Get BSOD when doing Find in Regedit

G

Guest

I'm running XP SP2. When I do a Find in Regedit in HKLM/System, I inevitably
crash w/a BSOD. I have unchecked "Automatically Restart" in Startup and
Recovery, but nevertheless, the machine restarts automatically. When it
boots back up, and after I log in, I get "The system has recovered from a
serious error", and then it tells me it's a video driver error. This might
be, but I've also had other problems relating to the registry, like not being
able to run ERUNT on the System hive, and not being able to install windows
updates. In any case I have the latest driver, and I have set hardware
acceleration to None. Interestingly, when I try and uncheck "Enable write
combining" under Hardware acceleration, (and then hit "Apply"), I get, "The
new settings could not be saved to registry."

Any ideas would be appreciated

MJ
 
W

Will Denny

Hi

Could you please post the Stop Code from the BSOD?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups
 
G

Guest

Thanks!

I ran the Windows debug, per the instructions at majorgeeks, below is what I
got.
I am considering getting the hotfix described here (I'm running XP):
http://support.microsoft.com/?kbid=836435

Any thoughts?


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082206-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 22 08:57:36.453 2006 (GMT-4)
System Uptime: 0 days 0:07:55.140
Loading Kernel Symbol
....................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*
*
* Bugcheck Analysis
*
*

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8054a51a, ae94e674, 0}

Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+23a )

Followup: MachineOwner
---------

0: kd> !analyze -
*******************************************************************************
*
*
* Bugcheck Analysis
*
*

*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054a51a, The address that the exception occurred at
Arg3: ae94e674, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+23a
8054a51a 668b4efa mov cx,word ptr [esi-6]

TRAP_FRAME: ae94e674 -- (.trap ffffffffae94e674)
ErrCode = 00000000
eax=01c6b500 ebx=efa2197c ecx=01e00100 edx=00000000 esi=01c6b5e2 edi=00000002
eip=8054a51a esp=ae94e6e8 ebp=ae94e71c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!ExFreePoolWithTag+0x23a:
8054a51a 668b4efa mov cx,word ptr [esi-6]
ds:0023:01c6b5dc=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: regedit.exe

LAST_CONTROL_TRANSFER: from 80633421 to 8054a51a

STACK_TEXT:
ae94e71c 80633421 01c6b5e2 00000000 ef1d8758 nt!ExFreePoolWithTag+0x23a
ae94e738 80633a34 eedce3b0 ef1d8758 e102d0f8 nt!CmpCleanUpKcbValueCache+0x3d
ae94e74c 8063a6f4 eedce3b0 e1036b60 8063a810
nt!CmpCleanUpKcbCacheWithLock+0x1a
ae94e758 8063a810 ae94e76c 80633b2a ef1d8758 nt!CmpGetDelayedCloseIndex+0x16
ae94e760 80633b2a ef1d8758 ae94e778 80633f12 nt!CmpAddToDelayedClose+0xa
ae94e76c 80633f12 ef1d8758 ae94e790 80635012
nt!CmpDereferenceKeyControlBlockWithLock+0x38
ae94e778 80635012 ef1d8758 00000000 ef9f2f10
nt!CmpDereferenceKeyControlBlock+0x12
ae94e790 805b9e25 ef9f2f28 00000000 ef9f2f10 nt!CmpDeleteKeyObject+0x92
ae94e7ac 805257b8 ef9f2f28 00000000 00000110 nt!ObpRemoveObjectRoutine+0xdf
ae94e7c4 805bacfb 95caa020 eea49200 96d45da8 nt!ObfDereferenceObject+0x4c
ae94e7dc 805bad91 eea49200 ef9f2f28 00000110 nt!ObpCloseHandleTableEntry+0x155
ae94e824 805baec9 00000110 00000001 00000000 nt!ObpCloseHandle+0x87
ae94e838 8054060c 00000110 0007f400 7c90eb94 nt!NtClose+0x1d
ae94e838 7c90eb94 00000110 0007f400 7c90eb94 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007f400 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+23a
8054a51a 668b4efa mov cx,word ptr [esi-6]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1e

SYMBOL_NAME: nt!ExFreePoolWithTag+23a

FAILURE_BUCKET_ID: 0x8E_nt!ExFreePoolWithTag+23a

BUCKET_ID: 0x8E_nt!ExFreePoolWithTag+23a

Followup: MachineOwner
 
G

Guest

Solution: reverted back to previous version of video drivers.

Thanks everybody!

Mike

Mike Jamesson said:
Thanks!

I ran the Windows debug, per the instructions at majorgeeks, below is what I
got.
I am considering getting the hotfix described here (I'm running XP):
http://support.microsoft.com/?kbid=836435

Any thoughts?


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082206-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 22 08:57:36.453 2006 (GMT-4)
System Uptime: 0 days 0:07:55.140
Loading Kernel Symbols
...................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8054a51a, ae94e674, 0}

Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+23a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8054a51a, The address that the exception occurred at
Arg3: ae94e674, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+23a
8054a51a 668b4efa mov cx,word ptr [esi-6]

TRAP_FRAME: ae94e674 -- (.trap ffffffffae94e674)
ErrCode = 00000000
eax=01c6b500 ebx=efa2197c ecx=01e00100 edx=00000000 esi=01c6b5e2 edi=00000002
eip=8054a51a esp=ae94e6e8 ebp=ae94e71c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!ExFreePoolWithTag+0x23a:
8054a51a 668b4efa mov cx,word ptr [esi-6]
ds:0023:01c6b5dc=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: regedit.exe

LAST_CONTROL_TRANSFER: from 80633421 to 8054a51a

STACK_TEXT:
ae94e71c 80633421 01c6b5e2 00000000 ef1d8758 nt!ExFreePoolWithTag+0x23a
ae94e738 80633a34 eedce3b0 ef1d8758 e102d0f8 nt!CmpCleanUpKcbValueCache+0x3d
ae94e74c 8063a6f4 eedce3b0 e1036b60 8063a810
nt!CmpCleanUpKcbCacheWithLock+0x1a
ae94e758 8063a810 ae94e76c 80633b2a ef1d8758 nt!CmpGetDelayedCloseIndex+0x16
ae94e760 80633b2a ef1d8758 ae94e778 80633f12 nt!CmpAddToDelayedClose+0xa
ae94e76c 80633f12 ef1d8758 ae94e790 80635012
nt!CmpDereferenceKeyControlBlockWithLock+0x38
ae94e778 80635012 ef1d8758 00000000 ef9f2f10
nt!CmpDereferenceKeyControlBlock+0x12
ae94e790 805b9e25 ef9f2f28 00000000 ef9f2f10 nt!CmpDeleteKeyObject+0x92
ae94e7ac 805257b8 ef9f2f28 00000000 00000110 nt!ObpRemoveObjectRoutine+0xdf
ae94e7c4 805bacfb 95caa020 eea49200 96d45da8 nt!ObfDereferenceObject+0x4c
ae94e7dc 805bad91 eea49200 ef9f2f28 00000110 nt!ObpCloseHandleTableEntry+0x155
ae94e824 805baec9 00000110 00000001 00000000 nt!ObpCloseHandle+0x87
ae94e838 8054060c 00000110 0007f400 7c90eb94 nt!NtClose+0x1d
ae94e838 7c90eb94 00000110 0007f400 7c90eb94 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007f400 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+23a
8054a51a 668b4efa mov cx,word ptr [esi-6]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1e

SYMBOL_NAME: nt!ExFreePoolWithTag+23a

FAILURE_BUCKET_ID: 0x8E_nt!ExFreePoolWithTag+23a

BUCKET_ID: 0x8E_nt!ExFreePoolWithTag+23a

Followup: MachineOwner
---------



usasma said:
Please check your Event Viewer for a description of any errors that occurred
around the time of the crash. Here's an article that may help:
http://www.bleepingcomputer.com/forums/topic40108.html

Also, you can search your hard drive for files that end in .dmp or .mdmp.
If you find any, this link will help you to generate and analysis of that
file. Then you can copy/paste it into your next post:
http://forums.majorgeeks.com/showthread.php?t=35246

- John
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

KB 307545 REGISTRY_ERROR BSOD 4
restarts when i click shut down 3
Plague of BSOD on older XP box 5
BSOD BAD_POOL_CALLER 1
Trying to stop automatic restart after BSOD 2
BSOD after Windows loads 5
BSODs: Likely driver related. 13
BSOD After WinXP Install 4

Top