Re: Short Crash Analysis...
  Home FAQ Contact Sign in
microsoft.public.windowsxp.device_driver.dev only
 
Advanced search
POPULAR GROUPS

more...
 Up
Re: Short Crash Analysis...         

Group: microsoft.public.windowsxp.device_driver.dev · Group Profile
Author: Theo
Date: Aug 27, 2007 11:56

File purpose and description:
Bds.exe is a program file which you would have installed
yourself on your own computer. The exact disk location is
also shown below to verfiy it is not spyware, as many
spyware programs use similiar names and just locate them
elsewhere on your hard drive. Always check the proper disk
location of your programs if you are suspicious. Bds.exe is
a common name, short names like this can often be used by
many companies, this one is most often associated with
Borland Software (not Codegear software) and the Delphi
installation. The BDS.exe is for the Borland Database Engine
(as it used to be called), and this will be a running task
if you install Delphi software. This file is considered safe
and is not spyware. (See the details below for the actual
location of this file.)

Actual file or task name:
bds.exe

File type:
This is an executable program.

File or folder location:
This file will be found on your disk drive at C:\Documents
and Settings\All Users\Application
Data\{AB3EC276-D261-4943-A921-1CC1C6799AED}\corex\B2284239\1CC39CF2
and also at C:\Program Files\CodeGear\RAD Studio\5.0\bin

General information:
Be aware that many tasks will be similiar names to existing
tasks or processes. You can always view the running tasks on
your computer by pressing ctrl-alt-del to view the windows
"task manager", and then view the "processes" tab. This will
show you all tasks running or currently active on your PC.
Although this shows you all running tasks, it does not show
dll file thats are loaded, as they get loaded as part of
other processes. Many spyware writers attempt to hide their
files on your computer, for example, bds.exe may be
intentionally misspelled to look like a similiar task, or
spyware may be named very similiar to a Windows system task.
The reason they do this is so you cannot easily recognize
the name in your tasklist as I have mentioned above. Make
sure always check the location of the file if you are
concerned. You can always find the location of bds.exe on
your computer by using your Windows search options, but I
will also try to list the file location of every file
described on this website, so you can verify the correct
location. You can view the entire tasklist directory with
the link below.

Tasklist Directory Main Page
Software Downloads Page
Spyware and Adware Removal Tips

Lookup other processes below.
icq.exe icqlite.exe ie4uinit.exe iedkcs32.dll ieexplorer.exe
iegr32.exe iehelper.dll iehost.exe iel2cde8.dll iesdpb.dll
iesdsg.dll ietie.dll ieudinit.exe iexplore.exe iexplores.exe
ifrmewrk.exe igdctrl.exe igfxpers igfxtray.exe igowdkka.dll
ikeymain.exe imekrmig.exe imjpmig.exe imscinst.exe incd.exe
incdsrv.exe incmail.exe indexsearch.exe inicio.exe
inkmonitor.exe
intel32.exe intelmem.exe internat.exe intmonp.exe
iopengl.exe
iphsend.exe ipmon32.exe ipodwatcher.exe ipv6monl.dll
isadd.dll
isaddon.dll isamntr.exe isamonitor.exe issch.exe isstart.exe
isuspm.exe itouch.exe ituneshelper.exe jaaste.dll jawa32.exe

