I'm trying to debug a Windows 7 machine which is not starting Windows. The Windows loading animation plays, the screen goes black, and the cursor appears in the center. I can move the cursor around, but nothing else happens.
The Secure Authentication Sequence (Ctrl-Alt-Delete) does nothing. There is no welcome screen, no account ever seems to get loaded. Safe Mode does not work either, behaves the same way as normal mode.
I've attached a kernel debugger via the 1394 port and WinDbg on my host is working fine. I can analyze the running processes/threads on the target during the black screen.
I found a great article describing the Windows 7 start-up process here: http://ift.tt/UQR3KY
SMSS.exe, CSRSS.exe, WinInit.exe, LSASS.exe, LSM.exe all seem to be loaded.
WinLogon is also loaded. It's supposed to start the LogonUI.exe process, but it never does. According to the article, WinLogon is supposed to load the UXinit.dll, but it never does. I can find this module loaded on other PC's i have, but according to WinDbg it is never loaded in WinLogon on my target machine.
I have checked the stacktrace of all threads (~4) inside WinLogon during the black screen, and there doesn't seem to be anything hanging. The thread that seems to be the "main" thread seems to loop at a function called WaitForLSMStart forever, which i thought was the problem, but LSM.exe is loaded and I noticed this loop running inside WinLogon on other active machines i have running. I believe this has something to do with terminal services?
It seems to me like something is going wrong inside Winlogon that prevents it from starting the LogonUI process, and I can't figure out what.
Any ideas?
Aucun commentaire:
Enregistrer un commentaire