G
George Valkov
If internet information services WWW is installed, any connection atempt on
port 80 will crush the computer on blue screen.
port 80 will crush the computer on blue screen.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
George Valkov
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100506-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 5600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d27ad0
Debug session time: Thu Oct 5 22:37:15.161 2006 (GMT+2)
System Uptime: 0 days 0:12:50.778
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 81dfb394, 928294ec, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for HTTP.sys
*** ERROR: Module load completed but symbols could not be loaded for
HTTP.sys
Probably caused by : HTTP.sys ( HTTP+370ce )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dfb394, The address that the exception occurred at
Arg3: 928294ec, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: HTTP
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 44f54b5d
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt+1fb394
81dfb394 8a06 mov al,byte ptr [esi]
TRAP_FRAME: 928294ec -- (.trap ffffffff928294ec)
ErrCode = 00000000
eax=7fff0000 ebx=92829b18 ecx=00000000 edx=928295e8 esi=7fff0000
edi=8353f78c
eip=81dfb394 esp=92829560 ebp=9282959c iopl=0 ov up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010a06
nt+0x1fb394:
81dfb394 8a06 mov al,byte ptr [esi]
ds:0023:7fff0000=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 81dec8f9 to 81dfb394
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
9282959c 81dec8f9 00000000 83665a01 83665a01 nt+0x1fb394
928295f4 81e62c67 92829b18 00000000 83665a01 nt+0x1ec8f9
9282974c 81e67eab 00000021 83665a01 92829778 nt+0x262c67
928297bc 81de8f9f 83665a01 928223c0 83665af4 nt+0x267eab
92829880 81dfac75 834be428 00000000 83665a50 nt+0x1e8f9f
92829910 81dec992 00000000 92829968 00000640 nt+0x1fac75
92829974 81e11f52 92829b18 00000000 00000000 nt+0x1ec992
928299e8 81e39891 92829b50 00000021 92829b18 nt+0x211f52
92829a34 81c4e4b7 92829b50 00000021 92829b18 nt+0x239891
92829a68 81c4beed badb0d00 92829ae0 838ddc28 nt+0x4e4b7
92829b3c 93b910ce 92829b84 00000000 00000001 nt+0x4beed
92829ba0 93b68f38 8b6d04a0 00000000 00000001 HTTP+0x370ce
92829c54 93b913f1 8b6d0490 8b6d0490 0000009e HTTP+0xef38
92829c90 93b691e2 92829cbc 8b6d0494 93b691e2 HTTP+0x373f1
92829cac 93b69247 8b6d0490 8b6d0490 009e0046 HTTP+0xf1e2
92829cc4 93b69290 9e4d921e 9b39b058 8389a000 HTTP+0xf247
92829ce0 93b9e002 9b39b058 838797a8 8389a000 HTTP+0xf290
92829d00 93b62f42 8389a000 835c3008 92829d54 HTTP+0x44002
92829d10 93b63594 838797a8 8389a000 00000000 HTTP+0x8f42
92829d54 93b7f1ef 005c3018 00000000 91540020 HTTP+0x9594
92829d7c 81dcf91d 8b6d1c78 92822680 00000000 HTTP+0x251ef
92829dc0 81cb091e 93b7f035 8b6d1c78 00000000 nt+0x1cf91d
00000000 00000000 00000000 00000000 00000000 nt+0xb091e
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP+370ce
93b910ce ?? ???
