RE: WINLOGON.EXE Crashing After Update



ldminoc
07-10-2005, 01:13 AM
I experienced the same (stop 21a, winlogon error), but mine appears to have
faulted in ntdll (if symbols are correct, see below). Have followed numerous
paths to try and resolve the issue, including about 20 clean installs of XP
over the last week to no avail. My problem description closely matches what
is described in KB318666. Interestingly, the article is dated 4/4/05, yet
references a fix file with a date of 3/1/02!!!

As indicated in KB318666, after a clean install with updates, the system
works for ~20 logons then crashes. Don't quite know which update is doing the
damage, but suspect it's one of the updates after SP2.

Anybody found a solution?

----
Application exception occurred:
App: \??\C:\WINDOWS\system32\winlogon.exe (pid=688)
When: 5/27/2005 @ 17:26:03.984
Exception number: 80000007
()
..
..
..
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
FAULT ->ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e


"Stingray" wrote:

> We've started seeing a problem here I wanted to run by the Guru's here and
> see if anyone has seen similar issues and has an answer. In the past week
> several of our users have had a problems that seem to appear after Windows
> Auto Update applies a patch to their system. Some have hung on shutdown and
> had to have the power turned off, others have had an error at logon that
> WINLOGON.EXE caused an error and then the system reboots.
>
> I've looked at the Dr. Watson logs for the WINLOGON error and have inserted
> the pertinent sections of one below. The Exception Number is the usual
> C0000005. The FAULT indication is under the function:
> MSGINA!WlxGetStatusMessage. The reference to MSGINA made me think of the fact
> that we use U.are.U for biometric authentication which has it's own Gina.
> Perhaps it's conflicting with one of the updates.
>
> Has anyone out there seen issues like this or have any recommendations what
> we might do to prevent these errors. So far they clear up after the reboot
> but I am concerned that we'll have larger issues in the future if we don't
> address them now.
>
> -----------------------------
>
> Application exception occurred:
> App: \??\C:\Windows\system32\winlogon.exe (pid=1324)
> When: 3/8/2005 @ 17:18:30.302
> Exception number: c0000005 (access violation)
>
> *----> System Information <----*
> Computer Name: PC-CHOOIK
> User Name: SYSTEM
> Terminal Session Id: 1
> Number of Processors: 1
> Processor Type: x86 Family 15 Model 2 Stepping 4
> Windows Version: 5.1
> Current Build: 2600
> Service Pack: 2
> Current Type: Uniprocessor Free
> Registered Organization:
> Registered Owner:
>
> *----> Task List <----*
> 0 System Process
> 4 System
> 360 smss.exe
> 408 csrss.exe
> 432 winlogon.exe
> 476 services.exe
> 488 lsass.exe
> 696 svchost.exe
> 756 svchost.exe
> 820 svchost.exe
> 880 svchost.exe
> 928 svchost.exe
> 1124 spoolsv.exe
> 1256 DpHost.exe
> 1316 ngctw32.exe
> 1368 NMSSvc.exe
> 1424 ntrtscan.exe
> 1452 nvsvc32.exe
> 1476 OfcPfwSvc.exe
> 1556 tmlisten.exe
> 1836 0FCD0G.EXE
> 792 alg.exe
> 908 rdpclip.exe
> 1908 Explorer.EXE
> 2440 pccntmon.exe
> 2448 DPAgnt.exe
> 3024 csrss.exe
> 1324 winlogon.exe
> 2532 drwtsn32.exe
>
> *----> Module List <----*
> (0000000000f90000 - 0000000000fd3000: C:\Program
> Files\DigitalPersona\Bin\DPPS.dll
> (0000000001000000 - 0000000001080000: \??\C:\Windows\system32\winlogon.exe
