Page 4 of 5

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-09-17 10:11
by mhanor
Do you expect there's a chance that the 2nd debug build will not crash? I haven't been able to crash it.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-09-17 11:54
by botg
I'm hoping it doesn't crash anymore.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-09-19 07:53
by phanhan
That is the problem that I'm interested.
I have installed the test 2 version ~ 1 month ago, no service crash since then.
looking good so far!
Thank you for the help and the fixed exe, appreciated!

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-09-24 23:49
by somebody08
I haven't had a chance to try out debug version2,
is that version still valid for me to try out? FileZilla_Server-debug2.exe

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-09-25 07:24
by botg
The debug version is no longer needed. FileZilla Server 0.9.47 is newer than the debug version.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-13 18:03
by somebody08
I got around to installing 47 on my server this weekend...
this happened this morning:

Code: Select all

Faulting application name: FileZilla Host.exe, version: 0.9.47.0, time stamp: 0x541bfc66
Faulting module name: ssleay32.dll, version: 1.0.2.0, time stamp: 0x541bf9d7
Exception code: 0xc0000005
Fault offset: 0x00007196
Faulting process id: 0xc4
Faulting application start time: 0x01cfe62fdabf588d

Code: Select all

Faulting application name: FileZilla Host.exe, version: 0.9.47.0, time stamp: 0x541bfc66
Faulting module name: ssleay32.dll, version: 1.0.2.0, time stamp: 0x541bf9d7
Exception code: 0xc0000005
Fault offset: 0x00007196
Faulting process id: 0x175c
Faulting application start time: 0x01cfe6de74f351d6

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-14 16:55
by drcentner
We have upgraded from 0.9.44 to 0.9.46 on 2014-09-05, then from 0.9.46 to 0.9.47 on 2014-09-30, but the FileZilla Server service is still experiencing occasional crashes and generating errors such as the following:

Code: Select all

Faulting application name: FileZilla Server.exe, version: 0.9.47.0, time stamp: 0x541bfc66
Faulting module name: ssleay32.dll, version: 1.0.2.0, time stamp: 0x541bf9d7
Exception code: 0xc0000005
Fault offset: 0x00007196
Faulting process id: 0xd38
Faulting application start time: 0x01cfdf7bd000ae5a
Faulting application path: C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
Faulting module path: C:\Program Files (x86)\FileZilla Server\ssleay32.dll
Report Id: d85f8599-534e-11e4-80cb-005056882cf1
Faulting package full name: 
Faulting package-relative application ID: 
VMware virtual machine
The CPU is presented to the OS as: Intel Xeon E7-2870 @ 2.4GHz (2 processors)
RAM: 4GB
Drive C (OS): VMware disk
Drive F (FTP root directory): Windows iSCSI mounted NetApp share
OS: Windows Server 2012 R2 x64

I have not enabled minidump, but can do so if you are still interested in getting that data. This is the second crash since the upgrade to 0.9.47. This does not happen frequently enough for us to pinpoint a cause or way to replicate the issue.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-15 08:42
by botg

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-16 16:13
by somebody08
I've applied them. Will let you know if it crashes

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-20 07:54
by asin
Hello,

Sadly, it's still crashing. The faulting module is "FileZilla Server.exe".
(Server version 0.9.47.0, libeay32.dll and ssleay32.dll both 1.0.2-beta4-dev.)

Event log:

Faulting application name: FileZilla Server.exe, version: 0.9.47.0, time stamp: 0x541bfc66
Faulting module name: FileZilla Server.exe, version: 0.9.47.0, time stamp: 0x541bfc66
Exception code: 0xc0000409
Fault offset: 0x0006231c
Faulting process id: 0x66a8
Faulting application start time: 0x01cfea0daf37d3f8
Faulting application path: C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
Faulting module path: C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
Report Id: 7f63f7c9-578b-11e4-80c1-40a8f02a0914
Faulting package full name:
Faulting package-relative application ID:

Hope it helps...

