HawkAgent Posted April 10, 2007 Author Share Posted April 10, 2007 (edited) Try this:1. Install the "Debugging Tools for Windows" from http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx2. Create the directory C:\websymbols3. Create the "_NT_SYMBOL_PATH" System environment variable (not user!), and set it equal to:SRV*c:\websymbols*http://msdl.microsoft.com/download/symbolsMore information on the _NT_SYMBOL_PATH environment variable can be found at:311503: Use the Microsoft Symbol Server to obtain debug symbol fileshttp://support.microsoft.com/kb/311503/EN-US/4. Create the directory C:\adplus5. Open a command prompt and change to the directory where you installed the debugging tools. By default, this is "C:\Program Files\Debugging Tools for Windows"6. Type the following command in the command prompt, then press ENTER:gflags7. Click the "image file" tab8. Type the application executable name of the application that is crashing, then press the TAB key9. Click the "Show loader snaps" box, then click OK10. Open the application that is crashing11. Type the following command in the command prompt, then press ENTER:cscript adplus.vbs -crash -pn application.exe -o c:\adplus- (change application.exe to the application executable name of the application that is crashing)12. Do not interfere with the minimized cdb.exe window that is opened, let it run minimized - it is the debugger, and closing it would stop our debug session.Now, try to crash the application - the next time it crashes, it should create at least one .dmp file in C:\adplus, as well as some logs - compress those, and we can tell you where to upload them for review. This should help us figure out why your application is crashing.Ok I followed the steps. Some steps weren't 100% clear:for "8. Type the application executable name of the application that is crashing, then press the TAB key" I filled the whole path of Media Player Classic: "C:\Program Files\Media Player Classic\mplayerc.exe" (inclusive quotes)10. Open the application that is crashing; Should the app crash now? On this step I just opened the avi and let media player classic crashstep 11; I opened a new cmd because the first one won't let me typ ("gflags" is still running)I ran "cscript adplus.vbs -crash -pn mplayerc.exe -o c:\adplus" twice, I don't know why but the first log is 37kb, the second is 108mb. First crash log: See belowSecond crash log: Download here: http://www.mytempdir.com/1290236_FIRST_Crash_Mode__Date_04_10_2007__Time_20_21_37PM.zip Edited April 10, 2007 by HawkAgent Link to comment Share on other sites More sharing options...
HawkAgent Posted April 13, 2007 Author Share Posted April 13, 2007 Anyone? Link to comment Share on other sites More sharing options...
cluberti Posted April 13, 2007 Share Posted April 13, 2007 Give me some time man - just downloading the files now. Link to comment Share on other sites More sharing options...
Innocent Devil Posted April 13, 2007 Share Posted April 13, 2007 try /NoExecute=alwaysOff in boot.ini Link to comment Share on other sites More sharing options...
cluberti Posted April 13, 2007 Share Posted April 13, 2007 ffdshow.ax codec is causing it - not sure why, but it's causing it while doing a load or unload of a .dll in support of the codec when the issue occurred:0:002> ~*kvn 0 Id: e40.e18 Suspend: 1 Teb: 7ffde000 Unfrozen # ChildEBP RetAddr Args to Child 00 0013fec0 77d491ce 77d49201 0018f868 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 0013fee0 0060ecf5 0018f868 00000000 00000000 user32!NtUserGetMessage+0xcWARNING: Stack unwind information not available. Following frames may be wrong.02 00000000 00000000 00000000 00000000 00000000 mplayerc+0x20ecf5 1 Id: e40.eb0 Suspend: 1 Teb: 7ffdd000 Unfrozen # ChildEBP RetAddr Args to Child 00 0186fe14 7c90e399 77e765d3 000001c4 0186ff74 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 0186fe18 77e765d3 000001c4 0186ff74 00000000 ntdll!NtReplyWaitReceivePortEx+0xc (FPO: [5,0,0])02 0186ff80 77e76c9f 0186ffa8 77e76ac1 001a4f38 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x12a (FPO: [Non-Fpo])03 0186ff88 77e76ac1 001a4f38 00000000 0013eec8 rpcrt4!RecvLotsaCallsWrapper+0xd (FPO: [Non-Fpo])04 0186ffa8 77e76c87 001a51e0 0186ffec 7c80b683 rpcrt4!BaseCachedThreadRoutine+0x79 (FPO: [Non-Fpo])05 0186ffb4 7c80b683 001a9458 00000000 0013eec8 rpcrt4!ThreadStartRoutine+0x1a (FPO: [Non-Fpo])06 0186ffec 00000000 77e76c6d 001a9458 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])# 2 Id: e40.cac Suspend: 1 Teb: 7ffdb000 Unfrozen # ChildEBP RetAddr Args to Child WARNING: Frame IP not in any known module. Following frames may be wrong.00 01a6f07c 0298ee46 00000004 01238920 0123892c 0x001 01a6f0a0 029969d9 01231044 0129312c 01a6f120 ffdshow!DllUnregisterServer+0x4742602 01a6f0c8 02a5fecf 00000008 02929dcb 01280f38 ffdshow!DllUnregisterServer+0x4efb903 01a6f0e8 02a5cdbb 00000000 029272f1 01238920 ffdshow!DllCanUnloadNow+0x9e2f04 01a6f164 02a58540 00000000 01a6f188 01234ee4 ffdshow!DllCanUnloadNow+0x6d1b05 01a6f220 004c1a28 01233c70 00000001 01a6f24c ffdshow!DllCanUnloadNow+0x24a006 01a6f260 00421843 00ec4dfc 01234ee4 00ec4e24 mplayerc+0xc1a2807 01a6f39c 00423045 00ec4dfc 01234ee4 00000000 mplayerc+0x2184308 01a6f40c 00421c16 00ec4dfc 01230f8c 00000000 mplayerc+0x2304509 01a6f554 00423045 00ec4dfc 0122e40c 00000000 mplayerc+0x21c160a 01a6f5c4 00421c16 00ec4dfc 0122bffc 00000000 mplayerc+0x230450b 01a6f70c 00423045 00ec4dfc 012288b4 00000000 mplayerc+0x21c160c 01a6f77c 00422281 00ec4dfc 0122879c 00000000 mplayerc+0x230450d 01a6f808 0044af5b 00ec4dfc 00ed2b58 00000000 mplayerc+0x222810e 01a6fab8 0044ee37 00ecb0f8 00ed30e8 0000c000 mplayerc+0x4af5b0f 01a6fe70 004561ea 00ed30e8 00000000 01a6ff68 mplayerc+0x4ee3710 01a6fe88 0060ea6b 00000000 00ed30e8 001b6048 mplayerc+0x561ea11 01a6ff74 0063d1d8 0013f428 e9228f30 00000000 mplayerc+0x20ea6b12 01a6ffac 0063d27d 00608e78 7c80b683 00ed6c78 mplayerc+0x23d1d813 01a6ffdc 7c839a0f 7c80b690 00000000 00000000 mplayerc+0x23d27d 3 Id: e40.b9c Suspend: 1 Teb: 7ffda000 Unfrozen # ChildEBP RetAddr Args to Child 00 01b7ff54 77d491ce 77d49201 01b7ff98 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 01b7ff74 7486ea96 01b7ff98 00000000 00000000 user32!NtUserGetMessage+0xc02 01b7ffb4 7c80b683 00000000 7c913288 00000000 quartz!ObjectThread+0x47 (FPO: [Non-Fpo])03 01b7ffec 00000000 7486ea4f 000000b8 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo]) 4 Id: e40.280 Suspend: 1 Teb: 7ffd9000 Unfrozen # ChildEBP RetAddr Args to Child 00 01cefecc 7c90e9ab 7c8094e2 00000002 01cefef8 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 01cefed0 7c8094e2 00000002 01cefef8 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])02 01ceff6c 7c80a075 00000002 01ceffa4 00000000 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])03 01ceff88 72d2312a 00000002 01ceffa4 00000000 kernel32!WaitForMultipleObjects+0x18 (FPO: [Non-Fpo])04 01ceffb4 7c80b683 00000000 00000000 020a0014 wdmaud!MixerCallbackThread+0x42 (FPO: [Non-Fpo])05 01ceffec 00000000 