Hi all!
I have a question:
After i run my driver, i enter SoftIce and type the command “proc”.
Every processs that started after my driver was up is staying in Status
“Deleting”.
It looks something like this:
Process KPEB PID Threads Pri User Time Krnl Time Status
System 80E92838 4 32 8 00000000 00000158 Ready
sms1 FFB2AB98 19C 3 B 00000001 00000005 Idle
csrss FFB2B020 1DC A D 00000032 000002F8 Ready
winlogon 80D4AA28 1F4 13 D 0000003D 0000007E Ready
services FFA93BF8 220 F 9 00000025 00000080 Ready
lsass FFAA5BF8 234 15 9 00000019 00000016 Ready
svchost FFAA0A00 2E0 7 8 00000004 00000007 Idle
svchost FFAC1D80 314 3E 8 00000D76 000000AF Ready
svchost FFAF2DA8 3A4 5 8 00000001 00000003 Ready
svchost FFB0F3C8 3C0 0 8 00000004 00000007 Ready
spoolsv 80E694F8 418 E 8 00000002 00000002 Ready
defwatch FFADCB30 4D8 3 8 00000001 00000001 Idle
rtvscan FFAFAB30 518 26 8 0000000E 0000001F Ready
explorer FFBCFAF8 7E0 C 8 000000D2 00000346 Ready
vptray FFA89958 1C0 2 8 00000002 00000001 Ready
ctfmon FF92E958 1C4 1 8 00000004 00000004 Ready
dbgview … Deleting
dbgview … Deleting
dbgview … Deleting
MyProcess … Deleting
MyProcess … Deleting
MyProcess … Deleting
*Idle 8053CB40 0 1 0 00000000 00383E43 Running
And every other process that i’ll run will stay in the state Deleting.
these “Deleting” processes doesn’t appear in the TaskManager and not in
the ProcessExplorer Application.
10x for your Help.
Guy.
Simply put you have some code waiting for the resource, or perhaps some
other stuff that stops the process from shutting down (like locked memory, but
this would cause a BSOD not Deleting status)
Regards, Dejan.
xxxxx@hotmail.com wrote:
Hi all!
I have a question:
After i run my driver, i enter SoftIce and type the command “proc”.
Every processs that started after my driver was up is staying in Status
“Deleting”.
It looks something like this:
Process KPEB PID Threads Pri User Time Krnl Time Status
System 80E92838 4 32 8 00000000 00000158 Ready
sms1 FFB2AB98 19C 3 B 00000001 00000005 Idle
csrss FFB2B020 1DC A D 00000032 000002F8 Ready
winlogon 80D4AA28 1F4 13 D 0000003D 0000007E Ready
services FFA93BF8 220 F 9 00000025 00000080 Ready
lsass FFAA5BF8 234 15 9 00000019 00000016 Ready
svchost FFAA0A00 2E0 7 8 00000004 00000007 Idle
svchost FFAC1D80 314 3E 8 00000D76 000000AF Ready
svchost FFAF2DA8 3A4 5 8 00000001 00000003 Ready
svchost FFB0F3C8 3C0 0 8 00000004 00000007 Ready
spoolsv 80E694F8 418 E 8 00000002 00000002 Ready
defwatch FFADCB30 4D8 3 8 00000001 00000001 Idle
rtvscan FFAFAB30 518 26 8 0000000E 0000001F Ready
explorer FFBCFAF8 7E0 C 8 000000D2 00000346 Ready
vptray FFA89958 1C0 2 8 00000002 00000001 Ready
ctfmon FF92E958 1C4 1 8 00000004 00000004 Ready
dbgview … Deleting
dbgview … Deleting
dbgview … Deleting
MyProcess … Deleting
MyProcess … Deleting
MyProcess … Deleting
*Idle 8053CB40 0 1 0 00000000 00383E43 Running
And every other process that i’ll run will stay in the state Deleting.
these “Deleting” processes doesn’t appear in the TaskManager and not in
the ProcessExplorer Application.
10x for your Help.
Guy.
You are currently subscribed to ntfsd as: xxxxx@alfasp.com
To unsubscribe send a blank email to %%email.unsub%%
–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32 developers.