Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\TEMP\CometSecSrvDrWatson\WER939b.dir00\CSecSrv.exe.hdmp] User Mini Dump File: Only registers, stack and portions of memory are available Symbol search path is: SRV*C:\Temp\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Version 3790 (Service Pack 2) UP Free x86 compatible Product: Server, suite: Enterprise TerminalServer SingleUserTS Machine Name: Debug session time: Thu Aug 6 09:16:28.000 2009 (GMT-4) System Uptime: not available Process Uptime: 3 days 19:22:14.000 .................................. This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (650.654): Access violation - code c0000005 (first/second chance not available) eax=00000000 ebx=80070000 ecx=c0000005 edx=00000000 esi=0000033c edi=00000000 eip=7c82860c esp=00127cd4 ebp=00127d44 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!KiFastSystemCallRet: 7c82860c c3 ret 0:000> .ecxr eax=00000001 ebx=0000000a ecx=00000001 edx=00000000 esi=00000002 edi=0012d804 eip=773941c0 esp=0012d6d4 ebp=0012d71c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 user32!wvsprintfA+0x245: 773941c0 8a10 mov dl,byte ptr [eax] ds:0023:00000001=?? 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** WARNING: Unable to verify checksum for CSecSrv.exe *** ERROR: Module load completed but symbols could not be loaded for CSecSrv.exe *** WARNING: Unable to verify checksum for MPIWIN32.DLL *** ERROR: Symbol file could not be found. Defaulted to export symbols for MPIWIN32.DLL - ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* FAULTING_IP: user32!wvsprintfA+245 773941c0 8a10 mov dl,byte ptr [eax] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 773941c0 (user32!wvsprintfA+0x00000245) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000001 Attempt to read from address 00000001 PROCESS_NAME: CSecSrv.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000001 READ_ADDRESS: 00000001 FOLLOWUP_IP: CSecSrv+a145 0040a145 8d9424b8000000 lea edx,[esp+0B8h] NTGLOBALFLAG: 0 FAULTING_THREAD: 00000654 BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_INVALID_POINTER_READ PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT LAST_CONTROL_TRANSFER: from 77394071 to 773941c0 STACK_TEXT: 0012d71c 77394071 0012d7f0 00419ee0 0012d740 user32!wvsprintfA+0x245 0012d730 0040a145 0012d7f0 00419ee0 00000001 user32!wsprintfA+0x14 WARNING: Stack unwind information not available. Following frames may be wrong. 0012d9cc 7c829cc2 00000008 00000001 00000000 CSecSrv+0xa145 0012d9e4 7c829de7 00000000 00000000 7c82af88 ntdll!RtlpQueryInformationActivationContextBasicInformation+0x70 0012da50 ffffffff 00000000 0012dea4 77e65083 ntdll!RtlQueryInformationActivationContext+0x30f 0012dab0 7c82c577 7c889740 7c82c549 00000000 0xffffffff 0012dd4c 00000000 0012eb60 00000001 00000002 ntdll!RtlpDosPathNameToRelativeNtPathName_Ustr+0x3d8 STACK_COMMAND: ~0s; .ecxr ; kb SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: CSecSrv+a145 FOLLOWUP_NAME: MachineOwner MODULE_NAME: CSecSrv IMAGE_NAME: CSecSrv.exe DEBUG_FLR_IMAGE_TIMESTAMP: 49d2ad08 FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_c0000005_CSecSrv.exe!Unknown BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_ONE_BIT_INVALID_POINTER_READ_CSecSrv+a145 WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/CSecSrv_exe/1_23_0_0/49d2ad08/user32_dll/5_2_3790_4033/45e7c676/c0000005/000141c0.htm?Retriage=1 Followup: MachineOwner --------- 0:000> .exr 0xffffffffffffffff ExceptionAddress: 773941c0 (user32!wvsprintfA+0x00000245) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000001 Attempt to read from address 00000001