Hello,
Been experiencing sporadic crashes with IIS (Windows 2000 Server Sp4).
I ran IISState with the SC option and got the following log file after
the last crash. Any ideas? Something about NTDLL.DLL? Thanks.
-----------------------
Opened log file 'C:\iisstate\output\IISState-1776.log'
***********************
Starting new log output
IISState version 3.3.1
Mon Feb 20 08:20:32 2006
OS = Windows 2000
Executable: inetinfo.exe
PID = 1776
Note: Thread times are formatted as HH:MM:SS.ms
***********************
IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlZeroHeap
Thread ID: 39
System Thread ID: ac0
Kernel Time: 0:0:0.62
User Time: 0:0:0.250
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\ole32.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0236f4a4 77fcb80c ntdll!RtlZeroHeap+0x624
01 0236f550 7ce70fa1 ntdll!RtlFreeHeap+0x142
02 00000000 00000000 ole32!CoCreateFreeThreadedMarshaler+0xba
Closing open log file C:\iisstate\output\IISState-1776.log
Opened log file 'C:\iisstate\output\IISState-1776.log'
***********************
Starting new log output
IISState version 3.3.1
Mon Feb 20 08:20:32 2006
OS = Windows 2000
Executable: inetinfo.exe
PID = 1776
Note: Thread times are formatted as HH:MM:SS.ms
***********************
Thread ID: 0
System Thread ID: 984
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\ADVAPI32.dll -
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINNT\system32\inetsrv\inetinfo.exe
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0006f910 7c2dd578 ntdll!ZwReadFile+0xb
01 0006f93c 7c2dd61e ADVAPI32!StartServiceW+0x10e
02 0006f9b8 7c2d1e18 ADVAPI32!StartServiceW+0x1b4
03 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x74
04 0006fd30 01001e94 inetinfo+0x2884
05 77e333da 2474ff50 inetinfo+0x1e94
06 0c24448d 00000000 0x2474ff50
Thread ID: 1
System Thread ID: 6ec
Kernel Time: 0:0:0.31
User Time: 0:0:0.62
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\KERNEL32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 005dfd44 7c57b3db ntdll!NtWaitForSingleObject+0xb
01 00000001 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 2
System Thread ID: a04
Kernel Time: 0:0:7.250
User Time: 0:0:2.953
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\IisRTL.DLL -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0071feac 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 0071ff08 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1f
03 00233b40 000003e9
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 3
System Thread ID: 9fc
Kernel Time: 0:0:8.62
User Time: 0:0:2.890
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0075feac 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 0075ff08 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 0075ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1f
03 00233bf0 000003ea
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 4
System Thread ID: 520
Kernel Time: 0:0:0.46
User Time: 0:0:0.218
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\RPCRT4.dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 00baff74 77d4e0c0 ntdll!ZwReplyWaitReceivePortEx+0xb
01 00baffa8 77d4af16 RPCRT4!UuidCreate+0x13e
02 00baffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
03 00baffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 5
System Thread ID: b14
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsrv\httpext.dll -
Thread Type: WebDav Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0241ff5c 6b5e9a8c ntdll!ZwRemoveIoCompletion+0xb
01 0241ff8c 6b5e9a44 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x1079f
02 0241ffb4 7c57b388 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x10757
03 0241ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 6
System Thread ID: 9f0
Kernel Time: 0:0:0.78
User Time: 0:0:0.109
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsrv\INFOCOMM.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 00e3fc6c 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 00e3fcc8 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 00e3fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1f
03 00c43c84 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
Thread ID: 7
System Thread ID: 9f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 00fbff88 6d7029ef ntdll!ZwRemoveIoCompletion+0xb
01 00fbffb4 7c57b388 ISATQ!CDirMonitor::RemoveEntry+0x183
02 00fbffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 8
System Thread ID: a18
Kernel Time: 0:0:0.406
User Time: 0:0:0.187
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 00ffff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 9
System Thread ID: a1c
Kernel Time: 0:0:0.156
User Time: 0:0:0.31
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0104ff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 10
System Thread ID: a24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 011cfee4 77d4fa03 ntdll!ZwRemoveIoCompletion+0xb
01 011cff20 77d4f964 RPCRT4!PerformRpcInitialization+0x107c
02 011cff74 77d43dd7 RPCRT4!PerformRpcInitialization+0xfdd
03 011cffa8 77d4af16 RPCRT4!RpcBindingSetOption+0x982
04 011cffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
