Solved

WMI Crashes - Server 2003

Posted on 2013-11-06
1
164 Views
Last Modified: 2015-04-30
Hello all,

Specs: Windows Server 2003 for Small Business SP2
3 GB RAM
Intel Xeon E5420 @ 2.5

Problem: wmiprvse.exe crashes every day 2-3 times a day.

Event ID:1004 is logged repeatedly which I know is a generic error and not very helpful but here it is anyways:

Reporting queued error: faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcrt.dll, version 7.0.3790.3959, fault address 0x00038efa

Loaded Mdump  into WinDbg loaded symbols etc.

WinDbg shows the following and I hope someone can be so kind and review and let me know what is causing this.

: FAULTING_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77bd8efa (msvcrt!wcslen+0x00000008)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 006e3000
Attempt to read from address 006e3000

CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=80070000 ecx=c0000005 edx=00000000 esi=00000208 edi=00000000
eip=7c82845c esp=00cc99d4 ebp=00cc9a44 iopl=0         nv up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297
ntdll!KiFastSystemCallRet:
7c82845c c3              ret

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  wmiprvse.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  006e3000

READ_ADDRESS:  006e3000

FOLLOWUP_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

NTGLOBALFLAG:  0

APP:  wmiprvse.exe

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from 7d0e40f1 to 77bd8efa

FAULTING_THREAD:  00001f90

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

STACK_TEXT:  
00ccf3d0 77bd8efa msvcrt!wcslen+0x8
00ccf3d8 7d0e40f1 oleaut32!SysAllocString+0x18
00ccf3e4 5b7ac834 stdprov!GetStr+0x7b
00ccf424 5b7ad48d stdprov!CImpReg::MethodAsync+0x4f3
00ccf4ac 5b7a6f25 stdprov!CImpDyn::ExecMethodAsync+0x22
00ccf4cc 01019e6d wmiprvse!CInterceptor_IWbemSyncProvider::Helper_ExecMethodAsync+0x16e
00ccf518 0101a002 wmiprvse!CInterceptor_IWbemSyncProvider::ExecMethodAsync+0x72
00ccf560 77c80365 rpcrt4!Invoke+0x30
00ccf590 77ce43e1 rpcrt4!NdrStubCall2+0x299
00ccf998 77ce3ed5 rpcrt4!CStdStubBuffer_Invoke+0xc6
00ccf9f0 7557e67e fastprox!CBaseStublet::Invoke+0x22
00ccfa04 7778d01b ole32!SyncStubInvoke+0x37
00ccfa48 7778cfc8 ole32!StubInvoke+0xa7
00ccfa90 776c121b ole32!CCtxComChnl::ContextInvoke+0xec
00ccfb6c 776c0c05 ole32!MTAInvoke+0x1a
00ccfb88 7778d2a7 ole32!AppInvoke+0xa3
00ccfbb8 7778cd66 ole32!ComInvokeWithLockAndIPID+0x2c5
00ccfc8c 7778d2c6 ole32!ThreadInvoke+0x2e3
00ccfcd8 77c8014a rpcrt4!DispatchToStubInCNoAvrf+0x38
00ccfd0c 77c805ff rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x11f
00ccfd60 77c80525 rpcrt4!RPC_INTERFACE::DispatchToStub+0xa3
00ccfd84 77c7e294 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0xc0
00ccfdc4 77c7e240 rpcrt4!LRPC_SCALL::DealWithRequestMessage+0x41e
00ccfe04 77c814c2 rpcrt4!LRPC_ADDRESS::DealWithLRPCRequest+0x127
00ccfe28 77c88858 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x430
00ccff8c 77c88972 rpcrt4!RecvLotsaCallsWrapper+0xd
00ccff94 77c8890d rpcrt4!BaseCachedThreadRoutine+0x9d
00ccffb4 77c7b2ab rpcrt4!ThreadStartRoutine+0x1b
00ccffc0 77e6482f kernel32!BaseThreadStart+0x34


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  msvcrt!wcslen+8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcrt

IMAGE_NAME:  msvcrt.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  45d70b06

STACK_COMMAND:  .ecxr ; kb ; dps ccf3d0 ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_msvcrt.dll!wcslen

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_msvcrt!wcslen+8

WATSON_IBUCKET:  1231062341

WATSON_IBUCKETTABLE:  1

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_msvcrt.dll!wcslen

FAILURE_ID_HASH:  {4c9a3dd7-6f5e-c94c-e77d-a4d2646a6117}

Followup: MachineOwner
---------

Thanks
Ironside.
0
Comment
Question by:IronsideSecurity
1 Comment
 
LVL 14

Accepted Solution

by:
Dhiraj Mutha earned 500 total points
Comment Utility
Please read this post - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24907482.html

Also do let us know, when does these errors come, when you are doing something?
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now