Friday, November 9, 2007

MOVB-09 Mobile devices support

So I plugged my Windows Mobile 2005 HTC SmartPhone on Vista64 ...

"Out of the box" software has multiple issues, such as:
- It does not allow access to the phone internal storage (as explained in Q931621) ;
- Windows Media Device Center (WMDC) shall be updated to version 6.1, otherwise you will experience various other issues.

Yet there is this nasty "feature" of Vista itself: you cannot import individual pictures from a camera. "All or none" is your only choice.

Last but not least, if you set the default browser to a 3rd party application (namely FireFox), WMDC will raise an "Unhandled Exception" error when opening external links.

Thursday, November 8, 2007

MOVB-08 Does UAC serve any purpose?

User Account Control (aka UAC) is a Vista security feature[*] that has been previously experimented by other operating systems (namely Mac OS X and Linux).
[*] Well, not for Mark Russinovitch

The idea is to have non-admin users by default, and to prompt them in case of an application requiring "elevated" rights.

So far so good, but since users have had admin rights since the beginning of Windows saga, such a change has a huge impact on the user experience.

My bet is, a great bunch of domestic users have (or will have) UAC turned off because of:

Software invites users to disable UAC entirely (or disables UAC silently)

Sample software: TweakVI

You'd better be sure, because there is a second prompt.


User disables UAC entirely by himself

It is as easy as downloading TweakUAC.

According to this completely non-scientific poll (seens on 4sysops.com), that is exactly what is happening now:


Not to mention OEMs that may be tempted to disable UAC
... in order to lower support costs.

Wednesday, November 7, 2007

MOVB-07 Drivers, drivers, drivers!

When looking for drivers under Vista, you can run into the following trouble:

You will never get the driver, because your hardware is unsupported

Here is a sample error message:

Windows Vista does not support SNAPSCAN e20. This problem was caused by a compatibility issue between Windows Vista and SNAPSCAN e20. AGFA-Gevaert NV, the company that manufactured SNAPSCAN e20, has informed Microsoft that they do not expect to offer updates to fix this problem.

You are trying to use a "generic" piece of hardware

In most cases, you loose! For instance, when trying to plug a generic USB mouse, here is what you get:


You are looking for a video driver

According to Microsoft, drivers are accountable for most Blue Screens of Death. So they decided to move as many drivers as possible in userland, especially video drivers. This is called User Mode Driver Framework (aka UMDF).

The result: most video cards that are older than, let's say 2 years, will never have Vista drivers (since manufacturers do not see clear value in porting drivers to UMDF).

You are running Vista64


Oh my! This is alpha-testing!

For instance, here are two crash dumps that are related to my NVidia Quadro FX 3400 Vista64 driver. Most driver code is userland-based, but there is still a kernelland recovery thread. And if the userland driver does not recover fast enough, the system will ... BSoD!

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: fffffa8003c8c630, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: fffff9800404e0f0, The pointer into responsible device driver module (e.g. owner tag).
Arg3: ffffffffc00000b5, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 000000000000000a, Optional internal context dependent data.

Debugging Details:
------------------

FAULTING_IP:
nvlddmkm+60f0
fffff980`0404e0f0 4883ec28 sub rsp,28h

DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT

BUGCHECK_STR: 0x116

PROCESS_NAME: System

CURRENT_IRQL: 0

STACK_TEXT:
fffff980`05370a08 fffff980`0477c01c : 00000000`00000116 fffffa80`03c8c630 fffff980`0404e0f0 ffffffff`c00000b5 : nt!KeBugCheckEx
fffff980`05370a10 fffff980`0477bf1f : fffff980`0404e0f0 fffffa80`03c8c630 fffffa80`05da0820 fffffa80`0320b730 : dxgkrnl!TdrBugcheckOnTimeout+0xec
fffff980`05370a50 fffff980`04738c48 : fffff980`ffffe464 00000000`c00000b5 00000000`00000000 fffffa80`0320b730 : dxgkrnl!TdrIsRecoveryRequired+0x1c3
fffff980`05370a90 fffff980`047f5993 : 00000000`00000000 00000000`00000002 00000000`ffffffff 00000000`00000002 : dxgkrnl!VidSchiReportHwHang+0x2f4
fffff980`05370b40 fffff980`047f4591 : fffffa80`0320b730 00000000`00000000 00000000`01ff8f6c 00000000`00000000 : dxgkrnl!VidSchiCheckHwProgress+0x7b
fffff980`05370b70 fffff980`0473ccd8 : ffffffff`ff676980 00000000`00000000 00000000`00000000 00000000`00000000 : dxgkrnl!VidSchiWaitForSchedulerEvents+0x199
fffff980`05370bf0 fffff980`047f43b1 : 00000000`00000000 fffffa80`031fe710 00000000`00000080 fffffa80`0320b730 : dxgkrnl!VidSchiScheduleCommandToRun+0x398
fffff980`05370d10 fffff800`01ae199b : fffffa80`053b4060 fffff800`018388f7 fffff980`0121f900 00000000`00000001 : dxgkrnl!VidSchiWorkerThread+0x95
fffff980`05370d50 fffff800`01834b86 : fffff980`00c85180 fffffa80`053b4060 fffff980`00c8ec40 fffff980`00a75290 : nt!PspSystemThreadStartup+0x5b
fffff980`05370d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nvlddmkm+60f0
fffff980`0404e0f0 4883ec28 sub rsp,28h

SYMBOL_NAME: nvlddmkm+60f0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nvlddmkm

IMAGE_NAME: nvlddmkm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4578ef88

FAILURE_BUCKET_ID: X64_0x116_IMAGE_nvlddmkm.sys

BUCKET_ID: X64_0x116_IMAGE_nvlddmkm.sys



0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: fffffa80034834e0, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: fffff980046d5800, The pointer into responsible device driver module (e.g. owner tag).
Arg3: 0000000000000000, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 0000000000000002, Optional internal context dependent data.

Debugging Details:
------------------

FAULTING_IP:
nvlddmkm+8800
fffff980`046d5800 4885c9 test rcx,rcx

DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT

BUGCHECK_STR: 0x116

PROCESS_NAME: System

CURRENT_IRQL: 0

STACK_TEXT:
fffff980`05ef9a08 fffff980`0517c2c4 : 00000000`00000116 fffffa80`034834e0 fffff980`046d5800 00000000`00000000 : nt!KeBugCheckEx
fffff980`05ef9a10 fffff980`0517c0f7 : fffff980`046d5800 fffffa80`034834e0 fffffa80`06252d90 fffffa80`03733730 : dxgkrnl!TdrBugcheckOnTimeout+0xec
fffff980`05ef9a50 fffff980`05137c1b : fffff980`ffffe464 00000000`00000000 00000000`00000000 fffffa80`03733730 : dxgkrnl!TdrIsRecoveryRequired+0x16f
fffff980`05ef9a90 fffff980`051f5f83 : 00000000`00000000 00000000`00000002 00000000`ffffffff 00000000`00000002 : dxgkrnl!VidSchiReportHwHang+0x2f7
fffff980`05ef9b40 fffff980`051f4b85 : fffffa80`03733730 00000000`00000000 00000000`0000f375 00000000`00000000 : dxgkrnl!VidSchiCheckHwProgress+0x7b
fffff980`05ef9b70 fffff980`0513bc90 : ffffffff`ff676980 00000000`00000000 00000000`00000000 00000000`00000000 : dxgkrnl!VidSchiWaitForSchedulerEvents+0x199
fffff980`05ef9bf0 fffff980`051f49a5 : 00000000`00000000 fffffa80`0372d430 00000000`00000080 fffffa80`03733730 : dxgkrnl!VidSchiScheduleCommandToRun+0x398
fffff980`05ef9d10 fffff800`01ee222b : fffffa80`03737a70 fffff800`01c38257 fffff980`014e0900 00000000`00000001 : dxgkrnl!VidSchiWorkerThread+0x95
fffff980`05ef9d50 fffff800`01c344f6 : fffff980`00c4e180 fffffa80`03737a70 fffffa80`0359db60 fffffa80`03733c90 : nt!PspSystemThreadStartup+0x5b
fffff980`05ef9d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nvlddmkm+8800
fffff980`046d5800 4885c9 test rcx,rcx