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-20 08:27
by botg
asin wrote:Faulting module name: FileZilla Server.exe, version: 0.9.47.0, time stamp: 0x541bfc66
That's a new one. Yeah! :)

The exception code doesn't seem nice:
//
// MessageId: STATUS_STACK_BUFFER_OVERRUN
//
// MessageText:
//
// The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
//
#define STATUS_STACK_BUFFER_OVERRUN ((NTSTATUS)0xC0000409L) // winnt

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-20 08:47
by botg
Unfortunately the exception offset is just the abort handler.

Please make sure minidumps are enabled. If it crashes again, post the minidump.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-25 16:20
by somebody08

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-28 17:07
by asin
botg wrote:Unfortunately the exception offset is just the abort handler.

Please make sure minidumps are enabled. If it crashes again, post the minidump.
Hello,

Unfortunately it still crashes... Got some minidumps for you, I hope it helps.

Re: 0.9.44 beta "Faulting module name: libeay32.dll"

Posted: 2014-10-29 10:30
by botg
Perfect.

This is what I do with these dumps:

Code: Select all

Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\FileZilla Server.exe.28120.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
Windows 8 Version 9600 MP (32 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6.3.9600.17031 (winblue_gdr.140221-1952)
Machine Name:
Debug session time: Mon Oct 27 08:33:03.000 2014 (UTC + 1:00)
System Uptime: not available
Process Uptime: 6 days 22:58:56.000
.......................
Loading unloaded module list
................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(6dd8.7eec): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available)
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
*** WARNING: Unable to verify checksum for FileZilla Server.exe
eax=00000001 ebx=00000001 ecx=00000007 edx=00000000 esi=00000000 edi=00000000
eip=0130231c esp=01cbf4d4 ebp=01cbf500 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
FileZilla_Server!abort+0x28:
0130231c cd29            int     29h

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             D:\devel\svn\FileZilla Server\debug_0.9.47
0:005> .reload
.*** WARNING: Unable to verify checksum for FileZilla Server.exe
......................
Loading unloaded module list
................................................................
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll

************* Symbol Loading Error Summary **************
Module name            Error
ntdll                  PDB not found : d:\devel\svn\filezilla server\debug_0.9.47\symbols\dll\wntdll.pdb

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             D:\devel\svn\FileZilla Server\debug_0.9.47
0:005> ~*kb

   0  Id: 6dd8.34f0 Suspend: 0 Teb: 7f22c000 Unfrozen
Unable to load image C:\Windows\System32\KERNELBASE.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for KERNELBASE.dll
*** ERROR: Module load completed but symbols could not be loaded for KERNELBASE.dll
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
00deec98 751a103d 00000000 ffffffff 00000000 ntdll+0x3cd7c
*** WARNING: Unable to verify timestamp for sechost.dll
*** ERROR: Module load completed but symbols could not be loaded for sechost.dll
00deecac 7541fffe 0000010c ffffffff 8d0bbc23 KERNELBASE+0x103d
00deed6c 7541fd46 00000000 00000000 01da5c62 sechost+0xfffe
00deee18 75420156 8d0bbf1b 74b38911 74b38911 sechost+0xfd46
00deee54 012e4d3d 00deee7c 00000000 0000000a sechost+0x10156
00def89c 012fd961 012a0000 00000000 00f834be FileZilla_Server!WinMain+0x3bd [d:\devel\svn\filezilla server\source\service.cpp @ 180]
Unable to load image C:\Windows\System32\kernel32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
00def8e8 76ca919f 7f225000 00def938 76eea22b FileZilla_Server!__tmainCRTStartup+0xfd [f:\dd\vctools\crt\crtw32\startup\crt0.c @ 251]
00def8f4 76eea22b 7f225000 8eb564b7 00000000 kernel32+0x1919f
00def938 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
00def948 00000000 012fd85a 7f225000 00000000 ntdll+0x4a201

