Update: Process Monitor v1.12

Process Monitor v1.12: This release fixes a bug in the driver.

Comments

• Anonymous
  January 01, 2003
  It's open now.

• Anonymous
  April 08, 2007
  as the forum is currently locked, where can i submit bugs/feature requests?

• Anonymous
  April 19, 2007
  Version 1.12 of procmon bluescreened my machine.  I have a minidump of collected during the crash which I can send to you if you wish.

• Anonymous
  April 19, 2007
  Here is the kd !analyze -v output from the minidump mentioned in the above post.  The bluescreen happened during full unfiltered  file/registry/process/thread capture on a busy machine.

kd> !analyze -v

•                                                                             *
•                        Bugcheck Analysis                                    *
•                                                                             *

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck.  Usually the exception address pinpoints the driver/function that caused the problem.  Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003.  This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG.  This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG.  This will let us see why this breakpoint is happening. Arguments: Arg1: c0000006, The exception code that was not handled Arg2: 80602c50, The address that the exception occurred at Arg3: f79fb5c4, Trap Frame Arg4: 00000000 Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx". FAULTING_IP: nt!ExpAllocateHandleTableEntry+1be 80602c50 8b4904          mov     ecx,dword ptr [ecx+4] TRAP_FRAME:  f79fbbcc -- (.trap fffffffff79fbbcc) ErrCode = 00000000 eax=e3c54320 ebx=00000190 ecx=00000000 edx=00000190 esi=e3c54320 edi=f79fbd0c eip=806034e5 esp=f79fbc40 ebp=f79fbc54 iopl=0         nv up ei ng nz na po nc cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282 nt!ExMapHandleToPointerEx+0x2d: 806034e5 8b06            mov     eax,dword ptr [esi]  ds:0023:e3c54320=???????? Resetting default scope CUSTOMER_CRASH_COUNT:  1 DEFAULT_BUCKET_ID:  DRIVER_FAULT BUGCHECK_STR:  0x8E PROCESS_NAME:  ccSetMgr.exe LAST_CONTROL_TRANSFER:  from 80603253 to 80602c50 STACK_TEXT: f79fb65c 80603253 e3c4c6c8 f79fb674 00000000 nt!ExpAllocateHandleTableEntry+0x1 e f79fb678 805b1d47 e3c4c6c8 f79fb6ac 00000000 nt!ExCreateHandle+0x19 f79fb6cc 805b0174 00000001 e3c52720 00000000 nt!ObpCreateHandle+0x3f7 f79fb79c 805e21dc e3c52720 00000000 00000000 nt!ObOpenObjectByPointer+0xa4 f79fb7f8 805e2557 800017c4 00020008 00000000 nt!NtOpenProcessTokenEx+0x94 f79fb810 8053ca28 800017c4 00020008 f79fb94c nt!NtOpenProcessToken+0x15 f79fb810 804fdded 800017c4 00020008 f79fb94c nt!KiFastCallEntry+0xf8 f79fb894 f879b5dc 800017c4 00020008 f79fb94c nt!ZwOpenProcessToken+0x11 WARNING: Stack unwind information not available. Following frames may be wrong. f79fb978 f879b973 00b30080 fe236be0 fdf3af14 PROCMON11+0x15dc f79fb994 f879c57e 0000023c 00000001 fdf24194 PROCMON11+0x1973 f79fb9d0 f82be888 fdf3af14 f79fb9f0 f79fba20 PROCMON11+0x257e f79fba30 f82c02a0 009fba78 00000000 f79fba78 fltmgr!FltpPerformPreCallbacks+0x2 4 f79fba44 f82c0c48 f79fba78 00000000 81ad8020 fltmgr!FltpPassThroughInternal+0x3 f79fba60 f82c1059 f79fba01 fe75cd88 82397e40 fltmgr!FltpPassThrough+0x1c2 f79fba90 804edfe3 81ad8020 fd998e00 0b2e6000 fltmgr!FltpDispatch+0x10d f79fbaa0 804ee9ae 00000000 fe75cd78 fe75cd88 nt!IopfCallDriver+0x31 f79fbab4 804ee9d5 81ad8020 fe75cd0b fe75cd90 nt!IopPageReadInternal+0xf4 f79fbad4 80512a30 81da9f90 fe75cdb0 fe75cd90 nt!IoPageRead+0x1b f79fbb50 8051bfa0 c071e2a0 e3c54320 c071e2a0 nt!MiDispatchFault+0x286 f79fbbb4 8053f90c 00000000 e3c54320 00000000 nt!MmAccessFault+0x7b4 f79fbbb4 806034e5 00000000 e3c54320 00000000 nt!KiTrap0E+0xcc f79fbc54 805af96a e3c4c6c8 00000190 e1e5d001 nt!ExMapHandleToPointerEx+0x2d f79fbc7c 805c078d 00000190 00000040 823cac68 nt!ObReferenceObjectByHandle+0x12e f79fbd48 8053ca28 00000190 00000010 00dcff88 nt!NtQueryInformationThread+0x43d f79fbd48 7c90eb94 00000190 00000010 00dcff88 nt!KiFastCallEntry+0xf8 00dcff8c 00000000 00000000 00000000 00000000 0x7c90eb94 STACK_COMMAND:  kb FOLLOWUP_IP: PROCMON11+15dc f879b5dc ??              ??? SYMBOL_STACK_INDEX:  8 SYMBOL_NAME:  PROCMON11+15dc FOLLOWUP_NAME:  MachineOwner MODULE_NAME: PROCMON11 IMAGE_NAME:  PROCMON11.SYS DEBUG_FLR_IMAGE_TIMESTAMP:  46142c9b FAILURE_BUCKET_ID:  0x8E_PROCMON11+15dc BUCKET_ID:  0x8E_PROCMON11+15dc Followup: MachineOwner

kd>