> (0000000001080000 - 0000000001345000: C:\Windows\system32\xpsp2res.dll
> (0000000001410000 - 0000000001440000: C:\Program
> Files\DigitalPersona\Bin\DpCPPWr.dll
> (000000000ffd0000 - 000000000fff8000: C:\Windows\system32\rsaenh.dll
> (0000000010000000 - 0000000010157000: C:\Windows\system32\DPGINA.dll
> (0000000020000000 - 0000000020017000: C:\Windows\system32\odbcint.dll
> (000000005ad70000 - 000000005ada8000: C:\Windows\system32\uxtheme.dll
> (000000005b860000 - 000000005b8b4000: C:\Windows\system32\NETAPI32.dll
> (000000005d090000 - 000000005d127000: C:\Windows\system32\COMCTL32.dll
> (0000000071aa0000 - 0000000071aa8000: C:\Windows\system32\WS2HELP.dll
> (0000000071ab0000 - 0000000071ac7000: C:\Windows\system32\WS2_32.dll
> (0000000071b20000 - 0000000071b32000: C:\Windows\system32\MPR.dll
> (0000000071cf0000 - 0000000071d3b000: C:\Windows\system32\kerberos.dll
> (00000000723d0000 - 00000000723ec000: C:\Windows\system32\WinSCard.dll
> (0000000073000000 - 0000000073026000: C:\Windows\system32\WINSPOOL.DRV
> (0000000074320000 - 000000007435d000: C:\Windows\system32\ODBC32.dll
> (0000000075930000 - 000000007593a000: C:\Windows\system32\PROFMAP.dll
> (0000000075940000 - 0000000075948000: C:\Windows\system32\NDdeApi.dll
> (0000000075950000 - 000000007596a000: C:\Windows\system32\WlNotify.dll
> (0000000075970000 - 0000000075a67000: C:\Windows\system32\MSGINA.dll
> (0000000076360000 - 0000000076370000: C:\Windows\system32\WINSTA.dll
> (00000000763b0000 - 00000000763f9000: C:\Windows\system32\comdlg32.dll
> (0000000076600000 - 000000007661d000: C:\Windows\system32\cscdll.dll
> (0000000076790000 - 000000007679c000: C:\Windows\system32\cryptdll.dll
> (00000000769c0000 - 0000000076a73000: C:\Windows\system32\USERENV.dll
> (0000000076b40000 - 0000000076b6d000: C:\Windows\system32\WINMM.dll
> (0000000076bc0000 - 0000000076bcf000: C:\Windows\system32\REGAPI.dll
> (0000000076bf0000 - 0000000076bfb000: C:\Windows\system32\PSAPI.DLL
> (0000000076c30000 - 0000000076c5e000: C:\Windows\system32\WINTRUST.dll
> (0000000076c90000 - 0000000076cb8000: C:\Windows\system32\IMAGEHLP.dll
> (0000000076f50000 - 0000000076f58000: C:\Windows\system32\wtsapi32.dll
> (0000000076fd0000 - 000000007704f000: C:\Windows\system32\CLBCATQ.DLL
> (0000000077050000 - 0000000077115000: C:\Windows\system32\COMRes.dll
> (0000000077120000 - 00000000771ac000: C:\Windows\system32\OLEAUT32.dll
> (00000000773d0000 - 00000000774d2000:
> C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
> (00000000774e0000 - 000000007761d000: C:\Windows\system32\ole32.dll
> (00000000776c0000 - 00000000776d1000: C:\Windows\system32\AUTHZ.dll
> (00000000776e0000 - 0000000077703000: C:\Windows\system32\SHSVCS.dll
> (0000000077920000 - 0000000077a13000: C:\Windows\system32\SETUPAPI.dll
> (0000000077a80000 - 0000000077b14000: C:\Windows\system32\CRYPT32.dll
> (0000000077b20000 - 0000000077b32000: C:\Windows\system32\MSASN1.dll
> (0000000077b40000 - 0000000077b62000: C:\Windows\system32\Apphelp.dll
> (0000000077c00000 - 0000000077c08000: C:\Windows\system32\VERSION.dll
> (0000000077c10000 - 0000000077c68000: C:\Windows\system32\msvcrt.dll
> (0000000077d40000 - 0000000077dd0000: C:\Windows\system32\USER32.dll
> (0000000077dd0000 - 0000000077e6b000: C:\Windows\system32\ADVAPI32.dll
> (0000000077e70000 - 0000000077f01000: C:\Windows\system32\RPCRT4.dll
> (0000000077f10000 - 0000000077f56000: C:\Windows\system32\GDI32.dll
> (0000000077f60000 - 0000000077fd6000: C:\Windows\system32\SHLWAPI.dll
