Hi Folks,

When I tried a search with RegAlyzer, it found a couple of entries and then got "stuck" on an entry. From the bottom bar, (the search was simple, for "SpyPC" and had found a couple of simple search log entries) it was stuck on:

"Searching HKEY_LOCAL_MACHINE\SYSTEM\ControlSeet002\Services\xmlprov "

I tried it twice, same thing, no problem with Regedit's search. Dunno why this would be.

In addition, it went wild with CPU, going up to 99. If it can't go on, it should pretty much give up. When I returned to my puter, it took me ten minutes to get my task monitor up to see what was the problem and kill RegAlyzer. (For the future, I made some adjustments with Process Tamer.)

Any explanation of why it would be stuck would help. I would be happy to try again, other searches, etc.

Thanks.

Shalom,
Steven Avery
Queens, NY

Which RegAlyzer version are you using?

I remember something about an endless loop in a previous one... if you manually browse to that key, does xmlprov have a subfolder xmlprov with a subfolder xmlprov which has a subfolder xmlprov...?

Glad you brought this issue up again.

Mine keep stalling on the same keys as well and couldn't get Pepi's attention anymore.

Version I'm using is 1.6.0.12

RegAlyzer:
http://forums.spybot.info/attachment.php?attachmentid=2967&stc=1&d=1238843091

RegEdit:
http://forums.spybot.info/attachment.php?attachmentid=2968&stc=1&d=1238843316

Which RegAlyzer version are you using? I remember something about an endless loop in a previous one... if you manually browse to that key, does xmlprov have a subfolder xmlprov with a subfolder xmlprov which has a subfolder xmlprov...?RegAlyzer 1.6.0/12 -

Yep.
Nested about a dozen times "Parameter.." maybe all identical.

Apparently this XMLPROV is a service added in SP2,.
.
http://www.theeldergeek.com/network_provisioning_service.htm[/B]
XMLPROV

So this nesting key could be a MS glitch (I haven't searched yet.) There is a first XMLPROV key that looks solid and then this one. I could rename this second key, but the loop would probably continue. I could do some sort of export of the key and then delete, or trim the parms to one or two. Overall, I do not think this key is being used at all on my system, so I could ERUNT and then simply delete the key. Or best .. you could give an upgrade, perhaps you went to 9 levels instead of 99 :-) and looped around to 1. I just ran into that exact problem on an RPG application (the business language, not the game) that I was called in to fix.

Here is a little registry pic.
http://screencast.com/t/UvTJj0cv


Shalom,
Steven

And does your "nested" key is still nested when you browse it with RegEdit?
As you can see on the pics I attached, in my case(s) only RegAlyzer shows it as nested.

I did add this as issue 378 (http://forums.spybot.info/project.php?issueid=378) to the bugtracker :) Will look into it soon.

I did add this as issue 378 (http://forums.spybot.info/project.php?issueid=378) to the bugtracker :) Will look into it soon.:2thumb:

Hi Folks,

Thanks, Yaff. I had forgotten to look at the key in regedit, where I also have no problem
http://screencast.com/t/M6umBkqD

And thanks Pepi, hope it is resolved easily.

Shalom,
Steven Avery

Hi there,

same here with

HKLM\System\ControlSet003\Services\WS2IFSL

The subkey "Security" can't be displayed with Regalyzer 1.6.0.12 (ok with Regedit). Searches passing that key end up in an endless loop.

Cheers,

Michael

Not sure if this version already fixes it, but I thought I should upload the latest changes first, since the native mode/rootkit browsing thing meant changes in exactly those areas that would be responsible here as well: 1.6.1.14 (http://forums.spybot.info/downloads.php?id=6).

Not sure if this version already fixes it, but I thought I should upload the latest changes first, since the native mode/rootkit browsing thing meant changes in exactly those areas that would be responsible here as well: 1.6.1.14 (http://forums.spybot.info/downloads.php?id=6).

Thanks! Didn't fix it for me...

Still stalling but manual browsing display the key differently: "<0x00>" instead of blank
http://forums.spybot.info/attachment.php?attachmentid=2998&stc=1&d=1239245522

Thank you, that's important information - it shows the problem. The 0x00 is a character not "allowed" in key names, since it usually indicates the end of a text. In this case that means it detects keys with a name of zero length, which should be impossible, but has been known to occure. regedit.exe might ignore it - RegAlyzer does not because such invalid uses of 0x00 might be indicators of rootkits. We'll do some experiments about this :)

Excellent!
Keep up the good work,
:wub: Love you too :wub:

:wav:

Hi Pepi,

My loop the same with that version.
Ah... catching up above .. yes the same 0x00.

Shalom,
Steven

Added 1.6.2.15 some days ago and today 1.6.2.16 with 0x00 fixes :)

Downloads here (http://forums.spybot.info/downloads.php?id=6)

Just tried 1.6.2.16

Well... I can no longer see the <0x00> russian dolls but it still has a [+]cfg and I can't expand it.
When I click on the + it doesn't expand the cfg key.

And Search is still jamming on it :hair:

Just tried 1.6.2.16

Well... I can no longer see the <0x00> russian dolls but it still has a [+]cfg and I can't expand it.
When I click on the + it doesn't expand the cfg key.

And Search is still jamming on it :hair:

In other words the display is different but the problem remains:
1.6.2.16 -> RegAlyzer stuck - with high CPU

Bug still open.

I really miss the search function in RegAlyzser
:surrender:

RegAlyzer 1.6.2.16 crashes for me too. Virtual memory usage rises dangerously fast on Win XP Sp3

Similar issue post here:
http://forums.spybot.info/showthread.php?p=352990

RegAlyzer 1.6.2.16 crashes for me too. Virtual memory usage rises dangerously fast on Win XP Sp3

Similar issue post here:
http://forums.spybot.info/showthread.php?p=352990

Sigh... It's been over 2 years and many releases. I think the issue is in the bug list but it must have a very low priority. I really miss this RegAlyzer. I gaved up already an no longer use it. :sick:

I had a spark of hope when I got the email notification of your post.

Oh well. Would have been a nice xmas gift to see a resolution.

RegAlyzer 1.6.2.16 crashes for me too. Virtual memory usage rises dangerously fast on Win XP Sp3

Similar issue post here:
http://forums.spybot.info/showthread.php?p=352990

I have the same issue with an "out of memory" condition. I have also sent several crash reports.

with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT. Regalyzer shows the correct hive and an endless hive with the keyname

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT<0x00>RIVER<0x00>NNER<0x00><0x00>um\<0x00>

RegDelNull doesnt find anything!

Searching the Registry stops at this Point in an endless loop.

Peter

I have the same issue with an "out of memory" condition. I have also sent several crash reports.

Yep that's the one. I doubt bug reports are providing enough info though. I may try a couple of simpler searches to see if the search term has anything to do with it, but anyway....

I installed Patrick's tools countless years ago and I've gotten plenty of use out of them, so thanks come before anything else. Thanks!

I've finally gotten around to downloading updates and my first search, a class ID that showed up in my event log, hit paydirt -- it looks like infinite recursion or at least a non-terminating loop. So I got a bug report dialog right quick. Very nice detailed report in the application by the way.

I exited and tried again, this time actually paying attention to it and it sure looks like recursion because it consumes memory at an increasing rate. Also concerning, if that isn't fun enough, is that while cancel does dismiss the dialog the search continues until it's been sent several termination requests from the task manager or the system stops granting its memory requests (out of memory error).

The main window's search icon continues to animate as well, so it's as if the extent of cancel is closing the search sub window and that's it.

The stack dump itself doesn't really show an obvious recursion problem (the same function call and a really big stack) but I'm not all that clear what you're dumping and don't usually debug code without source unless I really need to. ;-)

I hope you can stomp out the error but I'm in no big hurry. There are other options. I thought I owed you one, as spybot and your other tools are consistently high quality utilities.

Perhaps you could recommend a previous version on your download page that was released before this bug was introduced into RegAlyzer. In the meantime I can go back to 1.4.0.0 or use something else.

Version: 1.6.2.16

I can send you the bug report file if you want, but you probably don't need it. Surely you've been able to replicate the problem? You're more likely to find the problem in a local debug session with source code than in hundreds of bug reports.

I will generate a dump with User Mode Process Dumper (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=E089CA41-6A87-40C8-BF69-28AC08570B7E&displaylang=en) which might provide you with more useful debug info. Contact me if you would like me to send it to you.

Good luck with tracking down that bug if you ever find the time. And thanks again.

Update and workaround for me. (1.6.2.16)

When I uncheck High Speed Search. Search no longer falls in an infinite loop.

Yeah!!!! :bigthumb: