Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

HKEY_LOCAL_MACHINE\SOFTWARE\..\Image File Execution Options\ Registry key

262 views
Skip to first unread message

George Stoikos

unread,
Dec 12, 2002, 11:38:20 AM12/12/02
to
Does anyone knows what following registry key is all
about ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\... ...CurrentVersion\Image File Execution Options\<exe
filename with no path>

I have made a program and unless the program name is
defined under this key it

1. stops at an int 3 command
2. complains that "Heap block at 00152620 modified at
0015289C past requested size of 274"

if the program name exists there then everything is
running smoothly.
Any help ???

George

Ivan Brugiolo [MSFT]

unread,
Dec 12, 2002, 12:01:58 PM12/12/02
to
You have, most probably, a heap overrun in your program.

The registry key is normally looked-at by the loader to perform
process wide initializations before the process starts.
The most common usage of that key is to run a program under debugger

HKLM\Software\Microsof\Windows NT\CurrentVersion\Image File Execution
Optrions\EXE_NAME.exe
Debugger = REG_SZ "d:\debuggers\ntsd.exe -server tcp:port=5500 -g -G"

or to specify some global flags for the proces, or application verifier
flags,
or to specify a 'Goo' for the application (a trick to make old app to run on
newer OS-es).
or to disable the LookasideList for certain (OLD and WRONG) programs
that were making assumptions on the heap implementation.

If you could get read of the heap overrun and remove the I-F-E-O subkey,
that would be the designed way for an application to run.

--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"George Stoikos" <gs...@statoil.com> wrote in message
news:04e801c2a1fc$e192ccc0$8df82ecf@TK2MSFTNGXA02...

George Stoikos

unread,
Dec 12, 2002, 1:11:49 PM12/12/02
to
Hello and thank you for your fast answer !!!

The only flag specified is "GlobalFlag", a REG_SZ with a
value of 0x00000000. Any comments on that ?

Cheers
George

Ivan Brugiolo [MSFT]

unread,
Dec 12, 2002, 2:08:15 PM12/12/02
to
Which OS and SP level are you using ?

My first answer would be that it enables heap tail checking and heap fill
pattern,
but this may have changed around builds of NT.

--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"George Stoikos" <gs...@statoil.com> wrote in message

news:05d601c2a209$f0bdef60$8df82ecf@TK2MSFTNGXA02...

James Antognini

unread,
Dec 12, 2002, 3:18:54 PM12/12/02
to
One can use this key to debug a service, for example, in the way Ivan
shows (although I've used it with VC++ IDE, to debug a service). See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/debugging_a_service.asp.

What puzzles me is that you're hitting an 'int 3' at all. I've seen
these sprinkled in code but do not understand their purpose. Maybe you
took a wild branch?

--
If replying by e-mail, please remove "nospam." from the address.

James Antognini


Carl Daniel [MVP]

unread,
Dec 12, 2002, 6:05:44 PM12/12/02
to
"James Antognini" <anto...@mindspring.nospam.com> wrote in message
news:3DF8EF2E...@mindspring.nospam.com...

> What puzzles me is that you're hitting an 'int 3' at all. I've seen
> these sprinkled in code but do not understand their purpose. Maybe you
> took a wild branch?

int 3 is a breakpoint.

There are int 3's scattered around in ntdll.dll (and other places) as a form
of assert - you got into a place that you shouldn't ever reach.

-cd

George Stoikos

unread,
Dec 12, 2002, 6:40:38 PM12/12/02
to

I am running win2k sp 3 with VC++ 6.0 sp5. Who put that
key there in the first place ? I definately didnt put that
key in the registry !!!

What it makes a very peculiar coincidence is that i had
this program before.

This occured again when I was developing a direct x 8.1
program. I was using the debug version of direct x and at
the first call to the initialization function of the
direct x library the program stopped and the same message
appeared. If I continued the execution I got a message
warning that the address passed to RTlRealocHeap at 130000
was invalid. I have send that info to P. Taylor at
Microsoft and he really looked into it but he couldnt do
anything about it. After that I have changed machines just
to take out the possibility of a hardware errror.
Now this program makes just a call to the SAP's rfc
library. Again it fails at the call of the first
initializing function of the library and if i continue i
get the same error in RtlRealocHeap.
Is this a problem of the VC++ 6.0 linker or the windows
loader ? This issue is driving me mad !!!

Thank everybody for their support.
George

James Antognini

unread,
Dec 12, 2002, 7:38:56 PM12/12/02
to
Yes, I know what int 3 does. But what you said makes sense. Which brings
me back to my suspicion this problem is only a symptom of a wild branch.

Peter Wieland [MS]

unread,
Dec 13, 2002, 2:05:20 PM12/13/02
to
or a corrupted return address on a stack.

-p

--
This posting is provided "AS IS" with no warranties, and confers no rights.


"James Antognini" <anto...@mindspring.nospam.com> wrote in message

news:3DF92C20...@mindspring.nospam.com...

James Antognini

unread,
Dec 15, 2002, 12:41:44 PM12/15/02
to
That's one way to get a wild branch. Since a wild branch is itself a
symptom, looking for stack corruption is a good place to start working
backward to the oriiginal problem.
0 new messages