R
Robbie Hatley
Guest
Just yesterday, my Event Viewer starting crashing if I click on the
"Time" or "Date" headers. What could cause this? Hopefully the
program itself (mmc or it's event-viewer plugin) is not corrupt.
I'm hoping it's due to something else, like too much data
overflowing a buffer, or some needed service is stopped or disabled.
I see that Dr. Watson records these crashes. He says, for what
(if anything) it's worth:
============ BEGIN DR. WATSON'S REPORT =================================
Application exception occurred:
App: mmc.exe (pid=888)
When: 2010-03-08 @ 00:09:24.875
Exception number: c0000005 (access violation)
----> System Information <----
Computer Name: [removed for security reasons]
User Name: [removed for security reasons]
Number of Processors: 1
Processor Type: x86 Family 6 Model 10 Stepping 0
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: Tustin Free Zone
Registered Owner: Robbie Hatley
----> Task List <----
0 Idle.exe
8 System.exe
160 SMSS.exe
188 CSRSS.exe
208 WINLOGON.exe
236 SERVICES.exe
248 LSASS.exe
400 svchost.exe
424 spoolsv.exe
456 svchost.exe
484 NPROTECT.exe
536 nvsvc32.exe
604 stisvc.exe
688 svchost.exe
372 WinMgmt.exe
932 explorer.exe
1024 rundll32.exe
1032 sstray.exe
1040 E_FATIACA.exe
740 firefox.exe
888 mmc.exe
940 DRWTSN32.exe
0 _Total.exe
(01000000 - 01098000)
(77F80000 - 77FFC000)
(76FB0000 - 770AB000)
(78000000 - 78045000)
(7C570000 - 7C624000)
(77F40000 - 77F7D000)
(77E10000 - 77E6F000)
(780C0000 - 7814D000)
(773E0000 - 773F6000)
(7C2D0000 - 7C335000)
(77D30000 - 77D9F000)
(779B0000 - 77A4C000)
(7CE20000 - 7CF0F000)
(71710000 - 71794000)
(7CF30000 - 7D176000)
(70A70000 - 70AD6000)
(75E60000 - 75E7A000)
(6CA60000 - 6CA68000)
(66650000 - 666A4000)
(7C950000 - 7C9DF000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(7D190000 - 7D261000)
(76B30000 - 76B6E000)
(71320000 - 7134B000)
(7CDC0000 - 7CE10000)
(7C340000 - 7C34E000)
(77BF0000 - 77C01000)
(77980000 - 779A5000)
(75050000 - 75058000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797B000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(773B0000 - 773DF000)
(77380000 - 773A3000)
(76620000 - 76631000)
(76B20000 - 76B25000)
(772B0000 - 7731D000)
(70440000 - 704CF000)
State Dump for Thread Id 0x370
eax=0006e2d8 ebx=00c3d64c ecx=0006e324 edx=00c3dadc esi=00000000 edi=00c8b274
eip=71332715 esp=0006e0c0 ebp=0006e2f0 iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293
function: <nosymbols>
713326ef 83f807 cmp eax,0x7
713326f2 0f87fd000000 jnbe 713327f5
713326f8 ff248532283371 jmp dword ptr [71332832+eax 4] ds:0006e2d8=000107b2
713326ff 8a4618 mov al,[esi+0x18] ds:00b09ee6=??
71332702 8807 mov [edi],al ds:00c8b274=00
71332704 e9ec000000 jmp 713327f5
71332709 8b460c mov eax,[esi+0xc] ds:00b09ee6=????????
7133270c e9e2000000 jmp 713327f3
71332711 8d45e8 lea eax,[ebp+0xe8] ss:00b781d6=????????
71332714 50 push eax
FAULT ->71332715 ff760c push dword ptr [esi+0xc] ds:00b09ee6=????????
71332718 e87b430000 call 71336a98
7133271d 8d45e8 lea eax,[ebp+0xe8] ss:00b781d6=????????
71332720 57 push edi
71332721 50 push eax
71332722 66c745ea0100 mov word ptr [ebp+0xea],0x1 ss:00b781d7=????