72d230e8 00000000 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo]) 5 Id: e40.f2c Suspend: 1 Teb: 7ffd8000 Unfrozen # ChildEBP RetAddr Args to Child 00 0291ff04 7c90e9c0 7c8025cb 00000354 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 0291ff08 7c8025cb 00000354 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])02 0291ff6c 7c802532 00000354 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])03 0291ff80 74827d84 00000354 ffffffff 0291ffb4 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])04 0291ff90 7482a183 ffffffff 0122e94c 7482a154 quartz!CAMEvent::Wait+0x10 (FPO: [Non-Fpo])05 0291ff9c 7482a154 00000000 7482a12f 0122c0d0 quartz!CAMThread::GetRequest+0xf (FPO: [0,0,0])06 0291ffa4 7482a12f 0122c0d0 01a6e774 0291ffec quartz!CImplReader_1Worker::ThreadProc+0xc (FPO: [0,0,0])07 0291ffb4 7c80b683 0122e94c 0122c0d0 01a6e774 quartz!CAMThread::InitialThreadProc+0x15 (FPO: [Non-Fpo])08 0291ffec 00000000 7482a11a 0122e94c 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo]) 6 Id: e40.988 Suspend: 1 Teb: 7ffd7000 Unfrozen # ChildEBP RetAddr Args to Child 00 02bcfe14 7c90e399 77e765d3 000001c4 02bcff74 ntdll!KiFastSystemCallRet (FPO: [0,0,0])01 02bcfe18 77e765d3 000001c4 02bcff74 00000000 ntdll!NtReplyWaitReceivePortEx+0xc (FPO: [5,0,0])02 02bcff80 77e76c9f 02bcffa8 77e76ac1 001a4f38 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x12a (FPO: [Non-Fpo])03 02bcff88 77e76ac1 001a4f38 00110010 7c808f8e rpcrt4!RecvLotsaCallsWrapper+0xd (FPO: [Non-Fpo])04 02bcffa8 77e76c87 001a51e0 02bcffec 7c80b683 rpcrt4!BaseCachedThreadRoutine+0x79 (FPO: [Non-Fpo])05 02bcffb4 7c80b683 001e8880 00110010 7c808f8e rpcrt4!ThreadStartRoutine+0x1a (FPO: [Non-Fpo])06 02bcffec 00000000 77e76c6d 001e8880 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])0:002> ~2seax=01238920 ebx=00000000 ecx=01228670 edx=01236fa0 esi=01280f38 edi=0129312ceip=00000000 esp=01a6f080 ebp=012930a8 iopl=0 nv up ei pl nz na po nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=0020020200000000 ?? ???0:002> kvn # ChildEBP RetAddr Args to Child WARNING: Frame IP not in any known module. Following frames may be wrong.00 01a6f07c 0298ee46 00000004 01238920 0123892c 0x001 01a6f0a0 029969d9 01231044 0129312c 01a6f120 ffdshow!DllUnregisterServer+0x4742602 01a6f0c8 02a5fecf 00000008 02929dcb 01280f38 ffdshow!DllUnregisterServer+0x4efb903 01a6f0e8 02a5cdbb 00000000 029272f1 01238920 ffdshow!DllCanUnloadNow+0x9e2f04 01a6f164 02a58540 00000000 01a6f188 01234ee4 ffdshow!DllCanUnloadNow+0x6d1b05 01a6f220 004c1a28 01233c70 00000001 01a6f24c ffdshow!DllCanUnloadNow+0x24a006 01a6f260 00421843 00ec4dfc 01234ee4 00ec4e24 mplayerc+0xc1a2807 01a6f39c 00423045 00ec4dfc 01234ee4 00000000 mplayerc+0x2184308 01a6f40c 00421c16 00ec4dfc 01230f8c 00000000 mplayerc+0x2304509 01a6f554 00423045 00ec4dfc 0122e40c 00000000 mplayerc+0x21c160a 01a6f5c4 00421c16 00ec4dfc 0122bffc 00000000 mplayerc+0x230450b 01a6f70c 00423045 00ec4dfc 012288b4 00000000 mplayerc+0x21c160c 01a6f77c 00422281 00ec4dfc 0122879c 00000000 mplayerc+0x230450d 01a6f808 0044af5b 00ec4dfc 00ed2b58 00000000 mplayerc+0x222810e 01a6fab8 0044ee37 00ecb0f8 00ed30e8 0000c000 mplayerc+0x4af5b0f 01a6fe70 004561ea 00ed30e8 00000000 01a6ff68 mplayerc+0x4ee3710 01a6fe88 0060ea6b 00000000 00ed30e8 001b6048 mplayerc+0x561ea11 01a6ff74 0063d1d8 0013f428 e9228f30 00000000 mplayerc+0x20ea6b12 01a6ffac 0063d27d 00608e78 7c80b683 00ed6c78 mplayerc+0x23d1d813 01a6ffdc 7c839a0f 7c80b690 00000000 00000000 mplayerc+0x23d27d0:002> dc 0123104401231044 02a67fa8 00004501 ff800001 00000000 .....E..........01231054 00000000 00000000 00000000 00000000 ................01231064 00000000 00000000 00000000 00000000 ................01231074 00000000 5c3a4500 6e776f44 64616f6c .....E:\Download01231084 6c415c73 65657a69 206e6520 636e6f63 s\Alizee en conc01231094 5c747265 69766f6d 76612e65 00000069 ert\movie.avi...012310a4 000044d0 00004540 33797437 00000000 .D..@E..7ty3....012310b4 000044d0 00005300 73647561 00100000 .D...S..auds....0:002> dps 01a6f07c01a6f07c 0000000001a6f080 0298ee46 ffdshow!DllUnregisterServer+0x4742601a6f084 0000000401a6f088 0123892001a6f08c 0123892c01a6f090 0000000001a6f094 01280f3801a6f098 01a6f0c801a6f09c 02a5f658 ffdshow!DllCanUnloadNow+0x95b801a6f0a0 0000000801a6f0a4 029969d9 ffdshow!DllUnregisterServer+0x4efb901a6f0a8 0123104401a6f0ac 0129312c01a6f0b0 01a6f12001a6f0b4 0123154001a6f0b8 01230f8001a6f0bc 01a6f12401a6f0c0 01a6f0d001a6f0c4 0123892001a6f0c8 01a6f0e801a6f0cc 02a5fecf ffdshow!DllCanUnloadNow+0x9e2f01a6f0d0 0000000801a6f0d4 02929dcb ffdshow+0x9dcb01a6f0d8 01280f3801a6f0dc 01234ee401a6f0e0 0000000001a6f0e4 0000000101a6f0e8 01a6f15c01a6f0ec 02a5cdbb ffdshow!DllCanUnloadNow+0x6d1b01a6f0f0 0000000001a6f0f4 029272f1 ffdshow+0x72f101a6f0f8 01238920 Link to comment Share on other sites More sharing options...
RJARRRPCGP Posted April 13, 2007 Share Posted April 13, 2007 (edited) HiI've always played some avi file called movie.avi without problems. But recently Data Execution Prevention starts closing eplorer.exeThat's a confirmed issue with Athlon 64-based processors and Winpooch, if Winpooch intercepts a command. DEP probably won't get triggered if Winpooch didn't block any requests.If you have the above configuration, DEP has been known to close Explorer.exe or another legit Windows component! Edited April 13, 2007 by RJARRRPCGP Link to comment Share on other sites More sharing options...
HawkAgent Posted April 14, 2007 Author Share Posted April 14, 2007 try /NoExecute=alwaysOff in boot.iniAlready tried this, no luck thoffdshow.ax codec is causing it - not sure why, but it's causing it while doing a load or unload of a .dll in support of the codec when the issue occurred:So I gotta remove this codec?HiI've always played some avi file called movie.avi without problems. But recently Data Execution Prevention starts closing eplorer.exeThat's a confirmed issue with Athlon 64-based processors and Winpooch, if Winpooch intercepts a command. DEP probably won't get triggered if Winpooch didn't block any requests.If you have the above configuration, DEP has been known to close Explorer.exe or another legit Windows component!My processor is an Intel, and I never used Winpooch Link to comment Share on other sites More sharing options...
nitroshift Posted April 14, 2007 Share Posted April 14, 2007 So I gotta remove this codec?Uninstall it, download a newer package and install that. Link to comment Share on other sites More sharing options...
HawkAgent Posted April 16, 2007 Author Share Posted April 16, 2007 So I gotta remove this codec?Uninstall it, download a newer package and install that.I have done that. The avi now can be played by media player classic, but it doesn't play the video, only the audio. But it still plays normally with nero showtime...Seems like this time it's a codec problem? Though I just uninstalled the codec pack cccp (http://www.cccp-project.net/) and downloaded the new one. I don't have other codec packs installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now