05 011cffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 11
System Thread ID: a24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 011cfee4 77d4fa03 ntdll!ZwRemoveIoCompletion+0xb
01 011cff20 77d4f964 RPCRT4!PerformRpcInitialization+0x107c
02 011cff74 77d43dd7 RPCRT4!PerformRpcInitialization+0xfdd
03 011cffa8 77d4af16 RPCRT4!RpcBindingSetOption+0x982
04 011cffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
05 011cffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 12
System Thread ID: a34
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0145fd70 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 0145ffb4 7c57b388 KERNEL32!WaitForMultipleObjects+0x17
02 0145ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 13
System Thread ID: a38
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0149ff70 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 0149ffb4 7c57b388 KERNEL32!WaitForMultipleObjects+0x17
02 0149ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 14
System Thread ID: a3c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 014dff74 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 014dffb4 7c57b388 KERNEL32!WaitForMultipleObjects+0x17
02 014dffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 15
System Thread ID: a40
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0165ff8c 7c57b3db ntdll!NtWaitForSingleObject+0xb
01 0165ffec 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 16
System Thread ID: a44
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0179ff68 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 0179ffb4 7c57b388 KERNEL32!WaitForMultipleObjects+0x17
02 0179ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 17
System Thread ID: a48
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 017dff90 7c57b3db ntdll!NtWaitForSingleObject+0xb
01 017dffec 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 18
System Thread ID: a4c
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\msafd.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\WS2_32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsloc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0189fd1c 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 0189fe08 750312f5 msafd!WSPSetSockOpt+0xdaa
02 0189fe6c 6e2b3b6e WS2_32!select+0xcb
03 0189ffb4 7c57b388 inetsloc!TerminateSvcLocator+0xbe8
04 0189ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 19
System Thread ID: 994
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0354ff74 77d4e0c0 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0354ffa8 77d4af16 RPCRT4!UuidCreate+0x13e
02 0354ffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
03 0354ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 20
System Thread ID: 9c8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0192ff7c 7c57b3db ntdll!NtWaitForSingleObject+0xb
01 741873d4 72705c74 KERNEL32!WaitForSingleObject+0xf
02 6e5c3a44 00000000 0x72705c74
Thread ID: 21
System Thread ID: a54
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsrv\SMTPSVC.dll -
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 019aff20 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 019aff9c 6b56dccd KERNEL32!WaitForMultipleObjects+0x17
02 019affb4 7c57b388
SMTPSVC!IIS_SERVICE::GetServiceConfigInfoSize+0xb6af
03 019affec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 22
System Thread ID: a60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01a8fe38 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 01a8ff24 750312f5 msafd!WSPSetSockOpt+0xdaa
02 01a8ff88 6d7075bd WS2_32!select+0xcb
03 00c4caac 000006cc ISATQ!SetIISCapTraceFlag+0x1ce5
Thread ID: 23
System Thread ID: a64
Kernel Time: 0:0:0.812
User Time: 0:0:0.828
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01acff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 24
System Thread ID: a68
Kernel Time: 0:0:0.765
User Time: 0:0:0.718
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01b0ff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 25
System Thread ID: a6c
Kernel Time: 0:0:1.390
User Time: 0:0:1.328
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01b4ff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 26
System Thread ID: 6ac
Kernel Time: 0:0:0.203
User Time: 0:0:0.156
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 02ecff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 27
System Thread ID: a74
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01bcffb4 7c57b388 ntdll!NtDelayExecution+0xb
01 01bcffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 28
System Thread ID: a50
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0358ff74 77d4e0c0 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0358ffa8 77d4af16 RPCRT4!UuidCreate+0x13e
02 0358ffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
03 0358ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 29
System Thread ID: a50
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0358ff74 77d4e0c0 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0358ffa8 77d4af16 RPCRT4!UuidCreate+0x13e
02 0358ffb4 7c57b388 RPCRT4!RpcMgmtSetCancelTimeout+0xe3
03 0358ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 30
System Thread ID: a84
Kernel Time: 0:0:0.640
User Time: 0:0:0.687
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01c8ff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 31
System Thread ID: a88
Kernel Time: 0:0:1.359
User Time: 0:0:1.187
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01d0ff7c 6d702957 ntdll!ZwRemoveIoCompletion+0xb
01 7c31c535 68ff6aec ISATQ!CDirMonitor::RemoveEntry+0xeb
02 8b55c08b 00000000 0x68ff6aec
Thread ID: 32
System Thread ID: a9c
Kernel Time: 0:0:0.31
User Time: 0:0:0.62
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01d5fc6c 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 01d5fcc8 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 01d5fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1f
03 00c5d65c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
Thread ID: 33
System Thread ID: aa0
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01d9ff84 7c57b3db ntdll!NtWaitForSingleObject+0xb
01 77f87ee0 8b000000 KERNEL32!WaitForSingleObject+0xf
02 180d8b64 00000000 0x8b000000
Thread ID: 34
System Thread ID: aa4
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsrv\w3svc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\MSVCRT.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01e0fec0 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 01e0ff1c 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 01e0ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1f
03 01e0ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
04 01e0ffb4 7c57b388 MSVCRT!endthread+0xc1
05 01e0ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 35
System Thread ID: aa8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 01e4fef8 77e4169f ntdll!ZwWaitForMultipleObjects+0xb
01 01e4ff54 77e41706 USER32!MsgWaitForMultipleObjectsEx+0xcf
02 01e4ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1f
03 01e4ffb4 7c57b388 w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
04 01e4ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 36
System Thread ID: 484
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 034fffb4 7c57b388 ntdll!ZwRemoveIoCompletion+0xb
01 034fffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 37
System Thread ID: a98
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0229ff58 7c59a10e ntdll!ZwWaitForMultipleObjects+0xb
01 0229ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17
Thread ID: 38
System Thread ID: abc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\comsvcs.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\TxfAux.Dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 022dfb94 77d5d675 ntdll!ZwRequestWaitReplyPort+0xb
01 022dfba0 7cef6bee RPCRT4!I_RpcSendReceive+0x24
02 022dfbc0 7cef6ab9 ole32!DllDebugObjectRPCHook+0x12a
03 022dfbd8 7cef3ab6 ole32!WdtpInterfacePointer_UserSize+0x1b7e
04 022dfc18 7cef692d ole32!StgGetIFillLockBytesOnFile+0x1ad3f
05 022dfc88 7ce87f7f ole32!WdtpInterfacePointer_UserSize+0x19f2
06 022dfce0 77d9a063 ole32!UpdateDCOMSettings+0xb410
07 022dfcfc 77d9a011 RPCRT4!NdrProxySendReceive+0x48
08 022dff44 77d99db8 RPCRT4!IUnknown_AddRef_Proxy+0x194
09 022dff60 77d4183f RPCRT4!NdrProxyGetBuffer+0x11b
0a 022dff70 787f6732 RPCRT4!NdrMesTypeAlignSize+0xc5
0b 7886df74 ffffffff comsvcs!RegisterComEvents+0x6aec
0c 00169c40 7886df74 0xffffffff
0d 00000000 00000000 comsvcs!RegisterComEvents+0x7e32e
Thread ID: 39
System Thread ID: ac0
Kernel Time: 0:0:0.62
User Time: 0:0:0.250
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0236f4a4 77fcb80c ntdll!RtlZeroHeap+0x624
01 0236f550 7ce70fa1 ntdll!RtlFreeHeap+0x142
02 00000000 00000000 ole32!CoCreateFreeThreadedMarshaler+0xba
Thread ID: 40
System Thread ID: 26c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: WebDav Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0245ff5c 6b5e9a8c ntdll!ZwRemoveIoCompletion+0xb
01 0245ff8c 6b5e9a44 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x1079f
02 0245ffb4 7c57b388 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x10757
03 0245ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 41
System Thread ID: 524
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: WebDav Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 0249ff5c 6b5e9a8c ntdll!ZwRemoveIoCompletion+0xb
01 0249ff8c 6b5e9a44 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x1079f
02 0249ffb4 7c57b388 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x10757
03 0249ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 42
System Thread ID: 208
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: WebDav Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 024dff5c 6b5e9a8c ntdll!ZwRemoveIoCompletion+0xb
01 024dff8c 6b5e9a44 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x1079f
02 024dffb4 7c57b388 httpext!BUFFER_CHAIN_ITEM::QueryUsed+0x10757
03 024dffec 00000000 KERNEL32!lstrcmpiW+0xb7
*****
Dump name is formatted as: PID-Timestamp.dmp
Creating C:\iisstate\output\1776-1140452433.dmp - mini user dump
*****
Closing open log file C:\iisstate\output\IISState-1776.log