71332728 66c745ee0100 mov word ptr [ebp+0xee],0x1 ss:00b781d7=????
7133272e 66c745e8b207 mov word ptr [ebp+0xe8],0x7b2 ss:00b781d7=????
71332734 e8a7430000 call 71336ae0
71332739 e9b7000000 jmp 713327f5
7133273e 668b4614 mov ax,[esi+0x14] ds:00b09ee7=????
71332742 668907 mov [edi],ax ds:00c8b274=0000
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0006E2F0 71332907 00003C4F 0000417E 00000002 00000000 els!<nosymbols>
0006E330 71333EA2 00C3D650 00000002 00C3DB74 00000000 els!<nosymbols>
0006E34C 7D1CFC68 00C3D62C 00000002 00000000 00000000 els!<nosymbols>
0006E380 7D1B5988 00C3D62C 00000002 00000000 00000000 mmcndmgr!<nosymbols>
0006E3B4 7D1A2E76 00000002 7D1A164D 00C40BE8 00000002 mmcndmgr!<nosymbols>
0006E3E4 01014614 00C3CCE0 00C40BE8 00009019 00000000 mmcndmgr!<nosymbols>
0006E448 76FB1C4B 00000000 0006FBD8 0006E4BC 00C35160 mmc!<nosymbols>
0006E4CC 76FB1BCA 0000004E 00000000 0006FBD8 0006E4E8 !Ordinal5157
0006E4EC 01018BE4 0000004E 00000000 0006FBD8 00C35160 !Ordinal6370
0006E50C 76FB1B3B 0000004E 00000000 0006FBD8 C0000000 mmc!<nosymbols>
0006E56C 76FB1A94 00C35160 00000000 0000004E 00000000 !Ordinal1108
0006E58C 7703C8B4 000101A0 0000004E 00000000 0006FBD8 !Ordinal1571
0006E5B8 77E3A454 000101A0 0000004E 00000000 0006FBD8 !Ordinal1572
0006E5D8 77E16382 7703C87B 000101A0 0000004E 00000000 user32!SetWindowPlacement
0006E608 77E17361 0039ADD8 0000004E 00000000 0006FBD8 user32!IsWindowVisible
0006E628 71716049 000101A0 0000004E 00000000 0006FBD8 user32!SendMessageW
0006E6B8 717221D9 0006E6D4 FFFFFEBE 0006FBD8 0006FBD8 comctl32!Ordinal73
0006E6F8 7173DAE2 000101A0 000101D6 FFFFFEBE 0006FBD8 comctl32!Ordinal342
0006E758 7172262A 000A35F8 0006FBD8 0000004E 000A35F8 comctl32!ImageList_GetImageRect
0006F810 7171661D 000A35F8 00000000 0006FBD8 0000004E comctl32!Ordinal342
0006F978 77E3A454 000101D4 0000004E 00000000 0006FBD8 comctl32!Ordinal73
0006F998 77E16B41 717160DC 000101D4 0000004E 00000000 user32!SetWindowPlacement
0006F9BC 77E25049 717160DC 000101D4 0000004E 00000000 user32!ScreenToClient
0006F9DC 76FB21A6 717160DC 000101D4 0000004E 00000000 user32!CallWindowProcW
0006F9FC 76FB1BE1 0000004E 00000000 0006FBD8 0000004E !Ordinal2377
0006FA18 76FB1B3B 0000004E 00000000 0006FBD8 C0000000 !Ordinal6370
0006FA78 76FB1A94 00C49860 00000000 0000004E 00000000 !Ordinal1108
0006FA98 7703C8B4 000101D4 0000004E 00000000 0006FBD8 !Ordinal1571
0006FAC4 77E3A454 000101D4 0000004E 00000000 0006FBD8 !Ordinal1572
0006FAE4 77E16382 7703C87B 000101D4 0000004E 00000000 user32!SetWindowPlacement
0006FB14 77E17361 0039FBB0 0000004E 00000000 0006FBD8 user32!IsWindowVisible
