Member Avatar for ziggystarman

Hi
been using the following code to close an external program.

ShellExecute(0, L"open", L"taskkill.exe",L" /f /im program.exe", 0, SW_HIDE);

However once in a while I get the dreaded windows blue screen, not sure what to make of the mini logs it produces. One suggestion on microsoft's site is that it could be a virus, I can rule that one out to start with.

I suppose my question/s is how do we interpret these logs, is this problem a result of the above or is this simply a windows configuration problem?.

Many thanks.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini033111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\Windows\symbols
Executable search path is: 
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (3 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0x8303e000 PsLoadedModuleList = 0x83155c70
Debug session time: Thu Mar 31 14:24:47.527 2011 (GMT+1)
System Uptime: 0 days 7:52:50.477
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 832564cb, debc4c0c, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntkrnlpa.exe ( nt+2184cb )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 832564cb, The address that the exception occurred at
Arg3: debc4c0c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: nt

FAULTING_MODULE: 8303e000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4cb710d6

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt+2184cb
832564cb f00fb116        lock cmpxchg dword ptr [esi],edx

TRAP_FRAME:  debc4c0c -- (.trap 0xffffffffdebc4c0c)
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=00000250 edx=00000001 esi=00000250 edi=88bab288
eip=832564cb esp=debc4c80 ebp=00000076 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt+0x2184cb:
832564cb f00fb116        lock cmpxchg dword ptr [esi],edx ds:0023:00000250=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from a6c55af2 to 832564cb

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
debc4c7c a6c55af2 88bab288 00000001 8300f0b0 nt+0x2184cb
debc4c80 88bab288 00000001 8300f0b0 00000007 0xa6c55af2
debc4c84 00000000 8300f0b0 00000007 78457350 0x88bab288


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt+2184cb
832564cb f00fb116        lock cmpxchg dword ptr [esi],edx

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt+2184cb

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntkrnlpa.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
  • 4 Contributors
  • 6 Replies
  • 175 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by ziggystarman

Recommended Answers

All 6 Replies

Member Avatar for Voidz

Why not system("taskkill") or whatever? You're a fucking horrible programmer.

Member Avatar for ziggystarman

From a recent post by Voidz

Hi DW, I'm extremely new to DaniWeb. I have been coding in C++ for about one month.

Thank you expert for your advice.

commented: Agreed +15
Member Avatar for triumphost

Use the code he told u in the first post. Though i dont see why anyone should call you horrible.

System("taskkill /f /im program.exe");

What I wanna know is why are you trying to hide it??

Member Avatar for ziggystarman

What I wanna know is why are you trying to hide it??

I was just testing various ways of killing off programs, that one just happened to be the one I was using at the time the blue screen appeared & no particular reason other than that.

system ("taskkill /f /im program.exe");
Process::Start("taskkill.exe"," /f /im program.exe");
ShellExecute(0, L"open", L"taskkill.exe",L" /f /im program.exe", 0, SW_HIDE);

Is this relevant to the blue screen problem?

Member Avatar for Ancient Dragon

When you pull the rug out from under an executing program there is no guarentee that the operating system can kill the process cleanly. Using that taskkill.exe should be a last resort.

Member Avatar for ziggystarman

Using that taskkill.exe should be a last resort.

Thanks for pointing that out, I'll look at using a different method to kill off running executing programs, maybe that goes some way to explaining the Blue Screen problem.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.