SYMBOL_STACK_INDEX: b
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: HTTP.sys
SYMBOL_NAME: HTTP+370ce
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100506-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 5600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d27ad0
Debug session time: Thu Oct 5 22:37:15.161 2006 (GMT+2)
System Uptime: 0 days 0:12:50.778
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 81dfb394, 928294ec, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for HTTP.sys
*** ERROR: Module load completed but symbols could not be loaded for
HTTP.sys
Probably caused by : HTTP.sys ( HTTP+370ce )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dfb394, The address that the exception occurred at
Arg3: 928294ec, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: HTTP
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 44f54b5d
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt+1fb394
81dfb394 8a06 mov al,byte ptr [esi]
TRAP_FRAME: 928294ec -- (.trap ffffffff928294ec)
ErrCode = 00000000
eax=7fff0000 ebx=92829b18 ecx=00000000 edx=928295e8 esi=7fff0000
edi=8353f78c
eip=81dfb394 esp=92829560 ebp=9282959c iopl=0 ov up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010a06
nt+0x1fb394:
81dfb394 8a06 mov al,byte ptr [esi]
ds:0023:7fff0000=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 81dec8f9 to 81dfb394
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
9282959c 81dec8f9 00000000 83665a01 83665a01 nt+0x1fb394
928295f4 81e62c67 92829b18 00000000 83665a01 nt+0x1ec8f9
9282974c 81e67eab 00000021 83665a01 92829778 nt+0x262c67
928297bc 81de8f9f 83665a01 928223c0 83665af4 nt+0x267eab
92829880 81dfac75 834be428 00000000 83665a50 nt+0x1e8f9f
92829910 81dec992 00000000 92829968 00000640 nt+0x1fac75
92829974 81e11f52 92829b18 00000000 00000000 nt+0x1ec992
928299e8 81e39891 92829b50 00000021 92829b18 nt+0x211f52
92829a34 81c4e4b7 92829b50 00000021 92829b18 nt+0x239891
92829a68 81c4beed badb0d00 92829ae0 838ddc28 nt+0x4e4b7
92829b3c 93b910ce 92829b84 00000000 00000001 nt+0x4beed
92829ba0 93b68f38 8b6d04a0 00000000 00000001 HTTP+0x370ce
92829c54 93b913f1 8b6d0490 8b6d0490 0000009e HTTP+0xef38
92829c90 93b691e2 92829cbc 8b6d0494 93b691e2 HTTP+0x373f1
92829cac 93b69247 8b6d0490 8b6d0490 009e0046 HTTP+0xf1e2
92829cc4 93b69290 9e4d921e 9b39b058 8389a000 HTTP+0xf247
92829ce0 93b9e002 9b39b058 838797a8 8389a000 HTTP+0xf290
92829d00 93b62f42 8389a000 835c3008 92829d54 HTTP+0x44002
92829d10 93b63594 838797a8 8389a000 00000000 HTTP+0x8f42
92829d54 93b7f1ef 005c3018 00000000 91540020 HTTP+0x9594
92829d7c 81dcf91d 8b6d1c78 92822680 00000000 HTTP+0x251ef
92829dc0 81cb091e 93b7f035 8b6d1c78 00000000 nt+0x1cf91d
00000000 00000000 00000000 00000000 00000000 nt+0xb091e
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP+370ce
93b910ce ?? ???
SYMBOL_STACK_INDEX: b
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: HTTP.sys
SYMBOL_NAME: HTTP+370ce
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
T
Tom Ziegmann
Please file a bug against this, and also include any logs or any information
you feel that MS needs.
--
Tom Ziegmann
Microsoft Certified Professional
Windows Vista / Server Longhorn TechBeta Tester
Windows Server 2003 SP2 TechBeta Tester
you feel that MS needs.
--
Tom Ziegmann
Microsoft Certified Professional
Windows Vista / Server Longhorn TechBeta Tester
Windows Server 2003 SP2 TechBeta Tester
George Valkov said:No other components affected. Here`s a complete crush dump`s analizis done
with WinDBG:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\DUMP43ee.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.
*
* Use .symfix to have the debugger choose a symbol path.
*
* After setting your symbol path, use .reload to refresh symbol locations.
*
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrnlmp.exe -
Windows Vista Kernel Version 5600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 5600.16384.x86fre.vista_rc1.060829-2230
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d27ad0
Debug session time: Fri Oct 6 00:22:08.995 2006 (GMT+2)
System Uptime: 0 days 0:11:24.623
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrnlmp.exe -
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 81dfb394, 925bf4ec, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
HTTP.sys
Probably caused by : HTTP.sys ( HTTP+370ce )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dfb394, The address that the exception occurred at
Arg3: 925bf4ec, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: HTTP
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 44f54b5d
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!SeCreateAccessStateEx+107
81dfb394 8a06 mov al,byte ptr [esi]
TRAP_FRAME: 925bf4ec -- (.trap ffffffff925bf4ec)
ErrCode = 00000000
eax=7fff0000 ebx=925bfb18 ecx=00000000 edx=925bf5e8 esi=7fff0000
edi=838ecd94
eip=81dfb394 esp=925bf560 ebp=925bf59c iopl=0 ov up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a06
nt!SeCreateAccessStateEx+0x107:
81dfb394 8a06 mov al,byte ptr [esi] ds:0023:7fff0000=??