0006FB34 71716049 000101D4 0000004E 00000000 0006FBD8 user32!SendMessageW
0006FBC4 7172E8B1 000A37E0 FFFFFEBE 0006FBD8 000101D6 comctl32!Ordinal73
0006FBF0 7172F2E2 000A37E0 00000002 00000000 FFFFFEBE comctl32!FlatSB_SetScrollProp
0006FC3C 71719303 000A37E0 00000120 0000000B 00000000 comctl32!FlatSB_SetScrollProp
0006FC9C 77E3A454 000101D6 00000202 00000000 000B0120 comctl32!Ordinal320
0006FCBC 77E16B41 71718E87 000101D6 00000202 00000000 user32!SetWindowPlacement
0006FCE0 77E25049 71718E87 000101D6 00000202 00000000 user32!ScreenToClient
0006FD00 76FB21A6 71718E87 000101D6 00000202 00000000 user32!CallWindowProcW
0006FD20 76FB1BE1 00000202 00000000 000B0120 00000202 !Ordinal2377
0006FD3C 76FB1B3B 00000202 00000000 000B0120 0104DAAC !Ordinal6370
0006FD9C 76FB1A94 00C49900 00000000 00000202 00000000 !Ordinal1108
0006FDBC 7703C8B4 000101D6 00000202 00000000 000B0120 !Ordinal1571
0006FDE8 77E3A454 000101D6 00000202 00000000 000B0120 !Ordinal1572
0006FE08 77E14605 7703C87B 000101D6 00000202 00000000 user32!SetWindowPlacement
0006FE94 77E1A7F2 0104DAAC 00000000 76FB12E4 0104DAAC user32!TranslateMessageEx
0006FEE0 76FBEB83 0104DA78 0104DA78 0006FFC0 FFFFFFFF user32!DispatchMessageW
0104DAAC 00000202 00000000 000B0120 00053E29 000001EC !Ordinal5711
----> Raw Stack Dump <----
0006e0c0 d8 e2 06 00 02 00 00 00 - 4c d6 c3 00 7e 41 00 00 ........L...~A..
0006e0d0 17 38 33 71 00 00 00 00 - 00 00 00 00 ac db c3 00 .83q............
0006e0e0 f2 31 00 00 ec e2 06 00 - 60 51 c3 00 60 51 c3 00 .1......`Q..`Q..
0006e0f0 10 e1 06 00 49 50 e2 77 - 4a dd e1 77 a0 01 01 00 ....IP.wJ..w....
0006e100 4e 00 00 00 f2 31 00 00 - ec e2 06 00 78 a2 c4 00 N....1......x...
0006e110 78 01 23 00 a6 21 fb 76 - 4a dd e1 77 0b 12 00 00 x.#..!.vJ..w....
0006e120 87 8e 71 71 00 00 c2 00 - 80 bb 09 00 01 00 00 00 ..qq............
0006e130 0b 12 00 00 e0 37 0a 00 - 00 02 00 00 0b 12 00 00 .....7..........
0006e140 87 8e 71 71 d6 01 01 00 - 01 00 00 00 00 02 00 00 ..qq............
0006e150 c4 e3 06 00 3e 11 00 00 - f4 c8 e5 77 3e 11 00 00 ....>......w>...
0006e160 05 51 75 71 00 00 00 00 - 01 00 00 00 02 00 00 00 .Quq............
0006e170 c4 e3 06 00 3e 11 00 00 - 01 00 00 00 6c e1 06 00 ....>.......l...
0006e180 02 00 00 00 e4 e2 06 00 - 00 9e c6 00 78 01 23 00 ............x.#.
0006e190 00 9e c6 00 78 01 23 00 - f8 9d c6 00 04 00 00 00 ....x.#.........
0006e1a0 01 00 00 00 30 55 09 00 - be 5c 75 71 30 55 09 00 ....0U...\uq0U..
0006e1b0 c4 e3 06 00 3e 11 00 00 - 05 51 75 71 18 41 07 00 ....>....Quq.A..
0006e1c0 b0 e1 06 00 00 00 00 40 - 18 e3 06 00 f4 c8 e5 77 .......@.......w
0006e1d0 30 55 09 00 24 e2 06 00 - b3 57 75 71 30 55 09 00 0U..$....Wuq0U..
0006e1e0 00 00 00 00 1d c8 03 77 - 68 c8 08 77 18 b1 c3 00 .......wh..w....
0006e1f0 10 e2 06 00 54 a4 e3 77 - a4 01 01 00 3e 11 00 00 ....T..w....>...
State Dump for Thread Id 0x458
eax=00083000 ebx=0007fb38 ecx=00bbfbf8 edx=00000000 esi=0007fa08 edi=00000100
eip=77f88b37 esp=00bbfe28 ebp=00bbff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4] ss:016c9d0f=????????
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00BBFF74 77D58E4A 77D3AEED 0007FA08 77D50101 00070000 ntdll!ZwReplyWaitReceivePortEx
00BBFFA8 77D37DE8 0007F300 00BBFFEC 7C57B3BC 0007FB38 rpcrt4!TowerConstruct
00BBFFB4 7C57B3BC 0007FB38 77D50101 00070000 0007FB38 rpcrt4!I_RpcConnectionInqSockBuffSize2
00BBFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW
State Dump for Thread Id 0x448
eax=7ce85ae5 ebx=00000102 ecx=01960194 edx=00000000 esi=77f88398 edi=00bfff74
eip=77f883a3 esp=00bfff60 ebp=00bfff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4] ss:01709e47=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00BFFF7C 7C59A2CC 0000EA60 00000000 7CE89ACC 0000EA60 ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep
============ END DR. WATSON'S REPORT =================================
Not sure how looking at the code of mmc.exe de-compiled back to
machine language is going to help anything, but it's novel, if
nothing else.
Anyone have any ideas why my Event Viewer has suddenly
started crashing if I attempt to sort by time or date?
--
Cheers,
Robbie Hatley
lonewolf at well dot com
www dot well dot com slant tilde lonewolf slant
"Time" or "Date" headers. What could cause this? Hopefully the
program itself (mmc or it's event-viewer plugin) is not corrupt.
I'm hoping it's due to something else, like too much data
overflowing a buffer, or some needed service is stopped or disabled.
I see that Dr. Watson records these crashes. He says, for what
(if anything) it's worth:
============ BEGIN DR. WATSON'S REPORT =================================
Application exception occurred:
App: mmc.exe (pid=888)
When: 2010-03-08 @ 00:09:24.875
Exception number: c0000005 (access violation)
----> System Information <----
Computer Name: [removed for security reasons]
User Name: [removed for security reasons]
Number of Processors: 1
Processor Type: x86 Family 6 Model 10 Stepping 0
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: Tustin Free Zone
Registered Owner: Robbie Hatley
----> Task List <----
0 Idle.exe
8 System.exe
160 SMSS.exe
188 CSRSS.exe
208 WINLOGON.exe
236 SERVICES.exe
248 LSASS.exe
400 svchost.exe
424 spoolsv.exe
456 svchost.exe
484 NPROTECT.exe
536 nvsvc32.exe
604 stisvc.exe
688 svchost.exe
372 WinMgmt.exe
932 explorer.exe
1024 rundll32.exe
1032 sstray.exe
1040 E_FATIACA.exe
740 firefox.exe
888 mmc.exe
940 DRWTSN32.exe
0 _Total.exe
(01000000 - 01098000)
(77F80000 - 77FFC000)
(76FB0000 - 770AB000)
(78000000 - 78045000)
(7C570000 - 7C624000)
(77F40000 - 77F7D000)
(77E10000 - 77E6F000)
(780C0000 - 7814D000)
(773E0000 - 773F6000)
(7C2D0000 - 7C335000)
(77D30000 - 77D9F000)
(779B0000 - 77A4C000)
(7CE20000 - 7CF0F000)
(71710000 - 71794000)
(7CF30000 - 7D176000)
(70A70000 - 70AD6000)
(75E60000 - 75E7A000)
(6CA60000 - 6CA68000)
(66650000 - 666A4000)
(7C950000 - 7C9DF000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(7D190000 - 7D261000)
(76B30000 - 76B6E000)
(71320000 - 7134B000)
(7CDC0000 - 7CE10000)
(7C340000 - 7C34E000)
(77BF0000 - 77C01000)
(77980000 - 779A5000)
(75050000 - 75058000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797B000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(773B0000 - 773DF000)
(77380000 - 773A3000)
(76620000 - 76631000)
(76B20000 - 76B25000)
(772B0000 - 7731D000)
(70440000 - 704CF000)
State Dump for Thread Id 0x370
eax=0006e2d8 ebx=00c3d64c ecx=0006e324 edx=00c3dadc esi=00000000 edi=00c8b274
eip=71332715 esp=0006e0c0 ebp=0006e2f0 iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293
function: <nosymbols>
713326ef 83f807 cmp eax,0x7
713326f2 0f87fd000000 jnbe 713327f5
713326f8 ff248532283371 jmp dword ptr [71332832+eax 4] ds:0006e2d8=000107b2
713326ff 8a4618 mov al,[esi+0x18] ds:00b09ee6=??
