TechSpot

DEP crashes explorer.exe on Windows shutdown

By zan2828
May 26, 2008
  1. Hello all,

    Ever since installing XP Sp3 I've been getting error messages when I try to shut down. DEP crashes explorer.exe, and the crashing module is always unknown.

    However, upon debugging the user.dmp files, the IMAGE_NAME is always msgina.dll and the faulting address is always the same.

    I suspected a corrupt msgina.dll, and have since tried reinstalling sp3 and also replacing it with a copy from a working machine, but i still get the errors.

    I am attaching the dump, perhaps one of you could pinpoint the issue.

    Thank you.

    ------------------------------
    I would also like to add:

    I have already scanned the system for viruses/malware and have run HijackThis. Everything appears clean.
     
  2. zan2828

    zan2828 TS Rookie Topic Starter

    Results of dump debug:

    0:001> !analyze -v
    *******************************************************************************
    * *
    * Exception Analysis *
    * *
    *******************************************************************************


    FAULTING_IP:
    +637c530
    0637c530 ?? ???

    EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 0637c530
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000008
    Parameter[1]: 0637c530
    Attempt to execute non-executable address 0637c530

    DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT

    PROCESS_NAME: explorer.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    WRITE_ADDRESS: 0637c530

    FAILED_INSTRUCTION_ADDRESS:
    +637c530
    0637c530 ?? ???

    IP_ON_HEAP: 0637c530

    LAST_CONTROL_TRANSFER: from 7599840c to 0637c530

    STACK_TEXT:
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0149fa74 7599840c 00000000 029b6af8 0149fad0 0x637c530
    0149fa90 75993a2f 00000002 010464f8 00000000 msgina!CDimmedWindow::Create+0x12
    0149faa4 7ca78a05 0149fac0 0149fad0 010460f8 msgina!_ShellDimScreen+0x67
    0149fcd8 7ca78cca 0001009c 00000002 0149fcfc shell32!CloseWindowsDialog+0x51
    0149fce8 010341ff 0001009c 000001fa 010460f8 shell32!ExitWindowsDialog+0x2a
    0149fcfc 01026668 0001009c 00000000 00000111 explorer!CTray::_DoExitWindows+0x86
    0149fd30 0101c43e 000001fa 00000111 010460f8 explorer!CTray::_Command+0x2da
    0149fde8 01001b5c 00030044 00000111 000001fa explorer!CTray::v_WndProc+0x981
    0149fe0c 7e418734 00030044 00000111 000001fa explorer!CImpWndProc::s_WndProc+0x65
    0149fe38 7e418816 01001b1d 00030044 00000111 user32!InternalCallWinProc+0x28
    0149fea0 7e4189cd 000a0470 01001b1d 00030044 user32!UserCallWinProcCheckWow+0x150
    0149ff00 7e418a10 0149ff28 00000000 0149ff44 user32!DispatchMessageWorker+0x306
    0149ff10 01001a35 0149ff28 00000000 010460f8 user32!DispatchMessageW+0xf
    0149ff44 0100ffd1 00000000 0149ffb4 77f76f42 explorer!CTray::_MessageLoop+0xd9
    0149ff50 77f76f42 010460f8 0000005c 00000000 explorer!CTray::MainThreadProc+0x29
    0149ffb4 7c80b713 00000000 0000005c 00000000 shlwapi!WrapperThreadProc+0x94
    0149ffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!BaseThreadStart+0x37


    STACK_COMMAND: ~1s; .ecxr ; kb

    FOLLOWUP_IP:
    msgina!CDimmedWindow::Create+12
    7599840c 8b3d78169775 mov edi,dword ptr [msgina!_imp__GetSystemMetrics (75971678)]

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: msgina!CDimmedWindow::Create+12

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: msgina

    IMAGE_NAME: msgina.dll

    DEBUG_FLR_IMAGE_TIMESTAMP: 4802a149

    FAULTING_THREAD: 0000079c

    PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT

    BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK

    FAILURE_BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK_BAD_IP_msgina!CDimmedWindow::Create+12

    BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK_BAD_IP_msgina!CDimmedWindow::Create+12

    Followup: MachineOwner
    ---------
     
  3. zan2828

    zan2828 TS Rookie Topic Starter

    bump to the top
     
  4. Clinkzehffs

    Clinkzehffs TS Rookie Posts: 75

    Close DEP?
     