Resetting default scope
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 81c2792c to 81cc5445
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
925bf0ac 81c2792c 0000008e c0000005 81dfb394 nt!KeBugCheckEx+0x1e
925bf47c 81c4f09a 925bf498 00000000 925bf4ec nt!KeFlushQueuedDpcs+0xd4f
925bf50c 851515a5 851548c7 00000000 00000000 nt!Kei386EoiHelper+0x1d2
925bf59c 81dec8f9 00000000 838fc201 838fc201 Ntfs+0xc5a5
925bf5f4 81e62c67 925bfb18 00000000 838fc201 nt!ObOpenObjectByName+0xa3
925bf74c 81e67eab 00000021 838fc201 925bf778
nt!IoFastQueryNetworkAttributes+0x13c
925bf7bc 81de8f9f 838fc201 925b43c0 838fc304
nt!NtSetVolumeInformationFile+0x56a
925bf880 81dfac75 8417ae20 00000000 838fc260
nt!ObReferenceObjectByHandle+0x21b4
925bf910 81dec992 00000000 925bf968 00000640
nt!PsAssignImpersonationToken+0x1985
925bf974 81e11f52 925bfb18 00000000 00000000 nt!ObOpenObjectByName+0x13c
925bf9e8 81e39891 925bfb50 00000021 925bfb18
nt!IoCheckShareAccessEx+0x102c
925bfa34 81c4e4b7 925bfb50 00000021 925bfb18 nt!NtCreateFile+0x34
925bfa68 81c4beed badb0d00 925bfae0 91ae35e0 nt!ZwQueryLicenseValue+0xbff
925bfb3c 925510ce 925bfb84 00000000 00000001 nt!ZwCreateFile+0x11
925bfba0 92528f38 91a46948 00000000 00000001 HTTP+0x370ce
925bfc54 925513f1 91a46938 91a46938 0000009e HTTP+0xef38
925bfc90 925291e2 925bfcbc 91a4693c 925291e2 HTTP+0x373f1
925bfcac 92529247 91a46938 91a46938 009e0046 HTTP+0xf1e2
925bfcc4 92529290 9976004e 933b2f28 83883000 HTTP+0xf247
925bfce0 9255e002 933b2f28 83526a38 83883000 HTTP+0xf290
925bfd00 92522f42 83883000 8352f008 925bfd54 HTTP+0x44002
925bfd10 92523594 83526a38 83883000 00000000 HTTP+0x8f42
925bfd54 9253f1ef 0052f018 00000000 8b7eb7c0 HTTP+0x9594
925bfd7c 81dcf91d 8b7ea828 925b4680 00000000 HTTP+0x251ef
925bfdc0 81cb091e 9253f035 8b7ea828 00000000
nt!ObReferenceSecurityDescriptor+0x25c
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x2ab
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP+370ce
925510ce 807d1001 cmp byte ptr [ebp+10h],1
SYMBOL_STACK_INDEX: e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: HTTP.sys
SYMBOL_NAME: HTTP+370ce
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
George Valkov said:If internet information services WWW is installed, any connection atempt
on port 80 will crush the computer on blue screen.
G
George Valkov
I have indentified a bug in in IIS component Logging with path:
Windows Features
+Internet Information Serevices
++World Wide Web Services
+++Health and Diagnostic
[x] Custom Logging
[x] HTTP Logging
[x] Logging tools
When these components are selected, any connection attempt to HTTP services
will cause the computer to fail.
Windows Features
+Internet Information Serevices
++World Wide Web Services
+++Health and Diagnostic
[x] Custom Logging
[x] HTTP Logging
[x] Logging tools
When these components are selected, any connection attempt to HTTP services
will cause the computer to fail.
G
George Valkov
No other components affected. Here`s a complete crush dump`s analizis done
with WinDBG:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\DUMP43ee.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlmp.exe -
Windows Vista Kernel Version 5600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 5600.16384.x86fre.vista_rc1.060829-2230
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d27ad0
Debug session time: Fri Oct 6 00:22:08.995 2006 (GMT+2)
System Uptime: 0 days 0:11:24.623
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlmp.exe -
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 81dfb394, 925bf4ec, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
HTTP.sys
Probably caused by : HTTP.sys ( HTTP+370ce )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dfb394, The address that the exception occurred at
Arg3: 925bf4ec, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: HTTP
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 44f54b5d
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!SeCreateAccessStateEx+107
81dfb394 8a06 mov al,byte ptr [esi]
TRAP_FRAME: 925bf4ec -- (.trap ffffffff925bf4ec)
ErrCode = 00000000
eax=7fff0000 ebx=925bfb18 ecx=00000000 edx=925bf5e8 esi=7fff0000
edi=838ecd94
eip=81dfb394 esp=925bf560 ebp=925bf59c iopl=0 ov up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010a06
nt!SeCreateAccessStateEx+0x107:
81dfb394 8a06 mov al,byte ptr [esi]
ds:0023:7fff0000=??
Resetting default scope
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 81c2792c to 81cc5445
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
925bf0ac 81c2792c 0000008e c0000005 81dfb394 nt!KeBugCheckEx+0x1e
925bf47c 81c4f09a 925bf498 00000000 925bf4ec nt!KeFlushQueuedDpcs+0xd4f
925bf50c 851515a5 851548c7 00000000 00000000 nt!Kei386EoiHelper+0x1d2
925bf59c 81dec8f9 00000000 838fc201 838fc201 Ntfs+0xc5a5
925bf5f4 81e62c67 925bfb18 00000000 838fc201 nt!ObOpenObjectByName+0xa3
925bf74c 81e67eab 00000021 838fc201 925bf778
nt!IoFastQueryNetworkAttributes+0x13c
925bf7bc 81de8f9f 838fc201 925b43c0 838fc304
nt!NtSetVolumeInformationFile+0x56a
925bf880 81dfac75 8417ae20 00000000 838fc260
nt!ObReferenceObjectByHandle+0x21b4
925bf910 81dec992 00000000 925bf968 00000640
nt!PsAssignImpersonationToken+0x1985
925bf974 81e11f52 925bfb18 00000000 00000000 nt!ObOpenObjectByName+0x13c
925bf9e8 81e39891 925bfb50 00000021 925bfb18 nt!IoCheckShareAccessEx+0x102c
925bfa34 81c4e4b7 925bfb50 00000021 925bfb18 nt!NtCreateFile+0x34
925bfa68 81c4beed badb0d00 925bfae0 91ae35e0 nt!ZwQueryLicenseValue+0xbff
925bfb3c 925510ce 925bfb84 00000000 00000001 nt!ZwCreateFile+0x11
925bfba0 92528f38 91a46948 00000000 00000001 HTTP+0x370ce
925bfc54 925513f1 91a46938 91a46938 0000009e HTTP+0xef38
925bfc90 925291e2 925bfcbc 91a4693c 925291e2 HTTP+0x373f1
925bfcac 92529247 91a46938 91a46938 009e0046 HTTP+0xf1e2
925bfcc4 92529290 9976004e 933b2f28 83883000 HTTP+0xf247
925bfce0 9255e002 933b2f28 83526a38 83883000 HTTP+0xf290
925bfd00 92522f42 83883000 8352f008 925bfd54 HTTP+0x44002
925bfd10 92523594 83526a38 83883000 00000000 HTTP+0x8f42
925bfd54 9253f1ef 0052f018 00000000 8b7eb7c0 HTTP+0x9594
925bfd7c 81dcf91d 8b7ea828 925b4680 00000000 HTTP+0x251ef
925bfdc0 81cb091e 9253f035 8b7ea828 00000000
nt!ObReferenceSecurityDescriptor+0x25c
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x2ab
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP+370ce
925510ce 807d1001 cmp byte ptr [ebp+10h],1
SYMBOL_STACK_INDEX: e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: HTTP.sys
SYMBOL_NAME: HTTP+370ce
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
with WinDBG:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\DUMP43ee.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlmp.exe -
Windows Vista Kernel Version 5600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 5600.16384.x86fre.vista_rc1.060829-2230
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d27ad0
Debug session time: Fri Oct 6 00:22:08.995 2006 (GMT+2)
System Uptime: 0 days 0:11:24.623
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlmp.exe -
Loading Kernel Symbols
..............................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 81dfb394, 925bf4ec, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for
Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
HTTP.sys
Probably caused by : HTTP.sys ( HTTP+370ce )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dfb394, The address that the exception occurred at
Arg3: 925bf4ec, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: HTTP
FAULTING_MODULE: 81c00000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 44f54b5d
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!SeCreateAccessStateEx+107
81dfb394 8a06 mov al,byte ptr [esi]
TRAP_FRAME: 925bf4ec -- (.trap ffffffff925bf4ec)
ErrCode = 00000000
eax=7fff0000 ebx=925bfb18 ecx=00000000 edx=925bf5e8 esi=7fff0000
edi=838ecd94
eip=81dfb394 esp=925bf560 ebp=925bf59c iopl=0 ov up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010a06
nt!SeCreateAccessStateEx+0x107:
81dfb394 8a06 mov al,byte ptr [esi]
ds:0023:7fff0000=??