71332702 8807 mov [edi],al ds:00c8b274=00
71332704 e9ec000000 jmp 713327f5
71332709 8b460c mov eax,[esi+0xc] ds:00b09ee6=????????
7133270c e9e2000000 jmp 713327f3
71332711 8d45e8 lea eax,[ebp+0xe8] ss:00b781d6=????????
71332714 50 push eax
FAULT ->71332715 ff760c push dword ptr [esi+0xc] ds:00b09ee6=????????
71332718 e87b430000 call 71336a98
7133271d 8d45e8 lea eax,[ebp+0xe8] ss:00b781d6=????????
71332720 57 push edi
71332721 50 push eax
71332722 66c745ea0100 mov word ptr [ebp+0xea],0x1 ss:00b781d7=????
71332728 66c745ee0100 mov word ptr [ebp+0xee],0x1 ss:00b781d7=????
7133272e 66c745e8b207 mov word ptr [ebp+0xe8],0x7b2 ss:00b781d7=????
71332734 e8a7430000 call 71336ae0
71332739 e9b7000000 jmp 713327f5
7133273e 668b4614 mov ax,[esi+0x14] ds:00b09ee7=????
71332742 668907 mov [edi],ax ds:00c8b274=0000
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0006E2F0 71332907 00003C4F 0000417E 00000002 00000000 els!<nosymbols>
0006E330 71333EA2 00C3D650 00000002 00C3DB74 00000000 els!<nosymbols>
0006E34C 7D1CFC68 00C3D62C 00000002 00000000 00000000 els!<nosymbols>
0006E380 7D1B5988 00C3D62C 00000002 00000000 00000000 mmcndmgr!<nosymbols>
0006E3B4 7D1A2E76 00000002 7D1A164D 00C40BE8 00000002 mmcndmgr!<nosymbols>
0006E3E4 01014614 00C3CCE0 00C40BE8 00009019 00000000 mmcndmgr!<nosymbols>
0006E448 76FB1C4B 00000000 0006FBD8 0006E4BC 00C35160 mmc!<nosymbols>
0006E4CC 76FB1BCA 0000004E 00000000 0006FBD8 0006E4E8 !Ordinal5157
0006E4EC 01018BE4 0000004E 00000000 0006FBD8 00C35160 !Ordinal6370
0006E50C 76FB1B3B 0000004E 00000000 0006FBD8 C0000000 mmc!<nosymbols>
0006E56C 76FB1A94 00C35160 00000000 0000004E 00000000 !Ordinal1108
0006E58C 7703C8B4 000101A0 0000004E 00000000 0006FBD8 !Ordinal1571
0006E5B8 77E3A454 000101A0 0000004E 00000000 0006FBD8 !Ordinal1572
0006E5D8 77E16382 7703C87B 000101A0 0000004E 00000000 user32!SetWindowPlacement
0006E608 77E17361 0039ADD8 0000004E 00000000 0006FBD8 user32!IsWindowVisible
0006E628 71716049 000101A0 0000004E 00000000 0006FBD8 user32!SendMessageW
0006E6B8 717221D9 0006E6D4 FFFFFEBE 0006FBD8 0006FBD8 comctl32!Ordinal73
0006E6F8 7173DAE2 000101A0 000101D6 FFFFFEBE 0006FBD8 comctl32!Ordinal342
0006E758 7172262A 000A35F8 0006FBD8 0000004E 000A35F8 comctl32!ImageList_GetImageRect
0006F810 7171661D 000A35F8 00000000 0006FBD8 0000004E comctl32!Ordinal342
0006F978 77E3A454 000101D4 0000004E 00000000 0006FBD8 comctl32!Ordinal73
