(..\..\win32ss\user\ntuser\window.c:2567) err: DestroyWindow Owner out. (..\..\win32ss\user\ntuser\winpos.c:2919) err: NtUserSetWindowPos bad window handle! (..\..\win32ss\user\ntuser\winpos.c:2919) err: NtUserSetWindowPos bad window handle! (..\..\win32ss\user\ntuser\window.c:2995) err: FindWindowEx: Not Desktop Parent! (..\..\ntoskrnl\mm\ARM3\pagfault.c:791) Access on reserved section? Access violation - code c0000005 (!!! second chance !!!) nt!RemoveEntryList+0x1d: 8040293d 895104 mov dword ptr [ecx+4],edx kd> .reload Connected to Windows Server 2003 3790 x86 compatible target at (Wed Sep 19 23:21:01.105 2012 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ................................................... Loading User Symbols ................................ kd> !analyze -v Connected to Windows Server 2003 3790 x86 compatible target at (Wed Sep 19 23:21:44.342 2012 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ................................................... Loading User Symbols ................................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Unknown bugcheck code (0) Unknown bugcheck description Arguments: Arg1: 00000000 Arg2: 00000000 Arg3: 00000000 Arg4: 526484ad Debugging Details: ------------------ PROCESS_NAME: mspaint.exe FAULTING_IP: nt!RemoveEntryList+1d [p:\trunk_slave\x86_msvc\build\include\ddk\wdm.h @ 7940] 8040293d 895104 mov dword ptr [ecx+4],edx EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 8040293d (nt!RemoveEntryList+0x0000001d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 01000003 Attempt to write to address 01000003 ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo EXCEPTION_PARAMETER1: 00000001 EXCEPTION_PARAMETER2: 01000003 WRITE_ADDRESS: 01000003 FOLLOWUP_IP: win32k!UserHeapAlloc+16 [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\ntuser.h @ 40] f869e646 5d pop ebp BUGCHECK_STR: ACCESS_VIOLATION DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 8051b0b6 to 8040293d STACK_TEXT: be07fb80 00000001 b0f520e0 nt!RemoveEntryList(struct _LIST_ENTRY * Entry = 0xbe07fb80 [ 0xffffff - 0xbe0001cc ])+0x1d [p:\trunk_slave\x86_msvc\build\include\ddk\wdm.h @ 7940] be000000 00000009 00075328 nt!RtlpAllocateNonDedicated(struct _HEAP * Heap = 0xbe000000, unsigned long Flags = 9, unsigned long Size = 0x75328, unsigned long AllocationSize = 0x75330, unsigned long Index = 0xea66, unsigned char HeapLocked = 0x00 '')+0x76 [p:\trunk_slave\x86_msvc\build\lib\rtl\heap.c @ 1894] be000000 00000009 00075328 nt!RtlAllocateHeap(void * HeapPtr = 0xbe000000, unsigned long Flags = 9, unsigned long Size = 0x75328)+0x432 [p:\trunk_slave\x86_msvc\build\lib\rtl\heap.c @ 2187] 00075328 ffffffff 00000005 win32k!UserHeapAlloc(unsigned long Bytes = 0x75328)+0x16 [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\ntuser.h @ 40] f81f1728 00000006 00075328 win32k!UserCreateObject(struct _USER_HANDLE_TABLE * ht = 0xbe007708, struct _DESKTOP * pDesktop = 0x00000000, void ** h = 0xf81f1728, _USER_OBJECT_TYPE type = otClipBoardData (0n6), unsigned long size = 0x75328)+0x7d [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\object.c @ 323] b1193478 2e05016e f81f1744 win32k!IntSynthesizeDib(struct _WINSTATION_OBJECT * pWinStaObj = 0xb1193478, struct HBITMAP__ * hBm = 0x2e05016e)+0xd5 [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\clipboard.c @ 171] b1193478 b1193478 00000001 win32k!IntAddSynthesizedFormats(struct _WINSTATION_OBJECT * pWinStaObj = 0xb1193478)+0x160 [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\clipboard.c @ 293] 00000000 f81f178c 804fd669 win32k!UserCloseClipboard(void)+0x7a [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\clipboard.c @ 462] 77f2cb82 00e0c1f4 f81f17c4 win32k!NtUserCloseClipboard(void)+0xe [p:\trunk_slave\x86_msvc\build\win32ss\user\ntuser\clipboard.c @ 484] f86593d0 00dca69c 00000000 nt!KiSystemCallTrampoline(void * Handler = 0xf86593d0, void * Arguments = 0x00dca69c, unsigned long StackBytes = 0)+0x19 [p:\trunk_slave\x86_msvc\build\ntoskrnl\include\internal\i386\ke.h @ 668] f81f17e4 00dca69c 00dca69c nt!KiSystemCall(struct _KTRAP_FRAME * TrapFrame = 0xf81f17e4, void * Arguments = 0x00dca69c)+0x1f2 [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 1629] 00dcc350 77f2c26e badb0d00 nt!KiFastCallEntryHandler(struct _KTRAP_FRAME * TrapFrame = 0xf81f17e4, void * Arguments = 0x00dca69c)+0x6d [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 1675] 00dcc350 77f2c26e badb0d00 nt!KiFastCallEntry+0x71 0040a9f3 7ffba000 00000016 ntdll!KiFastSystemCallRet 7ffba000 00000016 00000000 user32!ZwUserCloseClipboard+0xc 0003011a 00000111 000100df mspaint!WindowProcedure(struct HWND__ * hwnd = 0x0003011a, unsigned int message = 0x111, unsigned int wParam = 0x100df, long lParam = 0n0)+0x1e63 [p:\trunk_slave\x86_msvc\build\base\applications\mspaint\winproc.c @ 788] 00dd8620 0003011a 00000111 user32!IntCallWindowProcW(int IsAnsiProc = 0n0, * WndProc = 0x00408b90, struct _WND * pWnd = 0x00dd8620, struct HWND__ * hWnd = 0x0003011a, unsigned int Msg = 0x111, unsigned int wParam = 0x100df, long lParam = 0n0)+0x3b2 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1400] 00dcc468 00000020 00dcffe0 user32!User32CallWindowProcFromKernel(void * Arguments = 0x00dcc468, unsigned long ArgumentLength = 0x20)+0x15d [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 2824] 0003011a 00020140 00dcfdb8 ntdll!KiUserCallbackDispatcher+0x2e 00400000 00000000 00032936 mspaint!wWinMain(struct HINSTANCE__ * hThisInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, unsigned short * lpszArgument = 0x00032936, int nFunsterStil = 0n1)+0xf35 [p:\trunk_slave\x86_msvc\build\base\applications\mspaint\main.c @ 472] 00000001 000353d0 00032f08 mspaint!wmain(int flags = 0n1, unsigned short ** cmdline = 0x000353d0, unsigned short ** inst = 0x00032f08)+0x1e [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crt0_w.c @ 25] 000000ff 00dcfff0 77dae275 mspaint!__tmainCRTStartup(void)+0x248 [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crtexe.c @ 307] 77f2cb82 00e0c1f4 7ffba000 mspaint!wWinMainCRTStartup(void)+0x1f [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crtexe.c @ 168] 0040bc70 00000000 e10100e0 kernel32!BaseProcessStartup( * lpStartAddress = 0x0040bc70)+0x55 [p:\trunk_slave\x86_msvc\build\dll\win32\kernel32\client\proc.c @ 473] STACK_COMMAND: kb FAULTING_SOURCE_CODE: 36: { 37: return RtlAllocateHeap(GlobalUserHeap, 38: HEAP_NO_SERIALIZE, 39: Bytes); > 40: } 41: 42: static __inline BOOL 43: UserHeapFree(PVOID lpMem) 44: { 45: return RtlFreeHeap(GlobalUserHeap, SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!UserHeapAlloc+16 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5059ce31 FAILURE_BUCKET_ID: ACCESS_VIOLATION_win32k!UserHeapAlloc+16 BUCKET_ID: ACCESS_VIOLATION_win32k!UserHeapAlloc+16 Followup: MachineOwner ---------