Explorer.exe crashes (memory can't be written)

[goofrider]

First of all, sorry for the noobish thread title. But I assure you I'm not a noob and I'm dumbfounded and frustrated.

Today my PC decided to crap out. Whenever I right-click on any icon, I get the dreaded memory protection error dialog: "explorer.exe instruction failed @ 0xHHHHHHHH reference memory 0x00000000, memory cannot be written" [OK] [Debug]. Then terminates itself.

This occurs when I right-click on ANY icon on the desktop or inside a Explorer (file browser) window. It also happens whenever I click on the File menu in Explorer (file browser), and when I try to move/copy files by drap-and-drop.

So it's pretty obvious that it's some kind of shell extension problem, but I can't figure out what type and which shellex that's causing the problem. I have so many software installed I can't possibly remember all the software that has a shellex hook.

I tried doing multiple registry scan (using various utilities), I tired using SFC to restore system files (in case some DLL got corrpted). I did a chkdsk, I did multiple System Restore. What I can be reasonably certain at this point is that it's not a registry issue. And it's also unlikely that some Microsoft shellex DLLs got corrupted cuz SFC would have fixed it.

So what do I do now? How can I figure out which shellex DLL is cusing the problem? It seems like I need to install a debugger and try to locate which DLL causing the exception. But how do I do that? And what debugger should I see?

I'm using XP SP2 on a P4 (i865 chipset). Your help would be invaluable.

[-=SD=-]

I believe that is a problem with divx, you should be able to uninstall / update it to the latest version to fix it.

[ootput]

In addition to the divx remedy, I'd also suggest that you remove obsolete context-menu items.

I had a similar problem when Tugzip2-uninstallation left remnants of its install within the context-menu.

[goofrider]

Oh BTW I just installed SP2 a week ago, but the problem did not arise until today. So I doubt SP2 is the issue.

[BananaMan]

Oh BTW I just installed SP2 a week ago, but the problem did not arise until today. So I doubt SP2 is the issue.

I wouldn't discount SP2 completely. The problem may have surfaced when you opened up a program, which may have caused to the specific piece of software to reassert a context menu item or something else which has brought on the conflict.

You might want to try disabling DEP (Data Execution Prevention). You can do so by editing your boot.ini, and changing the /noexecute parameter to /execute. You are technically opening up a hole in SP2 so consider this a temporary option until you locate the software that's causing this conflict, if it is DEP that is conflcting with another piece of software in the first place.

[goofrider]

In addition to the divx remedy, I'd also suggest that you remove obsolete context-menu items.

I had a similar problem when Tugzip2-uninstallation left remnants of its install within the context-menu.

How do I edit disable context menu items? What software do I use?

And no Regedit doesn't count. It's impossbile to go thru 1000 file types for shellex entries.

BTW, the error persists in safe mode. :(

[goofrider]

Even renaming a file crashes explorer.exe

Guys, I need a easy-to-use bebugger to track down which ShellEx DLL is causing the problem, can anyopne please help???

:please:

[Bold_Fortune]

You might want to try disabling DEP (Data Execution Prevention). You can do so by editing your boot.ini, and changing the /noexecute parameter to /execute.

BananaMan, can you show me where you learned to disable DEP this way? I haven't found verification for disabling it this way.

This is my understanding of disabling of DEP...

There are four valid system configurations for DEP in boot.ini.

1. /NoExecute=OptIn, enables DEP for Windows system files

2. /NoExecute=OptOut, enables systemwide DEP

3. /NoExecute=AlwaysOn, enables systemwide DEP without pssibility of individual application exclusion

4./NoExecute=AlwaysOff, disables DEP completely.

To disable DEP, one must edit the boot.ini to /NoExecute=AlwaysOff.

From Microsoft: http://support.microsoft.com/default.aspx?...kb;en-us;875352

Option 2:

Choose Advanced, then click on the Settings button under Performance. You'll find the necessary options on the tab labelled "Data Execution Prevention"

This option was removed in the RTM version. The only way to disable DEP is to use Boot.ini.

[BananaMan]

BananaMan, can you show me where you learned to disable DEP this way?  I haven't found verification for disabling it this way. 

This is my understanding of disabling of DEP...

There are four valid system configurations for DEP in boot.ini.

1. /NoExecute=OptIn, enables DEP for Windows system files

2. /NoExecute=OptOut, enables systemwide DEP

3. /NoExecute=AlwaysOn, enables systemwide DEP without pssibility of individual application exclusion

4./NoExecute=AlwaysOff, disables DEP completely.

To disable DEP, one must edit the boot.ini to /NoExecute=AlwaysOff.

From Microsoft: http://support.microsoft.com/default.aspx?...kb;en-us;875352

Option 2:

Choose Advanced, then click on the Settings button under Performance. You'll find the necessary options on the tab labelled "Data Execution Prevention"

This option was removed in the RTM version. The only way to disable DEP is to use Boot.ini.

Strange, I could have sworn it was the KB article at one point. Anyway, here's a ton of unofficial documentation on it, and a screenshot of my system..

EDIT: Here's a cached copy of the KB article with the reference to the /execute parameter.

Edited October 3, 2004 by BananaMan

[goofrider]

Thank u. setting /NoExecute=AlwaysOff fixed it.

:D

[Bold_Fortune]

Thank u. setting /NoExecute=AlwaysOff fixed it.

:D

That's great, goofrider. But you should take BananaMan's suggestion to heart, too...

"You might want to try disabling DEP (Data Execution Prevention).

You are technically opening up a hole in SP2 so consider this a temporary option until you locate the software that's causing this conflict, if it is DEP that is conflcting with another piece of software in the first place. "

[-=SD=-]

Are you sure you don't have an older version of Divx installed? Didn't really see a response to that..

[struct]

filzip v3.01 did something like this to me on a 2000 limited user account. fixed in v3.02.

[goofrider]

That's great, goofrider. But you should take BananaMan's suggestion to heart, too...

"You might want to try disabling DEP (Data Execution Prevention).

You are technically opening up a hole in SP2 so consider this a temporary option until you locate the software that's causing this conflict, if it is DEP that is conflcting with another piece of software in the first place. "

I already asked u guys for recommendation of a good debugger or process/thread monitor so I can track down the problem. If I have no such tools to hunt the offending conflict down, all I can do is wait a few months so all my apps with shellex hooks get updated to SP2 DEP-friendly before I ever attempt turning it back on.

There are other ways to prevent malicious code from running in heap space, the most common methods being "don't be a dumbass and run suspicious programs", "install security patches often" and "use a firewall".

Technically, disabling DEP is not opening up a hole, it's disabling a layer of extra protection. Even without DEP, a real security hole (like buffer overflow exploit) still need to exist in order for mailcious code to run in heap/stack space.

FWIW, the original boot.ini said "/NoExecute=OptIn". So obviously explorer.exe is one of the programs that M$ tagged for Opt-In DEP protection. It's quite likely that some (or none at all) of my ShellEx DLLs are flagged correctly. Maybe a ShellEx was using heap space to load code dynamically. Anyways, if DEP can crash explorer.exe as much as I right-click on anything or try to open the control panel, it obviously is NOT ready for prime-time and needs to be disabled by default.

A security feature is useless if it results in fatal application errors in a program as essential as explorer.exe.

I'll disable DEP per ShellEx by elimination while I have the time. Meanwhile, I'm just glad I have a functional PC again and don't have to reinstall Windows. I really have more important things to do that beta-testing M$ production software.

[goofrider]

Are you sure you don't have an older version of Divx installed? Didn't really see a response to that..

I upgraded Divx to the latest version b4 I diabled DEP and it didn't help. Like I said, my problem existed universally in explorer.exe: File menu, control panel, right-click anywhere, etc. I was leaning towards a ShellEx conflict.

The Divx problem seems to occur primarily with AVI file operations (i.e. DEP conflicts with Divx's AVIhandler I think).

Much like XP's original built-in firewall, it's more bugs than features. Either I wait another 6-12 months for M$ to get its act together, or I'll just wait for my AMD64 upgrade with hardware DEP via NX.

I wouldn't count on this software NX emulation to work reliably (it already proved me so).

[Bold_Fortune]

Just my opinion, goofrider, but I think you have that a little backwards....some software isn't ready for prime time.

Don't you remember when XP first came out? How incompatible so much software instantly became? How so much of it became obsolete?

Well, apparently, something on your system isn't ready for DEP...and may never be.

Not everyone has a problem with it. I don't feel like I'm beta testing anything.

[BananaMan]

Just my opinion, goofrider, but I think you have that a little backwards....some software isn't ready for prime time.

I agree with you here as well. Developers we're also given plenty of time to repair compatibility issues with DEP with the RC's made freely available by Microsoft, not to mention big names surely having access to the betas.

I get the impression that DEP is tripping up pieces of software which are employing sloppy and/or unorthodox programming, not other pieces of software tripping up bugs in DEP. If the latter situation we're true you'd be hearing about it from disgruntled developers/programmers.

I already asked u guys for recommendation of a good debugger or process/thread monitor so I can track down the problem. If I have no such tools to hunt the offending conflict down, all I can do is wait a few months so all my apps with shellex hooks get updated to SP2 DEP-friendly before I ever attempt turning it back on.

You've probably already done this but just in case, have you run both Ad-Aware and Spybot through it's paces as well as a semi-decent virus scanner?

If you we're desperate, you could always use some good old fashion trial and error with your software and drivers which are most likely to be causing the problem (eg. drivers/software for exotic hardware/systen function, older software etc. vs brand name software), or better yet, partitioning off a small hunk of space, temporarily installing XP on it and installing drivers/software on it one-by-one until you find what's triggering the problem.

[BananaMan]

Lookie what I found..

Download (180KB)

I've downloaded it and it does work, despite no official support for XP.

[Suren]

the problem is with divx. it handles context menu in a improper way so sp2 thinks it is a virus tring distroy your pc :rofl: :p . so you delete the divx context menu entry in the registry which will correct your problem :D

Simple fix is -

Start>Run>Regedt32

HKEY_CLASSES_ROOT

*

shellex

ContextMenuHandlers

remove the entry from * because divx tries to encode all files into divx mode :wacko:

:D :D

Edited October 5, 2004 by Suren