  5. jobeard

    jobeard TS Ambassador Posts: 9,321   +618

    KEEP DEP!!! It protects you from allowing code from running where ONLY data should exist, ie: it slams the door on viruses!

    look at this MS Kb
     
  6. zan2828

    zan2828 TS Rookie Topic Starter

    I stopped DEP, and explorer is still crashing on shutdown. I swapped out the RAM, and it still crashes. I even reformatted. I wonder what could be the problem.

    The minidump still looks identical except it doesn't state a DEP or NX related problem now.


    FAULTING_IP:
    +4d2c530
    04d2c530 ?? ???

    EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 04d2c530
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 04d2c530
    Attempt to read from address 04d2c530

    DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR

    PROCESS_NAME: explorer.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    READ_ADDRESS: 04d2c530

    FAILED_INSTRUCTION_ADDRESS:
    +4d2c530
    04d2c530 ?? ???

    IP_ON_HEAP: 04d2c530

    FAULTING_THREAD: 00000780

    PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR

    BUGCHECK_STR: APPLICATION_FAULT_BAD_INSTRUCTION_PTR

    LAST_CONTROL_TRANSFER: from 7599840c to 04d2c530

    STACK_TEXT:
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0150fa74 7599840c 00000000 01aee468 0150fad0 0x4d2c530
    0150fa90 75993a2f 00000002 010464f8 00000000 msgina!CDimmedWindow::Create+0x12
    0150faa4 7ca78a05 0150fac0 0150fad0 010460f8 msgina!_ShellDimScreen+0x67
    0150fcd8 7ca78cca 0001009c 00000002 0150fcfc shell32!CloseWindowsDialog+0x51
    0150fce8 010341ff 0001009c 000001fa 010460f8 shell32!ExitWindowsDialog+0x2a
    0150fcfc 01026668 0001009c 00000000 00000111 explorer!CTray::_DoExitWindows+0x86
    0150fd30 0101c43e 000001fa 00000111 010460f8 explorer!CTray::_Command+0x2da
    0150fde8 01001b5c 0003004e 00000111 000001fa explorer!CTray::v_WndProc+0x981
    0150fe0c 7e418734 0003004e 00000111 000001fa explorer!CImpWndProc::s_WndProc+0x65
    0150fe38 7e418816 01001b1d 0003004e 00000111 user32!InternalCallWinProc+0x28
    0150fea0 7e4189cd 000a04d8 01001b1d 0003004e user32!UserCallWinProcCheckWow+0x150
    0150ff00 7e418a10 0150ff28 00000000 0150ff44 user32!DispatchMessageWorker+0x306
    0150ff10 01001a35 0150ff28 00000000 010460f8 user32!DispatchMessageW+0xf
    0150ff44 0100ffd1 00000000 0150ffb4 77f76f42 explorer!CTray::_MessageLoop+0xd9
    0150ff50 77f76f42 010460f8 0000005c 00000000 explorer!CTray::MainThreadProc+0x29
    0150ffb4 7c80b713 00000000 0000005c 00000000 shlwapi!WrapperThreadProc+0x94
    0150ffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!BaseThreadStart+0x37


    STACK_COMMAND: ~1s; .ecxr ; kb

    FOLLOWUP_IP:
    msgina!CDimmedWindow::Create+12
    7599840c 8b3d78169775 mov edi,dword ptr [msgina!_imp__GetSystemMetrics (75971678)]

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: msgina!CDimmedWindow::Create+12

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: msgina

    IMAGE_NAME: msgina.dll

    DEBUG_FLR_IMAGE_TIMESTAMP: 4802a149

    FAILURE_BUCKET_ID: BAD_INSTRUCTION_PTR_c0000005_msgina.dll!CDimmedWindow::Create

    BUCKET_ID: APPLICATION_FAULT_BAD_INSTRUCTION_PTR_BAD_IP_msgina!CDimmedWindow::Create+12

    Followup: MachineOwner
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...