Maybe some new light on the memory shutdown issues?

When looking at other topics someone has always asked whether any unpXXXX files are in the log folder.

I have 10 of these to date and every one of them reads this:


Fault source

C:\Program Files\Alwil Software\Avast4\ashServ.exe caused an Access Violation at location 7c910f29 in module ntdll.dll Reading from location 00000000.

Every single one is EXACTLY the same, in exactly the same position.

The following also appears in each and every one of the files:


Crash place

  0x7C910EED: FF E9 32 FE FF FF 0F B7 0E 03 C8 81 F9 00 FE 00 00 0F 87 45     ÿé2þÿÿ.·..È.ù.þ...‡E
  0x7C910F01: FD FF FF 80 7D 14 00 0F 85 25 8B 03 00 8A 46 05 24 10 A8 10     ýÿÿ.}...…%‹..ŠF.$.¨.
  0x7C910F15: 88 47 05 0F 85 92 00 00 00 8B 4E 0C 8D 46 08 8B 10 89 4D 0C     .G..…’...‹N..F.‹.‰M.

=> 0x7C910F29: 8B 09 3B 4A 04 89 55 14 0F 85 EA 0F 00 00 3B C8 0F 85 E2 0F ‹.;J.‰U……ê…;È.…â.
0x7C910F3D: 00 00 56 53 E8 4E FC FF FF 8B 45 14 8B 4D 0C 3B C1 89 01 89 …VSèNüÿÿ‹E.‹M.;Á‰.‰
0x7C910F51: 48 04 74 38 8A 46 05 A8 04 0F 85 A9 8B 03 00 0F B7 0E 8B 45 H.t8ŠF.¨……©‹…·.‹E
0x7C910F65: 10 01 08 0F B7 0E 29 4B 28 F6 47 05 10 66 8B 08 66 89 0F 0F …·.)K(öG…f‹.f‰…

  0x7C910EE3: 6A00                    push	0x0
  0x7C910EE5: 8D45D8                  lea	eax, ds:[ebp]+FFFFFFD8
  0x7C910EE8: 50                      push	eax
  0x7C910EE9: E814D2FFFF              call	-FFFFD214
  0x7C910EEE: E932FEFFFF              jmp	-FFFFFE32
  0x7C910EF3: 0FB70E                  movzx	ecx, ds:[esi]
  0x7C910EF6: 03C8                    add	ecx, eax
  0x7C910EF8: 81F900FE0000            cmp	ecx, 0xFE00
  0x7C910EFE: 0F8745FDFFFF            ja	-FFFFFD45
  0x7C910F04: 807D1400                cmp	ds:[ebp]+14, 0x0
  0x7C910F08: 0F85258B0300            jnz	+38B25
  0x7C910F0E: 8A4605                  mov	al, ds:[esi]+05
  0x7C910F11: 2410                    and	al, 0x10
  0x7C910F13: A810                    test	al, 0x10
  0x7C910F15: 884705                  mov	ds:[edi]+05, al
  0x7C910F18: 0F8592000000            jnz	+92
  0x7C910F1E: 8B4E0C                  mov	ecx, ds:[esi]+0C
  0x7C910F21: 8D4608                  lea	eax, ds:[esi]+08
  0x7C910F24: 8B10                    mov	edx, ds:[eax]
  0x7C910F26: 894D0C                  mov	ds:[ebp]+0C, ecx

=> 0x7C910F29: 8B09 mov ecx, ds:[ecx]
0x7C910F2B: 3B4A04 cmp ecx, ds:[edx]+04
0x7C910F2E: 895514 mov ds:[ebp]+14, edx
0x7C910F31: 0F85EA0F0000 jnz +FEA
0x7C910F37: 3BC8 cmp ecx, eax
0x7C910F39: 0F85E20F0000 jnz +FE2
0x7C910F3F: 56 push esi
0x7C910F40: 53 push ebx
0x7C910F41: E84EFCFFFF call -FFFFFC4E
0x7C910F46: 8B4514 mov eax, ds:[ebp]+14
0x7C910F49: 8B4D0C mov ecx, ds:[ebp]+0C
0x7C910F4C: 3BC1 cmp eax, ecx
0x7C910F4E: 8901 mov ds:[ecx], eax
0x7C910F50: 894804 mov ds:[eax]+04, ecx
0x7C910F53: 7438 jz +38
0x7C910F55: 8A4605 mov al, ds:[esi]+05
0x7C910F58: A804 test al, 0x4
0x7C910F5A: 0F85A98B0300 jnz +38BA9
0x7C910F60: 0FB70E movzx ecx, ds:[esi]
0x7C910F63: 8B4510 mov eax, ds:[ebp]+10

I haven’t checked to see if this is exactly the same but seems very similar.

Can you search the board for ntdll.dll expression?
Will any of the threads help you?

Not really, the only thing found of any significance is that one user has exactly the same error log when the memory shutdown issue is apparent.

Please send couple of unpXXXX files (additional information you havent published are also quite important) to vlk@asw.cz for further analyze. Thanks.

You have mail :wink: