locked
WinDbg 6.12.0002.633 x86 Event Filter/Load module=enable won't stop on some modules RRS feed

  • Question

  •   Here's my command window:

    0:000> g
    ModLoad: 65940000 65947000   C:\windows\system32\NTVDMD.DLL
    eax=0113bb40 ebx=00000000 ecx=00000007 edx=0000005b esi=7ffde000 edi=010ef79c
    eip=777564f4 esp=010ef6b4 ebp=010ef708 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!KiFastSystemCallRet:
    777564f4 c3              ret
    0:000> g
    Loading [C:\windows\system32\ntio.sys]
    Loading [C:\WINDOWS\SYSTEM32\HIMEM.SYS]
    Loading [C:\WINDOWS\SYSTEM32\COMMAND.COM]
    Loading [C:\windows\system32\MSCDEXNT.EXE]
    Loading [C:\windows\system32\REDIR.EXE]
    ModLoad: 74790000 74798000   C:\windows\system32\VDMREDIR.DLL
    eax=00000000 ebx=00000000 ecx=01133180 edx=00000200 esi=7ffde000 edi=010ef9cc
    eip=777564f4 esp=010ef8e4 ebp=010ef938 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=fbd4  es=d583  fs=003b  gs=0000             efl=00000246
    ntdll!KiFastSystemCallRet:
    777564f4 c3              ret

     

    0:000> g
    ModLoad: 73e50000 73e5f000   C:\windows\system32\wkscli.dll
    eax=756ed106 ebx=00000000 ecx=756ed108 edx=77710000 esi=7ffde000 edi=010ef28c
    eip=777564f4 esp=010ef1a4 ebp=010ef1f8 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!KiFastSystemCallRet:
    777564f4 c3              ret
    0:000> g
    Loading [C:\windows\system32\DOSX.EXE]
    Loading [C:\DAD\TOOLS\MYPROGS\DAYOFWK.EXE]
    (1388.15f4): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=00000010 ecx=000000ff edx=00000e0c esi=00000000 edi=00000400
    eip=0000001f esp=00000410 ebp=0000091e iopl=0     vif nv up ei pl nz na po nc
    cs=0e09  ss=0e0c  ds=0e0c  es=0df9  fs=0000  gs=0000             efl=000a4202
    0e09:001f cc              int     3

     

      As u can see, some modules are trapped, but others, ESPECIALLY mine (DAYOFWK.exe) are not!

    I tried un-successfully to 't' from the last 1 trapped B 4 DOSX.exe but never was able to get anywhere; it just seemed to loop, even after many 't 99999' or 'p 99999'. 

    I had to assemble in my own INT 3 in order to get it to stop.

    All this because CV.exe no longer runs in Win7 (access violation; apparent bad SI reg).

      Comments?

    Saturday, June 4, 2011 8:32 PM

Answers

  • Hi

     

    This is Windows SteadyState Forum, please contact the Windows 7 Forum for further help:

      

    http://social.technet.microsoft.com/Forums/en-us/category/w7itpro

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

     

     

    Regards,

    Leo   Huang


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Thursday, June 9, 2011 8:12 AM
    Monday, June 6, 2011 5:47 AM

All replies

  • Hi

     

    This is Windows SteadyState Forum, please contact the Windows 7 Forum for further help:

      

    http://social.technet.microsoft.com/Forums/en-us/category/w7itpro

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

     

     

    Regards,

    Leo   Huang


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Thursday, June 9, 2011 8:12 AM
    Monday, June 6, 2011 5:47 AM
  •   Re-did to Windows 7 Misc forum...
    Thursday, June 16, 2011 2:09 AM