Microsoft KB Archive/326328

= PRB: COMCTL32 May Leak Handle to Registry Hive =

Article ID: 326328

Article Last Modified on 11/21/2006

-

APPLIES TO

 Microsoft Win32 Application Programming Interface, when used with:  Microsoft Windows XP Professional

 Microsoft Windows 2000 Standard Edition 

-



This article was previously published under Q326328



SYMPTOMS
When a user logs off, there may be a delay before the logoff process completes. On Windows 2000, this can take up to a minute. If roaming profiles are turned on for the user account, the roaming profile is not saved.



CAUSE
This problem can occur when an application leaks a handle to the registry hive for the user. The problem described here relates specifically to such a handle leak that is caused by the Microsoft library file named Comctl32.dll. However, it causes the problem described here only in very specific circumstances.



RESOLUTION
To prevent this problem, call the RegDisablePredefinedCache API as early as possible in the life of the process.

Alternatively, make sure that when Comctl32.dll is first loaded into the process, the thread that causes it to be loaded (either directly or indirectly) is not impersonating a user account that may later be used to log on to the computer interactively.

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
When first attached to a process, Comctl32.dll accesses some information in the registry hive for the current user. If the thread that causes Comctl32.dll to be loaded into the process is running under a user account, and that user later logs off, WinLogon.exe cannot unload the registry hive for the user. If the user account is configured with a roaming profile, the profile is not saved. There may also be a delay in the logoff process.

To determine whether you are experiencing this problem, you can enable user environment debugging by creating the following registry key:  After you create this key, information is written by WinLogon.exe to \Windows\Debug\Userenv.log. You can expect to see something similar to the following: USERENV(b8.a0) 17:29:20:723 MyRegUnLoadKey: Hive unload for S-1-5-21-842925246-220523388-839522115-45730_Classes failed due to open registry key. Windows will try unloading the registry hive once a second for the next 60 seconds (max). USERENV(b8.a0) 17:30:21:190 MyRegUnLoadKey: Windows was not able to unload the registry hive. USERENV(b8.a0) 17:30:21:190 MyRegUnLoadKey: Failed to unmount hive 5 Note Although you may not be using the functionality of Comctl32.dll explicitly, it is possible to cause that DLL to be loaded into a process indirectly by calling various other Win32 functions. For example, using a Crypto function such as CertOpenSystemStore causes Crypt32.dll to load, which loads Shell32.dll, which in turn loads Comctl32.dll.

Keywords: kbbug kbpending KB326328

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.