morthing, к сожалению, в стеке нет обращений к сторонним DLL (на что я надеялся).
Код:
User Mini Dump File: Only registers, stack and portions of memory are available
Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Windows XP Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Fri Aug 6 11:12:16.000 2010 (GMT+4)
System Uptime: not available
Process Uptime: 0 days 4:08:58.000
..............................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(5b0.644): Access violation - code c0000005 (first/second chance not available)
eax=01280028 ebx=000ea430 ecx=000358e4 edx=000ea3f4 esi=0010a000 edi=0129408c
eip=77eb44a9 esp=00c2ee48 ebp=00c2ee5c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
rpcrt4!BASE_CONNECTION::ProcessRead+0x106:
77eb44a9 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] es:0023:0129408c=???????? ds:0023:0010a000=????????
0:010> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
Unable to load image C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for FwcWsp.dll
*** ERROR: Module load completed but symbols could not be loaded for FwcWsp.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ipsecsvc.dll -
Unable to load image C:\WINDOWS\system32\imon.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for imon.dll
*** ERROR: Module load completed but symbols could not be loaded for imon.dll
FAULTING_IP:
rpcrt4!BASE_CONNECTION::ProcessRead+106
77eb44a9 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77eb44a9 (rpcrt4!BASE_CONNECTION::ProcessRead+0x00000106)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0010a000
Attempt to read from address 0010a000
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
PROCESS_NAME: lsass.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
READ_ADDRESS: 0010a000
LAST_CONTROL_TRANSFER: from 77e85641 to 77eb44a9
STACK_TEXT:
00c2ee5c 77e85641 000ea47c 00c2f014 00c2f010 rpcrt4!BASE_CONNECTION::ProcessRead+0x106
00c2ee7c 77eec072 000ea430 00c2f014 00c2f010 rpcrt4!CO_SubmitSyncRead+0xe1
00c2eea8 77e84e5d 00000001 00c2f014 00c2f010 rpcrt4!WS_SyncRecv+0x81
00c2eec8 77e852af 0012edb8 00000048 00c2f014 rpcrt4!OSF_CCONNECTION::TransSendReceive+0x9d
00c2efd0 77e8503d 00000001 000f8f98 00000000 rpcrt4!OSF_CCONNECTION::SendBindPacket+0x575
00c2f018 77e84946 000f8f98 00000000 00000001 rpcrt4!OSF_CCONNECTION::ActuallyDoBinding+0xa6
00c2f07c 77e84a5d 000ef518 000dbba0 00000000 rpcrt4!OSF_CCONNECTION::OpenConnectionAndBind+0x20f
00c2f0c0 77e849ac 00000000 00c2f1ac 000ef518 rpcrt4!OSF_CCALL::BindToServer+0x104
00c2f124 77e7fdbc 00c2f148 00000000 00000000 rpcrt4!OSF_BINDING_HANDLE::AllocateCCall+0x2b6
00c2f154 77e78a01 00000000 00c2f1d8 00000001 rpcrt4!OSF_BINDING_HANDLE::NegotiateTransferSyntax+0x28
00c2f16c 77e78a38 00c2f1ac 00000000 00c2f18c rpcrt4!I_RpcGetBufferWithObject+0x5b
00c2f17c 77e7906d 00c2f1ac 00c2f588 00c2f56c rpcrt4!I_RpcGetBuffer+0xf
00c2f18c 77ef460b 00c2f1d8 000000db 000ef518 rpcrt4!NdrGetBuffer+0x28
00c2f56c 77e9389c 77e9fbe8 77e93976 00c2f588 rpcrt4!NdrClientCall2+0x195
00c2f580 77e93731 000ef518 000d72d0 000e0018 rpcrt4!ept_map+0x1b
00c2f630 77e9f3db 000d72d0 77dcf4f4 77dcf508 rpcrt4!EpResolveEndpoint+0x245
00c2f684 77eb72ad 77dcf4f0 000d72d0 000d72f0 rpcrt4!DCE_BINDING::ResolveEndpointIfNecessary+0x14a
00c2f6b4 77eb69eb 77dcf4f0 00000000 00c2f710 rpcrt4!OSF_BINDING_HANDLE::ResolveBinding+0x40
00c2f6c4 77e0c2e6 000d72c0 77dcf4f0 00000001 rpcrt4!RpcEpResolveBinding+0x3c
00c2f710 75487c99 000e7ed4 000f8f80 00000006 advapi32!LsaICLookupNamesWithCreds+0x9d
00c2f774 7547f861 00c2f864 00000001 0011a690 lsasrv!LsapDbLookupNameChainRequest+0x96
00c2f800 7544a1f5 00000000 00000001 000bc964 lsasrv!LsapDbLookupNamesInPrimaryDomain+0x182
00c2f8ac 7543b200 00000000 00000001 000bc964 lsasrv!LsapLookupNames+0x3cc
00c2f8e4 77e799f4 000e6f08 00000001 000bc964 lsasrv!LsarLookupNames3+0xaa
00c2f91c 77ef421a 7543b188 00c2f930 00000009 rpcrt4!Invoke+0x30
00c2fd3c 77ef46ee 00000000 00000000 000d8df4 rpcrt4!NdrStubCall2+0x297
00c2fd58 77e794bd 000d8df4 000b31f0 000d8df4 rpcrt4!NdrServerCall2+0x19
00c2fd8c 77e79422 75417345 000d8df4 00c2fe2c rpcrt4!DispatchToStubInC+0x38
00c2fde0 77e7934e 00000044 00000000 754b01cc rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x113
00c2fe04 77e8156c 000d8df4 00000000 754b01cc rpcrt4!RPC_INTERFACE::DispatchToStub+0x84
00c2fe34 77e81499 000d8db8 00000000 000d8d80 rpcrt4!OSF_SCALL::DispatchHelper+0x115
00c2fe48 77e8141d 00000000 00000044 000bc930 rpcrt4!OSF_SCALL::DispatchRPCCall+0xfe
00c2fe78 77e81328 000bc930 03000080 00000044 rpcrt4!OSF_SCALL::ProcessReceivedPDU+0x58a
00c2fea0 77e7877b 000bc930 00000080 7c80980a rpcrt4!OSF_SCALL::BeginRpcCall+0x204
00c2ff00 77e786b6 00000000 000bc930 00000080 rpcrt4!OSF_SCONNECTION::ProcessReceiveComplete+0x3fb
00c2ff14 77e772ff 000b4b48 0000000c 00000000 rpcrt4!ProcessConnectionServerReceivedEvent+0x21
00c2ff80 77e77328 00c2ffa8 77e76ad1 000b4b48 rpcrt4!LOADABLE_TRANSPORT::ProcessIOEvents+0x16f
00c2ff88 77e76ad1 000b4b48 003c0178 00000000 rpcrt4!ProcessIOEventsWrapper+0xd
00c2ffa8 77e76c97 0009ee70 00c2ffec 7c80b713 rpcrt4!BaseCachedThreadRoutine+0x79
00c2ffb4 7c80b713 000bcd60 003c0178 00000000 rpcrt4!ThreadStartRoutine+0x1a
00c2ffec 00000000 77e76c7d 000bcd60 00000000 kernel32!BaseThreadStart+0x37
FOLLOWUP_IP:
lsasrv!LsapDbLookupNameChainRequest+96
75487c99 8bc8 mov ecx,eax
SYMBOL_STACK_INDEX: 14
SYMBOL_NAME: lsasrv!LsapDbLookupNameChainRequest+96
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: lsasrv
IMAGE_NAME: lsasrv.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 480381be
FAULTING_THREAD: 00000644
PRIMARY_PROBLEM_CLASS: STRING_DEREFERENCE
BUGCHECK_STR: APPLICATION_FAULT_STRING_DEREFERENCE
STACK_COMMAND: ~10s; .ecxr ; kb
FAILURE_BUCKET_ID: APPLICATION_FAULT_STRING_DEREFERENCE_lsasrv!LsapDbLookupNameChainRequest+96
BUCKET_ID: APPLICATION_FAULT_STRING_DEREFERENCE_lsasrv!LsapDbLookupNameChainRequest+96
Followup: MachineOwner
---------
Хотя есть странность: библиотека imon.dll относится к ESET (NOD32). Но вы сказали, что стоит Каспер. Попробуйте отключить.
Еще можно поставить
KB968389 и
KB970238 (в них свежие версии Lsasrv.dll и Rpcrt4.dll).
