance)

    ntdll!DbgBreakPoint:

    001b:77102ea8 cc int 3

    1: kd> exr 0021F870

    *** ERROR: Module load completed but symbols could not be loaded for
    spldr.sys

    *** ERROR: Module load completed but symbols could not be loaded for
    secdrv.SYS

    *** ERROR: Symbol file could not be found. Defaulted to export
    symbols for spsys.sys -

    Couldn't resolve error at 'xr 0021F870 '

    1: kd> .exr 0021F870

    ExceptionAddress: 73b534cf

    ExceptionCode: c0000005 (Access violation)

    ExceptionFlags: 00000000

    NumberParameters: 2

    Parameter[0]: 00000001

    Parameter[1]: 3603f200

    Attempt to write to address 3603f200

    1: kd> .cxr 0021F88C

    eax=00000000 ebx=0002f090 ecx=00000100 edx=00000000 esi=0021fbfc
    edi=003480d0

    eip=73b534cf esp=0021fb58 ebp=0021fb64 iopl=0 nv up ei pl zr
    na pe nc

    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    efl=00010246

    001b:73b534cf 002500f20336 add byte ptr ds:[3603F200h],ah ds:
    0023:3603f200=??

    1: kd> kb

    *** Stack trace for last set context - .thread/.cxr resets it

    ChildEBP RetAddr Args to Child

    WARNING: Frame IP not in any known module. Following frames may be
    wrong.

    0021fb64 762dff29 00000005 00000000 00000000 0x73b534cf

    0021fc70 770fc5f7 00000000 0021fcd6 00000000 0x762dff29

    0021fe44 0024241d 00323b40 00242401 00242183 ntdll!
    LdrGetProcedureAddressEx+0x1a4

    0021fea0 770fa9bd 7ffde000 00218c71 00000000 0x24241d

    0021fed4 77108399 00000000 00000000 00000000 ntdll!_RtlUserThreadStart
    +0x23

    0021fee0 00000000 002420bf 7ffde000 00000000
    ntdll! ?? ::FNODOBFM::`string'+0x9

    1: kd> ub 762dff29

    762dff0e 837dfc00 cmp dword ptr [ebp-4],0

    762dff12 ff7718 push dword ptr [edi+18h]

    762dff15 0f8400abfeff je 762caa1b

    762dff1b 8b45fc mov eax,dword ptr [ebp-4]

    762dff1e ff7004 push dword ptr [eax+4]

    762dff21 ff30 push dword ptr [eax]

    762dff23 ff7604 push dword ptr [esi+4]

    762dff26 ff55e4 call dword ptr [ebp-1Ch]





    1: kd> !analyze –v

    Connected to Windows Vista 6000 x86 compatible target, ptr64 FALSE

    Loading Kernel Symbols

    ...............................................................................................................................

    Loading User Symbols

    ...............................................................................................

    Loading unloaded module list

    ......Unable to enumerate user-mode unloaded modules, Win32 error 0n30

    *******************************************************************************

    *
    *

    * Exception
    Analysis *

    *
    *

    *******************************************************************************



    *************************************************************************

    ***
    ***

    ***
    ***

    *** Your debugger is not using the correct symbols
    ***

    ***
    ***

    *** In order for this command to work properly, your symbol path
    ***

    *** must point to .pdb files that have full type information.
    ***

    ***
    ***

    *** Certain .pdb files (such as the public OS symbols) do not
    ***

    *** contain the required information. Contact the group that
    ***

    *** provided you with these symbols if you need this command to
    ***

    *** work.
    ***

    ***
    ***

    *** Type referenced: kernel32!pNlsUserInfo
    ***

    ***
    ***

    *************************************************************************

    *************************************************************************

    ***
    ***

    ***
    ***

    *** Your debugger is not using the correct symbols
    ***

    ***
    ***

    *** In order for this command to work properly, your symbol path
    ***

    *** must point to .pdb files that have full type information.
    ***

    ***
    ***

    *** Certain .pdb files (such as the public OS symbols) do not
    ***

    *** contain the required information. Contact the group that
    ***

    *** provided you with these symbols if you need this command to
    ***

    *** work.
    ***

    ***
    ***

    *** Type referenced: kernel32!pNlsUserInfo
    ***

    ***
    ***

    *************************************************************************



    FAULTING_IP:

    ntdll!DbgBreakPoint+0

    001b:77102ea8 cc int 3



    EXCEPTION_RECORD: 0021f870 -- (.exr 0x21f870)

    ExceptionAddress: 73b534cf (cscsvc!CscService_CtrlHandler+0x00000102)

    ExceptionCode: c0000005 (Access violation)

    ExceptionFlags: 00000000

    NumberParameters: 2

    Parameter[0]: 00000001

    Parameter[1]: 3603f200

    Attempt to write to address 3603f200



    ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A
    breakpoint has been reached.