   1  Id: 6dd8.57b0 Suspend: 0 Teb: 7f0ff000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
017bfe7c 751a103d 00000000 ffffffff 00000000 ntdll+0x3cd7c
017bfe90 012e515a 00000130 ffffffff 754178c2 KERNELBASE+0x103d
017bfe94 00000000 ffffffff 754178c2 00000001 FileZilla_Server!ServiceMain+0xaa [d:\devel\svn\filezilla server\source\service.cpp @ 349]

   2  Id: 6dd8.8b7c Suspend: 0 Teb: 7f0fc000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
018ff5a4 01324da8 00000000 ffffffff 00000000 ntdll+0x3cd7c
018ff5b8 012fe9cd 00ff02cc 018ff610 00000fa0 FileZilla_Server!Concurrency::details::ExternalContextBase::Block+0x3a [f:\dd\vctools\crt\crtw32\concrt\externalcontextbase.cpp @ 145]
018ff5d8 012fec0b 383425ea 76ca1960 00fcfe70 FileZilla_Server!Concurrency::details::LockQueueNode::Block+0x80 [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 708]
018ff5fc 012feeae 018ff610 00000000 00000000 FileZilla_Server!Concurrency::critical_section::_Acquire_lock+0x4a [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 1209]
018ff628 012f8ace 00fcfe38 00fcfe70 000001b4 FileZilla_Server!Concurrency::critical_section::lock+0x20 [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 1037]
018ff654 012f8c2b 00fcfe70 00000000 018ff730 FileZilla_Server!mtx_do_lock+0x74 [f:\dd\vctools\crt\crtw32\stdcpp\thr\mutex.c @ 67]
018ff664 012e0a6d 00fcfe70 00fc3160 00fc3028 FileZilla_Server!_Mtx_lock+0xd [f:\dd\vctools\crt\crtw32\stdcpp\thr\mutex.c @ 153]
018ff674 012c59a8 f8280961 00000000 00fd42d0 FileZilla_Server!CServerThread::GetNumConnections+0xd [d:\devel\svn\filezilla server\source\serverthread.cpp @ 149]
018ff730 012a909b 00000000 f82808a1 00000008 FileZilla_Server!CListenSocket::OnAccept+0x1e8 [d:\devel\svn\filezilla server\source\listensocket.cpp @ 69]
018ff78c 0132f96c 00000004 fffffffe 018ff7c8 FileZilla_Server!CAsyncSocketExHelperWindow::WindowProc+0x10b [d:\devel\svn\filezilla server\source\asyncsocketex.cpp @ 441]
018ff7a0 2d010074 00000405 000001b4 00000008 FileZilla_Server!_ltod3+0x48bd
018ff7a4 00000000 000001b4 00000008 012a8f90 0x2d010074

   3  Id: 6dd8.4d48 Suspend: 0 Teb: 7f0f9000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
01a3fa50 01324da8 00000000 ffffffff 00000000 ntdll+0x3cd7c
01a3fa64 012fe9cd 00ff02cc 01a3fabc 012fe9f1 FileZilla_Server!Concurrency::details::ExternalContextBase::Block+0x3a [f:\dd\vctools\crt\crtw32\concrt\externalcontextbase.cpp @ 145]
01a3fa84 012fec0b 383425ea 76ca1960 00fcfe70 FileZilla_Server!Concurrency::details::LockQueueNode::Block+0x80 [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 708]
01a3faa8 012feeae 01a3fabc 00000000 00000000 FileZilla_Server!Concurrency::critical_section::_Acquire_lock+0x4a [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 1209]
01a3fad4 012f8ace 00fcfe70 00fc2e18 00f88678 FileZilla_Server!Concurrency::critical_section::lock+0x20 [f:\dd\vctools\crt\crtw32\concrt\rtlocks.cpp @ 1037]
01a3fb00 012f8c2b 00fcfe70 00000000 00000000 FileZilla_Server!mtx_do_lock+0x74 [f:\dd\vctools\crt\crtw32\stdcpp\thr\mutex.c @ 67]
01a3fb10 012e19ac 00fcfe70 f80404c1 00000000 FileZilla_Server!_Mtx_lock+0xd [f:\dd\vctools\crt\crtw32\stdcpp\thr\mutex.c @ 153]
01a3fb7c 012e16ed 00007faf 00fcbaf0 f8040471 FileZilla_Server!CServerThread::OnTimer+0x29c [d:\devel\svn\filezilla server\source\serverthread.cpp @ 467]
*** WARNING: Unable to verify timestamp for user32.dll
*** ERROR: Module load completed but symbols could not be loaded for user32.dll
01a3fbec 74bb955e 012e6981 00000113 00007faf FileZilla_Server!CServerThread::OnThreadMessage+0x3bd [d:\devel\svn\filezilla server\source\serverthread.cpp @ 378]
01a3fc2c 012e6919 76ca919f 00fcbaf0 01a3fc80 user32+0x955e
01a3fc30 76ca919f 00fcbaf0 01a3fc80 76eea22b FileZilla_Server!CThread::ThreadProc+0x9 [d:\devel\svn\filezilla server\source\thread.cpp @ 81]
01a3fc38 01a3fc80 76eea22b 00fcbaf0 8fc8610f kernel32+0x1919f
01a3fc3c 76eea22b 00fcbaf0 8fc8610f 00000000 0x1a3fc80
01a3fc80 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
01a3fc90 00000000 012e6910 00fcbaf0 00000000 ntdll+0x4a201

   4  Id: 6dd8.5074 Suspend: 0 Teb: 7f0f6000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
01b7fa2c 751a1176 00000064 00000000 01b7fa5c ntdll+0x3d07c
01b7fa3c 012c3c72 00000064 00000000 00000000 KERNELBASE+0x1176
01b7fa5c 012c3909 76ca919f 00fd0700 01b7fab0 FileZilla_Server!CHashThread::Loop+0x52 [d:\devel\svn\filezilla server\source\hash_thread.cpp @ 183]
01b7fa60 76ca919f 00fd0700 01b7fab0 76eea22b FileZilla_Server!CHashThread::ThreadFunc+0x9 [d:\devel\svn\filezilla server\source\hash_thread.cpp @ 45]
01b7fa6c 76eea22b 00fd0700 8fdc673f 00000000 kernel32+0x1919f
01b7fab0 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
01b7fac0 00000000 012c3900 00fd0700 00000000 ntdll+0x4a201

#  5  Id: 6dd8.7eec Suspend: 0 Teb: 7f0f3000 Unfrozen
ChildEBP RetAddr  Args to Child              
01cbf4d0 012fbab8 f86c0ae1 00000000 00000000 FileZilla_Server!abort+0x28 [f:\dd\vctools\crt\crtw32\misc\abort.c @ 88]
01cbf500 0130c5ee 01cbf590 7525966d 01cbf5c0 FileZilla_Server!terminate+0x33 [f:\dd\vctools\crt\crtw32\eh\hooks.cpp @ 96]
01cbf508 7525966d 01cbf5c0 8c7cfcaf 00000000 FileZilla_Server!__CxxUnhandledExceptionFilter+0x40 [f:\dd\vctools\crt\crtw32\eh\unhandld.cpp @ 39]
WARNING: Stack unwind information not available. Following frames may be wrong.
01cbf590 76f43894 01cbf5c0 76edf354 fffffffe KERNELBASE+0xb966d
01cbfddc 76eea201 ffffffff 76edf217 00000000 ntdll+0xa3894
01cbfdec 00000000 012e6910 00fcfe38 00000000 ntdll+0x4a201

   6  Id: 6dd8.27d4 Suspend: 0 Teb: 7f0f0000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
020dfcc8 76ca919f 00ff0258 020dfd18 76eea22b ntdll+0x3cdcc
020dfcd4 76eea22b 00ff0258 8c666097 00000000 kernel32+0x1919f
020dfd18 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
020dfd28 00000000 7461a4c5 00ff0258 00000000 ntdll+0x4a201