SYMBOL_NAME: nvlddmkm+8800

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nvlddmkm

IMAGE_NAME: nvlddmkm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 46c63a34

FAILURE_BUCKET_ID: X64_0x116_IMAGE_nvlddmkm.sys

BUCKET_ID: X64_0x116_IMAGE_nvlddmkm.sys

BONUS-02 ... and counting

After a few monthes of "standard" use, here are my stats:


On June, 30th 2007 Microsoft claims 60 millions Vista licences. Estimating a (low) average of 100 "problems" per user, it means that Microsoft has a database of at least 6 billions bug reports.

Wow.

Tuesday, November 6, 2007

MOVB-06 Internationalization weirdness

When using the English language pack, CACLS.EXE[*] command performs as expected.
[*] This command has been taken as an example, I am pretty sure you could find others.

When using the French language pack, CACLS.EXE usage() output is truncated:



Everything seems ok in C:\Windows\System32\fr-FR\CACLS.EXE.MUI resource file. Since only 3 APIs are called by usage(), guessing the one to blame is left as an exercise to the reader:
  • FormatMessageW()
  • WideCharToMultiByte()
  • fprintf()
A revival of the NOTEPAD bug?

PS. On my home system, here is stranger behavior indeed:

Oh my, how could I dare to stop (seemingly) "useless" services?

Monday, November 5, 2007

MOVB-05 Not all Vista applications are IPv6-aware

If you have native IPv6 connectivity on your network, Windows Meeting Space will fail to run with the following error:


The stack trace is the following (on Vista 64):


0 Id: 132c.d0c Suspend: 1 Teb: 000007ff`fffdd000 Unfrozen
Child-SP RetAddr Call Site
00000000`001db188 00000000`7706ed73 ntdll!NtWaitForMultipleObjects+0xa
00000000`001db190 00000000`76f7e96d kernel32!WaitForMultipleObjectsEx+0x10b
00000000`001db2a0 000007fe`fc551ab6 USER32!RealMsgWaitForMultipleObjectsEx+0x129
00000000`001db340 000007fe`fc55371f DUser!CoreSC::Wait+0x62
00000000`001db390 000007fe`fc553696 DUser!CoreSC::WaitMessage+0x6f
00000000`001db3d0 00000000`76f6bd1a DUser!MphWaitMessageEx+0x36
00000000`001db400 00000000`771c2016 USER32!_ClientWaitMessageExMPH+0x1a
00000000`001db450 00000000`76f7df2a ntdll!KiUserCallbackDispatcherContinue
00000000`001db4b8 00000000`76f673e9 USER32!ZwUserWaitMessage+0xa
00000000`001db4c0 00000000`76f6760a USER32!DialogBox2+0x261
00000000`001db540 00000000`76f674c6 USER32!InternalDialogBox+0x134
00000000`001db5a0 00000000`76f67918 USER32!DialogBoxIndirectParamAorW+0x58
00000000`001db5e0 000007fe`fc34f262 USER32!DialogBoxIndirectParamW+0x18
00000000`001db620 000007fe`fc2930ca COMCTL32!SHFusionDialogBoxIndirectParam+0x56
00000000`001db670 00000000`ffce84ab COMCTL32!CTaskDialog::Show+0x156
00000000`001db6e0 00000000`ffce86de WinCollab!ReportMessageForLH+0x178
00000000`001db7b0 00000000`ffce87a1 WinCollab!ReportMessage+0x1dd
00000000`001ddf70 00000000`ffce887a WinCollab!ReportErrorCommon+0x9f
00000000`001ddfd0 00000000`ffcf43ba WinCollab!ReportError+0x67
00000000`001de000 00000000`ffcf125d WinCollab!CStartMeetingMain::CallCallbackOnGroupConnected+0x11c

Sunday, November 4, 2007

MOVB-04 BSoD in PCMCIA driver

Microsoft cannot be blamed for this one, but I still find it "fun".

Vista "Gold" has a (known) integer overflow in Texas Instruments Cardbus driver. It means that PCMCIA is not useable under Vista on our official, corporate laptop (HP nc4200) - FYI, we bought a few thousands of this one.

Saturday, November 3, 2007

BONUS-01 Who's to blame?

Sorry for being late today, here is a small bonus.
(This has not been edited - this is a real screenshot)

MOVB-03 BSoD in WIN32K.SYS

What about this nice one ?
Userland context is WerFault.exe
(WER = Windows Error Reporting)

PS. I promise, there won't be only BSoD during MOVB ;)

1: kd> !analyze -v
*******************************************************************************
Bugcheck Analysis *******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)


This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening.

Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8c2c5881, The address that the exception occurred at
Arg3: b30b3c04, Trap Frame
Arg4: 00000000

Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005

FAULTING_IP: win32k+c5881 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch]
TRAP_FRAME: b30b3c04 -- (.trap 0xffffffffb30b3c04)
ErrCode = 00000000 eax=00000000 ebx=000000c0 ecx=ffa6e8e0 edx=00000000 esi=00000000 edi=00000000 eip=8c2c5881 esp=b30b3c78 ebp=b30b3c88 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 win32k+0xc5881: 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch] ds:0023:0000002c=????????

Resetting default scope

CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8c2cdf9c to 8c2c5881
STACK_TEXT:
b30b3c88 8c2cdf9c 00000000 00000000 00000010 win32k!HMAllocObject+0x27
b30b3cac 8c2b4fd6 00000000 00000000 000088b8 win32k!InternalSetTimer+0x86
b30b3cc8 8c2a68a2 00000000 000088b8 8c286d62 win32k!SetRITTimer+0x22
b30b3ce0 8c2bc1fe ffabce50 ffabce50 ffabce50 win32k!SetAppStarting+0x3d
b30b3d00 8c2bc00e 00000000 ffabce50 8445d410 win32k!xxxInitProcessInfo+0xaa
b30b3d24 8c2bbfa7 ffabce50 00000001 8445d410 win32k!xxxUserProcessCallout+0x1f
b30b3d40 81e19337 83851438 00000001 81d31b10 win32k!W32pProcessCallout+0x43
b30b3d4c 81d31b10 8445d410 81c8c62e 000010e4 nt!PsConvertToGuiThread+0x47
b30b3d64 77640f34 badb0d00 0019ee54 00000000 nt!KeServiceDescriptorTable+0x10
WARNING: Frame IP not in any known module. Following frames may be wrong.
b30b3d68 badb0d00 0019ee54 00000000 00000000 0x77640f34
b30b3d6c 0019ee54 00000000 00000000 00000000 0xbadb0d00
b30b3d70 00000000 00000000 00000000 00000000 0x19ee54


STACK_COMMAND: kb
FOLLOWUP_IP: win32k+c5881 8c2c5881 8b402c mov eax,dword ptr [eax+2Ch]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d3cc1d
SYMBOL_NAME: win32k+c5881
FAILURE_BUCKET_ID: 0x8E_win32k+c5881
BUCKET_ID: 0x8E_win32k+c5881

Friday, November 2, 2007

MOVB-02 Another BSoD in NTFS.SYS

Yet another bug in NTFS.SYS driver (same platform, same configuration).

This one has been triggered in background by the defragmentation process (DfrgNtfs.exe).

PS. Don't worry, I am not going to publish crashdumps during one full month. Funny bugs are coming out. Stay tuned!

1: kd> !analyze -v
*******************************************************************************
Bugcheck Analysis *******************************************************************************

NTFS_FILE_SYSTEM (24)


If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace.