Resetting default scope
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 81c2792c to 81cc5445
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
925bf0ac 81c2792c 0000008e c0000005 81dfb394 nt!KeBugCheckEx+0x1e
925bf47c 81c4f09a 925bf498 00000000 925bf4ec nt!KeFlushQueuedDpcs+0xd4f
925bf50c 851515a5 851548c7 00000000 00000000 nt!Kei386EoiHelper+0x1d2
925bf59c 81dec8f9 00000000 838fc201 838fc201 Ntfs+0xc5a5
925bf5f4 81e62c67 925bfb18 00000000 838fc201 nt!ObOpenObjectByName+0xa3
925bf74c 81e67eab 00000021 838fc201 925bf778
nt!IoFastQueryNetworkAttributes+0x13c
925bf7bc 81de8f9f 838fc201 925b43c0 838fc304
nt!NtSetVolumeInformationFile+0x56a
925bf880 81dfac75 8417ae20 00000000 838fc260
nt!ObReferenceObjectByHandle+0x21b4
925bf910 81dec992 00000000 925bf968 00000640
nt!PsAssignImpersonationToken+0x1985
925bf974 81e11f52 925bfb18 00000000 00000000 nt!ObOpenObjectByName+0x13c
925bf9e8 81e39891 925bfb50 00000021 925bfb18 nt!IoCheckShareAccessEx+0x102c
925bfa34 81c4e4b7 925bfb50 00000021 925bfb18 nt!NtCreateFile+0x34
925bfa68 81c4beed badb0d00 925bfae0 91ae35e0 nt!ZwQueryLicenseValue+0xbff
925bfb3c 925510ce 925bfb84 00000000 00000001 nt!ZwCreateFile+0x11
925bfba0 92528f38 91a46948 00000000 00000001 HTTP+0x370ce
925bfc54 925513f1 91a46938 91a46938 0000009e HTTP+0xef38
925bfc90 925291e2 925bfcbc 91a4693c 925291e2 HTTP+0x373f1
925bfcac 92529247 91a46938 91a46938 009e0046 HTTP+0xf1e2
925bfcc4 92529290 9976004e 933b2f28 83883000 HTTP+0xf247
925bfce0 9255e002 933b2f28 83526a38 83883000 HTTP+0xf290
925bfd00 92522f42 83883000 8352f008 925bfd54 HTTP+0x44002
925bfd10 92523594 83526a38 83883000 00000000 HTTP+0x8f42
925bfd54 9253f1ef 0052f018 00000000 8b7eb7c0 HTTP+0x9594
925bfd7c 81dcf91d 8b7ea828 925b4680 00000000 HTTP+0x251ef
925bfdc0 81cb091e 9253f035 8b7ea828 00000000
nt!ObReferenceSecurityDescriptor+0x25c
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x2ab
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP+370ce
925510ce 807d1001 cmp byte ptr [ebp+10h],1
SYMBOL_STACK_INDEX: e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: HTTP.sys
SYMBOL_NAME: HTTP+370ce
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner