Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed: ProcMon crashes on start
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

ProcMon crashes on start
 Post Reply Post Reply Page  123 5>
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
Mark View Drop Down
Admin Group
Admin Group


Joined: 04 June 2005
Location: United States
Online Status: Offline
Posts: 465 		Post Options Post Options   Quote Mark Quote  Post ReplyReply Direct Link To This Post Topic: ProcMon crashes on start
    Posted: 22 November 2006 at 2:23pm
This bug is fixed in 1.01. Please always download the latest before reporting a bug that may have already been addressed.
Back to Top
Chromix View Drop Down
Newbie
Newbie


Joined: 16 November 2006
Online Status: Offline
Posts: 1 		Post Options Post Options   Quote Chromix Quote  Post ReplyReply Direct Link To This Post Posted: 16 November 2006 at 5:34am
Originally posted by catch22

00454F4E   rep movs    dword ptr [edi],dword ptr [esi]
00454F50   jmp         dword ptr [edx*4+454FE4h]


ProcMon 1.0 crashed when I scrolled through the event list, while the system was under heavy load (capturing was disabled at that time).
Looks like its the same piece of code.

004542F7  TEST EDI,3
004542FD  JNZ SHORT Procmon.00454314
004542FF  SHR ECX,2
00454302  AND EDX,3
00454305  CMP ECX,8
00454308  JB SHORT Procmon.00454334
0045430A  REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
0045430C  JMP DWORD PTR DS:[EDX*4+454424]
00454313  NOP
00454314  MOV EAX,EDI

ECX=005758AA (decimal 5724330.)
DS:[ESI]=[3108FFFE]=???
ES:[EDI]=[32D09D80]=00000000



Edited by Chromix - 16 November 2006 at 5:35am
Back to Top
catch22 View Drop Down
Newbie
Newbie
Avatar

Joined: 13 November 2006
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote catch22 Quote  Post ReplyReply Direct Link To This Post Posted: 14 November 2006 at 7:05am
W2K UR1 
Back to Top
catch22 View Drop Down
Newbie
Newbie
Avatar

Joined: 13 November 2006
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote catch22 Quote  Post ReplyReply Direct Link To This Post Posted: 14 November 2006 at 7:02am
Hi,
no reboot but Procmon crashes after displaying the first process with an acess violation 0x0000005

PROCMON! 00454f4e()
PROCMON! 00426ecc()
PROCMON! 005c005c()

00454F4E   rep movs    dword ptr [edi],dword ptr [esi]
00454F50   jmp         dword ptr [edx*4+454FE4h]

EAX = 00000000 EBX = 3FB2D8E6
ECX = 3FFFA64F EDX = 00000002
ESI = 3FB43FFE EDI = 3FB43FA8
EIP = 00454F4E ESP = 03E3FCE0
EBP = 03E3FCE8 EFL = 00000206
Back to Top
sivsoft View Drop Down
Newbie
Newbie
Avatar

Joined: 10 November 2006
Location: Ukraine
Online Status: Offline
Posts: 14 		Post Options Post Options   Quote sivsoft Quote  Post ReplyReply Direct Link To This Post Posted: 14 November 2006 at 1:57am

2006-11-14_015517_mini111006.rar

This archive contains two minidumps created by my W2K on crash (instant reboot when pressing "agree" in license terms).
Back to Top
ziobystek View Drop Down
Newbie
Newbie
Avatar

Joined: 08 November 2006
Location: Italy
Online Status: Offline
Posts: 6 		Post Options Post Options   Quote ziobystek Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 2:01pm
Originally posted by Mark

The dump points at a problem with a 3-year old version of F-Secure's antivirus filter driver, FsFilter.sys. I suggest you update to a newer release.

0: kd> lm kv mfsfi*
start    end        module name
b73fa000 b7405d40   FSfilter   (export symbols)       FSfilter.sys
    Loaded symbol image file: FSfilter.sys
    Image path: \??\C:\Programmi\F-Secure\Anti-Virus\Win2K\FSfilter.sys
    Image name: FSfilter.sys
    Timestamp:        Fri Nov 14 06:51:47 2003 (3FB4EC03)
    CheckSum:         000112B7
    ImageSize:        0000BD40
    File version:     5.50.9460.0
    Product version:  5.50.9460.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0



ops...:D
thank you Mark!
Now I can stick my colleague....:)
Back to Top
MichaelHMartel View Drop Down
Newbie
Newbie


Joined: 12 November 2006
Location: United States
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote MichaelHMartel Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 9:44am
I posted earlier about Process Monitor not starting. I traced it back to the latest Version of PGP Desktop. 9.5.1 build 5177 (I think that's right). uninstalling PGP Desktop made the problem go away.

Neat!
Back to Top
Mark View Drop Down
Admin Group
Admin Group


Joined: 04 June 2005
Location: United States
Online Status: Offline
Posts: 465 		Post Options Post Options   Quote Mark Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 8:54am

The dump points at a problem with a 3-year old version of F-Secure's antivirus filter driver, FsFilter.sys. I suggest you update to a newer release.

0: kd> lm kv mfsfi*
start    end        module name
b73fa000 b7405d40   FSfilter   (export symbols)       FSfilter.sys
    Loaded symbol image file: FSfilter.sys
    Image path: \??\C:\Programmi\F-Secure\Anti-Virus\Win2K\FSfilter.sys
    Image name: FSfilter.sys
    Timestamp:        Fri Nov 14 06:51:47 2003 (3FB4EC03)
    CheckSum:         000112B7
    ImageSize:        0000BD40
    File version:     5.50.9460.0
    Product version:  5.50.9460.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
Back to Top
ziobystek View Drop Down
Newbie
Newbie
Avatar

Joined: 08 November 2006
Location: Italy
Online Status: Offline
Posts: 6 		Post Options Post Options   Quote ziobystek Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 3:17am
My test


and this is my kernel memory dump:
http://depositfiles.com/en/files/371054
Back to Top
MichaelHMartel View Drop Down
Newbie
Newbie


Joined: 12 November 2006
Location: United States
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote MichaelHMartel Quote  Post ReplyReply Direct Link To This Post Posted: 12 November 2006 at 6:13am
I'm seeing a similair problem, but not quite. I'm logged on as a normal user, and when I do a Run-As on Process Monitor to run it as an Administrator, it comes up, starts collecting and crashes. I'm running WinXP SP2. I downloaded the Test posted in this thread and it works.

C:\Documents and Settings\mhm06090\Desktop\2006-11-08_114622_test>test.exe
Time: 12:06:51 PM

Any other suggestions on things to try ?

Back to Top
 Post Reply Post Reply Page  123 5>

Forum Jump Forum Permissions View Drop Down