Article ID: 189612
Article Last Modified on 11/1/2006
APPLIES TO
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Enterprise Edition
This article was previously published under Q189612
SYMPTOMS
An access violation occurs in Windows NT Explorer (Explorer.exe), which generates a Dr. Watson log similar to the following:
State Dump for Thread Id 0xd1
eax=00000004 ebx=00000000 ecx=001745a0 edx=00188c44 esi=00140000
edi=fffffffc
eip=77f64b53 esp=0103fa2c ebp=0103fa44 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246
function: RtlFreeHeap
77f64b32 53 push ebx
77f64b33 56 push esi
77f64b34 57 push edi
77f64b35 0f84d7010000 je RtlFreeHeap+0x1ec (77f64d12)
77f64b3b 8b7508 mov esi,[ebp+0x8]
ss:0239e44a=????????
77f64b3e 8b5d0c mov ebx,[ebp+0xc]
ss:0239e44a=????????
77f64b41 0b5e10 or ebx,[esi+0x10]
ds:0149ea06=00000000
77f64b44 f7c3600f036f test ebx,0x6f030f60
77f64b4a 0f85b8010000 jne RtlFreeHeap+0x1e2 (77f64d08)
77f64b50 8d78f8 lea edi,[eax-0x8]
ds:0135ea0a=890c8d92
FAULT ->77f64b53 f6470501 test byte ptr [edi+0x5],0x1
ds:0135ea02=89
77f64b57 0f8485010000 je RtlFreeHeap+0x1bc (77f64ce2)
77f64b5d a807 test al,0x7
77f64b5f 0f857d010000 jne RtlFreeHeap+0x1bc (77f64ce2)
77f64b65 807f0410 cmp byte ptr [edi+0x4],0x10
ds:0135ea02=89
77f64b69 0f8373010000 jnb RtlFreeHeap+0x1bc (77f64ce2)
77f64b6f 83e301 and ebx,0x1
77f64b72 750b jnz RtlFreeHeap+0x59 (77f64b7f)
77f64b74 ffb6b8040000 push dword ptr [esi+0x4b8]
ds:001404b8=00140548
77f64b7a e891280000 call RtlEnterCriticalSection
(77f67410)
77f64b7f f6470508 test byte ptr [edi+0x5],0x8
ds:0135ea02=89
77f64b83 0f85f8000000 jne RtlFreeHeap+0x15b (77f64c81)
*----> Stack Back Trace <----*
FramePtr ReturnAd Function Name
0103fa44 77e11012 ntdll!RtlFreeHeap
0103fa54 77e11489 rpcrt4!operator delete
0103fa64 77e1bc32 rpcrt4!CLIENT_AUTH_INFO::~CLIENT_AUTH_INFO [omap]
0103fa78 77e15903 rpcrt4!WMSG_CASSOCIATION::~WMSG_CASSOCIATION [omap]
0103fa8c 77e1b9e1 rpcrt4!WMSG_CASSOCIATION::RemoveReference [omap]
0103faa0 77e1ba42 rpcrt4!WMSG_BINDING_HANDLE::~WMSG_BINDING_HANDLE [omap]
0103faa8 77e1ba8e rpcrt4!WMSG_BINDING_HANDLE::`scalar deleting destructor'
[omap]
0103fab8 77e16705 rpcrt4!WMSG_BINDING_HANDLE::BindingFree [omap]
0103fac8 77ba82e5 rpcrt4!RpcBindingFree [omap]
0103fad4 77ba808a ole32!CRpcChannelBuffer::~CRpcChannelBuffer [omap]
0103fae0 77b455cb ole32!CErrorObject::`vftable' [omap]
0103fb3c 77b252ea ole32!CStdMarshal::DisconnectCliIPIDs [omap]
0103fb48 77b25520 ole32!CStdMarshal::Disconnect [omap]
00157f28 77bb0ce8 ole32!CStdIdentity::Disconnect [omap]
77bb0d10 77b2110d ole32!IProxyManager::`vftable' [omap]
77bb0d28 77b77862 ole32!CStdIdentity::CInternalUnk::Release [omap]
77b77836 0824448b ole32!CStdIdentity::CreateServerWithHandler [omap]
*----> Stack Back Trace <----*
FramePtr ReturnAd Function Name
0103fa44 77e11012 ntdll!RtlFreeHeap
0103fa54 77e11489 rpcrt4!operator delete
0103fa64 77e1bc32 rpcrt4!CLIENT_AUTH_INFO::~CLIENT_AUTH_INFO [omap]
0103fa78 77e15903 rpcrt4!WMSG_CASSOCIATION::~WMSG_CASSOCIATION [omap]
0103fa8c 77e1b9e1 rpcrt4!WMSG_CASSOCIATION::RemoveReference [omap]
0103faa0 77e1ba42 rpcrt4!WMSG_BINDING_HANDLE::~WMSG_BINDING_HANDLE [omap]
0103faa8 77e1ba8e rpcrt4!WMSG_BINDING_HANDLE::`scalar deleting destructor'
[omap]
0103fab8 77e16705 rpcrt4!WMSG_BINDING_HANDLE::BindingFree [omap]
0103fac8 77ba82e5 rpcrt4!RpcBindingFree [omap]
0103fad4 77ba808a ole32!CRpcChannelBuffer::~CRpcChannelBuffer [omap]
0103fae0 77b455cb ole32!CErrorObject::`vftable' [omap]
0103fb3c 77b252ea ole32!CStdMarshal::DisconnectCliIPIDs [omap]
0103fb48 77b25520 ole32!CStdMarshal::Disconnect [omap]
00157f28 77bb0ce8 ole32!CStdIdentity::Disconnect [omap]
77bb0d10 77b2110d ole32!IProxyManager::`vftable' [omap]
77bb0d28 77b77862 ole32!CStdIdentity::CInternalUnk::Release [omap]
77b77836 0824448b ole32!CStdIdentity::CreateServerWithHandler [omap]
CAUSE
This problem is caused by a problem in Rpcrt.dll, which generates a message with an invalid memory address that results in the above access violation. This problem has been seen most often when running Microsoft Transaction Server (MTS), but can occur in other situations and can cause problems in applications other than Windows NT Explorer.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
This fix is also included in a rollup of fixes for Microsoft Exchange 5.5 and Microsoft Internet Information Server 4.0, which is available on the Microsoft FTP Site.
STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.
Keywords: kbhotfixserver kbqfe kbbug kbfix kbqfe KB189612
