none
PowerShell stops executing commands/programs

    Question

  • Sometimes my PowerShell stops executing programs and I have yet to find out why. In this state, when I enter the name of an EXE file, the PowerShell immediately returns to a command prompt without executing anything. Cmdlets however appear to still work. There is also no error shown in the Windows event viewer or anywhere else I have looked.

    I don't know how this state is triggered (I was developing a PS1 script the last time it happened), how I prevent it from happening, and how I can return to a working state without restarting my PowerShell.

    Any ideas?

    Monday, January 09, 2012 1:37 PM

All replies

  • I think you need to fix the problem, as this is obviously not normal behaviour.  I suspect this may be caused by one of the .exe's you are running.

    What .exe programs are you running in Powershell that could be causing it to do this?


    ([string](0..9|%{[char][int](32+("39826578846355658268").substring(($_*2),2))})).replace(' ','')

    What's new in Powershell 3.0 (Technet Wiki)



    • Edited by Bigteddy Monday, January 09, 2012 1:50 PM
    Monday, January 09, 2012 1:49 PM
  • The only programs I ran were hg.exe and midl.exe. I just don't understand how my PowerShell can get into a state where it can't execute EXE files anymore.
    Monday, January 09, 2012 1:56 PM
  • Sorry, I'm not familiar with those programs.  What do they do? 

    Can you rather invoke cmd.exe /c and call the programs like that?  This may eliminate your issue.


    ([string](0..9|%{[char][int](32+("39826578846355658268").substring(($_*2),2))})).replace(' ','')

    What's new in Powershell 3.0 (Technet Wiki)

    Monday, January 09, 2012 2:04 PM
  • hg.exe is Mercurial, a version control tool. midl.exe is Microsoft's MIDL compiler. But my affected PowerShell instance does not run any EXE program anymore.
    Monday, January 09, 2012 2:07 PM
  • # You can isolate the possible effects of an EXE 
    # on the current Powershell session by running them
    # in an instance of cmd.exe
    cmd.exe /c hg.exe
    cmd.exe /c midl.exe
    


    ([string](0..9|%{[char][int](32+("39826578846355658268").substring(($_*2),2))})).replace(' ','')

    What's new in Powershell 3.0 (Technet Wiki)


    • Edited by Bigteddy Monday, January 09, 2012 2:15 PM
    Monday, January 09, 2012 2:14 PM
  • Why should a program run from the shell have any effect on the session? And why does it work most of the time? That doesn't make any sense to me.
    Monday, January 09, 2012 2:21 PM
  • Create the function WhatIs
    by downloading and executing the script at
    and then run
     
    WhatIs hg.exe
    WhatIs midl.exe
     
    and also
     
    WhatIs hg
    WhatIs midl
     
    or use some other executable you want to see resolved.
     
    That might give you a clue.
     
    .
    On 1/9/2012 7:56 AM, Frank Schoenmann wrote:
    > The only programs I ran were hg.exe and midl.exe. I just don't
    > understand how my PowerShell can get into a state where it can't execute
    > EXE files anymore.
     
     
    Monday, January 09, 2012 2:23 PM
  • I'm only suggesting the cmd.exe method as a trouble-shooting measure.  If you find that doing it that way stops Powershell from malfunctioning, you can then narrow it down to the particular troublesome program.

    This is just my gut intuition, what I would do in your situation, the way that I would approach the problem.

    If this experiment has no effect, and Powershell continues to malfunction, you can then re-assess your approach.  But I think the most likely offender is one of the .exe's.

     


    ([string](0..9|%{[char][int](32+("39826578846355658268").substring(($_*2),2))})).replace(' ','')

    What's new in Powershell 3.0 (Technet Wiki)

    Monday, January 09, 2012 2:34 PM
  • PS D:\devel> Whatis midl.exe
     an application at C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\midl.exe
    PS D:\devel> Whatis hg.exe
     an application at C:\Program Files\TortoiseHg\hg.exe

    PS D:\devel> Whatis midl
     an application at C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\midl.exe
    PS D:\devel> Whatis hg
     an application at C:\Program Files\TortoiseHg\hg.exe

    Monday, January 09, 2012 2:37 PM
  • OK.  So now, what did the
    cmd /c midl.exe
    test show you?
     
    .
    On 1/9/2012 8:37 AM, Frank Schoenmann wrote:
    > PS D:\devel> Whatis midl.exe
    > an application at C:\Program Files (x86)\Microsoft
    > SDKs\Windows\v7.0A\bin\midl.exe
    > PS D:\devel> Whatis hg.exe
    > an application at C:\Program Files\TortoiseHg\hg.exe
    >
    > PS D:\devel> Whatis midl
    > an application at C:\Program Files (x86)\Microsoft
    > SDKs\Windows\v7.0A\bin\midl.exe
    > PS D:\devel> Whatis hg
    > an application at C:\Program Files\TortoiseHg\hg.exe
    >
     
     
    Monday, January 09, 2012 2:49 PM
  • I don't know. In the affected instance, I cannot execute any programs, this includes cmd.exe. In any newly started PowerShell processes, everything works fine, regardless of using cmd /c or calling the program directly. It is non-trivial to reproduce the buggy behavior. It just seems to happen sometimes.
    Monday, January 09, 2012 3:05 PM
  • Have you tried to use Task Manager to diagnose this?
     
    Monday, January 09, 2012 3:11 PM
  • I don't know what I would see with Task Manager, but I have tried to diagnose it with Process Monitor. It seems as if every program I try to start from my affected PowerShell instance exits shortly afterwards with error code 0xc0000142 (after loading kernel32.dll and kernelbase.dll). I think it is a failure to initialize the application properly.

     

    16:42:43,2694499	hg.exe	6656	Process Start		SUCCESS	Parent PID: 8152
    16:42:43,2694581	hg.exe	6656	Thread Create		SUCCESS	Thread ID: 5356
    16:42:43,2704461	hg.exe	6656	Load Image	C:\Program Files\TortoiseHg\hg.exe	SUCCESS	Image Base: 0x140000000, Image Size: 0xa000
    16:42:43,2707032	hg.exe	6656	Load Image	C:\Windows\System32\ntdll.dll	SUCCESS	Image Base: 0x76ea0000, Image Size: 0x1a9000
    16:42:43,2709842	hg.exe	6656	CreateFile	D:	SUCCESS	Desired Access: Read Attributes, Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    16:42:43,2710201	hg.exe	6656	QueryInformationVolume	D:	BUFFER OVERFLOW	VolumeCreationTime: 31.08.2010 14:49:50, VolumeSerialNumber: 4065-A580, SupportsObjects: True, VolumeLabel: Datٍ
    16:42:43,2745998	hg.exe	6656	CloseFile	D:	SUCCESS	
    16:42:43,2747114	hg.exe	6656	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	SUCCESS	Desired Access: Query Value, Enumerate Sub Keys
    16:42:43,2747366	hg.exe	6656	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableUserModeCallbackFilter	NAME NOT FOUND	Length: 1.024
    16:42:43,2747542	hg.exe	6656	RegOpenKey	HKLM\System\CurrentControlSet\Control\Session Manager	REPARSE	Desired Access: Read
    16:42:43,2747717	hg.exe	6656	RegOpenKey	HKLM\System\CurrentControlSet\Control\Session Manager	SUCCESS	Desired Access: Read
    16:42:43,2747922	hg.exe	6656	RegQueryValue	HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch	NAME NOT FOUND	Length: 1.024
    16:42:43,2748102	hg.exe	6656	RegCloseKey	HKLM\System\CurrentControlSet\Control\SESSION MANAGER	SUCCESS	
    16:42:43,2749783	hg.exe	6656	CreateFile	D:\devel	REPARSE	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: <unknown>
    16:42:43,2750429	hg.exe	6656	QueryOpen	D:\devel	SUCCESS	CreationTime: 01.09.2010 09:57:24, LastAccessTime: 01.09.2010 09:57:24, LastWriteTime: 01.09.2010 09:57:24, ChangeTime: 27.09.2010 13:57:08, AllocationSize: 0, EndOfFile: 0, FileAttributes: DRP
    16:42:43,2750929	hg.exe	6656	CreateFile	D:\devel.x86	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
    16:42:43,2752247	hg.exe	6656	Load Image	C:\Windows\System32\kernel32.dll	SUCCESS	Image Base: 0x76c80000, Image Size: 0x11f000
    16:42:43,2753889	hg.exe	6656	Load Image	C:\Windows\System32\KernelBase.dll	SUCCESS	Image Base: 0x7fefd430000, Image Size: 0x6c000
    16:42:43,2759146	hg.exe	6656	Thread Exit		SUCCESS	Thread ID: 5356, User Time: 0.0000000, Kernel Time: 0.0156001
    16:42:43,2771024	hg.exe	6656	Process Exit		SUCCESS	Exit Status: -1073741502, User Time: 0.0000000 seconds, Kernel Time: 0.0156001 seconds, Private Bytes: 253.952, Peak Private Bytes: 335.872, Working Set: 1.118.208, Peak Working Set: 1.118.208
    16:42:43,2771161	hg.exe	6656	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	SUCCESS	
    16:42:43,2771298	hg.exe	6656	CloseFile	D:\devel.x86	SUCCESS	
    


    Monday, January 09, 2012 3:47 PM
  • I was going to start off with monitoring the number of reported tasks
    with Task Manager, but you are way ahead of me here with using Process
    Monitor.   At least you know that the launch of hg.exe is being
    attempted.   Anything I could add now would be pure speculation about
    ideas like resource contention, or other Windows internals that I'm not
    experienced with.
     