Paul Russell wrote:
> what is PROCESS_NAME: bds.exe
>
>
> "Skybuck Flying" hotmail.com> wrote in message
> news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...
>> I am definetly no expert...
>>
>> Seems like something did a try except where that is not allowed, also
>> seems resource related ????:
>>
>> Microsoft (R) Windows Debugger Version 6.6.0007.5
>> Copyright (c) Microsoft Corporation. All rights reserved.
>>
>>
>> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]
>> Mini Kernel Dump File: Only registers and stack trace are available
>>
>> Symbol search path is:
>> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols
>> Executable search path is:
>> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs)
>> Free x64
>> Product: WinNt, suite: TerminalServer SingleUserTS
>> Built by: 3790.srv03_sp2_rtm.070216-1710
>> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =
>> 0xfffff800`011d5100
>> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)
>> System Uptime: 0 days 0:27:21.571
>> Loading Kernel Symbols
>> ...........................................................................................................................................
>>
>> Loading User Symbols
>> Loading unloaded module list
>> ..................................................
>> *******************************************************************************
>>
>> * *
>> * Bugcheck Analysis *
>> * *
>> *******************************************************************************
>>
>>
>> Use !analyze -v to get detailed debugging information.
>>
>> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}
>>
>>
>> Could not read faulting driver name
>> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )
>>
>> Followup: MachineOwner
>> ---------
>>
>> 1: kd> !analyze -v
>> *******************************************************************************
>>
>> * *
>> * Bugcheck Analysis *
>> * *
>> *******************************************************************************
>>
>>
>> PAGE_FAULT_IN_NONPAGED_AREA (50)
>> Invalid system memory was referenced. This cannot be protected by
>> try-except,
>> it must be protected by a Probe. Typically the address is just plain
>> bad or it
>> is pointing at freed memory.
>> Arguments:
>> Arg1: fffffa8804c21090, memory referenced.
>> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
>> Arg3: fffff97fff0a7742, If non-zero, the instruction address which
>> referenced the bad memory
>> address.
>> Arg4: 0000000000000005, (reserved)
>>
>> Debugging Details:
>> ------------------
>>
>>
>> Could not read faulting driver name
>>
>> READ_ADDRESS: fffffa8804c21090
>>
>> FAULTING_IP:
>> win32k!HmgAllocateDcAttr+1b6
>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]
>>
>> MM_INTERNAL_CODE: 5
>>
>> CUSTOMER_CRASH_COUNT: 1
>>
>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>
>> BUGCHECK_STR: 0x50
>>
>> PROCESS_NAME: bds.exe
>>
>> CURRENT_IRQL: 0
>>
>> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)
>> NOTE: The trap frame does not contain all registers.
>> Some register values may be zeroed.
>> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080
>> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e
>> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0
>> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d
>> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000
>> r14=0000000000000000 r15=0000000000000000
>> iopl=0 nv up ei ng nz ac po nc
>> win32k!HmgAllocateDcAttr+0x1b6:
>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr
>> [rcx+rax*8+18h] ds:fffffa88`04c21090=????????????????
>> Resetting default scope
>>
>> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950
>>
>> STACK_TEXT:
>> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050
>> fffffa88`04c21090 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx
>> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0
>> 00000000`00000009 00000000`00000000 fffffa80`05009b50 :
>> nt!MmAccessFault+0x395
>> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000
>> fffff97f`ff0ce249 fffffa80`0445f780 fffffadf`c478ecf0 :
>> nt!KiPageFault+0x119
>> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888
>> 00000000`00000000 00000000`1e011591 fffffa80`051f6280 :
>> win32k!HmgAllocateDcAttr+0x1b6
>> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280
>> fffffa80`051f6280 fffffadf`cba85cd0 fffffa80`0133b000 :
>> win32k!GreSetupDCAttributes+0x34
>> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010
>> fffff97f`ff0ced20 00000000`00000000 00000000`7efdb000 :
>> win32k!GreCreateDisplayDC+0x1c4
>> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6
>> fffff97f`ff0ced20 00000000`7d814cc6 00000000`7d814c30 :
>> win32k!GreCreateCompatibleDC+0x77
>> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000
>> 00000000`00000000 00000000`00000000 00000000`00000000 :
>> nt!KiSystemServiceCopyEnd+0x3
>> 00000000`0012edf8 00000000`00000000 : 00000000`00000000
>> 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b842d9
>>
>>
>> STACK_COMMAND: kb
>>
>> FOLLOWUP_IP:
>> win32k!HmgAllocateDcAttr+1b6
>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]
>>
>> SYMBOL_STACK_INDEX: 3
>>
>> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6
>>
>> FOLLOWUP_NAME: MachineOwner
>>
>> MODULE_NAME: win32k
>>
>> IMAGE_NAME: win32k.sys
>>
>> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310
>>
>> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6
>>
>> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6
>>
>> Followup: MachineOwner
>> ---------
>>
>> Bye,
>> Skybuck.
>>
>> P.S.: I followed instructions on this link to setup WinDBG properly
>> for symbol support ;)
>>
>> http://forums.majorgeeks.com/showthread.php?t=35246
>>
>> Simply add something like:
>>
>> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
>>
>> to symbol path.
>>
>> Then symbols will be downloaded...
>>
>> (I set mine to C:\Tools\WinDBG\WebSymbols :) )
>>
>>
>>
>
no comments
diggit! del.icio.us! reddit!