re: printer not present causes fatal read error!
Tuesday, June 10, 2003 at 6:44 pm
Windows 2000 Annoyances Discussion Forum
Posted by Henry Tsai
(1 messages posted)
Jeremy:
I and my colleague got the same problem.
Dr. Watson says:
fault ->6061fdc3 f3a5 rep movsd ds:00000000=???????? es:0022f400=01f112d8
The difference is that we got this problem mostly in WinWord, sometimes Excel.
I found your message in google and read it.
(Ok, just the first half because the second half is too hard for me.)
I tried to delete some unresponding printer and it seems fix the problem.
I'd like to say thank you for it help me a lot.
And please pray for me that the problem will never occur ^^
Thanks again !!
Henry.
On Sunday, February 23, 2003 at 3:17 pm, Jeremy McCormick wrote:
>Kevin,
>
>Let's talk about read/write errors, pointers and drwatson:
>
>I'm not sure if you're having printer issues, but these read/write errors which
specify
>two 32-bit addresses are actually quite generic, only indicating a general type
of
>error and not necessarily the cause. This could be a problem with drivers, application/system
>dlls or the application exe (in this case, Netscape).
>
>The basic cause of an access (more properly --> addressing) exception is a pointer
>"run amock" so that it is pointing at some invalid address (i.e. outside its allowed
>area) *or* it is a null pointer (all zeros) that is being interpretted by the application
>as a valid memory location when it is not! In your case, "0x077319bc" is the address
>which Netscape is attempting to write to ... likely the 1st address is a valid instruction
>in the executable, but the second is protected, and *maybe* not valid for the executable
>to be writing.
>
>This is academic, so let's get down to debugging, using my problem and its drwatson
>dump as an illustrative example.
>
>Win2k includes drwatson, which can be started as your debugger. It sounds like
you
>do not have it running by default, so type "drwtsn32 -i" (sin quotes) at the command
>line or from the run box.
>
>Now start your application in question (in your case, Netscape) and cause the error
>(or just wait for it to occur if this is a startup error). This should cause a
dump
>file to be created, usually drwtsn.log, instead of that unhelpful pop-up error message.
> You will receive a mesg. that drwatson is creating a dump -- mine go in "Docs and
>Settings\All Users\Documents" (yours may differ). The dump name is drwtsn32.log
>and will be appended to if it already exists. Just search for drwtsn32.log on your
>system partition (C:\) after you've gotten the mesg. that drwatson created a dump
>for you.
>
>(I've included portions of my own dump for illustrative purposes.)
>
>My dump indicates an "access violation" ("0005") in Ultra Edit 32, which means the
>application in question attempted to read from memory outside its designated area,
>in this case from "0x00000000". Incidentally, this is the same as the IBM SOC5
addressing
>exception, which indicates that the memory location is protected from reading/writing
>by this program.
>
>I can tell that Windows crashed when executing DrvConvertDevMode ("function:").
>My theory is that a null pointer was encountered, but this was not checked in the
>code. The applications (Photoshop, Visio and Ultra Edit) were assuming a printer
>driver existed where it didn't and attempted to read from this null pointer location
>(aka 0x00000000). This was the cause of the access violation. Furthermore, a more
>specific diagnosis might target NtReplyWaitReceivePortEx which is also dumped as
>a relavent function. Perhaps it was the returner of the null pointer. I really
>don't care now that this whole problem is "fixed".
>
>Taking a look at the Microsoft doc page for the function DrvConvertDevMode, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/graphics/hh/graphics/drvrfnc_8s6f.asp,
>I see "The function should verify that both pdmIn and pdmOut" exist. This is a
Microsoft
>SDK function (indicated at the top). It was looking for a valid data structure
for
>my Windows 2000 driver (pdmIn) and Windows 98 (pdfmOut, server). One was not found,
>yet the function did not check for this and return a reasonable error message.
Instead,
>it assumed a null pointer was actually the address of a valid DEVMODEW structure
>for the Windows 98 printer driver.
>
>I find it asinine that Microsoft did not follow their own error-checking guidelines
>in this system function and output a more informative error message after testing
>and trapping for the null pointer.
>
>You can also see on the task list that "1196 UEDIT32.exe" was the application that
>caused the crash (appears just before drwatsn itself). I'm thinking that Ultra
Edit
>was not the real culprit, and it was a dll loaded in UE's application space containing
>this printer conversion function, though I could be totally off here and be blaming
>MS when it is this application's fault. Oh, well, I like bashing Microsoft because
>it is so easy. :)
>
>The function which caused the error was
>DrvConvertDevMode
>and the faulting instruction ...
>FAULT ->6061fdc3 f3a5 rep movsd ds:00000000=???????? es:00162c28=00000000
>
>Though I'm no PC assembler guru (hehe, IBM assembler is another matter!) this shows
>me that several key memory locations (i.e. function arguments) were zero, i.e. null
>pointers. Since the Windows 98 printer driver was not present, this DrvConvertDevMode
>function received null pointers which were probably not trapped. Thus, the application
>attempted to read from 0x00000000 (null pointer), most certainly an invalid address
>to mess with (probably containing essential OS instructions) and crashed.
>
>Now, this is all rather circuitous and somewhat involved. You might have better
>luck searching google for the specific error mesg. you're receiving, which should
>be in Event Viewer -> Application Messages (I didn't find anything on groups or
web
>using portions of your error mesg.).
>
>Sorry, I couldn't give more specific help for your Netscape error.
>
>Why don't you get drwtsn32 running as your debugger and post a full dump here?
I'll
>take a look at it for you and see if I can pinpoint the exact function/instruction
>causing the error. That will give you something specific to gripe about to Netscape/Microsoft/annoyances.org.
>
>Here is the dump from the example above ...
>
>----start drwatson dump----
>
>Application exception occurred:
> App: (pid=1112)
> When: 2/13/2003 @ 13:26:21.840
> Exception number: c0000005 (access violation)
>
>*----> System Information <----*
> Computer Name: MACHINE
> User Name: jeremy
> Number of Processors: 1
> Processor Type: x86 Family 6 Model 4 Stepping 4
> Windows 2000 Version: 5.0
> Current Build: 2195
> Service Pack: 3
> Current Type: Uniprocessor Free
> Registered Organization: none
> Registered Owner: Jeremy McCormick
>
>*----> Task List <----*
>
>...
>
>1112 UEDIT32.exe
>1228 DRWTSN32.exe
> 0 _Total.exe
>
>...
>
>State Dump for Thread Id 0x41c
>
>eax=00000844 ebx=00000000 ecx=00000211 edx=00000000 esi=00000000 edi=0016a008
>eip=6061fdc3 esp=0012ed60 ebp=0012ed68 iopl=0 nv up ei pl nz ac po nc
>cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
>
>
>function: DrvConvertDevMode
> 6061fda4 3bfe cmp edi,esi
> 6061fda6 7608 jbe DrvConvertDevMode+0x80c4 (606238b0)
> 6061fda8 3bf8 cmp edi,eax
> 6061fdaa 0f8278010000 jb DrvConvertDevMode+0x473c (6061ff28)
> 6061fdb0 f7c703000000 test edi,0x3
> 6061fdb6 7514 jnz DrvDocumentEvent+0xef1 (6062becc)
> 6061fdb8 c1e902 shr ecx,0x2
> 6061fdbb 83e203 and edx,0x3
> 6061fdbe 83f908 cmp ecx,0x8
> 6061fdc1 7229 jb 6062f0ec
>FAULT ->6061fdc3 f3a5 rep movsd ds:00000000=???????? es:0016a008=00000000
> 6061fdc5 ff2495d8fe6160 ds:00000000=????????
> jmp dword ptr [DrvConvertDevMode+0x46ec (6061fed8)+edx*4]
> 6061fdcc 8bc7 mov eax,edi
> 6061fdce ba03000000 mov edx,0x3
> 6061fdd3 83e904 sub ecx,0x4
> 6061fdd6 720c jb DrvConvertDevMode+0xc8f8 (606280e4)
> 6061fdd8 83e003 and eax,0x3
> 6061fddb 03c8 add ecx,eax
> 6061fddd ff2485f0fd6160 ds:00000844=????????
> jmp dword ptr [DrvConvertDevMode+0x4604 (6061fdf0)+eax*4]
> 6061fde4 ff248de8fe6160 ds:00000211=????????
> jmp dword ptr [DrvConvertDevMode+0x46fc (6061fee8)+ecx*4]
> 6061fdeb 90 nop
> 6061fdec ff248d6cfe6160 ds:00000211=????????
> jmp dword ptr [DrvConvertDevMode+0x4680 (6061fe6c)+ecx*4]
>
>...
>
>function: NtReplyWaitReceivePortEx
> 77f83bad b8ac000000 mov eax,0xac
> 77f83bb2 8d542404 lea edx,[esp+0x4] ss:021ad3fb=????????
> 77f83bb6 cd2e int 2e
> 77f83bb8 c21400 ret 0x14
>
>----end drwatson dump----
>
>Cheers!
>Jeremy
>
>
|
