WMI Crashes - Server 2003

Hello all,

Specs: Windows Server 2003 for Small Business SP2
3 GB RAM
Intel Xeon E5420 @ 2.5

Problem: wmiprvse.exe crashes every day 2-3 times a day.

Event ID:1004 is logged repeatedly which I know is a generic error and not very helpful but here it is anyways:

Reporting queued error: faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcrt.dll, version 7.0.3790.3959, fault address 0x00038efa

Loaded Mdump  into WinDbg loaded symbols etc.

WinDbg shows the following and I hope someone can be so kind and review and let me know what is causing this.

: FAULTING_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77bd8efa (msvcrt!wcslen+0x00000008)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 006e3000
Attempt to read from address 006e3000

CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=80070000 ecx=c0000005 edx=00000000 esi=00000208 edi=00000000
eip=7c82845c esp=00cc99d4 ebp=00cc9a44 iopl=0         nv up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297
ntdll!KiFastSystemCallRet:
7c82845c c3              ret

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  wmiprvse.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  006e3000

READ_ADDRESS:  006e3000

FOLLOWUP_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

NTGLOBALFLAG:  0

APP:  wmiprvse.exe

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from 7d0e40f1 to 77bd8efa

FAULTING_THREAD:  00001f90

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

STACK_TEXT:  
00ccf3d0 77bd8efa msvcrt!wcslen+0x8
00ccf3d8 7d0e40f1 oleaut32!SysAllocString+0x18
00ccf3e4 5b7ac834 stdprov!GetStr+0x7b
00ccf424 5b7ad48d stdprov!CImpReg::MethodAsync+0x4f3
00ccf4ac 5b7a6f25 stdprov!CImpDyn::ExecMethodAsync+0x22
00ccf4cc 01019e6d wmiprvse!CInterceptor_IWbemSyncProvider::Helper_ExecMethodAsync+0x16e
00ccf518 0101a002 wmiprvse!CInterceptor_IWbemSyncProvider::ExecMethodAsync+0x72
00ccf560 77c80365 rpcrt4!Invoke+0x30
00ccf590 77ce43e1 rpcrt4!NdrStubCall2+0x299
00ccf998 77ce3ed5 rpcrt4!CStdStubBuffer_Invoke+0xc6
00ccf9f0 7557e67e fastprox!CBaseStublet::Invoke+0x22
00ccfa04 7778d01b ole32!SyncStubInvoke+0x37
00ccfa48 7778cfc8 ole32!StubInvoke+0xa7
00ccfa90 776c121b ole32!CCtxComChnl::ContextInvoke+0xec
00ccfb6c 776c0c05 ole32!MTAInvoke+0x1a
00ccfb88 7778d2a7 ole32!AppInvoke+0xa3
00ccfbb8 7778cd66 ole32!ComInvokeWithLockAndIPID+0x2c5
00ccfc8c 7778d2c6 ole32!ThreadInvoke+0x2e3
00ccfcd8 77c8014a rpcrt4!DispatchToStubInCNoAvrf+0x38
00ccfd0c 77c805ff rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x11f
00ccfd60 77c80525 rpcrt4!RPC_INTERFACE::DispatchToStub+0xa3
00ccfd84 77c7e294 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0xc0
00ccfdc4 77c7e240 rpcrt4!LRPC_SCALL::DealWithRequestMessage+0x41e
00ccfe04 77c814c2 rpcrt4!LRPC_ADDRESS::DealWithLRPCRequest+0x127
00ccfe28 77c88858 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x430
00ccff8c 77c88972 rpcrt4!RecvLotsaCallsWrapper+0xd
00ccff94 77c8890d rpcrt4!BaseCachedThreadRoutine+0x9d
00ccffb4 77c7b2ab rpcrt4!ThreadStartRoutine+0x1b
00ccffc0 77e6482f kernel32!BaseThreadStart+0x34


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  msvcrt!wcslen+8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcrt

IMAGE_NAME:  msvcrt.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  45d70b06

STACK_COMMAND:  .ecxr ; kb ; dps ccf3d0 ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_msvcrt.dll!wcslen

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_msvcrt!wcslen+8

WATSON_IBUCKET:  1231062341

WATSON_IBUCKETTABLE:  1

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_msvcrt.dll!wcslen

FAILURE_ID_HASH:  {4c9a3dd7-6f5e-c94c-e77d-a4d2646a6117}

Followup: MachineOwner
---------

Thanks
Ironside.
IronsideSecurityAsked:
Who is Participating?
 
Dhiraj MuthaLevel DCommented:
Please read this post - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24907482.html

Also do let us know, when does these errors come, when you are doing something?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.