Thursday, October 22, 2009

This is the end

With the official launch of Windows Seven today, I guess it makes no sense to update this blog anymore.

Vista has been a neverending source of pain and jokes. So long, goodbye, and hail to Windows Seven !

Tuesday, January 13, 2009

Friday, December 19, 2008

Windows Defender: application failed to initialize: 0x80070006

I have been experiencing the following error on Windows Vista64 startup for 7 monthes:

Application failed to initialize: 0x80070006. The handle is invalid.
Application failed to initialize: 0x80070006. The handle is invalid.

I could live without Windows Defender and SpyNet. But today, I took time to debug.

The most obvious thing to do is to query the Microsoft knowledge base. And it worked ! Quoting KB935511:
Method 1: Use System Restore to restore Windows Vista
Method 2: Reinstall Windows Vista
Ok ... maybe I'll try something else.

Then I thought that interesting logs could appear in PerfMon, because Windows Defender implements WPP software tracing. I managed to find the right Event Trace Provider (Microsoft-Windows-Windows Defender), create a Data Collector ... but nothing was eventually logged. Therefore I gave up this option.

Then I had a look at the C:\Program Files\Windows Defender\MpCmdRun.exe command-line utility.

----------------------------------------------------------------------
Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
Use this tool to automate and troubleshoot Windows Defender

Usage:
mpcmdrun.exe [command] [-options]

Command Description
-? [h] Displays all available options for this tool
-Scan [-ScanType] Scans for malicious software
-SignatureUpdate Checks for new definition updates
-Trace [-Grouping] [-Level] Starts diagnostic tracing
-GetFiles Collects support information
-RemoveDefinitions [-All] Restores the installed signature definitions
to a previous backup copy or to the original
default set of signatures
-GetSWE Exports information about software installed
on your computer
----------------------------------------------------------------------

I tried -GetFiles, went through all log files but ... found nothing interesting either.

Looks like it is time to get out with IDA Pro Debugger ... Fortunately, remote Vista64 debugging is available through the win64_remotex64.exe stub ! Of course this is not for the faint of heart :)

Fortunately, the error is pretty easy to figure out: Windows Defender cannot acquire a handle on the WinDefend service ... because this service does not exist!

Why on earth was the WinDefend service removed from my computer ? I guess I'll never know. But for the time being, it is enough to export the following registry key from another Vista computer, and to import it back again:

HKLM\SYSTEM\CurrentControlSet\Services\WinDefend

Case solved !

Wednesday, May 21, 2008

MOVB-19 Vista, 1 year later ...

Microsoft Vista has been available for IT professionals as soon as 30th, November 2006. But it has been launched to the public on 31st, January 2007 (if I remember well).

Consequently, there has been some press activity about Vista first anniversary.

Microsoft point of view is that "the press and critics have lauded Windows Vista for its beautiful graphics and increased usability".

Here is my personal press review, though:
Did SP1 change something? More (file copy is now as fast as on Windows XP) or less (a key audio driver is not compatible with Vista SP1) ...

So in the end :
Fortunately, Microsoft has a refreshing video for motivating depressed salesmen :)

Friday, April 4, 2008

MOVB-18 I am not alone

Truth is out there: I have the less stable hardware configuration for running Windows Vista.

Read the full story on ArsTechnica.

Thursday, March 20, 2008

MOVB-17 Got to love this one

Stop error message when you start a Windows Vista-based computer: "0xC1F5"

(Knowledge base article 946084, accessed on March 20th, 2008)
[...]
WORKAROUND

If you have only one disk installed, and if you have access to Windows XP or Windows 2000 installation media, restart the computer by using the Windows XP or Windows 2000 installation media. Next, format the offending disk, and then reinstall Windows Vista.
[...]

Hu ho, looks pretty bad :)

Sunday, March 16, 2008

MOVB-16 Vista SP1: first bug

Yet another kernel bug triggered by FireFox.

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: c0075000, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81eabf99, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 81f53868
Unable to read MiSystemVaType memory at 81f33420
c0075000

CURRENT_IRQL: 0

FAULTING_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: firefox.exe

TRAP_FRAME: 86f8fa54 -- (.trap 0xffffffff86f8fa54)
ErrCode = 00000000
eax=c0802d18 ebx=00a3a000 ecx=00002408 edx=00a39000 esi=c0075000 edi=c080bd38
eip=81eabf99 esp=86f8fac8 ebp=86f8fc44 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
nt!MiAgeWorkingSet+0x1a2:
81eabf99 8b1e mov ebx,dword ptr [esi] ds:0023:c0075000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 81eabf99 to 81e76d84

STACK_TEXT:
86f8fa54 81eabf99 badb0d00 00a39000 81f099a9 nt!KiTrap0E+0x2ac
86f8fc44 81eab9af 8521bf60 00000003 86f8fc80 nt!MiAgeWorkingSet+0x1a2
86f8fc98 81eab3e4 00000002 86f8fcb4 00000001 nt!MiProcessWorkingSets+0x1ff
86f8fcd8 81e57612 00000000 8356e020 00000000 nt!MmWorkingSetManager+0x199
86f8fd7c 81ff1a1c 00000000 aea14805 00000000 nt!KeBalanceSetManager+0x12a
86f8fdc0 81e4aa3e 81e574e8 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiAgeWorkingSet+1a2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 47918b12

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2

BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2

Followup: MachineOwner
---------