Link to home
Start Free TrialLog in
Avatar of IronsideSecurity
IronsideSecurityFlag for United States of America

asked on

WMI Crashes - Server 2003

Hello all,

Specs: Windows Server 2003 for Small Business SP2
3 GB RAM
Intel Xeon E5420 @ 2.5

Problem: wmiprvse.exe crashes every day 2-3 times a day.

Event ID:1004 is logged repeatedly which I know is a generic error and not very helpful but here it is anyways:

Reporting queued error: faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcrt.dll, version 7.0.3790.3959, fault address 0x00038efa

Loaded Mdump  into WinDbg loaded symbols etc.

WinDbg shows the following and I hope someone can be so kind and review and let me know what is causing this.

: FAULTING_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77bd8efa (msvcrt!wcslen+0x00000008)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 006e3000
Attempt to read from address 006e3000

CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=80070000 ecx=c0000005 edx=00000000 esi=00000208 edi=00000000
eip=7c82845c esp=00cc99d4 ebp=00cc9a44 iopl=0         nv up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297
ntdll!KiFastSystemCallRet:
7c82845c c3              ret

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  wmiprvse.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  006e3000

READ_ADDRESS:  006e3000

FOLLOWUP_IP:
msvcrt!wcslen+8
77bd8efa 668b08          mov     cx,word ptr [eax]

NTGLOBALFLAG:  0

APP:  wmiprvse.exe

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from 7d0e40f1 to 77bd8efa

FAULTING_THREAD:  00001f90

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

STACK_TEXT:  
00ccf3d0 77bd8efa msvcrt!wcslen+0x8
00ccf3d8 7d0e40f1 oleaut32!SysAllocString+0x18
00ccf3e4 5b7ac834 stdprov!GetStr+0x7b
00ccf424 5b7ad48d stdprov!CImpReg::MethodAsync+0x4f3
00ccf4ac 5b7a6f25 stdprov!CImpDyn::ExecMethodAsync+0x22
00ccf4cc 01019e6d wmiprvse!CInterceptor_IWbemSyncProvider::Helper_ExecMethodAsync+0x16e
00ccf518 0101a002 wmiprvse!CInterceptor_IWbemSyncProvider::ExecMethodAsync+0x72
00ccf560 77c80365 rpcrt4!Invoke+0x30
00ccf590 77ce43e1 rpcrt4!NdrStubCall2+0x299
00ccf998 77ce3ed5 rpcrt4!CStdStubBuffer_Invoke+0xc6
00ccf9f0 7557e67e fastprox!CBaseStublet::Invoke+0x22
00ccfa04 7778d01b ole32!SyncStubInvoke+0x37
00ccfa48 7778cfc8 ole32!StubInvoke+0xa7
00ccfa90 776c121b ole32!CCtxComChnl::ContextInvoke+0xec
00ccfb6c 776c0c05 ole32!MTAInvoke+0x1a
00ccfb88 7778d2a7 ole32!AppInvoke+0xa3
00ccfbb8 7778cd66 ole32!ComInvokeWithLockAndIPID+0x2c5
00ccfc8c 7778d2c6 ole32!ThreadInvoke+0x2e3
00ccfcd8 77c8014a rpcrt4!DispatchToStubInCNoAvrf+0x38
00ccfd0c 77c805ff rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x11f
00ccfd60 77c80525 rpcrt4!RPC_INTERFACE::DispatchToStub+0xa3
00ccfd84 77c7e294 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0xc0
00ccfdc4 77c7e240 rpcrt4!LRPC_SCALL::DealWithRequestMessage+0x41e
00ccfe04 77c814c2 rpcrt4!LRPC_ADDRESS::DealWithLRPCRequest+0x127
00ccfe28 77c88858 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x430
00ccff8c 77c88972 rpcrt4!RecvLotsaCallsWrapper+0xd
00ccff94 77c8890d rpcrt4!BaseCachedThreadRoutine+0x9d
00ccffb4 77c7b2ab rpcrt4!ThreadStartRoutine+0x1b
00ccffc0 77e6482f kernel32!BaseThreadStart+0x34


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  msvcrt!wcslen+8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcrt

IMAGE_NAME:  msvcrt.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  45d70b06

STACK_COMMAND:  .ecxr ; kb ; dps ccf3d0 ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_msvcrt.dll!wcslen

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_msvcrt!wcslen+8

WATSON_IBUCKET:  1231062341

WATSON_IBUCKETTABLE:  1

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_msvcrt.dll!wcslen

FAILURE_ID_HASH:  {4c9a3dd7-6f5e-c94c-e77d-a4d2646a6117}

Followup: MachineOwner
---------

Thanks
Ironside.
ASKER CERTIFIED SOLUTION
Avatar of Dhiraj Mutha
Dhiraj Mutha
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial