News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Re dbgwin_dump

Started by brucelee, April 08, 2015, 05:19:13 AM

Previous topic - Next topic

brucelee

Hi I am new to the forum so i will first say hello to everyone

I am looking for advise regarding a file I had noticed in my D drive back up on my HDD

It seems to be a dump file log which is ever increasing in size, I first noticed it because it was 4gb and I opened and found its jsut repeating the same information over and over

I was told to ask on this forum if its anything you can help me with I will copy a small section of the lof file as its probably to large to upload to the forum
as follows in next post as to large
If this is in the wrong place please delete or move but any help or advise you can give would be much appreciated

I am using Win8.1 the laptop came with win7 home premium but i had option to upgrade to Win8 which was a disaster many problems and then eventually when the8.1 update cam out most problems where solved apart from erratic touchpad problems and this file I have now found which as I say is growing
I have deleted it but it just restarts again

Thanks again
Regards

dedndave

name of file ?
location ?

brucelee

Hi Thankls for reply

name of file is name of this thread and its in my D drive I cant find werethe file originates from and the information is to large to post
this is the start of it I will have to use a few posts to put the information on

Dump Payload buffer...
00| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
01| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
02| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
03| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
04| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
05| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
06| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
07| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
08| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
09| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0a| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0b| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0c| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0d| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0e| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
0f| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
10| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
11| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
12| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
13| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
14| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
15| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
16| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
17| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
18| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
19| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
1a| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
1b| cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
InitMode: WMI Mode
EffectiveSlot: 7
Slot InUse=[0000000111111111]
WM_WTSSESSION_CHANGE
WM_WTSSESSION_CHANGE
WTS_SESSION_LOGON
GetSessionUserToken TRUE
CreateEnvironmentBlock TRUE
AGFN2_0: ConnectNamedPipe Success...
[1a8]AGFN2 ServiceLoopThread-->Enter
[1a8]ATKGFNEXSRV_CMD_AGFN2 Pkt Received, ArgLen:0x8 PayloadLen:0x1000
FindNextAvailableSlot...start
[7/16] FFFFFFF
FindNextAvailableSlot...end(Found:0)
[7/16] TFFFFFF
[1a8]Find next availiable Slot: 0
WMI_GenericFunction@ BuffIdx#0
Dump Arg buffer... 


brucelee

WMI_GenericFunction@ BuffIdx#0
Dump Arg buffer...
00| 64 00 01 00 10 00 00 00 00 00 00 00 00 00 00 00
01| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
02| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
03| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
04| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
06| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
07| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
08| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
09| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0a| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0b| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0c| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0d| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0e| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0f| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

brucelee

#4
Dump Payload buffer...

snip.

brucelee

#5
After Exec...
Dump Arg buffer...

snip
Put big files into a zip file.

InitMode: WMI Mode
EffectiveSlot: 7
Slot InUse=[0000000111111111]
WM_WTSSESSION_CHANGE
WM_WTSSESSION_CHANGE
WTS_SESSION_LOGON
GetSessionUserToken TRUE
CreateEnvironmentBlock TRUE
AGFN2_0: ConnectNamedPipe Success...
[1a8]AGFN2 ServiceLoopThread-->Enter
[1a8]ATKGFNEXSRV_CMD_AGFN2 Pkt Received, ArgLen:0x8 PayloadLen:0x1000
FindNextAvailableSlot...start
[7/16] FFFFFFF
FindNextAvailableSlot...end(Found:0)
[7/16] TFFFFFF
[1a8]Find next availiable Slot: 0
WMI_GenericFunction@ BuffIdx#0

brucelee

Sorry Its so long but thats the full information its collecting in the file

and it jsut keeps repeatedly copying it over and over

regards
Any help gratfully appreciated

dedndave

GFNEX is a service related to hotkeys, i guess

if you know how to properly disable a service, you could do that

i am not familiar with win8, but under XP, you use the Admin Tools to do it

possibly, you can access some details for the hotkey system (perhaps through the control panel)
and modify settings so that it no longer maintains a log file

fearless

I have a feeling this is related to an AMD/ATI driver for graphics card, some hotkey driver that keeps polling data into the event log. I remember googling about it, and think i just disabled the hotkey driver/program - whichever it was as i dont need to switch catalyst profiles on the fly - who does?

Try autoruns (https://technet.microsoft.com/en-ie/sysinternals/bb963902.aspx) or msconfig to disable that ATK thing, reboot, check event log to see if its stopped it.

sinsi

Do you have any Asus software installed?
QuoteGFNEXSrv.exe runs as a service named 'ATKGFNEX Service' (ATKGFNEXSrv)
Tá fuinneoga a haon déag níos fearr :biggrin: