Forum Discussion

RvdH1040's avatar
RvdH1040
Copper Contributor
Aug 26, 2023

Windows 11 behind IIS WebFarm, error with ARRhelper

I have a few old (classic) asp websites on a system located behind a WebFarm on IIS (Application Request Routing)   The application pool for these asp websites runs in 32-bit mode, Classic mode wit...
configuration
Features
RvdH1040's avatar
RvdH1040
Copper Contributor
Aug 26, 2023

WinDbg (preview)

 

!analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Check Image - Checksum mismatch - Dump: 0x3c279, File: 0x3cdc7 - C:\ProgramData\Dbg\sym\iiscore.dll\A2E34FB23f000\iiscore.dll

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Write

    Key  : Analysis.CPU.mSec
    Value: 9374

    Key  : Analysis.Elapsed.mSec
    Value: 182349

    Key  : Analysis.IO.Other.Mb
    Value: 71

    Key  : Analysis.IO.Read.Mb
    Value: 1

    Key  : Analysis.IO.Write.Mb
    Value: 124

    Key  : Analysis.Init.CPU.mSec
    Value: 218

    Key  : Analysis.Init.Elapsed.mSec
    Value: 127191

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 132

    Key  : CLR.Engine
    Value: MSCORWKS

    Key  : CLR.NOSOS
    Value: 1

    Key  : CLR.Version
    Value: 2.0.50727.9174

    Key  : Failure.Bucket
    Value: INVALID_POINTER_WRITE_NOSOS_c0000005_iiscore.dll!W3_SERVER::Initialize

    Key  : Failure.Hash
    Value: {9bac41b3-2f45-d1cb-67a0-f4c2319a6b83}

    Key  : Timeline.Process.Start.DeltaSec
    Value: 1

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Version
    Value: 10.0.22621.1

    Key  : WER.Process.Version
    Value: 10.0.22621.1


FILE_IN_CAB:  WER.26273a21-2923-4bff-9c69-99934ad3ed9e.tmp.mdmp

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  (.ecxr)eax=053fda38 ebx=77770000 ecx=03b5aa95 edx=00000020 esi=52c8528c edi=00000000
eip=52c8a6c9 esp=0565f3d8 ebp=0565f5a4 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
iiscore!W3_SERVER::Initialize+0xab0:
52c8a6c9 c7431011000000  mov     dword ptr [ebx+10h],11h ds:002b:77770010=000000b8
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)ExceptionAddress: 52c8a6c9 (iiscore!W3_SERVER::Initialize+0x00000ab0)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 77770010
Attempt to write to address 77770010

PROCESS_NAME:  w3wp.exe

WRITE_ADDRESS:  77770010 

ERROR_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%p verwijst naar geheugen op 0x%p. Het geheugen kan niet worden %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  77770010

ADDITIONAL_DEBUG_TEXT:  SOS.DLL is not loaded for managed code. Analysis might be incomplete

STACK_TEXT:  
0565f5a4 52cad945     0501a040 05370120 00000000 iiscore!W3_SERVER::Initialize+0xab0
0565f804 52caddbd     05370120 52cadd80 00000002 iiscore!IISCORE_PROTOCOL_MANAGER::InitializeGlobals+0x1bb
0565f81c 58a87d3c     00000000 00000000 00000000 iiscore!IISCORE_PROTOCOL_MANAGER::PreloadApplication+0x3d
0565f83c 58a87c9a     00000000 05370200 57fbfc10 w3wphost!W3WP_HOST::ProcessHttpPreloadApplications+0x58
0565f85c 58a88ccb     00010002 00000000 0501e0f8 w3wphost!W3WP_HOST::ProcessPreloadApplications+0x74
0565f87c 57fc17e1     0501e0f8 04c2a598 57fc1340 w3wphost!WP_IPM::AcceptMessage+0x1bb
0565f8bc 77796e84     0501e0f8 00000000 66b5a3ff iisutil!IPM_MESSAGE_PIPE::MessagePipeCompletion+0x4a1
0565f914 777ad924     0565fa3c 04c2a598 04c451c0 ntdll!RtlpTpWaitCallback+0xa4
0565f93c 777ad86d     00000000 04be0840 04c452b8 ntdll!TppExecuteWaitCallback+0x7e
0565f954 777ae9a7     0565fa3c 04c452b8 04c451c0 ntdll!TppWaitCompletion+0x7d
0565fb18 76a57ba9     04be0840 76a57b90 0565fb80 ntdll!TppWorkerThread+0x567
0565fb28 777db79b     04be0840 66b5a16b 00000000 kernel32!BaseThreadInitThunk+0x19
0565fb80 777db71f     ffffffff 778089d8 00000000 ntdll!__RtlUserThreadStart+0x2b
0565fb90 00000000     00000000 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~6s; .ecxr ; kb

SYMBOL_NAME:  iiscore!W3_SERVER::Initialize+ab0

MODULE_NAME: iiscore

IMAGE_NAME:  iiscore.dll

FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_NOSOS_c0000005_iiscore.dll!W3_SERVER::Initialize

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x86

OSNAME:  Windows 10

IMAGE_VERSION:  10.0.22621.608

FAILURE_ID_HASH:  {9bac41b3-2f45-d1cb-67a0-f4c2319a6b83}

Followup:     MachineOwner
---------

 

Resources