With the official launch of Windows Seven today, I guess it makes no sense to update this blog anymore.
Vista has been a neverending source of pain and jokes. So long, goodbye, and hail to Windows Seven !
Thursday, October 22, 2009
Tuesday, January 13, 2009
Friday, December 19, 2008
Windows Defender: application failed to initialize: 0x80070006
I have been experiencing the following error on Windows Vista64 startup for 7 monthes:
I could live without Windows Defender and SpyNet. But today, I took time to debug.
The most obvious thing to do is to query the Microsoft knowledge base. And it worked ! Quoting KB935511:
Method 1: Use System Restore to restore Windows VistaMethod 2: Reinstall Windows Vista
Ok ... maybe I'll try something else.
Then I thought that interesting logs could appear in PerfMon, because Windows Defender implements WPP software tracing. I managed to find the right Event Trace Provider (Microsoft-Windows-Windows Defender), create a Data Collector ... but nothing was eventually logged. Therefore I gave up this option.
Then I had a look at the C:\Program Files\Windows Defender\MpCmdRun.exe command-line utility.
----------------------------------------------------------------------
Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
Use this tool to automate and troubleshoot Windows Defender
Usage:
mpcmdrun.exe [command] [-options]
Command Description
-? [h] Displays all available options for this tool
-Scan [-ScanType] Scans for malicious software
-SignatureUpdate Checks for new definition updates
-Trace [-Grouping] [-Level] Starts diagnostic tracing
-GetFiles Collects support information
-RemoveDefinitions [-All] Restores the installed signature definitions
to a previous backup copy or to the original
default set of signatures
-GetSWE Exports information about software installed
on your computer
----------------------------------------------------------------------
I tried -GetFiles, went through all log files but ... found nothing interesting either.
Looks like it is time to get out with IDA Pro Debugger ... Fortunately, remote Vista64 debugging is available through the win64_remotex64.exe stub ! Of course this is not for the faint of heart :)
Fortunately, the error is pretty easy to figure out: Windows Defender cannot acquire a handle on the WinDefend service ... because this service does not exist!
Why on earth was the WinDefend service removed from my computer ? I guess I'll never know. But for the time being, it is enough to export the following registry key from another Vista computer, and to import it back again:
HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
Case solved !
Wednesday, May 21, 2008
MOVB-19 Vista, 1 year later ...
Microsoft Vista has been available for IT professionals as soon as 30th, November 2006. But it has been launched to the public on 31st, January 2007 (if I remember well).
Consequently, there has been some press activity about Vista first anniversary.
Microsoft point of view is that "the press and critics have lauded Windows Vista for its beautiful graphics and increased usability".
Here is my personal press review, though:
So in the end :
Consequently, there has been some press activity about Vista first anniversary.
Microsoft point of view is that "the press and critics have lauded Windows Vista for its beautiful graphics and increased usability".
Here is my personal press review, though:
- The 15 Biggest Tech Disappointments of 2007 (Vista is #1)
- The 10 biggest technology belly flops of 2007 (Vista ranks #2 only :)
- Vista at one year: Progress and pain
So in the end :
- Most people stick to Windows XP for now.
- 90% of IT professionals do not want Vista.
- Gartner: Windows is collapsing.
Friday, April 4, 2008
MOVB-18 I am not alone
Truth is out there: I have the less stable hardware configuration for running Windows Vista.
Read the full story on ArsTechnica.
Read the full story on ArsTechnica.
Thursday, March 20, 2008
MOVB-17 Got to love this one
Stop error message when you start a Windows Vista-based computer: "0xC1F5"
(Knowledge base article 946084, accessed on March 20th, 2008)
Hu ho, looks pretty bad :)
(Knowledge base article 946084, accessed on March 20th, 2008)
[...]
WORKAROUND
If you have only one disk installed, and if you have access to Windows XP or Windows 2000 installation media, restart the computer by using the Windows XP or Windows 2000 installation media. Next, format the offending disk, and then reinstall Windows Vista.
[...]
Hu ho, looks pretty bad :)
Sunday, March 16, 2008
MOVB-16 Vista SP1: first bug
Yet another kernel bug triggered by FireFox.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: c0075000, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81eabf99, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 81f53868
Unable to read MiSystemVaType memory at 81f33420
c0075000
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: firefox.exe
TRAP_FRAME: 86f8fa54 -- (.trap 0xffffffff86f8fa54)
ErrCode = 00000000
eax=c0802d18 ebx=00a3a000 ecx=00002408 edx=00a39000 esi=c0075000 edi=c080bd38
eip=81eabf99 esp=86f8fac8 ebp=86f8fc44 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
nt!MiAgeWorkingSet+0x1a2:
81eabf99 8b1e mov ebx,dword ptr [esi] ds:0023:c0075000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81eabf99 to 81e76d84
STACK_TEXT:
86f8fa54 81eabf99 badb0d00 00a39000 81f099a9 nt!KiTrap0E+0x2ac
86f8fc44 81eab9af 8521bf60 00000003 86f8fc80 nt!MiAgeWorkingSet+0x1a2
86f8fc98 81eab3e4 00000002 86f8fcb4 00000001 nt!MiProcessWorkingSets+0x1ff
86f8fcd8 81e57612 00000000 8356e020 00000000 nt!MmWorkingSetManager+0x199
86f8fd7c 81ff1a1c 00000000 aea14805 00000000 nt!KeBalanceSetManager+0x12a
86f8fdc0 81e4aa3e 81e574e8 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiAgeWorkingSet+1a2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 47918b12
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2
BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: c0075000, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81eabf99, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 81f53868
Unable to read MiSystemVaType memory at 81f33420
c0075000
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: firefox.exe
TRAP_FRAME: 86f8fa54 -- (.trap 0xffffffff86f8fa54)
ErrCode = 00000000
eax=c0802d18 ebx=00a3a000 ecx=00002408 edx=00a39000 esi=c0075000 edi=c080bd38
eip=81eabf99 esp=86f8fac8 ebp=86f8fc44 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
nt!MiAgeWorkingSet+0x1a2:
81eabf99 8b1e mov ebx,dword ptr [esi] ds:0023:c0075000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81eabf99 to 81e76d84
STACK_TEXT:
86f8fa54 81eabf99 badb0d00 00a39000 81f099a9 nt!KiTrap0E+0x2ac
86f8fc44 81eab9af 8521bf60 00000003 86f8fc80 nt!MiAgeWorkingSet+0x1a2
86f8fc98 81eab3e4 00000002 86f8fcb4 00000001 nt!MiProcessWorkingSets+0x1ff
86f8fcd8 81e57612 00000000 8356e020 00000000 nt!MmWorkingSetManager+0x199
86f8fd7c 81ff1a1c 00000000 aea14805 00000000 nt!KeBalanceSetManager+0x12a
86f8fdc0 81e4aa3e 81e574e8 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiAgeWorkingSet+1a2
81eabf99 8b1e mov ebx,dword ptr [esi]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiAgeWorkingSet+1a2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 47918b12
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2
BUCKET_ID: 0xA_nt!MiAgeWorkingSet+1a2
Followup: MachineOwner
---------
Subscribe to:
Posts (Atom)