Prev: read raw file datastream
Next: Clue about Usenet
From: Kerem Gümrükcü on 8 Feb 2010 17:55
Hi,

i was exploring my devices registry keys and found a
REG_RESOURCE_REQUIREMENTS_LIST entry in the
Hardware Keys of the pnp device key. When i clicked
on it, i was wondering what took so long and then i
found out that it has gone in some sort of stall/infinite
loop. I was pretty unsure what this lead to a situation
like that and then i found out, that i could reproduce
that on my system. Whenever a REG_RESOURCE_REQUIREMENTS_LIST
is a zero length binary value and you try to edit it with
the registry editor, the editor stucks and stalls the cpu.
That was the stack looking at that moment:

ntkrnlpa.exe!KiSwapContext+0x26
ntkrnlpa.exe!KiSwapThread+0x44f
ntkrnlpa.exe!KeWaitForSingleObject+0x492
ntkrnlpa.exe!KiSuspendThread+0x18
ntkrnlpa.exe!KiDeliverApc+0x138
hal.dll!HalpDispatchSoftwareInterrupt+0x49
hal.dll!HalpCheckForSoftwareInterrupt+0x64
hal.dll!HalEndSystemInterrupt+0x73
hal.dll!HalpIpiHandler+0x189
msvcrt.dll!__ascii_strnicmp+0xbb
msvcrt.dll!_VEC_memcpy+0x52
ulib.dll!UlibRealloc+0x52
ulib.dll!ARRAY::SetArrayCapacity+0x1a
ulib.dll!ARRAY::Put+0x20
regedit.exe!IO_REQUIREMENTS_LIST::Initialize+0xad
regedit.exe!REGISTRY_DATA::_DisplayData+0x52
regedit.exe!RegEdit_EditCurrentValueListItem+0x30d
regedit.exe!RegEdit_OnNotify+0x3d
regedit.exe!RegEditWndProc+0x9b
USER32.dll!InternalCallWinProc+0x23
USER32.dll!UserCallWinProcCheckWow+0x14b
USER32.dll!SendMessageWorker+0x4b7
USER32.dll!SendMessageW+0x7c
COMCTL32.dll!CCSendNotify+0xbfb
COMCTL32.dll!CLVMouseManager::HandleMouse+0x58c
COMCTL32.dll!CLVMouseManager::OnButtonDown+0x18
COMCTL32.dll!CListView::WndProc+0x935
COMCTL32.dll!CListView::s_WndProc+0x4e8
USER32.dll!InternalCallWinProc+0x23
USER32.dll!UserCallWinProcCheckWow+0x14b
USER32.dll!DispatchMessageWorker+0x322
USER32.dll!DispatchMessageW+0xf
regedit.exe!WinMain+0x158
regedit.exe!_initterm_e+0x1a1
kernel32.dll!BaseThreadInitThunk+0xe
ntdll.dll!__RtlUserThreadStart+0x23
ntdll.dll!_RtlUserThreadStart+0x1b

System is Windows Vista 32 Bit up2date
and that was loaded by regedit.exe at that
moment:

Loaded Modules for Process: regedit [7048]

"Module Name","File Name","Base Address","Entry Point Address","Module
Memory Size","File Version Info","Company Name","Is File proteced"

"regedit.exe","C:\Windows\regedit.exe","0x970000","0x989688","0x65000","6.0.6000.16386","Microsoft
Corporation","True"
"ntdll.dll","C:\Windows\system32\ntdll.dll","0x77280000","0x0","0x127000","6.0.6001.18000","Microsoft
Corporation","True"
"kernel32.dll","C:\Windows\system32\kernel32.dll","0x75930000","0x7597B7F5","0xDC000","6.0.6001.18000","Microsoft
Corporation","True"
"ADVAPI32.dll","C:\Windows\system32\ADVAPI32.dll","0x76E60000","0x76EA0CC1","0xC6000","6.0.6002.18005","Microsoft
Corporation","True"
"RPCRT4.dll","C:\Windows\system32\RPCRT4.dll","0x75BD0000","0x75C202EB","0xC3000","6.0.6001.18000","Microsoft
Corporation","True"
"GDI32.dll","C:\Windows\system32\GDI32.dll","0x76210000","0x7621F12A","0x4B000","6.0.6002.18005","Microsoft
Corporation","True"
"USER32.dll","C:\Windows\system32\USER32.dll","0x75FC0000","0x75FD7A1D","0x9D000","6.0.6001.18000","Microsoft
Corporation","True"
"msvcrt.dll","C:\Windows\system32\msvcrt.dll","0x773B0000","0x773B9FAE","0xAA000","7.0.6002.18005","Microsoft
Corporation","True"
"SHLWAPI.dll","C:\Windows\system32\SHLWAPI.dll","0x761B0000","0x761CBA35","0x59000","6.0.6000.16386","Microsoft
Corporation","True"
"COMCTL32.dll","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\COMCTL32.dll","0x746C0000","0x746F3681","0x19E000","6.0.6000.16386","Microsoft
Corporation","False"
"COMDLG32.dll","C:\Windows\system32\COMDLG32.dll","0x77460000","0x77461AC2","0x73000","6.0.6000.16386","Microsoft
Corporation","True"
"SHELL32.dll","C:\Windows\system32\SHELL32.dll","0x76340000","0x763B90DD","0xB10000","6.0.6001.18000","Microsoft
Corporation","True"
"AUTHZ.dll","C:\Windows\system32\AUTHZ.dll","0x754E0000","0x754E12BD","0x16000","6.0.6002.18005","Microsoft
Corporation","True"
"ACLUI.dll","C:\Windows\system32\ACLUI.dll","0x65040000","0x65055E9B","0x22000","6.0.6000.16386","Microsoft
Corporation","True"
"ole32.dll","C:\Windows\system32\ole32.dll","0x75E70000","0x75EC94C0","0x145000","6.0.6000.16386","Microsoft
Corporation","True"
"OLEAUT32.dll","C:\Windows\system32\OLEAUT32.dll","0x76F30000","0x76F33F45","0x8D000","6.0.6002.18005","Microsoft
Corporation","True"
"PSAPI.DLL","C:\Windows\system32\PSAPI.DLL","0x75920000","0x7592154B","0x7000","6.0.6000.16386","Microsoft
Corporation","True"
"NTDSAPI.dll","C:\Windows\system32\NTDSAPI.dll","0x751B0000","0x751B13A1","0x18000","6.0.6001.18000","Microsoft
Corporation","True"
"DNSAPI.dll","C:\Windows\system32\DNSAPI.dll","0x75580000","0x75583EC1","0x2C000","6.0.6000.16386","Microsoft
Corporation","True"
"WS2_32.dll","C:\Windows\system32\WS2_32.dll","0x75A10000","0x75A11434","0x2D000","6.0.6000.16386","Microsoft
Corporation","True"
"NSI.dll","C:\Windows\system32\NSI.dll","0x76260000","0x762616B8","0x6000","6.0.6001.18000","Microsoft
Corporation","True"
"WLDAP32.dll","C:\Windows\system32\WLDAP32.dll","0x762F0000","0x762F11CD","0x49000","6.0.6000.16386","Microsoft
Corporation","True"
"NETAPI32.dll","C:\Windows\system32\NETAPI32.dll","0x75760000","0x75764329","0x76000","6.0.6002.18005","Microsoft
Corporation","True"
"Secur32.dll","C:\Windows\system32\Secur32.dll","0x75700000","0x75701235","0x14000","6.0.6002.18051","Microsoft
Corporation","True"
"ulib.dll","C:\Windows\system32\ulib.dll","0x65020000","0x65021436","0x1B000","6.0.6001.18000","Microsoft
Corporation","True"
"clb.dll","C:\Windows\system32\clb.dll","0x73F30000","0x73F329D6","0x7000","6.0.6000.16386","Microsoft
Corporation","True"
"UxTheme.dll","C:\Windows\system32\UxTheme.dll","0x74270000","0x7427EB31","0x3F000","6.0.6000.16386","Microsoft
Corporation","True"
"IMM32.DLL","C:\Windows\system32\IMM32.DLL","0x75D30000","0x75D31378","0x1E000","6.0.6002.18005","Microsoft
Corporation","True"
"MSCTF.dll","C:\Windows\system32\MSCTF.dll","0x771B0000","0x771B169E","0xC8000","6.0.6000.16386","Microsoft
Corporation","True"
"LPK.DLL","C:\Windows\system32\LPK.DLL","0x76060000","0x76061303","0x9000","6.0.6002.18051","Microsoft
Corporation","True"
"USP10.dll","C:\Windows\system32\USP10.dll","0x76270000","0x76279B1E","0x7D000","1.0626.6002.18005","Microsoft
Corporation","True"
"WindowsCodecs.dll","C:\Windows\system32\WindowsCodecs.dll","0x732A0000","0x732A6F85","0xF4000","7.0.6002.18107","Microsoft
Corporation","True"
"apphelp.dll","C:\Windows\system32\apphelp.dll","0x754A0000","0x754A1275","0x2C000","6.0.6000.16386","Microsoft
Corporation","True"


If some MS guy/girl reads this, maybe they can
fix that or forward this to the developers of the
registry editor...

Regards

Kerem

-----------------------
Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------

 | 
Pages: 1
Prev: read raw file datastream
Next: Clue about Usenet