Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Explorer
  New Posts New Posts RSS Feed - ** Process Explorer Bugs **
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

** Process Explorer Bugs **

 Post Reply Post Reply Page  <1 7273747576 83>
Author
Message
sysfool View Drop Down
Newbie
Newbie


Joined: 28 January 2010
Location: New Zealand
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote sysfool Quote  Post ReplyReply Direct Link To This Post Posted: 10 April 2014 at 12:17am
Process Explorer v16.02.

After viewing a .NET console process' thread stack for the main thread, the thread was left suspended.

Confirmed with WinDbg that the relevant thread suspend count was 2 (after breaking in). All other threads had a suspend count of 1. Resuming the thread from WinDbg worked around the problem.

Back to Top
Scherrit View Drop Down
Newbie
Newbie
Avatar

Joined: 20 May 2010
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote Scherrit Quote  Post ReplyReply Direct Link To This Post Posted: 19 May 2014 at 6:49am
Using Process Explorer v15.4 and Handle 3.51:

9: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa81b7e79970, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: fffffa823295ece8, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.

Debugging Details:
------------------

Page 8fb033 not present in the dump file. Type ".hh dbgerr004" for details

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x18

PROCESS_NAME:  handle64.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80001c6ae14 to fffff80001cc4bc0

STACK_TEXT:  
fffff880`0b8b5428 fffff800`01c6ae14 : 00000000`00000018 00000000`00000000 fffffa81`b7e79970 00000000`00000002 : nt!KeBugCheckEx
fffff880`0b8b5430 fffff800`01f9b76c : fffff880`0b8b5ca0 fffffa81`b7e79940 00000000`00000001 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x48de1
fffff880`0b8b5490 fffff800`01fa36be : fffffa81`b7e799d0 fffffa80`c83d9044 00000000`00000800 fffff880`0b8b5600 : nt!ObpQueryNameString+0x47c
fffff880`0b8b5590 fffff880`0d47c151 : fffffa80`c7f04a10 fffff800`01f9d9c5 00000009`00000000 fffff800`00000000 : nt!ObQueryNameString+0xe
fffff880`0b8b55d0 fffff880`0d47cdc6 : fffff880`0b8b5c01 fffffa82`3296c130 fffffa80`c83d9044 fffff800`00000800 : PROCEXP152+0x1151
fffff880`0b8b5630 fffff880`0d47dce9 : 00000000`00000001 fffffa80`c83d9040 fffffa80`c83d9040 fffffa81`3cd9b538 : PROCEXP152+0x1dc6
fffff880`0b8b5750 fffff880`0d47e2cd : fffffa80`c7f04a10 fffff800`01fd2101 fffffa80`c83d9040 00000000`00000020 : PROCEXP152+0x2ce9
fffff880`0b8b5940 fffff800`01fe13a7 : fffffa82`336af3e0 fffffa81`3cd9b500 fffffa81`3cd9b618 fffffa81`3cd9b500 : PROCEXP152+0x32cd
fffff880`0b8b5a10 fffff800`01fe1c06 : fffffa82`33025820 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0b8b5b40 fffff800`01cc3e53 : fffffa82`33025820 00000000`00000001 fffffa82`3369b060 fffff800`01fbbce4 : nt!NtDeviceIoControlFile+0x56
fffff880`0b8b5bb0 00000000`76f1132a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0012d348 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f1132a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
PROCEXP152+1151
fffff880`0d47c151 89442434        mov     dword ptr [rsp+34h],eax

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  PROCEXP152+1151

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: PROCEXP152

IMAGE_NAME:  PROCEXP152.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  50c7fe0b

FAILURE_BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_PROCEXP152+1151

BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_PROCEXP152+1151

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x18_corrupt_ref_count_procexp152+1151

FAILURE_ID_HASH:  {2829e833-e413-f3cd-bced-39e37ec9b41e}

Followup: MachineOwner
---------

9: kd> lmvm PROCEXP152
start             end                 module name
fffff880`0d47b000 fffff880`0d488000   PROCEXP152   (no symbols)           
    Loaded symbol image file: PROCEXP152.SYS
    Image path: \??\C:\Windows\system32\Drivers\PROCEXP152.SYS
    Image name: PROCEXP152.SYS
    Timestamp:        Wed Dec 12 05:46:19 2012 (50C7FE0B)
    CheckSum:         00010494
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4


Has anyone else experienced the same problems ? We have experienced multiple BSOD when performing a handle search using handle.exe.
Back to Top
Patrick Traill View Drop Down
Newbie
Newbie


Joined: 22 May 2014
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Patrick Traill Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2014 at 9:43pm
I also have this problem often enough to want it fixed, whether or not it is seen as a bug!
Sometimes I just forget to close the Process Properties, but sometimes I do close it (maybe with <Esc>) — in either case, I reckon Process Explorer should move over and let the Linker work.
I had the impression that MSW (like VMS, said to have inspired much of MSW NT) allows one to open a file and receive a notification if that access is blocking another process, so that one can close it without the other process noticing a problem.
(I believe the VMS technique involves receiving Asynchronous System Traps from the Distributed Lock Manager, but I’ve no idea if that is applicable here.)
Back to Top
Patrick Traill View Drop Down
Newbie
Newbie


Joined: 22 May 2014
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Patrick Traill Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2014 at 9:46pm
My previous Reply was meant to be to Process Explorer keeping an image open when MSVS wants to link a new version of it, but I cannot see the relationship between posts!
Back to Top
panoramic View Drop Down
Newbie
Newbie


Joined: 09 July 2014
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote panoramic Quote  Post ReplyReply Direct Link To This Post Posted: 09 July 2014 at 6:28am
Hi,

There's a bug related to the visual indicator, CPU tray icon not showing the correct number of pixels.

eg. 20% total CPU usage out of 14 pixel in tray icon should be round(.2*14) = 3 pixels.
Back to Top
snazy View Drop Down
Newbie
Newbie


Joined: 16 July 2014
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote snazy Quote  Post ReplyReply Direct Link To This Post Posted: 16 July 2014 at 2:02pm
Hi there,

Process Explorer v16.02 has a memory leak.

