WinMgmt drwatson program error


G

Guest

winmgmt.exe crashes with a drwatson fault every 5 minutes. I use w2k with ALL
installed updates

I have a drwatson logfile drwtsn32.log where the faults are stored.

How can I solve the problem?

How can I send the drwtsn32.log to microsoft support for a analyse? Will
microsoft do such a analyse of the drwtsn32.log file? WinXP automatically
sends the problem fault to microsoft, but win2k doesn´t do so.

Here are the drwtsn32.log file entrys:


Microsoft (R) Windows 2000 (R) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. Alle Rechte vorbehalten.



Anwendungsausnahme aufgetreten:
Anwendung: (pid=652)
Wann: 09.05.2005 @ 19:00:04.015
Ausnahmenummer: c0000005 (Zugriffsverletzung)

*----> Systeminformationen <----*
Computername: MAX
Benutzername: SYSTEM
Prozessoranzahl: 1
Prozessortyp: x86 Family 15 Model 2 Stepping 4
Windows 2000-Version: 5.0
Aktuelles Build: 2195
Service Pack: 4
Aktueller Typ: Uniprocessor Free
Firma: Hutterer
Besitzer: Hutterer

*----> Taskliste <----*
0 Idle.exe
8 System.exe
144 smss.exe
168 csrss.exe
164 winlogon.exe
216 services.exe
228 lsass.exe
404 svchost.exe
428 spoolsv.exe
460 svchost.exe
488 nvsvc32.exe
516 regsvc.exe
548 MSTask.exe
596 SMAgent.exe
624 stisvc.exe
652 WinMgmt.exe
684 mspmspsv.exe
696 svchost.exe
212 WinMgmt.exe
756 drwtsn32.exe
0 _Total.exe

(00400000 - 00430000)
(77880000 - 77903000)
(65A70000 - 65B1D000)
(77E00000 - 77E5F000)
(77E70000 - 77F30000)
(77F40000 - 77F7B000)
(78000000 - 78045000)
(79350000 - 793B2000)
(77D20000 - 77D91000)
(779A0000 - 77A3B000)
(77A40000 - 77B2F000)
(784A0000 - 78526000)
(659D0000 - 65A6E000)
(77810000 - 77817000)
(75940000 - 75946000)
(70020000 - 70046000)

Statusabbild für Threadkennung 0x288

eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000078
eip=77882926 esp=0012fac8 ebp=0012fb38 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


Funktion: NtReadFile
7788291b b8a1000000 mov eax,0xa1
77882920 8d542404 lea edx,[esp+0x4]
ss:00ba99af=00000000
77882924 cd2e int 2e
77882926 c22400 ret 0x24

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012FB38 79364CD9 00000078 0012FC00 00000216 0012FB60 ntdll!NtReadFile
0012FB64 79364B5F 00000078 0012FC00 00000216 0012FB9C
advapi32!StartServiceCtrlDispatcherW
0012FBE0 79366632 00000078 0012FC00 00000216 00650076
advapi32!StartServiceCtrlDispatcherW
0012FE1C 00419D2B 0012FE30 0012FE60 00831F00 00831F00
advapi32!StartServiceCtrlDispatcherA
0012FE40 00416AE6 00424EB8 00000001 00000000 00650076 !<nosymbols>
0012FF24 0041E8BA 00400000 00000000 00132E4A 0000000A !<nosymbols>
0012FFC0 77E9893D 00650076 00000072 7FFDF000 00000070 !<nosymbols>
0012FFF0 00000000 0041E786 00000000 000000C8 00000100
kernel32!ProcessIdToSessionId