Arguments:
Arg1: 001904ab
Arg2: a2a468e0
Arg3: a2a465dc
Arg4: 8519b53b

Debugging Details:
------------------
EXCEPTION_RECORD: a2a468e0 -- (.exr 0xffffffffa2a468e0)

ExceptionAddress: 8519b53b (Ntfs!NtfsCreateScb+0x0000004c)
ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2
Parameter[0]: 00000000

Parameter[1]: 30000010

Attempt to read from address 30000010

CONTEXT: a2a465dc -- (.cxr 0xffffffffa2a465dc)
eax=30000000 ebx=c5ef080d ecx=c5ef0855 edx=00000000 esi=c5efd008 edi=00000000 eip=8519b53b esp=a2a469a8 ebp=a2a46a08 iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206

Ntfs!NtfsCreateScb+0x4c: 8519b53b f6401006 test byte ptr [eax+10h],6 ds:0023:30000010=??

Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: DfrgNtfs.exe
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d11780 30000010
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from 851a64b8 to 8519b53b

STACK_TEXT:

a2a46a08 851a64b8 84911400 c5efd008 00000080 Ntfs!NtfsCreateScb+0x4c
a2a46a40 851a5b15 84911400 84653520 846536d4 Ntfs!NtfsBreakBatchOplock+0x7e
a2a46a74 851a3cee 84911400 84653520 00000000 Ntfs!NtfsOpenExistingAttr+0x6a
a2a46b5c 8518554e 84911400 84653520 00000000 Ntfs!NtfsOpenAttributeInExistingFile+0x79b
a2a46c10 8519c637 84911400 84653520 00000000 Ntfs!NtfsOpenFcbById+0x590
a2a46cec 851126b6 84911400 84653520 aa7b3964 Ntfs!NtfsCommonCreate+0x601
a2a46d2c 81c80278 aa7b38fc 00000000 ffffffff Ntfs!NtfsCommonCreateCallout+0x20
a2a46d2c 81c80371 aa7b38fc 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x118
aa7b3894 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31

FOLLOWUP_IP: Ntfs!NtfsCreateScb+4c 8519b53b f6401006 test byte ptr [eax+10h],6
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCreateScb+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4549aceb
STACK_COMMAND: .cxr 0xffffffffa2a465dc ; kb
FAILURE_BUCKET_ID: 0x24_Ntfs!NtfsCreateScb+4c
BUCKET_ID: 0x24_Ntfs!NtfsCreateScb+4c

Thursday, November 1, 2007

MOVB-01 BSoD in NTFS.SYS

So, this is day one of MOVB.

Contrary to other Monthes of Bugs, this one will not focus on "security" bugs (do not expect 30 remotely anonymously exploitable bugs ;). My favoraite bugs are "stupid" bugs/features, or blatant QA failures.

First BSOD was caught on a fresh install of Vista32 Ultimate, running on Intel Core Duo processor. Faulting driver was NTFS.SYS - luckily I did not loose any data.

It might be time to get your NTFS fuzzers back on track ;)

PS. Bug has been reported to Microsoft using built-in WER.


PPS. I am willing to answer questions. However, I cannot forward the full memory dump: it holds personal information.

1: kd> !analyze -v *******************************************************************************
Bugcheck Analysis ******************************************************************************* NTFS_FILE_SYSTEM (24)

If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace.

Arguments:
Arg1: 001904ab
Arg2: 85ac09e4
Arg3: 85ac06e0
Arg4: 81c5e86c

Debugging Details
------------------
EXCEPTION_RECORD: 85ac09e4 -- (.exr 0xffffffff85ac09e4)

ExceptionAddress: 81c5e86c (nt!RtlSubtreePredecessor+0x00000015)
ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2
Parameter[0]: 00000000

Parameter[1]: 3f3f3f47


Attempt to read from address 3f3f3f47

CONTEXT: 85ac06e0 -- (.cxr 0xffffffff85ac06e0)
eax=3f3f3f3f ebx=00000000 ecx=3f3f3f3f edx=00000000 esi=a6e36ca8 edi=00010000 eip=81c5e86c esp=85ac0aac ebp=85ac0aac iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206

nt!RtlSubtreePredecessor+0x15:
81c5e86c 8b4808 mov ecx,dword ptr [eax+8] ds:0023:3f3f3f47=????????

Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d11780 3f3f3f47 BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from 81c5e7c7 to 81c5e86c

STACK_TEXT:
85ac0aac 81c5e7c7 a6e36ca8 8a265cfc a6e36ca8 nt!RtlSubtreePredecessor+0x15
85ac0ac4 806629e1 a6e36ca8 00010000 a6e36ca8 nt!RtlDeleteNoSplay+0x20
85ac0ad8 80662cbe a6e36ca8 8a265cec 8487e2f8 fltmgr!TreeUnlinkNoBalance+0x13
85ac0af0 80674fb6 8a265cfc ffffffff ffffffff fltmgr!TreeUnlinkMulti+0x22
85ac0b10 8067509f 8a265cb8 00008000 ffffffff fltmgr!DeleteNameCacheNodes+0x84
85ac0b2c 806783d1 8487e008 8a265cb8 8a265cf8 fltmgr!FltpFreeNameCacheList+0x17
85ac0b48 806785d6 8a265cb8 8a265cbc ac3e1d08 fltmgr!CleanupStreamListCtrl+0x37
85ac0b5c 81d7cd18 8a265cbc 85acb0d4 81ce7b69 fltmgr!DeleteStreamListCtrlCallback+0x5a
85ac0b94 8517cd79 ac3e1d08 00000000 ac3e1d08 nt!FsRtlTeardownPerStreamContexts+0xd4
85ac0bb0 8518f1ad 00000705 ac3e1c18 ac3e1c40 Ntfs!NtfsDeleteScb+0x1f2
85ac0bc8 85109c9b 83bbec90 ac3e1d08 00000000 Ntfs!NtfsRemoveScb+0xc2
85ac0be4 8519bed4 83bbec90 ac3e1c18 00000000 Ntfs!NtfsPrepareFcbForRemoval+0x59
85ac0c28 851113be 83bbec90 ac3e1d08 00000000 Ntfs!NtfsTeardownStructures+0x62
85ac0c50 85197fe1 83bbec90 ac3e1d08 00000000 Ntfs!NtfsDecrementCloseCounts+0xad
85ac0cb0 8517d126 83bbec90 ac3e1d08 ac3e1c18 Ntfs!NtfsCommonClose+0x4d9
85ac0d44 81c78e18 00000000 00000000 82f64828 Ntfs!NtfsFspClose+0x117
85ac0d7c 81e254a8 00000000 85acb680 00000000 nt!ExpWorkerThread+0xfd
85ac0dc0 81c9145e 81c78d1b 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP: Ntfs!NtfsDeleteScb+1f2 8517cd79 8b06 mov eax,dword ptr [esi]
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: Ntfs!NtfsDeleteScb+1f2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4549aceb
STACK_COMMAND: .cxr 0xffffffff85ac06e0 ; kb
FAILURE_BUCKET_ID: 0x24_Ntfs!NtfsDeleteScb+1f2
BUCKET_ID: 0x24_Ntfs!NtfsDeleteScb+1f2

Saturday, October 27, 2007

MOVB démarre le 1er novembre

Il parait que novembre est un bon mois ...


Alors rendez-vous le 1er novembre pour découvrir "30 reasons you'll be speechless".

Saturday, March 10, 2007

Bienvenue sur MOVB !

Comme son nom ne l'indique pas, le but de ce projet n'est pas de publier un bug par jour pendant un mois - ce serait trop lourd pour un homme seul, père de famille qui plus est :)

Ayant commencé depuis quelques temps à utiliser Vista 32 bits Ultimate et Vista 64 bits Ultimate, il me semblait important de garder trace de tous les bugs que je rencontre chaque jour ... ou que je lis ailleurs sur Internet.

Surtout n'hésitez pas à contribuer, de manière anonyme ou avec les full credits !