   7  Id: 6dd8.6e08 Suspend: 0 Teb: 7f0ed000 Unfrozen
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
0014fc30 76ca919f 00fd0c88 0014fc80 76eea22b ntdll+0x3e82c
0014fc3c 76eea22b 00fd0c88 8e7f610f 00000000 kernel32+0x1919f
0014fc80 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
0014fc90 00000000 76eb6a01 00fd0c88 00000000 ntdll+0x4a201
0:005> ~5s
eax=00000001 ebx=00000001 ecx=00000007 edx=00000000 esi=00000000 edi=00000000
eip=0130231c esp=01cbf4d4 ebp=01cbf500 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
FileZilla_Server!abort+0x28:
0130231c cd29            int     29h
0:005> dd 01cbf5c0
01cbf5c0  01cbf6fc 01cbf74c 76eea248 00000001
01cbf5d0  0034de40 01cbf5f4 76f26665 76f9f240
01cbf5e0  76ee2ae0 00000000 01cbfdcc 01cbf74c
01cbf5f0  01cbf684 01cbf618 76edf0c1 01cbf6fc
01cbf600  01cbfdcc 01cbf74c 01cbf684 01cbfccc
01cbf610  76edf0d5 01cbfdcc 01cbf6e4 76edf093
01cbf620  01cbf6fc 01cbfdcc 01cbf74c 01cbf684
01cbf630  76f26645 01cbfdcc 01cbf6fc 00000000
0:005> .exr 01cbf6fc
ExceptionAddress: 751b1d4d (KERNELBASE+0x00011d4d)
   ExceptionCode: e06d7363 (C++ EH exception)
  ExceptionFlags: 00000001
NumberParameters: 3
   Parameter[0]: 19930520
   Parameter[1]: 01cbfc58
   Parameter[2]: 0134e820
  pExceptionObject: 01cbfc58
  _s_ThrowInfo    : 0134e820
  Type            : class std::bad_alloc
  Type            : class std::exception
0:005> .cxr 01cbf74c
eax=01cbfbb0 ebx=00fcfe38 ecx=00000003 edx=00000000 esi=0134e820 edi=01cbfc58
eip=751b1d4d esp=01cbfbb0 ebp=01cbfc08 iopl=0         nv up ei pl nz ac po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212
KERNELBASE+0x11d4d:
751b1d4d ??              ???
0:005> kv
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
01cbfbac e06d7363 00000001 00000000 751b1d4d KERNELBASE+0x11d4d
01cbfc08 012fe246 e06d7363 00000001 00000003 0xe06d7363
01cbfc48 012faa8b 01cbfc58 0134e820 0133598c FileZilla_Server!_CxxThrowException+0x5b (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
01cbfc68 012e1782 00002ada f86c0399 00000000 FileZilla_Server!operator new+0x50 (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\heap\new.cpp @ 62]
01cbfcd4 012e16ed 00fcfe70 00fcfe38 f86c0309 FileZilla_Server!CServerThread::OnTimer+0x72 (FPO: [2,20,4]) (CONV: thiscall) [d:\devel\svn\filezilla server\source\serverthread.cpp @ 402]
01cbfd44 74bb955e 74bb955e 012e6981 00000113 FileZilla_Server!CServerThread::OnThreadMessage+0x3bd (FPO: [Non-Fpo]) (CONV: thiscall) [d:\devel\svn\filezilla server\source\serverthread.cpp @ 378]
01cbfd88 012e6919 76ca919f 00fcfe38 01cbfddc user32+0x955e
01cbfd8c 76ca919f 00fcfe38 01cbfddc 76eea22b FileZilla_Server!CThread::ThreadProc+0x9 (FPO: [1,0,0]) (CONV: stdcall) [d:\devel\svn\filezilla server\source\thread.cpp @ 81]
01cbfd94 01cbfddc 76eea22b 00fcfe38 8fa06053 kernel32+0x1919f
01cbfd98 76eea22b 00fcfe38 8fa06053 00000000 0x1cbfddc
01cbfddc 76eea201 ffffffff 76edf217 00000000 ntdll+0x4a22b
01cbfdec 00000000 012e6910 00fcfe38 00000000 ntdll+0x4a201