*----> Raw Stack Dump <----*
0012fac8 e9 62 e8 77 78 00 00 00 - 00 00 00 00 00 00 00 00 .b.wx...........
0012fad8 00 00 00 00 10 fb 12 00 - 00 fc 12 00 16 02 00 00 ................
0012fae8 00 00 00 00 00 00 00 00 - 9c fb 12 00 68 61 e8 77 ............ha.w
0012faf8 00 fc 12 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................
0012fb08 a0 9e 41 00 00 00 00 00 - 94 fa 12 00 01 01 01 01 ..A.............
0012fb18 60 fb 12 00 00 00 00 00 - f0 fa 12 00 d0 fb 12 00 `...............
0012fb28 d0 fb 12 00 44 1f ec 77 - 80 1e e7 77 ff ff ff ff ....D..w...w....
0012fb38 64 fb 12 00 d9 4c 36 79 - 78 00 00 00 00 fc 12 00 d....L6yx.......
0012fb48 16 02 00 00 60 fb 12 00 - 00 00 00 00 00 00 00 00 ....`...........
0012fb58 00 fc 12 00 00 00 00 00 - 00 00 00 00 e0 fb 12 00 ................
0012fb68 5f 4b 36 79 78 00 00 00 - 00 fc 12 00 16 02 00 00 _K6yx...........
0012fb78 9c fb 12 00 76 00 65 00 - 01 00 00 00 00 00 00 00 ....v.e.........
0012fb88 00 00 00 00 40 6a 13 00 - 14 fc 12 00 00 00 00 00 [email protected]
0012fb98 cc fb 12 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................
0012fba8 20 44 13 00 c0 5a 13 00 - a0 02 00 00 70 00 65 00 D...Z......p.e.
0012fbb8 31 00 30 00 01 00 00 00 - 8d 4e 36 79 00 00 00 00 1.0......N6y....
0012fbc8 7c fb 12 00 40 6a 13 00 - 18 ff 12 00 49 56 36 79 |[email protected]
0012fbd8 58 50 36 79 ff ff ff ff - 1c fe 12 00 32 66 36 79 XP6y........2f6y
0012fbe8 78 00 00 00 00 fc 12 00 - 16 02 00 00 76 00 65 00 x...........v.e.
0012fbf8 4a 2e 13 00 00 00 00 00 - 28 00 00 00 01 00 00 00 J.......(.......

Statusabbild für Threadkennung 0x2a0

eax=65656565 ebx=00000101 ecx=65656565 edx=0086f340 esi=0086f340 edi=00830000
eip=778cc39e esp=0096f090 ebp=0096f25c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246


Funktion: RtlAllocateHeap
778cc37c 0fb70e movzx ecx,word ptr [esi]
ds:0086f340=6565
778cc37f 3bcb cmp ecx,ebx
778cc381 72e5 jb NlsAnsiCodePage+0x7ea (778d1a68)
778cc383 56 push esi
778cc384 ff75a4 push dword ptr [ebp+0xa4]
ss:013e9142=????????
778cc387 e81761fbff call RtlConsoleMultiByteToUnicodeN+0x362
(778824a3)
778cc38c 8b4608 mov eax,[esi+0x8]
ds:012e9226=????????
778cc38f 898590feffff mov [ebp+0xfffffe90],eax
ss:0096f0ec=65656565
778cc395 8b4e0c mov ecx,[esi+0xc]
ds:012e9226=????????
778cc398 898d8cfeffff mov [ebp+0xfffffe8c],ecx
ss:0096f0e8=65656565
FEHLER ->778cc39e 8901 mov [ecx],eax
ds:65656565=????????
778cc3a0 894804 mov [eax+0x4],ecx
ds:660d044b=????????
778cc3a3 8a4605 mov al,[esi+0x5]
ds:012e9226=??
778cc3a6 8845c4 mov [ebp+0xc4],al
ss:013e9142=??
778cc3a9 0fb70e movzx ecx,word ptr [esi]
ds:0086f340=6565
778cc3ac 8b45a4 mov eax,[ebp+0xa4]
ss:013e9142=????????
778cc3af 294828 sub [eax+0x28],ecx
ds:660d044b=????????
778cc3b2 8975d8 mov [ebp+0xd8],esi
ss:013e9142=????????
778cc3b5 c6460501 mov byte ptr [esi+0x5],0x1
ds:012e9226=??
778cc3b9 0fb71e movzx ebx,word ptr [esi]
ds:0086f340=6565
778cc3bc 8b4dbc mov ecx,[ebp+0xbc]
ss:013e9142=????????
778cc3bf 2bd9 sub ebx,ecx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0096F25C 65A71F56 00830000 00000000 00000800 00832370 ntdll!RtlAllocateHeap
0096F280 65A9720F 00000800 65AB5560 00000800 65A5F8F8
!CWin32DefaultArena::WbemMemAlloc
0096F2C0 65A08EA7 80041014 00000000 00000000 0096F2F4 !std::_Lockit::~_Lockit
77E7B580 000001B8 C10F9000 04C24001 00498D00 04244C8B
!CObjectDatabase::DatabaseOperation

*----> Raw Stack Dump <----*
0096f090 10 c1 a5 65 f8 f8 a5 65 - 14 10 04 80 38 73 86 00 ...e...e....8s..
0096f0a0 c0 f0 96 00 88 bc ab 65 - 03 00 00 00 04 00 00 00 .......e........
0096f0b0 18 f7 84 00 50 33 83 00 - d0 2d 85 00 00 00 00 00 ....P3...-......
0096f0c0 1c f1 96 00 e6 8e 9d 65 - a0 34 83 01 18 f7 84 00 .......e.4......
0096f0d0 50 33 83 00 30 34 83 00 - 00 00 00 00 e8 f1 96 00 P3..04..........
0096f0e0 e8 f1 96 00 a0 34 83 00 - 65 65 65 65 65 65 65 65 .....4..eeeeeeee
0096f0f0 d0 2d 85 00 18 f7 84 00 - d0 2d 85 00 00 00 00 00 .-.......-......
0096f100 38 7e 83 00 a0 34 83 00 - 00 00 00 00 eb 8d 9d 65 8~...4.........e
0096f110 e8 f1 96 00 76 dc a2 65 - 04 00 00 00 f4 f1 96 00 ....v..e........
0096f120 07 00 00 00 8c 9d a5 65 - cb f2 e8 77 00 00 00 00 .......e...w....
0096f130 50 33 83 00 35 ef e8 77 - 01 00 00 00 00 00 00 00 P3..5..w........
0096f140 00 00 00 00 88 f1 96 00 - 69 54 88 77 01 00 00 00 ........iT.w....
0096f150 90 01 8d 77 01 00 00 00 - f0 33 83 00 00 00 00 00 ...w.....3......
0096f160 00 34 83 00 99 9a e9 77 - 9c f1 96 00 03 00 1f 00 .4.....w........
0096f170 7c f1 96 00 f8 db fd 7f - 00 00 00 00 18 00 00 00 |...............
0096f180 48 00 00 00 94 f1 96 00 - 00 00 00 00 00 00 00 00 H...............
0096f190 00 00 00 00 2a 00 2c 00 - 00 dc fd 7f a0 01 00 00 ....*.,.........
0096f1a0 c0 f1 96 00 11 9a e9 77 - 03 00 1f 00 00 00 00 00 .......w........
0096f1b0 00 dc fd 7f 50 33 83 00 - 15 00 16 00 1c 87 a5 65 ....P3.........e
0096f1c0 f4 f1 96 00 c3 86 9d 65 - 89 18 35 79 8c 01 00 00 .......e..5y....

Statusabbild für Threadkennung 0x2c4

eax=77d258be ebx=0013c660 ecx=0013c2c0 edx=00000000 esi=0013c410 edi=00000100
eip=77883310 esp=00a6fe28 ebp=00a6ff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202


Funktion: ZwReplyWaitReceivePortEx
77883305 b8ac000000 mov eax,0xac
7788330a 8d542404 lea edx,[esp+0x4]
ss:014e9d0f=????????
7788330e cd2e int 2e
77883310 c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00A6FF74 77D27B4C 77D25924 0013C410 00130608 778CC7C2
ntdll!ZwReplyWaitReceivePortEx
00A6FFA8 77D258D6 0013C638 00A6FFEC 77E7B388 0013C660
rpcrt4!NdrCorrelationInitialize
00A6FFB4 77E7B388 0013C660 00130608 778CC7C2 0013C660 rpcrt4!RpcBindingFree
00A6FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Statusabbild für Threadkennung 0x2d4

eax=77aa5999 ebx=00000102 ecx=00640062 edx=00000000 esi=77882826 edi=00b6ff74
eip=77882831 esp=00b6ff60 ebp=00b6ff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


Funktion: NtDelayExecution
77882826 b832000000 mov eax,0x32
7788282b 8d542404 lea edx,[esp+0x4]
ss:015e9e47=????????
7788282f cd2e int 2e
77882831 c20800 ret 0x8
77882834 53 push ebx
77882835 51 push ecx
77882836 6a00 push 0x0
77882838 c70701000000 mov dword ptr [edi],0x1
ds:00b6ff74=dc3cba00
7788283e ff750c push dword ptr [ebp+0xc]
ss:015e9e62=????????
77882841 50 push eax
77882842 e879fdffff call RtlMultiByteToUnicodeN (778825c0)
77882847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333
(77882474)

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00B6FF7C 77E9A20E 0000EA60 00000000 77AA9967 0000EA60 ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
00b6ff60 43 a2 e9 77 00 00 00 00 - 74 ff b6 00 73 9f e9 77 C..w....t...s..w
00b6ff70 70 ef 13 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 p.....<.....0u..
00b6ff80 0e a2 e9 77 60 ea 00 00 - 00 00 00 00 67 99 aa 77 ...w`.......g..w
00b6ff90 60 ea 00 00 5b 5a aa 77 - 00 00 00 00 00 00 a4 77 `...[Z.w.......w
00b6ffa0 70 ef 13 00 ec ff b6 00 - 70 ef 13 00 b3 59 aa 77 p.......p....Y.w
00b6ffb0 85 7d a5 77 70 7d a5 77 - 88 b3 e7 77 70 ef 13 00 .}.wp}.w...wp...
00b6ffc0 85 7d a5 77 70 7d a5 77 - 70 ef 13 00 00 b0 fd 7f .}.wp}.wp.......
00b6ffd0 62 00 64 00 c0 ff b6 00 - 62 00 64 00 ff ff ff ff b.d.....b.d.....
00b6ffe0 44 1f ec 77 08 2b e7 77 - 00 00 00 00 00 00 00 00 D..w.+.w........
00b6fff0 00 00 00 00 99 59 aa 77 - 70 ef 13 00 00 00 00 00 .....Y.wp.......
00b70000 43 4f 4d 2b 01 00 00 00 - 01 00 11 00 24 00 00 00 COM+........$...
00b70010 00 01 01 00 63 00 00 00 - 00 00 00 01 01 00 00 00 ....c...........
00b70020 00 01 10 00 00 00 00 00 - c0 00 00 00 00 00 00 46 ...............F
00b70030 06 00 00 00 20 01 00 00 - 40 01 00 00 33 5f 30 00 .... [email protected]_0.
00b70040 60 02 00 00 0c 00 00 00 - 33 5f 31 00 6c 02 00 00 `.......3_1.l...
00b70050 88 01 00 00 33 5f 32 00 - f4 03 00 00 38 00 00 00 ....3_2.....8...
00b70060 33 5f 33 00 2c 04 00 00 - a8 05 00 00 33 5f 34 00 3_3.,.......3_4.
00b70070 d4 09 00 00 28 00 00 00 - 33 5f 35 00 fc 09 00 00 ....(...3_5.....
00b70080 28 00 00 00 33 5f 36 00 - 24 0a 00 00 28 00 00 00 (...3_6.$...(...
00b70090 33 5f 37 00 4c 0a 00 00 - 44 08 00 00 33 5f 38 00 3_7.L...D...3_8.
 
Ad

Advertisements

C

Crouchie1998

Looking through your Task List I see you have 2 * WinMgnt's running (212 &
652)

Crouchie1998
BA (HONS) MCP MCSE
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top