Process And Port Analyzer

Slave a tutti,

vi segnalo questo programma che ho trovato molto utile: Process And Port Analyzer.

Ve lo segnalo per due motivi: il primo è che l’ho trovato utile per analizzare il traffico di rete in entrata ed uscita dal mio PC e capire quindi se qualche programma fosse fuori controllo, il secondo è che ho il sospetto che sia causa di alcuni dump del sistema operativo (schermate blu) che ho subito tempo fa.

Non sono certo che ne sia la causa ma dopo averlo disinstallato il problema non si è più ripresentato.

Vi riporto l’analisi del Minidump con la speranza che sia utile nel caso anche voi siate incappati nell’uso di questo programma:

Loading Dump File [C:WINDOWSMinidumpMini030709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:WINDOWSsymbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sat Mar  7 13:18:27.531 2009 (GMT+2)
System Uptime: 1 days 17:35:37.315
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {2, 471, dfe5a, 1}
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** WARNING: Unable to verify timestamp for eBoost.sys
*** ERROR: Module load completed but symbols could not be loaded for eBoost.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
Probably caused by : ntoskrnl.exe ( nt!_woutput+414 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc).  If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000002, A list entry was corrupt
Arg2: 00000471, entry in list being removed
Arg3: 000dfe5a, highest physical page number
Arg4: 00000001, reference count of entry being removed
Debugging Details:
------------------
BUGCHECK_STR:  0x4E_2
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  DRIVER_FAULT
PROCESS_NAME:  winlogon.exe
LOCK_ADDRESS:  805591e0 -- (!locks 805591e0)
Resource @ nt!PiEngineLock (0x805591e0)    Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
    Lock address  : 0x805591e0
    Thread Count  : 0
    Thread address: 0x00000000
    Thread wait   : 0x0
LAST_CONTROL_TRANSFER:  from 80521c48 to 804f9f43
STACK_TEXT:
b7c19a64 80521c48 0000004e 00000002 00000471 nt!_woutput+0x414
b7c19a8c 8050efdd 8868f4c0 8a71a7e0 87e15da8 nt!MiResolveMappedFileFault+0x1a9
b7c19b60 8050faa4 e8822008 e88241d8 e8822098 nt!`string'+0x29
b7c19b9c 804e439b 8868f4f0 00000000 00000000 nt!PipProcessRestartPhase1+0x1b
b7c19c24 ba5411f3 8859f154 00000000 00000000 nt!KeWaitForSingleObject+0x295
b7c19c50 ba5449d0 8982f4b0 e5e90988 00000000 Ntfs!NtfsFlushUserStream+0x6c
b7c19cd4 ba544d28 8982f4b0 8b07f738 00000001 Ntfs!NtfsFlushVolume+0x22a
b7c19d74 ba53203b 8982f4b0 884fc3c0 88b566c0 Ntfs!NtfsCommonVolumeOpen+0x341
b7c19e50 804ef19f 8b07f658 884fc3c0 884fc3c0 Ntfs!NtfsFsdCreate+0x14d
b7c19e90 804ef19f 8b080888 884fc3c0 88b566c0 nt!MiFlushSectionInternal+0x256
b7c19eec 804ef19f 8b080a78 00000001 8afca308 nt!MiFlushSectionInternal+0x256
b7c19f08 ba5b92e4 884fc3c0 8b195538 b7c19f40 nt!MiFlushSectionInternal+0x256
WARNING: Stack unwind information not available. Following frames may be wrong.
b7c19f18 ba5c1571 884fc3c0 00000000 00000000 eBoost+0x12e4
b7c19f40 ba5b88c3 884fc3c0 8b195480 b7c19f84 eBoost+0x9571
b7c19f50 804ef19f 8b195480 884fc3c0 884fc3c0 eBoost+0x8c3
b7c19f84 ba5eb754 b7c19fa4 8ade4ce0 00000000 nt!MiFlushSectionInternal+0x256
b7c19fc0 804ef19f 8ade4ce0 884fc3c0 884fc3c0 fltmgr!FltpCreate+0x26a
b7c1a0b0 805bf450 8afcc9e0 00000000 88e6e008 nt!MiFlushSectionInternal+0x256
b7c1a128 805bb9dc 00000000 b7c1a168 00000240 nt!MiFindExportedRoutineByName+0x6e
b7c1a17c 80576033 00000000 00000000 00000000 nt!IopInitializeDCB+0xb2
b7c1a1f8 805769aa b7c1a39c 00100003 b7c1a384 nt!SeAssignSecurity+0xa
b7c1a254 805790b4 b7c1a39c 00100003 b7c1a384 nt!SepDuplicateToken+0x22a
b7c1a294 8054162c b7c1a39c 00100003 b7c1a384 nt!SeAccessCheckByType+0x638
b7c1a2c8 80500031 badb0d00 b7c1a340 b7c1a2f0 nt!RtlIpv4StringToAddressExW+0xad
b7c1a5a4 805c82d2 b7c1a5bc 00000000 001f0003 nt!MiPfPutPagesInTransition+0x608
b7c1a600 8065318a b7c1a6e4 b7c1a768 80652e18 nt!ArbGetNextAllocationRange+0x46
b7c1a6d0 8054162c 00000002 00000004 20000003 nt!CmpSplitLeaf+0x183
b7c1a6e4 80501021 badb0d00 b7c1a75c 0006f174 nt!RtlIpv4StringToAddressExW+0xad
b7c1a830 8054162c 00000002 00000004 20000003 nt!IopStartNextPacketByKeyEx+0x74
b7c1a844 7c91e4f4 badb0d00 0006f168 00000001 nt!RtlIpv4StringToAddressExW+0xad
b7c1a858 00000000 000000b0 00000001 00000000 0x7c91e4f4
STACK_COMMAND:  kb
FOLLOWUP_IP:
nt!_woutput+414
804f9f43 5d              pop     ebp
SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  nt!_woutput+414
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: nt
IMAGE_NAME:  ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP:  48a3fbd9
FAILURE_BUCKET_ID:  0x4E_2_nt!_woutput+414
BUCKET_ID:  0x4E_2_nt!_woutput+414
Followup: MachineOwner
---------
Sostieni il blog con una piccola donazione! Grazie!

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

÷ five = two