Upon start of PE, it consumes about 55MB - that's ok.
After a lot of processes have run (started and terminated) memory consumption raised to 120MB and does not decrease. This morning I restarted PE because it consumed >500MB.
It's non a Handle leak (neither handle, GDI handle nor user handle) - they seem to be cleaned up.

It can be reproduced as follows:
* Machine: Intel Core i5, Windows 7 Enterprise
* Run (the same) process a lot of times. For example if a lot of "git" or "svn" processes are ran by an IDE or from a script.
* PE-View is the "tree" view including the columns process, pid, user name, CPU, priv bytes, working set, CPU history, IO history, description, company name, threads
* The leak seems to appear "faster" when these "temporary" processes are immediatly "rendered" in the tree view.

Robert
Back to Top
m-p{3} View Drop Down
Newbie
Newbie
Avatar

Joined: 07 August 2014
Location: Canada
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote m-p{3} Quote  Post ReplyReply Direct Link To This Post Posted: 07 August 2014 at 4:46am
It seems to be impossible to correctly view the stats of more than 17 GPU engines in Process Explorer 16.02.

I currently have an AMD Radeon HD 7950, and here's what I see when I want to view the GPU usage of all the engines.


If I try to drag a corner of the window to expand its size, same problem.
Back to Top
Gerby View Drop Down
Newbie
Newbie


Joined: 01 February 2006
Location: Germany
Status: Offline
Points: 23
Post Options Post Options   Thanks (0) Thanks(0)   Quote Gerby Quote  Post ReplyReply Direct Link To This Post Posted: 13 August 2014 at 7:58am

Process Explorer 16.03
Windows 7 Ultimate, 32-bit, German

When starting PE on the 32-bit machine, nothing happens. Only the mouse cursor goes to waiting state for some seconds. However, I've found two related error entries in Windows' event log for applications (German, with some English translations, non-relevant information filtered):

Quote
Event Type: Error
Event Source: Application Error
Event Category: Anwendungsabsturzereignisse (application crash events)
Event ID: 1005

Description:
Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt.
Das Programm Sysinternals Process Explorer wurde wegen dieses Fehlers geschlossen.

The file "" cannot be accessed because of one of the following reasons:
There's a problem with the network connection,  with the data carrier containing the stored file, with the storage drivers installed on the computer, or the data carrier is missing.
The program Sysinternals Process Explorer was quit because of this error.


Quote
Event Type: Error
Event Source: Application Error
Event Category: Anwendungsabsturzereignisse  (application crash events)
Event ID: 1000

Description:
Name der fehlerhaften Anwendung: ProcExp.exe, Version: 16.3.0.0, Zeitstempel: 0x53de404d
Name des fehlerhaften Moduls: ProcExp.exe, Version: 16.3.0.0, Zeitstempel: 0x53de404d
Ausnahmecode: 0xc000001d
Fehleroffset: 0x000015e8
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0x01cfb6bf9a7d94fb
Pfad der fehlerhaften Anwendung: c:\Program Files\Sysinternals\ProcExp.exe
Pfad des fehlerhaften Moduls: c:\Program Files\Sysinternals\ProcExp.exe
Berichtskennung: d87ba1da-22b2-11e4-bfc5-0011d82e5c6a

Process Explorer 16.02 works just fine in the same environment. Furthermore, Process Explorer 16.03 actually runs ok on another computer with Windows 7 64-bit.

Greetings
Gerby

Back to Top
giove View Drop Down
Newbie
Newbie


Joined: 07 February 2014
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote giove Quote  Post ReplyReply Direct Link To This Post Posted: 13 August 2014 at 8:19am
Dear Sirs at Sysinternals.
There is a bug in the last versions of Process Explorer, including 16.03.
When I launch the "search online" function, my default browser (Firefox) shows the content of the \windows\system32\ folder, instead of looking into the net.
In my opinion that happens because my default browser is Firefox, that has separate input spaces for internet addresses (left side) and internet searches (right side). On the contrary, IE has a common input space for both addresses and searches.
Please note that the above bug is not present in Process Explorer 15.40 and below.
Thanks for your attention.
Giovanni
Back to Top
MagicAndre1981 View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 08 January 2007
Location: Germany
Status: Offline
Points: 3400
Post Options Post Options   Thanks (0) Thanks(0)   Quote MagicAndre1981 Quote  Post ReplyReply Direct Link To This Post Posted: 14 August 2014 at 5:09am
Originally posted by Gerby Gerby wrote:

Process Explorer 16.03
Windows 7 Ultimate, 32-bit, German

When starting PE on the 32-bit machine, nothing happens. Only the mouse cursor goes to waiting state for some seconds. However, I've found two related error entries in Windows' event log for applications



capture a crash dump with procdump (-ma switch to get full dumps) and send them to Mark:


http://blogs.technet.com/b/markrussinovich/contact.aspx



Edited by MagicAndre1981 - 27 August 2014 at 5:49pm
Back to Top
 Post Reply Post Reply Page  <1 7273747576 83>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.