    NTGLOBALFLAG: 0



    CHKIMG_EXTENSION: !chkimg -lo 50 -d !cscsvc

    73b53000-73b53008 9 bytes - cscsvc!CClassFactory::CreateInstance
    +3e

    [ ff bf 15 00 07 80 e9 a3:88 00 00 6a 10 e8 cd f4 ]

    73b5300a-73b53042 57 bytes - cscsvc!CClassFactory::CreateInstance
    +64 (+0x0a)

    [ ff 68 c8 59 b4 73 6a 0a:85 c0 89 43 b1 12 84 99 ]

    73b53044-73b53072 47 bytes - cscsvc!CscService_PostThreadMessage
    +29 (+0x3a)

    [ 80 ba 73 3d 00 80 ba 73:00 a9 90 7b 10 a5 4e a9 ]

    73b53074-73b530fd 138 bytes - cscsvc!CscService_PostThreadMessage
    +59 (+0x30)

    [ ff 00 00 81 ce 00 00 07:25 78 11 18 28 90 90 90 ]

    73b530ff-73b5311c 30 bytes - cscsvc!
    CAgentDeferredStartupTask::Execute+7e (+0x8b)

    [ e9 34 9b ff ff 5f 5e c3:00 74 11 56 e8 14 00 00 ]

    73b5311e-73b5316a 77 bytes - cscsvc!CscService_Initialize+c1
    (+0x1f)

    [ a1 00 80 ba 73 3d 00 80:55 8b ec 34 49 08 8b 00 ]

    73b5316c-73b53180 21 bytes - cscsvc!CscService_Initialize+14a
    (+0x4e)

    [ f6 40 1c 02 0f 84 d8 aa:75 08 56 e8 33 fe ff ff ]

    73b53182-73b5325c 219 bytes - cscsvc!CscService_Initialize+160
    (+0x16)

    [ 00 68 c8 59 b4 73 6a 21:90 90 90 90 39 8f ff 55 ]

    73b5325e-73b53265 8 bytes - cscsvc!CscService_Initialize+35f
    (+0xdc)

    [ e8 17 70 00 00 e9 80 a9:39 75 fc 76 38 33 db 33 ]

    73b53267-73b532af 73 bytes - cscsvc!CscService_Initialize+368
    (+0x09)

    [ ff a1 00 80 ba 73 3d 00:83 7d 0c 00 1e 2b 8b 45 ]

    73b532b1-73b532b5 5 bytes - cscsvc!DllMain+56 (+0x4a)

    [ e8 91 03 05 00:35 0c 80 1a 28 ]

    73b532b7-73b532bd 7 bytes - cscsvc!DllMain+5c (+0x06)

    [ 57 56 01 00 e9 a7 8d:5e b8 ff ff 83 c4 0c ]

    73b532bf-73b532f2 52 bytes - cscsvc!DllMain+64 (+0x08)

    [ ff be 26 04 07 80 e9 e8:35 44 80 1a 28 68 01 04 ]

    73b532f4-73b53308 21 bytes - cscsvc!CscService_SubmitTask+3b
    (+0x35)

    [ e9 e3 42 ff ff 83 c3 0c:76 00 34 00 49 00 6e 00 ]

    73b5330a-73b53312 9 bytes - cscsvc!CscService_SubmitTask+7c
    (+0x16)

    [ 00 e9 00 43 ff ff f7 40:43 00 68 00 61 00 6e 00 ]

    73b53314-73b53315 2 bytes - cscsvc!CscService_SubmitTask+8c
    (+0x0a)

    [ 00 40:65 00 ]

    73b53317-73b53330 26 bytes - cscsvc!CscService_SubmitTask+8f
    (+0x03)

    [ 0f 84 f3 42 ff ff ff 75:00 4f 00 6e 00 49 00 70 ]

    73b53332-73b53346 21 bytes - cscsvc!CscService_SubmitTask+a6
    (+0x1b)

    [ e9 d9 42 ff ff 68 c8 59:63 00 65 00 43 00 68 00 ]

    73b53348-73b53362 27 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+30 (+0x16)

    [ 00 a1 00 80 ba 73 e9 97:6e 00 75 00 16 04 65 00 ]

    73b53364-73b5337a 23 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+51 (+0x1c)

    [ 00 e9 8e 96 ff ff 68 c8:6e 00 74 00 65 00 72 00 ]

    73b5337c-73b53390 21 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+bf (+0x18)

    [ e9 d6 96 ff ff 68 c8 59:74 00 65 00 72 00 69 00 ]

    73b53392-73b533e1 80 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+120 (+0x16)

    [ 00 e9 13 97 ff ff f6 40:76 00 34 00 49 00 6e 00 ]