> (0000000077fe0000 - 0000000077ff1000: C:\Windows\system32\Secur32.dll
> (000000007c800000 - 000000007c8f4000: C:\Windows\system32\kernel32.dll
> (000000007c900000 - 000000007c9b0000: C:\Windows\system32\ntdll.dll
> (000000007c9c0000 - 000000007d1d4000: C:\Windows\system32\SHELL32.dll
>
> *----> State Dump for Thread Id 0x92c <----*
>
> eax=00000000 ebx=00000002 ecx=000941e0 edx=00072f48 esi=000941e0 edi=00000000
> eip=75990626 esp=00aefd44 ebp=00aefd4c iopl=0 nv up ei pl nz na pe nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
>
> function: MSGINA!WlxGetStatusMessage
> 75990610 90 nop
> 75990611 90 nop
> 75990612 90 nop
> 75990613 8bff mov edi,edi
> 75990615 55 push ebp
> 75990616 8bec mov ebp,esp
> 75990618 ff750c push dword ptr [ebp+0xc]
> 7599061b 8b4508 mov eax,[ebp+0x8]
> 7599061e ff7004 push dword ptr [eax+0x4]
> 75990621 a1f4c09975 mov eax,[MSGINA+0x2c0f4 (7599c0f4)]
> FAULT ->75990626 ff500c call dword ptr [eax+0xc]
> ds:0023:0000000c=????????
> 75990629 5d pop ebp
> 7599062a c20800 ret 0x8
> 7599062d 90 nop
> 7599062e 90 nop
> 7599062f 90 nop
> 75990630 90 nop
> 75990631 90 nop
> 75990632 8bff mov edi,edi
> 75990634 55 push ebp
> 75990635 8bec mov ebp,esp
>
> *----> Stack Back Trace <----*
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> ChildEBP RetAddr Args to Child
> 00aefd4c 75997431 00b836ec 00000078 0000033c MSGINA!WlxGetStatusMessage+0x1521
> 00aeffa4 759735f2 00000000 00000000 00aeffec MSGINA+0x27431
> 00aeffb4 7c80b50b 000941e0 00000000 00000000 MSGINA!Ordinal1+0xbbf
> 00aeffec 00000000 759735e1 000941e0 00000000 kernel32!GetModuleFileNameA+0x1b4
>
> *----> Raw Stack Dump <----*
> 0000000000aefd44 d8 26 05 10 78 00 00 00 - a4 ff ae 00 31 74 99 75
> .&..x.......1t.u
> 0000000000aefd54 ec 36 b8 00 78 00 00 00 - 3c 03 00 00 02 00 00 00
> .6..x...<.......
> 0000000000aefd64 00 00 00 00 59 75 99 75 - 00 00 00 00 e0 41 09 00
> ....Yu.u.....A..
> 0000000000aefd74 e0 41 09 00 10 bb a6 f5 - c0 00 00 00 00 00 00 00
> .A..............
> 0000000000aefd84 12 00 00 00 00 00 00 00 - ff ff 53 01 e8 db b2 82
> ..........S.....
> 0000000000aefd94 e0 41 09 00 02 00 00 00 - f8 54 00 00 57 00 69 00
> .A.......T..W.i.
> 0000000000aefda4 6e 00 6c 00 6f 00 67 00 - 6f 00 6e 00 00 00 f9 82
> n.l.o.g.o.n.....
> 0000000000aefdb4 a4 ec 6e 80 00 00 00 00 - 00 00 00 00 38 00 00 00
> ..n.........8...
> 0000000000aefdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 00 00 00 00
> #...#...........
> 0000000000aefdd4 e0 41 09 00 23 00 00 00 - 23 00 00 00 e1 35 97 75
> .A..#...#....5.u
> 0000000000aefde4 e8 e3 06 00 56 08 81 7c - 1b 00 00 00 00 02 00 00
> ....V..|........
> 0000000000aefdf4 fc ff ae 00 23 00 00 00 - af 1e 58 80 20 00 00 00
> ....#.....X. ...
> 0000000000aefe04 c0 fe 53 01 00 00 00 00 - ff ff ff ff 06 00 00 00
> ..S.............
> 0000000000aefe14 50 01 00 00 00 00 04 00 - e8 db b2 82 60 fd 4c 82
> P...........`.L.
> 0000000000aefe24 00 55 00 c0 00 00 00 00 - 00 ff 53 01 78 fd 4c 82
> .U........S.x.L.
> 0000000000aefe34 30 58 b7 82 81 59 01 00 - 18 74 c5 81 00 00 00 00
> 0X...Y...t......
> 0000000000aefe44 9c 36 50 c0 e0 dd b2 82 - e6 05 00 00 64 bb a6 f5
> .6P.........d...
> 0000000000aefe54 3d be 4e 80 e6 05 00 00 - e0 dd b2 82 00 90 fd 7f
> =.N.............
> 0000000000aefe64 fc 07 30 c0 64 ff 1f c0 - e6 05 00 00 00 00 00 00
> ..0.d...........
> 0000000000aefe74 00 00 00 00 00 00 00 00 - 00 00 00 00 94 bb a6 f5
> ................
>
>
>


RE: WINLOGON.EXE Crashing After Update