|
Procmon hanging Windows 2008 |
Post Reply 
|
| Author | |
jon12345 
Newbie 
Joined: 12 August 2008 Status: Offline Points: 16 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Procmon hanging Windows 2008Posted: 12 August 2008 at 1:35am |
|
- Running windows 2008 x64
- Windows hangs as soon as procmon comes up. No events are shown on the status bar. Mouse movement and Ctrl-Alt-Del do nothing. Can only do a hard reboot from here. - I know that Win2k8 is not supported, however others at my workplace can run procmon on Win2k8 fine - Uninstalled all anti-virus s/w. - Using process explorer, the only non-Microsoft files listed under "System" process are: dump_dumpata.sys, dump_atapi.sys, procexp111.sys, atikmdag.sys, e1e6032e.sys - I've upgraded atikmdag.sys and e1e6032e.sys to the latest drivers - There are no non-microsoft services running (according to msconfig) - I tried to attach visual studio debugger (from another PC) to procmon.exe and procmon64.exe, but it couldn't attach to these processes Any ideas what else I can do to track this down? |
|
 |
|
|
molotov
Moderator Group 
Joined: 04 October 2006 Status: Offline Points: 17506 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 August 2008 at 1:57am |
|
Hi jon12345,
No Server 2008 or x64 here, but...
 AFAIK, it is quite likely that the intent is for Procmon to function on Server 2008 x64...
What version of Procmon are you using? Ensure you're using the latest version, 1.37.
Similar hardware? What version of Procmon are the others using?
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
jon12345
Newbie
Joined: 12 August 2008 Status: Offline Points: 16 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 August 2008 at 2:23am |
|
Thanks for the fast response.
I've tried versions 1.35 and 1.37 of procmon, same result. Others at my work are using 1.35. We're all running Dell Optiplex 755. Obviously something is different with my install, but I've no idea what. Would it be worth grabbing a memory dump after it hangs? How would I do that? |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Status: Offline Points: 17506 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 August 2008 at 2:28am |
|
You could try getting a memory dump via CrashOnCtrlScroll. Also, you'd probably want to ensure the system is configured to generate a kernel memory dump. If your intention is to upload the dump file somewhere for others to analyze, I'd suggest negotiating this privately. (And finally, no guarantees...
)
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
jon12345
Newbie
Joined: 12 August 2008 Status: Offline Points: 16 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 August 2008 at 1:26am |
|
Hi, I added CrashOnCtrlScroll (=1) to these registry keys (I have a USB keyboard) and rebooted, but nothing happens when I press CTRL+SCROLL LOCK+SCROLL LOCK to test it :(
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters I must be missing something. Additionally, running procmon in a Hyper-V virtual computer in the same box works fine. Not sure if this proves anything, other than the hardware can support it. |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Status: Offline Points: 17506 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 August 2008 at 1:31am |
|
Are you using the CTRL key on the right-hand side?
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
jon12345
Newbie
Joined: 12 August 2008 Status: Offline Points: 16 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 August 2008 at 5:07am |
|
Yes, used the right CTRL key but it didn't work. Seems like others have had this problem on Win2k8 too: http://www.osronline.com/showThread.CFM?link=127366
In any case, I tracked the problem down to the display driver. Disabling atikmdag.sys (ATI Radeon Kernel Mode Driver) with Autoruns and rebooting means procmon can run. I have an ATI Radeon HD 2400 XT. Using either the latest Dell drivers (8.49-080409a-063305C-Dell) or the latest ATI drivers don't help. Any ideas what I can do? I'd rather keep the ATI driver installed if possible. |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Status: Offline Points: 17506 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 August 2008 at 11:33am |
|
Hmm, interesting... Doron's saying the feature is there and should still function the same, but others are unable to get it to work...
Good work - this is the first time that I can recall that a display driver would appear to be affecting Procmon in this fashion...
In all the cases I've seen where some software interferes with Procmon, usually the only option is to make a choice between Procmon and the other software. I understand that with this being the video driver, you really don't have a choice...
I suppose you might consider changing various video settings, to see if perhaps it has an impact on the problem. But it would be more "trial and error" than anything...
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
jon12345
Newbie
Joined: 12 August 2008 Status: Offline Points: 16 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 November 2009 at 3:59am |
|
Just a quick note to say procmon 2.8 fixes this issue. Woohoo!
|
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options
however others at my workplace can run procmon on Win2k8 fine