Microsoft KB Archive/189612

= Access Violation Occurs in Windows NT Explorer (Explorer.exe) =

Article ID: 189612

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition

-



This article was previously published under Q189612





SYMPTOMS
An access violation occurs in Windows NT Explorer (Explorer.exe), which generates a Dr. Watson log similar to the following:

State Dump for Thread Id 0xd1

 eax=00000004 ebx=00000000 ecx=001745a0 edx=00188c44 esi=00140000 edi=fffffffc eip=77f64b53 esp=0103fa2c ebp=0103fa44 iopl=0        nv up ei pl zr na po nc cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000 efl=00000246

function: RtlFreeHeap 77f64b32 53              push    ebx 77f64b33 56              push    esi 77f64b34 57              push    edi 77f64b35 0f84d7010000    je      RtlFreeHeap+0x1ec (77f64d12) 77f64b3b 8b7508          mov     esi,[ebp+0x8] ss:0239e44a=???????? 77f64b3e 8b5d0c          mov     ebx,[ebp+0xc] ss:0239e44a=???????? 77f64b41 0b5e10          or      ebx,[esi+0x10] ds:0149ea06=00000000 77f64b44 f7c3600f036f    test    ebx,0x6f030f60 77f64b4a 0f85b8010000    jne     RtlFreeHeap+0x1e2 (77f64d08) 77f64b50 8d78f8          lea     edi,[eax-0x8] ds:0135ea0a=890c8d92

FAULT ->77f64b53 f6470501        test    byte ptr [edi+0x5],0x1 ds:0135ea02=89 77f64b57 0f8485010000    je      RtlFreeHeap+0x1bc (77f64ce2) 77f64b5d a807            test    al,0x7 77f64b5f 0f857d010000    jne     RtlFreeHeap+0x1bc (77f64ce2) 77f64b65 807f0410        cmp     byte ptr [edi+0x4],0x10 ds:0135ea02=89 77f64b69 0f8373010000    jnb     RtlFreeHeap+0x1bc (77f64ce2) 77f64b6f 83e301          and     ebx,0x1 77f64b72 750b            jnz     RtlFreeHeap+0x59 (77f64b7f) 77f64b74 ffb6b8040000    push    dword ptr [esi+0x4b8] ds:001404b8=00140548 77f64b7a e891280000      call    RtlEnterCriticalSection (77f67410) 77f64b7f f6470508        test    byte ptr [edi+0x5],0x8 ds:0135ea02=89 77f64b83 0f85f8000000    jne     RtlFreeHeap+0x15b (77f64c81)

*> Stack Back Trace <*

FramePtr ReturnAd Function Name 0103fa44 77e11012 ntdll!RtlFreeHeap 0103fa54 77e11489 rpcrt4!operator delete 0103fa64 77e1bc32 rpcrt4!CLIENT_AUTH_INFO::~CLIENT_AUTH_INFO [omap] 0103fa78 77e15903 rpcrt4!WMSG_CASSOCIATION::~WMSG_CASSOCIATION [omap] 0103fa8c 77e1b9e1 rpcrt4!WMSG_CASSOCIATION::RemoveReference [omap] 0103faa0 77e1ba42 rpcrt4!WMSG_BINDING_HANDLE::~WMSG_BINDING_HANDLE [omap] 0103faa8 77e1ba8e rpcrt4!WMSG_BINDING_HANDLE::`scalar deleting destructor' [omap] 0103fab8 77e16705 rpcrt4!WMSG_BINDING_HANDLE::BindingFree [omap] 0103fac8 77ba82e5 rpcrt4!RpcBindingFree [omap] 0103fad4 77ba808a ole32!CRpcChannelBuffer::~CRpcChannelBuffer [omap] 0103fae0 77b455cb ole32!CErrorObject::`vftable' [omap] 0103fb3c 77b252ea ole32!CStdMarshal::DisconnectCliIPIDs [omap] 0103fb48 77b25520 ole32!CStdMarshal::Disconnect [omap] 00157f28 77bb0ce8 ole32!CStdIdentity::Disconnect [omap] 77bb0d10 77b2110d ole32!IProxyManager::`vftable' [omap] 77bb0d28 77b77862 ole32!CStdIdentity::CInternalUnk::Release [omap] 77b77836 0824448b ole32!CStdIdentity::CreateServerWithHandler [omap]

*> Stack Back Trace <*

FramePtr ReturnAd Function Name 0103fa44 77e11012 ntdll!RtlFreeHeap 0103fa54 77e11489 rpcrt4!operator delete 0103fa64 77e1bc32 rpcrt4!CLIENT_AUTH_INFO::~CLIENT_AUTH_INFO [omap] 0103fa78 77e15903 rpcrt4!WMSG_CASSOCIATION::~WMSG_CASSOCIATION [omap] 0103fa8c 77e1b9e1 rpcrt4!WMSG_CASSOCIATION::RemoveReference [omap] 0103faa0 77e1ba42 rpcrt4!WMSG_BINDING_HANDLE::~WMSG_BINDING_HANDLE [omap] 0103faa8 77e1ba8e rpcrt4!WMSG_BINDING_HANDLE::`scalar deleting destructor' [omap] 0103fab8 77e16705 rpcrt4!WMSG_BINDING_HANDLE::BindingFree [omap] 0103fac8 77ba82e5 rpcrt4!RpcBindingFree [omap] 0103fad4 77ba808a ole32!CRpcChannelBuffer::~CRpcChannelBuffer [omap] 0103fae0 77b455cb ole32!CErrorObject::`vftable' [omap] 0103fb3c 77b252ea ole32!CStdMarshal::DisconnectCliIPIDs [omap] 0103fb48 77b25520 ole32!CStdMarshal::Disconnect [omap] 00157f28 77bb0ce8 ole32!CStdIdentity::Disconnect [omap] 77bb0d10 77b2110d ole32!IProxyManager::`vftable' [omap] 77bb0d28 77b77862 ole32!CStdIdentity::CInternalUnk::Release [omap] 77b77836 0824448b ole32!CStdIdentity::CreateServerWithHandler [omap]



CAUSE
This problem is caused by a problem in Rpcrt.dll, which generates a message with an invalid memory address that results in the above access violation. This problem has been seen most often when running Microsoft Transaction Server (MTS), but can occur in other situations and can cause problems in applications other than Windows NT Explorer.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

This fix is also included in a rollup of fixes for Microsoft Exchange 5.5 and Microsoft Internet Information Server 4.0, which is available on the Microsoft FTP Site.



STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Keywords: kbhotfixserver kbqfe kbbug kbfix kbqfe KB189612

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.