Ok, I'm completely fed up with DEP. For those that don't know, DEP is "data execution prevention" and it's part of a security update that came with SP2. Now, I'm all for security improvements, but DEP pisses me off on every single machine I have. The reason? It's constantly crashing processes, and is buggy. "Generic Host Process for Win32 Services" seems to be the biggest problem - on one desktop and two laptops I've had numerous crashes involving that system service. It's seemingly random - it didn't happen right after installing SP2, but every now and then I'll boot up and immediately get a crash. There's a system setting that allows you to turn off DEP for certain applications, but the settings don't seem to stick. DEP crashing programs and processes seems quite random, but today it really stepped over the line:

http://www.digitalmediathoughts.com/images/dep-crash.gif

DEP killed Windows Media Player, which locked up the Windows Media Center 2005 interface, and it also killed SnagIt to boot. Augh! :x I wish there was a way to turn DEP completely because it seems like nothing but trouble. Anyone else having trouble with DEP?

That's why I have not installed SP2 on any of my computers - windows update bugs me about every week to apply the update but I am still holding out - although, I think they are going to start putting sp2 functionality in other updates essentially forcing it.

wish I had more info to turn that "feature" off for ya...

Well, other than DEP SP2 is great - the new security features are impressive, but I can't believe that this problem hasn't been fixed yet...

Three separate computers, no problems.
At work all our desktops run SP2--no problems.
Are your boxes Athlons?
Just curious, is all...

One Athlon 64, one Pentium 4, one Pentium 4M. Two are Windows Media Center 2005, one is Windows XP Pro.

I thought that the whole point of DEP was to allow the machine only to execute code that is in a process' stack, and prevent code from executing out of the data portion of memory.

Seems to me that this is more of a problem with applications behaving badly than DEP being buggy. Although you could argue that DEP should not be enabled until MS cleans up its apps.

System properties | Advanced tab | Performance Options | DEP tab.

I'd have to agree with ianbjor that this is likely a problem with some non-MS app you've got running on your machine.
I'd posit that the problem isn't the generic host process executable but rather some 3rd party service running within it.

One Athlon 64, one Pentium 4, one Pentium 4M. Two are Windows Media Center 2005, one is Windows XP Pro.

Okay, that scratches out the "faulty NX" explanation.

The systems I know have caused no trouble are all P4s, Celeron, and Transmeta. None of which support the NX instruction, so the memory protection is all in software...

Best guess at this point is you are being visited by a reincarnated DLL-hell.
That particular critter just doesn't want to go away...

My Dell Latitude D600 has loads of problems with this. I too wish it could be just turned off. :x

I have Windows XP running on five PCs here (all Pentium, with two running MCE 2005), as well as on a half-dozen virtual machines. Every single one has SP2 loaded, and I have never, ever, ever seen a DEP error.

The default option is "Turn on DEP for essential Windows programs and services only." Do you have that option enabled (as opposed to the "Turn on DEP for all programs and services..." option)? It sure sounds like there's a kernel driver somewhere that is causing this problem.

Yes, I have the top option selected that means DEP is only turned on for essential services. :?

Have you used the Verifier utility to check for unsigned drivers? Does the problem occur if you do a clean install on any of the machines? (If you have a spare partition you can install a clean copy to one of those partitions and just run for a while.

Any software or drivers that the systems have in common?

Verifier utility? Which one are you referring to? (I can give it a spin)

Regarding installing a fresh copy, I happened to do just that today with my Fujitsu laptop. It was the factory SP1 OS, I installed SP2 onto it, patched it up, then installed the nVidia DVD decoder...rebooted, and got my first "Generic Host Process for Win32 Services" crash. Looks like svchost.exe has crashed. I also have a program called FolderShare (www.foldershare.com) installed, which happens to be on all three machines...but I'd be surprised if that were the problem. I'll cull it out of the startup registry and reboot a few times to see if anything changes.

Verifier is a powerful but dangerous utility that you can use to identify unsigned or buggy drivers. We document its use in Windows XP Inside Out but don't want to encourage you to use it here. (I would have to write about 500 words and then get you to sign a waiver. ;-)) I've been meaning to post an article on how this utility works. Maybe I'll do that next week.

Meanwhile, I looked up FolderShare. It is billed as a peer-to-peer networking service. The word "service" makes my Spidey sense tingle. If it's running as a service on all three machines, it is a serious candidate for the bad guy here.

Why not stop running it on one machine temporarily and see if the problem goes away?

Oh, and one more thing...

Are you running HP printer or scanner software on any/all three computers?

Verifier is a powerful but dangerous utility that you can use to identify unsigned or buggy drivers...Meanwhile, I looked up FolderShare. It is billed as a peer-to-peer networking service...Why not stop running it on one machine temporarily and see if the problem goes away?

Do you mean this verifier?

http://www.microsoft.com/whdc/DevTools/tools/Verifier.mspx

If so, you're right, that does look a bit scary. :-)

I've stopped using FolderShare on my laptop but the problem is that the DEP problem is intermittant - it's not like every time I load FolderShare it happens, or I'd know what the problem is. I'll keep experimenting...

Are you running HP printer or scanner software on any/all three computers?

It's on two of the three computers - not yet installed on the Fujitsu laptop. Now that you mention it, I do seem to recall some sort of DEP issue with HP drivers when I looked up this problem months ago. That doesn't explain why the Fujitsu laptop had the DEP problem though...unless it was just FolderShare.

I've rebooted several times without FolderShare running, no DEP crashes. I've now started up FolderShare several times, no DEP crashes. Now I'll try adding it back into the startup group and rebooting to see if that makes DEP pop up again...

Yes, that's the one. That's a particularly scary article, but it is actually quite safe if you know which wires not to touch. (NO, NOT THAT ONE! :2gunfire: )

I've just copied the text from Windows XP Inside Out and I'll put something up on my blog next week to explain how to use it.

The DEP error with Generic Host Process is apparently a known issue with the HP software. There was an update to the HP All-in-one software last December, or so I'm told. I don't have any of those models here so I can't say for sure.

You sure it's not because you're running a custom XP theme? You have to approve the changes to system files when you install, and it'd be very easy for some malware to slip in with the installer, especially if you're not 100% certain about the source?

You sure it's not because you're running a custom XP theme?

No customs themes here - MCE 2005 on two of the them and standard Luna on the Fujitsu laptop.

I don't think that I've ever seen that error on either of our two machines here at home - my home built Athlon XP machine has XP Pro, and I think my wife's Dell D600 laptop has XP Home. Neither machine has had this problem (knock on wood).

I also will admit that I probably don't do the same kind of work on my PC that you do on yours - I primarily have the standard Windows apps (MS Office 98), and games - Unreal Tournament 2004, Half-Life, etc. I also tend to be pretty conservative in the kind of software that I load - maybe I've been lucky, but my unit has been very stable, with few problems of any kind. The SP2 update on my unit went pretty smoothly (never even killed ActiveSync!).

Let us know how you make out - the fact that you have three units doing this makes me nervous about the possibilities of my units experiencing this malady at some point in the future due to some conflict with new software.

Have you tried running a few consecutive CHKDSKs and defragments of your hard drive? I found that a buggy Windows Kernel Sound driver thingy appeared and "disabled" my sound when having my computer running for a while. While I would like to blame Windows Update for this (it happened after the last load of updates and patches in February), I found that after 5 consecutive defrags and CHKDSKs (at boot) helped me with my problems, although it didn't attribute to the same problems you had.

Off topic but great to se Ed contributing!

I have Ed's Windows XP book. When I do not want to bug my brother, who is a Windows admin, or when I just need to sit down and learn how XP works (insideout, of course), his book is the one I turn to.

Haven't seen the message myself, but this might help you in troubleshooting :

If svchost.exe for instance is causing a problem, you normally have no
idea of what actually is the underlying problem, so you take the following steps :

1) Open taskmanager
2) Look in the processes tab and 'click' view
3) add a checkmark to the 'PID' box
4) note down the PID of the process that you suspect is behaving badly
5) run a dosbox and type : tasklist /svc
6) lookup the process with the corresponding PID and you can see which
services it's running , for instance :

process name PID Services
---------------- ----- -----------
svchost.exe 1824 DcomLaunch, TermService

This way you can try and find out which process/service is behaving badly.

Don't know if it's helpfull, but it's worth the try ;)

Kind regards,

Ivan

Also check out SysInternals free task manager replacement Process Explorer.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

It gives tons of great information and the kill process actually kills processes unlike the Microsoft utility.

Thanks for chiming in denivan - welcome to the forums. ;-) I'll look into trying that....I haven't had any DEP crashes in a few days, so let's hope it stays that way.

It gives tons of great information and the kill process actually kills processes unlike the Microsoft utility.
A bit OT: That is true, unless the program is a J# coded .NET application that has locked up for some reason. The only way that you can get it closed is by restarting! :x Nothing, yes, nothing can close or kill or destroy the process for some reason - not Task Manager nor SysInternal's tools. (I found that out the hard way when making an application connecting to a MySQL server and it sort of didn't like to work every now and then. :cry: )