Jump to content

CMD.EXE App error has returned


John A

Recommended Posts

I followed the second procedure but the error still didn't occur.  I tried sending you the cmd.dmp file via PM in case you wanted to see it.  After uploading the 24 MB file, I got the following message:  

cmd.dmp

You aren't permitted to upload this kind of file

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Did som debugging on my own and found following error in my dump file.

 

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 

 

************* Symbol Loading Error Summary **************
Module name            Error
ntdll                  The system cannot find the file specified
Link to post
Share on other sites

  • Staff

Can you guys please try the following?:

 

1- Stop MBAE protection from the GUI

2- Start CMD

3- Start MBAE protection from the GUI

 

You might have to do this multiple times to see if you can get a crash. If it does crash it would mean the problem is during the injection process.

Link to post
Share on other sites

I don't get a crash with CMD but I do if I do the same test with a slow load of Internet Explorer, IE fails

 

1- Stop MBAE protection from the GUI

2- Start Firefox

3. Start IE (while FF is starting)

4- Start MBAE protection from the GUI

IE fails

 

I don't know where the crash dumps are located

Link to post
Share on other sites

Log Name:      Application
Source:        Application Error
Date:          21/10/2015 9:19:27 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Acer-PC
Description:
Faulting application name: iexplore.exe, version: 11.0.10240.16412, time stamp: 0x55b99d3f
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc00000fd
Fault offset: 0x0000000000034db8
Faulting process id: 0x1828
Faulting application start time: 0x01d10b855ff42968
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2322a394-e314-4d24-b8e3-834a80869a4a
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-10-20T22:19:27.000000000Z" />
    <EventRecordID>113989</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Acer-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>iexplore.exe</Data>
    <Data>11.0.10240.16412</Data>
    <Data>55b99d3f</Data>
    <Data>ntdll.dll</Data>
    <Data>10.0.10240.16430</Data>
    <Data>55c59f92</Data>
    <Data>c00000fd</Data>
    <Data>0000000000034db8</Data>
    <Data>1828</Data>
    <Data>01d10b855ff42968</Data>
    <Data>C:\Program Files\Internet Explorer\iexplore.exe</Data>
    <Data>C:\WINDOWS\SYSTEM32\ntdll.dll</Data>
    <Data>2322a394-e314-4d24-b8e3-834a80869a4a</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

post-14642-0-19105300-1445379992_thumb.j

Link to post
Share on other sites

And I just got the same failure with Firefox but IE opened OK.  This time I had that RAR config file installed and Process explorer running.  Not sure what to right click on in Process Explorer as firefox.exe isn't there

 

Log Name:      Application
Source:        Application Error
Date:          21/10/2015 9:45:00 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      JohnMargAcer-PC
Description:
Faulting application name: firefox.exe, version: 41.0.1.5750, time stamp: 0x560b22a1
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c599e1
Exception code: 0xc0000005
Fault offset: 0x0003fa65
Faulting process id: 0x24d8
Faulting application start time: 0x01d10b88e856ecaf
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4803e500-fcef-4467-9ca5-48beff9246a5
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-10-20T22:45:00.000000000Z" />
    <EventRecordID>114301</EventRecordID>
    <Channel>Application</Channel>
    <Computer>JohnMargAcer-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>firefox.exe</Data>
    <Data>41.0.1.5750</Data>
    <Data>560b22a1</Data>
    <Data>ntdll.dll</Data>
    <Data>10.0.10240.16430</Data>
    <Data>55c599e1</Data>
    <Data>c0000005</Data>
    <Data>0003fa65</Data>
    <Data>24d8</Data>
    <Data>01d10b88e856ecaf</Data>
    <Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
    <Data>C:\WINDOWS\SYSTEM32\ntdll.dll</Data>
    <Data>4803e500-fcef-4467-9ca5-48beff9246a5</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

Link to post
Share on other sites

  • Staff

Thanks all for the dumps you submitted. Unfortunately only one dump corresponds to an exception and even then there was no hint of MBAE in the dump.

 

In order to try to make this easier (generating crash dumps) an easier approach might be SysInternals ProcDump -> https://technet.microsoft.com/en-us/sysinternals/dd996900

 

1- Download and extract ProcDump to your Desktop or temporary directory

2- Run it once to accept its EULA

3- Open an elevated cmd prompt (i.e. run as admin) and type "procdump -e cmd.exe". You can replace cmd.exe with the other process name that is crashing, for ex "procdump -e firefox.ex" or "procdump -e winword.exe".

4- Replicate the problem by opening the application that is crashing.

 

If the application produces and unhandled exception it will generate a dump. Also on screen procdump will show the normal handled exceptions which are normal in programs but do not imply crashes.

 

Please re-run your tests and submit crash dumps using ProcDump instead of ProcessExplorer.

 

Thanks!

Link to post
Share on other sites

I get the following when I try this using an elevated CMD. (Also, I can get the crash with Word, by the way)

 

Copyright © 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

No process matching the specified name can be found.
Try elevating the command prompt or using PsExec to make one as SYSTEM.
        psexec.exe -s -d -i cmd.exe
        procdump.exe -accepteula ...

C:\Users\...\Downloads\ProcDump>procdump -e winword.exe

ProcDump v7.1 - Writes process dump files
Copyright © 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

No process matching the specified name can be found.
Try elevating the command prompt or using PsExec to make one as SYSTEM.
        psexec.exe -s -d -i cmd.exe
        procdump.exe -accepteula ...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.