Blue Screens Caused by Pool Corruption Due to Registry Handle Leak (179827)



The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 4.0

This article was previously published under Q179827

SYMPTOMS

After a fairly long period of continuously using Attachmate Extra V6.3, the computer displays blue screen errors randomly.

CAUSE

These blue screen errors are caused by an application containing a registry handle leak. This leak occurs because an application continuously reopens a registry key but never closes it. After this has happened 65,535 times, the open instance count for this key wraps round to zero making the kernel think that there is no longer any open handles to this key. The next time an instance of the key is closed, the storage used by the kernel to reference the key is deleted.

However, any time subsequent to this that the key is opened or closed, the freed storage is written to again. This causes free pool corruption and eventually the system will crash when this freed storage is referenced in any way.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack


STATUS

Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Modification Type:MinorLast Reviewed:9/23/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE KB179827