DEP crashes explorer.exe on Windows shutdown

Status
Not open for further replies.
Z

zan2828

Posts: 9   +0
Hello all,

Ever since installing XP Sp3 I've been getting error messages when I try to shut down. DEP crashes explorer.exe, and the crashing module is always unknown.

However, upon debugging the user.dmp files, the IMAGE_NAME is always msgina.dll and the faulting address is always the same.

I suspected a corrupt msgina.dll, and have since tried reinstalling sp3 and also replacing it with a copy from a working machine, but i still get the errors.

I am attaching the dump, perhaps one of you could pinpoint the issue.

Thank you.

------------------------------
I would also like to add:

I have already scanned the system for viruses/malware and have run HijackThis. Everything appears clean.
 
Results of dump debug:

0:001> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************


FAULTING_IP:
+637c530
0637c530 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0637c530
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 0637c530
Attempt to execute non-executable address 0637c530

DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

WRITE_ADDRESS: 0637c530

FAILED_INSTRUCTION_ADDRESS:
+637c530
0637c530 ?? ???

IP_ON_HEAP: 0637c530

LAST_CONTROL_TRANSFER: from 7599840c to 0637c530

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0149fa74 7599840c 00000000 029b6af8 0149fad0 0x637c530
0149fa90 75993a2f 00000002 010464f8 00000000 msgina!CDimmedWindow::Create+0x12
0149faa4 7ca78a05 0149fac0 0149fad0 010460f8 msgina!_ShellDimScreen+0x67
0149fcd8 7ca78cca 0001009c 00000002 0149fcfc shell32!CloseWindowsDialog+0x51
0149fce8 010341ff 0001009c 000001fa 010460f8 shell32!ExitWindowsDialog+0x2a
0149fcfc 01026668 0001009c 00000000 00000111 explorer!CTray::_DoExitWindows+0x86
0149fd30 0101c43e 000001fa 00000111 010460f8 explorer!CTray::_Command+0x2da
0149fde8 01001b5c 00030044 00000111 000001fa explorer!CTray::v_WndProc+0x981
0149fe0c 7e418734 00030044 00000111 000001fa explorer!CImpWndProc::s_WndProc+0x65
0149fe38 7e418816 01001b1d 00030044 00000111 user32!InternalCallWinProc+0x28
0149fea0 7e4189cd 000a0470 01001b1d 00030044 user32!UserCallWinProcCheckWow+0x150
0149ff00 7e418a10 0149ff28 00000000 0149ff44 user32!DispatchMessageWorker+0x306
0149ff10 01001a35 0149ff28 00000000 010460f8 user32!DispatchMessageW+0xf
0149ff44 0100ffd1 00000000 0149ffb4 77f76f42 explorer!CTray::_MessageLoop+0xd9
0149ff50 77f76f42 010460f8 0000005c 00000000 explorer!CTray::MainThreadProc+0x29
0149ffb4 7c80b713 00000000 0000005c 00000000 shlwapi!WrapperThreadProc+0x94
0149ffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND: ~1s; .ecxr ; kb

FOLLOWUP_IP:
msgina!CDimmedWindow::Create+12
7599840c 8b3d78169775 mov edi,dword ptr [msgina!_imp__GetSystemMetrics (75971678)]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: msgina!CDimmedWindow::Create+12

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: msgina

IMAGE_NAME: msgina.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4802a149

FAULTING_THREAD: 0000079c

PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT

BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK

FAILURE_BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK_BAD_IP_msgina!CDimmedWindow::Create+12

BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_INSTRUCTION_PTR_CODE_RUNNING_ON_STACK_BAD_IP_msgina!CDimmedWindow::Create+12

Followup: MachineOwner
---------
 
I stopped DEP, and explorer is still crashing on shutdown. I swapped out the RAM, and it still crashes. I even reformatted. I wonder what could be the problem.

The minidump still looks identical except it doesn't state a DEP or NX related problem now.


FAULTING_IP:
+4d2c530
04d2c530 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 04d2c530
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 04d2c530
Attempt to read from address 04d2c530

DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR

PROCESS_NAME: explorer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 04d2c530

FAILED_INSTRUCTION_ADDRESS:
+4d2c530
04d2c530 ?? ???

IP_ON_HEAP: 04d2c530

FAULTING_THREAD: 00000780

PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR

BUGCHECK_STR: APPLICATION_FAULT_BAD_INSTRUCTION_PTR

LAST_CONTROL_TRANSFER: from 7599840c to 04d2c530

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0150fa74 7599840c 00000000 01aee468 0150fad0 0x4d2c530
0150fa90 75993a2f 00000002 010464f8 00000000 msgina!CDimmedWindow::Create+0x12
0150faa4 7ca78a05 0150fac0 0150fad0 010460f8 msgina!_ShellDimScreen+0x67
0150fcd8 7ca78cca 0001009c 00000002 0150fcfc shell32!CloseWindowsDialog+0x51
0150fce8 010341ff 0001009c 000001fa 010460f8 shell32!ExitWindowsDialog+0x2a
0150fcfc 01026668 0001009c 00000000 00000111 explorer!CTray::_DoExitWindows+0x86
0150fd30 0101c43e 000001fa 00000111 010460f8 explorer!CTray::_Command+0x2da
0150fde8 01001b5c 0003004e 00000111 000001fa explorer!CTray::v_WndProc+0x981
0150fe0c 7e418734 0003004e 00000111 000001fa explorer!CImpWndProc::s_WndProc+0x65
0150fe38 7e418816 01001b1d 0003004e 00000111 user32!InternalCallWinProc+0x28
0150fea0 7e4189cd 000a04d8 01001b1d 0003004e user32!UserCallWinProcCheckWow+0x150
0150ff00 7e418a10 0150ff28 00000000 0150ff44 user32!DispatchMessageWorker+0x306
0150ff10 01001a35 0150ff28 00000000 010460f8 user32!DispatchMessageW+0xf
0150ff44 0100ffd1 00000000 0150ffb4 77f76f42 explorer!CTray::_MessageLoop+0xd9
0150ff50 77f76f42 010460f8 0000005c 00000000 explorer!CTray::MainThreadProc+0x29
0150ffb4 7c80b713 00000000 0000005c 00000000 shlwapi!WrapperThreadProc+0x94
0150ffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND: ~1s; .ecxr ; kb

FOLLOWUP_IP:
msgina!CDimmedWindow::Create+12
7599840c 8b3d78169775 mov edi,dword ptr [msgina!_imp__GetSystemMetrics (75971678)]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: msgina!CDimmedWindow::Create+12

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: msgina

IMAGE_NAME: msgina.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4802a149

FAILURE_BUCKET_ID: BAD_INSTRUCTION_PTR_c0000005_msgina.dll!CDimmedWindow::Create

BUCKET_ID: APPLICATION_FAULT_BAD_INSTRUCTION_PTR_BAD_IP_msgina!CDimmedWindow::Create+12

Followup: MachineOwner
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
This real-world Pokédex identifies pocket monsters using ChatGPT and AI voice cloning
Replies
0
Views
177
Cal Jeffrey
Cal Jeffrey
pioneerx01
Win 10 randomly crashes, no BSOD, no minidump, no error messages
Replies
4
Views
2K
bazz2004
B
Mokyx
Freeze Crashes + Reboot loop on laptop, tried a lot of investigation without success
Replies
5
Views
2K
Cycloid Torus
Cycloid Torus

Latest posts

Back