0006F998 77E16B41 717160DC 000101D4 0000004E 00000000 user32!SetWindowPlacement
0006F9BC 77E25049 717160DC 000101D4 0000004E 00000000 user32!ScreenToClient
0006F9DC 76FB21A6 717160DC 000101D4 0000004E 00000000 user32!CallWindowProcW
0006F9FC 76FB1BE1 0000004E 00000000 0006FBD8 0000004E !Ordinal2377
0006FA18 76FB1B3B 0000004E 00000000 0006FBD8 C0000000 !Ordinal6370
0006FA78 76FB1A94 00C49860 00000000 0000004E 00000000 !Ordinal1108
0006FA98 7703C8B4 000101D4 0000004E 00000000 0006FBD8 !Ordinal1571
0006FAC4 77E3A454 000101D4 0000004E 00000000 0006FBD8 !Ordinal1572
0006FAE4 77E16382 7703C87B 000101D4 0000004E 00000000 user32!SetWindowPlacement
0006FB14 77E17361 0039FBB0 0000004E 00000000 0006FBD8 user32!IsWindowVisible
0006FB34 71716049 000101D4 0000004E 00000000 0006FBD8 user32!SendMessageW
0006FBC4 7172E8B1 000A37E0 FFFFFEBE 0006FBD8 000101D6 comctl32!Ordinal73
0006FBF0 7172F2E2 000A37E0 00000002 00000000 FFFFFEBE comctl32!FlatSB_SetScrollProp
0006FC3C 71719303 000A37E0 00000120 0000000B 00000000 comctl32!FlatSB_SetScrollProp
0006FC9C 77E3A454 000101D6 00000202 00000000 000B0120 comctl32!Ordinal320
0006FCBC 77E16B41 71718E87 000101D6 00000202 00000000 user32!SetWindowPlacement
0006FCE0 77E25049 71718E87 000101D6 00000202 00000000 user32!ScreenToClient
0006FD00 76FB21A6 71718E87 000101D6 00000202 00000000 user32!CallWindowProcW
0006FD20 76FB1BE1 00000202 00000000 000B0120 00000202 !Ordinal2377
0006FD3C 76FB1B3B 00000202 00000000 000B0120 0104DAAC !Ordinal6370
0006FD9C 76FB1A94 00C49900 00000000 00000202 00000000 !Ordinal1108
0006FDBC 7703C8B4 000101D6 00000202 00000000 000B0120 !Ordinal1571
0006FDE8 77E3A454 000101D6 00000202 00000000 000B0120 !Ordinal1572
0006FE08 77E14605 7703C87B 000101D6 00000202 00000000 user32!SetWindowPlacement
0006FE94 77E1A7F2 0104DAAC 00000000 76FB12E4 0104DAAC user32!TranslateMessageEx
0006FEE0 76FBEB83 0104DA78 0104DA78 0006FFC0 FFFFFFFF user32!DispatchMessageW
0104DAAC 00000202 00000000 000B0120 00053E29 000001EC !Ordinal5711
----> Raw Stack Dump <----
0006e0c0 d8 e2 06 00 02 00 00 00 - 4c d6 c3 00 7e 41 00 00 ........L...~A..
0006e0d0 17 38 33 71 00 00 00 00 - 00 00 00 00 ac db c3 00 .83q............
0006e0e0 f2 31 00 00 ec e2 06 00 - 60 51 c3 00 60 51 c3 00 .1......`Q..`Q..
0006e0f0 10 e1 06 00 49 50 e2 77 - 4a dd e1 77 a0 01 01 00 ....IP.wJ..w....
