PRB: COMCTL32 May Leak Handle to Registry Hive (326328)


The information in this article applies to:

  • Microsoft Win32 Application Programming Interface (API), when used with:
    • the operating system: Microsoft Windows XP
    • the operating system: Microsoft Windows 2000
This article was previously published under Q326328

SYMPTOMS

When a user logs off, there may be a delay before the logoff process completes. On Windows 2000, this can take up to a minute. If roaming profiles are turned on for the user account, the roaming profile is not saved.

CAUSE

This problem can occur when an application leaks a handle to the registry hive for the user. The problem described here relates specifically to such a handle leak that is caused by the Microsoft library file named Comctl32.dll. However, it causes the problem described here only in very specific circumstances.

RESOLUTION

To prevent this problem, call the RegDisablePredefinedCache API as early as possible in the life of the process.

Alternatively, make sure that when Comctl32.dll is first loaded into the process, the thread that causes it to be loaded (either directly or indirectly) is not impersonating a user account that may later be used to log on to the computer interactively.

STATUS

This behavior is by design.

MORE INFORMATION

When first attached to a process, Comctl32.dll accesses some information in the registry hive for the current user. If the thread that causes Comctl32.dll to be loaded into the process is running under a user account, and that user later logs off, WinLogon.exe cannot unload the registry hive for the user. If the user account is configured with a roaming profile, the profile is not saved. There may also be a delay in the logoff process.

To determine whether you are experiencing this problem, you can enable user environment debugging by creating the following registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UserEnvDebugLevel"=dword:00010002 After you create this key, information is written by WinLogon.exe to \Windows\Debug\Userenv.log. You can expect to see something similar to the following: 
USERENV(b8.a0) 17:29:20:723 MyRegUnLoadKey: Hive unload for S-1-5-21-842925246-220523388-839522115-45730_Classes failed due to open registry key.  Windows will try unloading the registry hive once a second for the next 60 seconds (max).
USERENV(b8.a0) 17:30:21:190 MyRegUnLoadKey: Windows was not able to unload the registry hive.
USERENV(b8.a0) 17:30:21:190 MyRegUnLoadKey:  Failed to unmount hive 5
Note Although you may not be using the functionality of Comctl32.dll explicitly, it is possible to cause that DLL to be loaded into a process indirectly by calling various other Win32 functions. For example, using a Crypto function such as CertOpenSystemStore causes Crypt32.dll to load, which loads Shell32.dll, which in turn loads Comctl32.dll.
Modification Type:MinorLast Reviewed:10/29/2003
Keywords:kbbug kbpending KB326328 kbAudDeveloper
©2003 Microsoft Corporation. All rights reserved.