i didnt attach anything but lyris rejected my earlier reply saying
attachement not acceptable
may be copy paste embedded unicode which lyris rejected
so saved a copy in notepad and reposting txt
sorry if this came out twice
you have avast running in the system ?
according to pooltag.txt in windbg folder tag strg is from some unknown
module
according to google there is a thread that talks about mrxsmb being related
to this tag
and leaks memory in conjunction with avast
It would seem that the Strg is responsible for the leak. Now I did some
searches and this is what i found:
From pooltag.txt:
Code:
Strg - - Dynamic Translated strings From MS Knowledge Base Article MS KB262386, it would seem that the driver filename is mrxsmb.sys (my system has the version 5.1.2600.1143 (xpsp2.021108-1929) of that file by the way) and its a MS’s driver. So basically it appears that avast is just somehow causing this MS driver to start leaking in my system. I’m going to try running avast’s resident providers one at a time to see which one causes it.
according to google there is a thread that talks about mrxsmb being
related to this tag
and leaks memory in conjunction with avast
hehe, raj_r made a bad guess
“Strg” is default pool tag for Rtl* functions which allocate a memory, e.g.
RtlCreateUnicodeString
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeString
RtlStringFromGUID
…
check if you call RtlFreeUnicodeString when you use these functions !!
Petr
It would seem that the Strg is responsible for the leak. Now I did some
searches and this is what i found:
From pooltag.txt:
Code:
Strg - - Dynamic Translated strings >From MS Knowledge Base Article MS KB262386, it would seem that the driver filename is mrxsmb.sys (my system has the version 5.1.2600.1143 (xpsp2.021108-1929) of that file by the way) and its a MS’s driver. So basically it appears that avast is just somehow causing this MS driver to start leaking in my system. I’m going to try running avast’s resident providers one at a time to see which one causes it.
yep petr is right just grepped for the pattern didnt find anything in mrxsmb
but the tag is in ntkr / ntos .exes
lkd> s -a 60000000 l?ffffffff “hStrg”; .foreach (place { s -[1]a 60000000
l?ffffffff “hStrg” } ) { u place L4; !address place } ; .shell findstr /M
/D:c:\windows\system32\ “Strg” *.*
<.shell waiting 1 second(s) for process>
<.shell process may need input> c:\windows\system32:
ntkrnlpa.exe
ntoskrnl.exe
.shell: Process exited
Press ENTER to continue
regards
raj
On 11/30/08, Petr Kurtin wrote: > > > > > you have avast running in the system ? > > according to google there is a thread that talks about mrxsmb being > related to this tag > > and leaks memory in conjunction with avast > > hehe, raj_r made a bad guess > > > > “Strg” is default pool tag for Rtl* functions which allocate a memory, e.g. > > RtlCreateUnicodeString > > RtlAnsiStringToUnicodeString > > RtlUpcaseUnicodeString > > RtlStringFromGUID > > … > > check if you call RtlFreeUnicodeString when you use these functions !! > > > > Petr > > > > > > > It would seem that the Strg is responsible for the leak. Now I did some > searches and this is what i found: > > From pooltag.txt: > Code: > Strg - - Dynamic Translated strings > >From MS Knowledge Base Article MS KB262386, it would seem that the driver > filename is mrxsmb.sys (my system has the version 5.1.2600.1143 > (xpsp2.021108-1929) of that file by the way) and its a MS’s driver. > So basically it appears that avast is just somehow causing this MS driver > to start leaking in my system. I’m going to try running avast’s resident > providers one at a time to see which one causes it. > > http://support.microsoft.com/?kbid=262386 > > > http://forum.avast.com/index.php?topic=1477.30 > > and there seems to be some sort of patch for it if it is avast related in > that thread > - Show quoted text - > > > — You are currently subscribed to windbg as: xxxxx@avast.com To > unsubscribe send a blank email to xxxxx@lists.osr.com > > — > You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’ > > To unsubscribe send a blank email to xxxxx@lists.osr.com >