    73b533e3-73b533f1 15 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1b1 (+0x51)

    [ e9 f7 96 ff ff 68 c8 59:56 e8 bc 39 01 00 e9 a9 ]

    73b533f4 - cscsvc!CscService_InitializeMaintenanceTasks+1cf
    (+0x11)

    [ 10:04 ]

    73b533f6-73b533fc 7 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1d1 (+0x02)

    [ 80 6e 00 00 e9 f6 96:f1 cc ff ff 8b f8 85 ]

    73b533fe-73b53416 25 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1d9 (+0x08)

    [ ff e8 70 a3 ff ff 8b d8:0f 84 5e 66 00 00 53 8b ]

    73b53418-73b53434 29 bytes - cscsvc!
    CscService_CreateGlobalThreadSyncObjects+43 (+0x1a)

    [ 8b d8 e9 44 91 ff ff e8:73 04 ff 33 0f 85 55 66 ]

    73b53437-73b53441 11 bytes - cscsvc!
    CscService_CreateGlobalThreadSyncObjects+a5 (+0x1f)

    [ e8 38 a3 ff ff 8b d8 e9:83 c4 18 68 68 09 00 00 ]

    73b53443-73b53475 51 bytes - cscsvc!CscService_CtrlHandler+3e
    (+0x0c)

    [ a1 00 80 ba 73 3d 00 80:ff 8b f0 2e fa 0f 84 1e ]

    73b53477-73b53483 13 bytes - cscsvc!CscService_CtrlHandler+8b
    (+0x34)

    [ 57 6a 4a ff 70 14 ff 70:75 0c 53 57 56 e8 82 04 ]

    73b53485-73b5348d 9 bytes - cscsvc!CscService_CtrlHandler+99
    (+0x0e)

    [ a1 00 80 ba 73 e9 14 25:8b f8 74 b7 88 ff 0f 85 ]

    73b5348f-73b5349e 16 bytes - cscsvc!CscService_CtrlHandler+c2
    (+0x0a)

    [ f6 40 1c 08 0f 84 25 25:ff ff 56 e8 6a 00 00 00 ]

    73b534a0-73b534ac 13 bytes - cscsvc!CscService_CtrlHandler+d3
    (+0x11)

    [ 70 10 e8 d3 6d 00 00 e9:ff 90 90 90 90 90 90 90 ]

    73b534ae-73b534d4 39 bytes - cscsvc!CscService_CtrlHandler+e1
    (+0x0e)

    [ 80 ba 73 3d 00 80 ba 73:49 a9 71 00 74 00 0e 04 ]

    73b534d6-73b534dc 7 bytes - cscsvc!CscService_CtrlHandler+109
    (+0x28)

    [ 80 ba 73 0f 84 94 00:34 a9 7b 00 20 00 43 ]

    73b534de-73b534e6 9 bytes - cscsvc!CscService_CtrlHandler+111
    (+0x08)

    [ 00 f6 40 1c 08 0f 84 8a:6f 00 6d 00 70 00 61 00 ]

    73b534e8-73b53543 92 bytes - cscsvc!CscService_CtrlHandler+11b
    (+0x0a)

    [ 00 68 c8 59 b4 73 6a 48:74 00 6d 00 0e 04 6e 00 ]

    73b53545-73b53571 45 bytes - cscsvc!CscService_CtrlHandler+17a
    (+0x5d)

    [ e8 30 6d 00 00 e9 ca cf:00 ff 35 0c 80 1a 28 e8 ]

    73b53573-73b53576 4 bytes - cscsvc!CscService_CtrlHandler+1ac
    (+0x2e)

    [ e8 2b 5a 01:90 70 00 72 ]

    73b53578-73b53582 11 bytes - cscsvc!CscService_CtrlHandler+1b1
    (+0x05)

    [ e9 41 24 ff ff 83 f8 ff:6f 00 63 00 65 00 73 00 ]

    73b53584-73b53587 4 bytes - cscsvc!CscService_MainLoop+90 (+0x0c)

    [ 80 ba 73 3d:25 a9 76 00 ]

    73b53589-73b53590 8 bytes - cscsvc!CscService_MainLoop+95 (+0x05)

    [ 80 ba 73 0f 84 02 02 00:00 39 94 90 90 90 90 54 ]

    73b53592-73b5359a 9 bytes - cscsvc!CscService_MainLoop+9e (+0x09)

    [ f6 40 1c 08 0f 84 f8 01:65 00 72 00 65 00 64 00 ]

    73b5359c-73b535ac 17 bytes - cscsvc!CscService_MainLoop+a8
    (+0x0a)

    [ ff 35 60 80 ba 73 68 c8:43 00 6f 00 16 04 70 00 ]

    73b535ae-73b535c0 19 bytes - cscsvc!CscService_MainLoop+ba
    (+0x12)

    [ 8b 1d d0 83 ba 73 a1 d4:6e 00 74 00 ec 03 68 00 ]

    73b535c2 - cscsvc!CscService_MainLoop+ce (+0x14)

    [ 10:74 ]

    73b535c4-73b535d4 17 bytes - cscsvc!CscService_MainLoop+d0
    (+0x02)

    [ 51 57 89 45 f0 ff d6 3b:69 00 66 00 69 00 63 00 ]

    73b535d6-73b535f6 33 bytes - cscsvc!CscService_MainLoop+e2
    (+0x12)

    [ 80 ba 73 3d 00 80 ba 73:00 a9 59 e8 7d f7 a8 03 ]

    73b535f8-73b535fb 4 bytes - cscsvc!CscService_MainLoop+104
    (+0x22)

    [ e8 98 57 01:00 e8 93 17 ]

    73b535fd-73b53605 9 bytes - cscsvc!CscService_MainLoop+109
    (+0x05)

    [ b9 94 84 ba 73 e8 68 47:00 85 db 1d 0a 56 e8 20 ]

    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg
    without '-lo [num_lines]' to view entire output.

    3962 errors : !cscsvc (73b53000-73b53fff)



    CONTEXT: 0021f88c -- (.cxr 0x21f88c)

    eax=00000000 ebx=0002f090 ecx=00000100 edx=00000000 esi=0021fbfc
    edi=003480d0

    eip=73b534cf esp=0021fb58 ebp=0021fb64 iopl=0 nv up ei pl zr
    na pe nc

    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    efl=00010246

    cscsvc!CscService_CtrlHandler+0x102:

    001b:73b534cf 002500f20336 add byte ptr ds:[3603F200h],ah ds:
    0023:3603f200=??

    Resetting default scope



    WRITE_ADDRESS: 3603f200



    FAULTING_THREAD: 00000002



    BUGCHECK_STR: APPLICATION_FAULT_MEMORY_CORRUPTION_LARGE



    PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION



    DEFAULT_BUCKET_ID: CODE_CORRUPTION



    LAST_CONTROL_TRANSFER: from 762dff29 to 73b534cf



    STACK_TEXT:

    73b534cf cscsvc!CscService_CtrlHandler

    762dff29 ADVAPI32!ScDispatcherLoop

    762dbdd2 ADVAPI32!StartServiceCtrlDispatcherW

    0024241d svchost!SvcHostMain

    00242401 svchost!wmain

    00242183 svchost!_initterm_e

    764a3833 kernel32!BaseThreadInitThunk

    770fa9bd ntdll!_RtlUserThreadStart





    MODULE_NAME: memory_corruption



    IMAGE_NAME: memory_corruption



    FOLLOWUP_NAME: memory_corruption



    DEBUG_FLR_IMAGE_TIMESTAMP: 0



    MEMORY_CORRUPTOR: LARGE_4096



    STACK_COMMAND: .cxr 0021F88C ; kb ; dds 21fb58 ; kb



    BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096



    FAILURE_BUCKET_ID: MEMORY_CORRUPTION_80000003_memory_corruption!
    Unloaded



    Followup: memory_corruption

    ---------
     
    krish, Oct 16, 2008
    #1
    1. Advertisements

  2. And if you run under verifier, does it gives you some hints? Verify with all
    checks on your driver, and drivers lower and upper your.

    --
    Volodymyr, blog: http://www.shcherbyna.com/
    (This posting is provided "AS IS" with no warranties, and confers no
    rights)
    HI, I’m struggling with a strange error message when I try to shutdown
    my machine with my upper disk class filter driver installed. If WinDbg
    is not open, system shuts down without any problem. Help! Thanks.

    NOTE: the addresses keep changing everytime but the error message is
    same. Also sometimes it is LocalSystemNetworkRestricted and sometime
    is is netscvs.


    *** An Access Violation occurred in C:\Windows\System32\svchost.exe -k
    LocalSystemNetworkRestricted:



    The instruction at 73B534CF tried to write to an invalid address,
    3603F200



    *** enter .exr 0021F870 for the exception record

    *** enter .cxr 0021F88C for the context

    *** then kb to get the faulting stack



    Break instruction exception - code 80000003 (first chance)

    ntdll!DbgBreakPoint:

    001b:77102ea8 cc int 3

    1: kd> exr 0021F870

    *** ERROR: Module load completed but symbols could not be loaded for
    spldr.sys

    *** ERROR: Module load completed but symbols could not be loaded for
    secdrv.SYS

    *** ERROR: Symbol file could not be found. Defaulted to export
    symbols for spsys.sys -

    Couldn't resolve error at 'xr 0021F870 '

    1: kd> .exr 0021F870

    ExceptionAddress: 73b534cf

    ExceptionCode: c0000005 (Access violation)

    ExceptionFlags: 00000000

    NumberParameters: 2

    Parameter[0]: 00000001

    Parameter[1]: 3603f200

    Attempt to write to address 3603f200

    1: kd> .cxr 0021F88C

    eax=00000000 ebx=0002f090 ecx=00000100 edx=00000000 esi=0021fbfc
    edi=003480d0

    eip=73b534cf esp=0021fb58 ebp=0021fb64 iopl=0 nv up ei pl zr
    na pe nc

    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    efl=00010246

    001b:73b534cf 002500f20336 add byte ptr ds:[3603F200h],ah ds:
    0023:3603f200=??

    1: kd> kb

    *** Stack trace for last set context - .thread/.cxr resets it

    ChildEBP RetAddr Args to Child

    WARNING: Frame IP not in any known module. Following frames may be
    wrong.

    0021fb64 762dff29 00000005 00000000 00000000 0x73b534cf

    0021fc70 770fc5f7 00000000 0021fcd6 00000000 0x762dff29

    0021fe44 0024241d 00323b40 00242401 00242183 ntdll!
    LdrGetProcedureAddressEx+0x1a4

    0021fea0 770fa9bd 7ffde000 00218c71 00000000 0x24241d

    0021fed4 77108399 00000000 00000000 00000000 ntdll!_RtlUserThreadStart
    +0x23

    0021fee0 00000000 002420bf 7ffde000 00000000
    ntdll! ?? ::FNODOBFM::`string'+0x9

    1: kd> ub 762dff29

    762dff0e 837dfc00 cmp dword ptr [ebp-4],0

    762dff12 ff7718 push dword ptr [edi+18h]

    762dff15 0f8400abfeff je 762caa1b

    762dff1b 8b45fc mov eax,dword ptr [ebp-4]

    762dff1e ff7004 push dword ptr [eax+4]

    762dff21 ff30 push dword ptr [eax]

    762dff23 ff7604 push dword ptr [esi+4]

    762dff26 ff55e4 call dword ptr [ebp-1Ch]





    1: kd> !analyze –v

    Connected to Windows Vista 6000 x86 compatible target, ptr64 FALSE

    Loading Kernel Symbols

    ..............................................................................................................................

    Loading User Symbols

    ..............................................................................................

    Loading unloaded module list

    ......Unable to enumerate user-mode unloaded modules, Win32 error 0n30

    *******************************************************************************

    *
    *

    * Exception
    Analysis *

    *
    *

    *******************************************************************************



    *************************************************************************

    ***
    ***

    ***
    ***

    *** Your debugger is not using the correct symbols
    ***

    ***
    ***

    *** In order for this command to work properly, your symbol path
    ***

    *** must point to .pdb files that have full type information.
    ***

    ***
    ***

    *** Certain .pdb files (such as the public OS symbols) do not
    ***

    *** contain the required information. Contact the group that
    ***

    *** provided you with these symbols if you need this command to
    ***

    *** work.
    ***

    ***
    ***

    *** Type referenced: kernel32!pNlsUserInfo
    ***

    ***
    ***

    *************************************************************************

    *************************************************************************

    ***
    ***

    ***
    ***

    *** Your debugger is not using the correct symbols
    ***

    ***
    ***

    *** In order for this command to work properly, your symbol path
    ***

    *** must point to .pdb files that have full type information.
    ***

    ***
    ***

    *** Certain .pdb files (such as the public OS symbols) do not
    ***

    *** contain the required information. Contact the group that
    ***

    *** provided you with these symbols if you need this command to
    ***

    *** work.
    ***

    ***
    ***

    *** Type referenced: kernel32!pNlsUserInfo
    ***

    ***
    ***

    *************************************************************************



    FAULTING_IP:

    ntdll!DbgBreakPoint+0

    001b:77102ea8 cc int 3



    EXCEPTION_RECORD: 0021f870 -- (.exr 0x21f870)

    ExceptionAddress: 73b534cf (cscsvc!CscService_CtrlHandler+0x00000102)

    ExceptionCode: c0000005 (Access violation)

    ExceptionFlags: 00000000

    NumberParameters: 2

    Parameter[0]: 00000001

    Parameter[1]: 3603f200

    Attempt to write to address 3603f200



    ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A
    breakpoint has been reached.



    NTGLOBALFLAG: 0



    CHKIMG_EXTENSION: !chkimg -lo 50 -d !cscsvc

    73b53000-73b53008 9 bytes - cscsvc!CClassFactory::CreateInstance
    +3e

    [ ff bf 15 00 07 80 e9 a3:88 00 00 6a 10 e8 cd f4 ]

    73b5300a-73b53042 57 bytes - cscsvc!CClassFactory::CreateInstance
    +64 (+0x0a)

    [ ff 68 c8 59 b4 73 6a 0a:85 c0 89 43 b1 12 84 99 ]

    73b53044-73b53072 47 bytes - cscsvc!CscService_PostThreadMessage
    +29 (+0x3a)

    [ 80 ba 73 3d 00 80 ba 73:00 a9 90 7b 10 a5 4e a9 ]

    73b53074-73b530fd 138 bytes - cscsvc!CscService_PostThreadMessage
    +59 (+0x30)

    [ ff 00 00 81 ce 00 00 07:25 78 11 18 28 90 90 90 ]

    73b530ff-73b5311c 30 bytes - cscsvc!
    CAgentDeferredStartupTask::Execute+7e (+0x8b)

    [ e9 34 9b ff ff 5f 5e c3:00 74 11 56 e8 14 00 00 ]

    73b5311e-73b5316a 77 bytes - cscsvc!CscService_Initialize+c1
    (+0x1f)

    [ a1 00 80 ba 73 3d 00 80:55 8b ec 34 49 08 8b 00 ]

    73b5316c-73b53180 21 bytes - cscsvc!CscService_Initialize+14a
    (+0x4e)

    [ f6 40 1c 02 0f 84 d8 aa:75 08 56 e8 33 fe ff ff ]

    73b53182-73b5325c 219 bytes - cscsvc!CscService_Initialize+160
    (+0x16)

    [ 00 68 c8 59 b4 73 6a 21:90 90 90 90 39 8f ff 55 ]

    73b5325e-73b53265 8 bytes - cscsvc!CscService_Initialize+35f
    (+0xdc)

    [ e8 17 70 00 00 e9 80 a9:39 75 fc 76 38 33 db 33 ]

    73b53267-73b532af 73 bytes - cscsvc!CscService_Initialize+368
    (+0x09)

    [ ff a1 00 80 ba 73 3d 00:83 7d 0c 00 1e 2b 8b 45 ]

    73b532b1-73b532b5 5 bytes - cscsvc!DllMain+56 (+0x4a)

    [ e8 91 03 05 00:35 0c 80 1a 28 ]

    73b532b7-73b532bd 7 bytes - cscsvc!DllMain+5c (+0x06)

    [ 57 56 01 00 e9 a7 8d:5e b8 ff ff 83 c4 0c ]

    73b532bf-73b532f2 52 bytes - cscsvc!DllMain+64 (+0x08)

    [ ff be 26 04 07 80 e9 e8:35 44 80 1a 28 68 01 04 ]

    73b532f4-73b53308 21 bytes - cscsvc!CscService_SubmitTask+3b
    (+0x35)

    [ e9 e3 42 ff ff 83 c3 0c:76 00 34 00 49 00 6e 00 ]

    73b5330a-73b53312 9 bytes - cscsvc!CscService_SubmitTask+7c
    (+0x16)

    [ 00 e9 00 43 ff ff f7 40:43 00 68 00 61 00 6e 00 ]

    73b53314-73b53315 2 bytes - cscsvc!CscService_SubmitTask+8c
    (+0x0a)

    [ 00 40:65 00 ]

    73b53317-73b53330 26 bytes - cscsvc!CscService_SubmitTask+8f
    (+0x03)

    [ 0f 84 f3 42 ff ff ff 75:00 4f 00 6e 00 49 00 70 ]

    73b53332-73b53346 21 bytes - cscsvc!CscService_SubmitTask+a6
    (+0x1b)

    [ e9 d9 42 ff ff 68 c8 59:63 00 65 00 43 00 68 00 ]

    73b53348-73b53362 27 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+30 (+0x16)

    [ 00 a1 00 80 ba 73 e9 97:6e 00 75 00 16 04 65 00 ]

    73b53364-73b5337a 23 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+51 (+0x1c)

    [ 00 e9 8e 96 ff ff 68 c8:6e 00 74 00 65 00 72 00 ]

    73b5337c-73b53390 21 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+bf (+0x18)

    [ e9 d6 96 ff ff 68 c8 59:74 00 65 00 72 00 69 00 ]

    73b53392-73b533e1 80 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+120 (+0x16)

    [ 00 e9 13 97 ff ff f6 40:76 00 34 00 49 00 6e 00 ]

    73b533e3-73b533f1 15 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1b1 (+0x51)

    [ e9 f7 96 ff ff 68 c8 59:56 e8 bc 39 01 00 e9 a9 ]

    73b533f4 - cscsvc!CscService_InitializeMaintenanceTasks+1cf
    (+0x11)

    [ 10:04 ]

    73b533f6-73b533fc 7 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1d1 (+0x02)