0006e100 4e 00 00 00 f2 31 00 00 - ec e2 06 00 78 a2 c4 00 N....1......x...
0006e110 78 01 23 00 a6 21 fb 76 - 4a dd e1 77 0b 12 00 00 x.#..!.vJ..w....
0006e120 87 8e 71 71 00 00 c2 00 - 80 bb 09 00 01 00 00 00 ..qq............
0006e130 0b 12 00 00 e0 37 0a 00 - 00 02 00 00 0b 12 00 00 .....7..........
0006e140 87 8e 71 71 d6 01 01 00 - 01 00 00 00 00 02 00 00 ..qq............
0006e150 c4 e3 06 00 3e 11 00 00 - f4 c8 e5 77 3e 11 00 00 ....>......w>...
0006e160 05 51 75 71 00 00 00 00 - 01 00 00 00 02 00 00 00 .Quq............
0006e170 c4 e3 06 00 3e 11 00 00 - 01 00 00 00 6c e1 06 00 ....>.......l...
0006e180 02 00 00 00 e4 e2 06 00 - 00 9e c6 00 78 01 23 00 ............x.#.
0006e190 00 9e c6 00 78 01 23 00 - f8 9d c6 00 04 00 00 00 ....x.#.........
0006e1a0 01 00 00 00 30 55 09 00 - be 5c 75 71 30 55 09 00 ....0U...\uq0U..
0006e1b0 c4 e3 06 00 3e 11 00 00 - 05 51 75 71 18 41 07 00 ....>....Quq.A..
0006e1c0 b0 e1 06 00 00 00 00 40 - 18 e3 06 00 f4 c8 e5 77 .......@.......w
0006e1d0 30 55 09 00 24 e2 06 00 - b3 57 75 71 30 55 09 00 0U..$....Wuq0U..
0006e1e0 00 00 00 00 1d c8 03 77 - 68 c8 08 77 18 b1 c3 00 .......wh..w....
0006e1f0 10 e2 06 00 54 a4 e3 77 - a4 01 01 00 3e 11 00 00 ....T..w....>...
State Dump for Thread Id 0x458
eax=00083000 ebx=0007fb38 ecx=00bbfbf8 edx=00000000 esi=0007fa08 edi=00000100
eip=77f88b37 esp=00bbfe28 ebp=00bbff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
function: ZwReplyWaitReceivePortEx
77f88b2c b8ac000000 mov eax,0xac
77f88b31 8d542404 lea edx,[esp+0x4] ss:016c9d0f=????????
77f88b35 cd2e int 2e
77f88b37 c21400 ret 0x14
77f88b3a 8bff mov edi,edi
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00BBFF74 77D58E4A 77D3AEED 0007FA08 77D50101 00070000 ntdll!ZwReplyWaitReceivePortEx
00BBFFA8 77D37DE8 0007F300 00BBFFEC 7C57B3BC 0007FB38 rpcrt4!TowerConstruct
00BBFFB4 7C57B3BC 0007FB38 77D50101 00070000 0007FB38 rpcrt4!I_RpcConnectionInqSockBuffSize2
00BBFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW
State Dump for Thread Id 0x448
eax=7ce85ae5 ebx=00000102 ecx=01960194 edx=00000000 esi=77f88398 edi=00bfff74
eip=77f883a3 esp=00bfff60 ebp=00bfff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
function: NtDelayExecution
77f88398 b832000000 mov eax,0x32
77f8839d 8d542404 lea edx,[esp+0x4] ss:01709e47=????????
77f883a1 cd2e int 2e
77f883a3 c20800 ret 0x8
77f883a6 8bff mov edi,edi
----> Stack Back Trace <----
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00BFFF7C 7C59A2CC 0000EA60 00000000 7CE89ACC 0000EA60 ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep
============ END DR. WATSON'S REPORT =================================
Not sure how looking at the code of mmc.exe de-compiled back to
machine language is going to help anything, but it's novel, if
nothing else.
Anyone have any ideas why my Event Viewer has suddenly
started crashing if I attempt to sort by time or date?
--
Cheers,
Robbie Hatley
lonewolf at well dot com
www dot well dot com slant tilde lonewolf slant