    [ 80 6e 00 00 e9 f6 96:f1 cc ff ff 8b f8 85 ]

    73b533fe-73b53416 25 bytes - cscsvc!
    CscService_InitializeMaintenanceTasks+1d9 (+0x08)

    [ ff e8 70 a3 ff ff 8b d8:0f 84 5e 66 00 00 53 8b ]

    73b53418-73b53434 29 bytes - cscsvc!
    CscService_CreateGlobalThreadSyncObjects+43 (+0x1a)

    [ 8b d8 e9 44 91 ff ff e8:73 04 ff 33 0f 85 55 66 ]

    73b53437-73b53441 11 bytes - cscsvc!
    CscService_CreateGlobalThreadSyncObjects+a5 (+0x1f)

    [ e8 38 a3 ff ff 8b d8 e9:83 c4 18 68 68 09 00 00 ]

    73b53443-73b53475 51 bytes - cscsvc!CscService_CtrlHandler+3e
    (+0x0c)

    [ a1 00 80 ba 73 3d 00 80:ff 8b f0 2e fa 0f 84 1e ]

    73b53477-73b53483 13 bytes - cscsvc!CscService_CtrlHandler+8b
    (+0x34)

    [ 57 6a 4a ff 70 14 ff 70:75 0c 53 57 56 e8 82 04 ]

    73b53485-73b5348d 9 bytes - cscsvc!CscService_CtrlHandler+99
    (+0x0e)

    [ a1 00 80 ba 73 e9 14 25:8b f8 74 b7 88 ff 0f 85 ]

    73b5348f-73b5349e 16 bytes - cscsvc!CscService_CtrlHandler+c2
    (+0x0a)

    [ f6 40 1c 08 0f 84 25 25:ff ff 56 e8 6a 00 00 00 ]

    73b534a0-73b534ac 13 bytes - cscsvc!CscService_CtrlHandler+d3
    (+0x11)

    [ 70 10 e8 d3 6d 00 00 e9:ff 90 90 90 90 90 90 90 ]

    73b534ae-73b534d4 39 bytes - cscsvc!CscService_CtrlHandler+e1
    (+0x0e)

    [ 80 ba 73 3d 00 80 ba 73:49 a9 71 00 74 00 0e 04 ]

    73b534d6-73b534dc 7 bytes - cscsvc!CscService_CtrlHandler+109
    (+0x28)

    [ 80 ba 73 0f 84 94 00:34 a9 7b 00 20 00 43 ]

    73b534de-73b534e6 9 bytes - cscsvc!CscService_CtrlHandler+111
    (+0x08)

    [ 00 f6 40 1c 08 0f 84 8a:6f 00 6d 00 70 00 61 00 ]

    73b534e8-73b53543 92 bytes - cscsvc!CscService_CtrlHandler+11b
    (+0x0a)

    [ 00 68 c8 59 b4 73 6a 48:74 00 6d 00 0e 04 6e 00 ]

    73b53545-73b53571 45 bytes - cscsvc!CscService_CtrlHandler+17a
    (+0x5d)

    [ e8 30 6d 00 00 e9 ca cf:00 ff 35 0c 80 1a 28 e8 ]

    73b53573-73b53576 4 bytes - cscsvc!CscService_CtrlHandler+1ac
    (+0x2e)

    [ e8 2b 5a 01:90 70 00 72 ]

    73b53578-73b53582 11 bytes - cscsvc!CscService_CtrlHandler+1b1
    (+0x05)

    [ e9 41 24 ff ff 83 f8 ff:6f 00 63 00 65 00 73 00 ]

    73b53584-73b53587 4 bytes - cscsvc!CscService_MainLoop+90 (+0x0c)

    [ 80 ba 73 3d:25 a9 76 00 ]

    73b53589-73b53590 8 bytes - cscsvc!CscService_MainLoop+95 (+0x05)

    [ 80 ba 73 0f 84 02 02 00:00 39 94 90 90 90 90 54 ]

    73b53592-73b5359a 9 bytes - cscsvc!CscService_MainLoop+9e (+0x09)

    [ f6 40 1c 08 0f 84 f8 01:65 00 72 00 65 00 64 00 ]

    73b5359c-73b535ac 17 bytes - cscsvc!CscService_MainLoop+a8
    (+0x0a)

    [ ff 35 60 80 ba 73 68 c8:43 00 6f 00 16 04 70 00 ]

    73b535ae-73b535c0 19 bytes - cscsvc!CscService_MainLoop+ba
    (+0x12)

    [ 8b 1d d0 83 ba 73 a1 d4:6e 00 74 00 ec 03 68 00 ]

    73b535c2 - cscsvc!CscService_MainLoop+ce (+0x14)

    [ 10:74 ]

    73b535c4-73b535d4 17 bytes - cscsvc!CscService_MainLoop+d0
    (+0x02)

    [ 51 57 89 45 f0 ff d6 3b:69 00 66 00 69 00 63 00 ]

    73b535d6-73b535f6 33 bytes - cscsvc!CscService_MainLoop+e2
    (+0x12)

    [ 80 ba 73 3d 00 80 ba 73:00 a9 59 e8 7d f7 a8 03 ]

    73b535f8-73b535fb 4 bytes - cscsvc!CscService_MainLoop+104
    (+0x22)

    [ e8 98 57 01:00 e8 93 17 ]

    73b535fd-73b53605 9 bytes - cscsvc!CscService_MainLoop+109
    (+0x05)

    [ b9 94 84 ba 73 e8 68 47:00 85 db 1d 0a 56 e8 20 ]

    WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg
    without '-lo [num_lines]' to view entire output.

    3962 errors : !cscsvc (73b53000-73b53fff)



    CONTEXT: 0021f88c -- (.cxr 0x21f88c)

    eax=00000000 ebx=0002f090 ecx=00000100 edx=00000000 esi=0021fbfc
    edi=003480d0

    eip=73b534cf esp=0021fb58 ebp=0021fb64 iopl=0 nv up ei pl zr
    na pe nc

    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    efl=00010246

    cscsvc!CscService_CtrlHandler+0x102:

    001b:73b534cf 002500f20336 add byte ptr ds:[3603F200h],ah ds:
    0023:3603f200=??

    Resetting default scope



    WRITE_ADDRESS: 3603f200



    FAULTING_THREAD: 00000002



    BUGCHECK_STR: APPLICATION_FAULT_MEMORY_CORRUPTION_LARGE



    PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION



    DEFAULT_BUCKET_ID: CODE_CORRUPTION



    LAST_CONTROL_TRANSFER: from 762dff29 to 73b534cf



    STACK_TEXT:

    73b534cf cscsvc!CscService_CtrlHandler

    762dff29 ADVAPI32!ScDispatcherLoop

    762dbdd2 ADVAPI32!StartServiceCtrlDispatcherW

    0024241d svchost!SvcHostMain

    00242401 svchost!wmain

    00242183 svchost!_initterm_e

    764a3833 kernel32!BaseThreadInitThunk

    770fa9bd ntdll!_RtlUserThreadStart





    MODULE_NAME: memory_corruption



    IMAGE_NAME: memory_corruption



    FOLLOWUP_NAME: memory_corruption



    DEBUG_FLR_IMAGE_TIMESTAMP: 0



    MEMORY_CORRUPTOR: LARGE_4096



    STACK_COMMAND: .cxr 0021F88C ; kb ; dds 21fb58 ; kb



    BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096



    FAILURE_BUCKET_ID: MEMORY_CORRUPTION_80000003_memory_corruption!
    Unloaded



    Followup: memory_corruption

    ---------
     
    Volodymyr M. Shcherbyna, Oct 16, 2008
    #2
    1. Advertisements

  3. krish

    krish Guest

    No driver verifier does not gives any hints. I just keep getting
    errors like above and sometimes also error message on target machines
    like "task scheduler has stopped working" or "index services has
    stopped working" or "explorer has stopped working etc". Looks like
    somewhere my driving is corrupting the memory but I'm not able to pin
    point the code section. Is there any tool (like purify for c programs)
    which can detect these kind of errors?

    Thanks.

     
    krish, Oct 16, 2008
    #3
  4. Thats the reason I asked to use verifier, it can track pool corruptions. You
    can also use application verifier to check specified process.

    --
    Volodymyr, blog: http://www.shcherbyna.com/
    (This posting is provided "AS IS" with no warranties, and confers no
    rights)
    No driver verifier does not gives any hints. I just keep getting
    errors like above and sometimes also error message on target machines
    like "task scheduler has stopped working" or "index services has
    stopped working" or "explorer has stopped working etc". Looks like
    somewhere my driving is corrupting the memory but I'm not able to pin
    point the code section. Is there any tool (like purify for c programs)
    which can detect these kind of errors?

    Thanks.

     
    Volodymyr M. Shcherbyna, Oct 16, 2008
    #4
  5. krish

    krish Guest

    But I'm already using driver verifier and it does not give any hints.
    I also linked my driver to CUV but still no clue. Any more ideas?
     
    krish, Oct 16, 2008
    #5
  6. start removing features one by one and see when the problem stops showing up

    d

    --
    Please do not send e-mail directly to this alias. this alias is for
    newsgroup purposes only.
    This posting is provided "AS IS" with no warranties, and confers no rights.


    But I'm already using driver verifier and it does not give any hints.
    I also linked my driver to CUV but still no clue. Any more ideas?
     
    Doron Holan [MSFT], Oct 16, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.