    That "BUFFER OVERFLOW" text below seems to call attention to itself.
     
    Do you get that also when it works?
     
    .
    On 1/9/2012 9:47 AM, Frank Schoenmann wrote:
    > I don't know what I would see with Task Manager, but I have tried to
    > diagnose it with Process Monitor. It seems as if every program I try to
    > start from my affected PowerShell instance exits shortly afterwards with
    > error code 0xc0000142 (after loading kernel32.dll and kernelbase.dll). I
    > think it is a failure to initialize the application properly.
    >
    > 16:42:43,2694499    hg.exe    6656    Process Start        SUCCESS    Parent PID: 8152
    > 16:42:43,2694581    hg.exe    6656    Thread Create        SUCCESS    Thread ID: 5356
    > 16:42:43,2704461    hg.exe    6656    Load Image    C:\Program Files\TortoiseHg\hg.exe    SUCCESS    Image Base: 0x140000000, Image Size: 0xa000
    > 16:42:43,2707032    hg.exe    6656    Load Image    C:\Windows\System32\ntdll.dll    SUCCESS    Image Base: 0x76ea0000, Image Size: 0x1a9000
    > 16:42:43,2709842    hg.exe    6656    CreateFile    D:    SUCCESS    Desired Access: Read Attributes, Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    > 16:42:43,2710201    hg.exe    6656    QueryInformationVolume    D:    BUFFER OVERFLOW    VolumeCreationTime: 31.08.2010 14:49:50, VolumeSerialNumber: 4065-A580, SupportsObjects: True, VolumeLabel: Datٍ
    > 16:42:43,2745998    hg.exe    6656    CloseFile    D:    SUCCESS   
    > 16:42:43,2747114    hg.exe    6656    RegOpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options    SUCCESS    Desired Access: Query Value, Enumerate Sub Keys
    > 16:42:43,2747366    hg.exe    6656    RegQueryValue    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableUserModeCallbackFilter    NAME NOT FOUND    Length: 1.024
    > 16:42:43,2747542    hg.exe    6656    RegOpenKey    HKLM\System\CurrentControlSet\Control\Session Manager    REPARSE    Desired Access: Read
    > 16:42:43,2747717    hg.exe    6656    RegOpenKey    HKLM\System\CurrentControlSet\Control\Session Manager    SUCCESS    Desired Access: Read
    > 16:42:43,2747922    hg.exe    6656    RegQueryValue    HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch    NAME NOT FOUND    Length: 1.024
    > 16:42:43,2748102    hg.exe    6656    RegCloseKey    HKLM\System\CurrentControlSet\Control\SESSION MANAGER    SUCCESS   
    > 16:42:43,2749783    hg.exe    6656    CreateFile    D:\devel    REPARSE    Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult:<unknown>
    > 16:42:43,2750429    hg.exe    6656    QueryOpen    D:\devel    SUCCESS    CreationTime: 01.09.2010 09:57:24, LastAccessTime: 01.09.2010 09:57:24, LastWriteTime: 01.09.2010 09:57:24, ChangeTime: 27.09.2010 13:57:08, AllocationSize: 0, EndOfFile: 0, FileAttributes: DRP
    > 16:42:43,2750929    hg.exe    6656    CreateFile    D:\devel.x86    SUCCESS    Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
    > 16:42:43,2752247    hg.exe    6656    Load Image    C:\Windows\System32\kernel32.dll    SUCCESS    Image Base: 0x76c80000, Image Size: 0x11f000
    > 16:42:43,2753889    hg.exe    6656    Load Image    C:\Windows\System32\KernelBase.dll    SUCCESS    Image Base: 0x7fefd430000, Image Size: 0x6c000
    > 16:42:43,2759146    hg.exe    6656    Thread Exit        SUCCESS    Thread ID: 5356, User Time: 0.0000000, Kernel Time: 0.0156001
    > 16:42:43,2771024    hg.exe    6656    Process Exit        SUCCESS    Exit Status: -1073741502, User Time: 0.0000000 seconds, Kernel Time: 0.0156001 seconds, Private Bytes: 253.952, Peak Private Bytes: 335.872, Working Set: 1.118.208, Peak Working Set: 1.118.208
    > 16:42:43,2771161    hg.exe    6656    RegCloseKey    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options    SUCCESS   
    > 16:42:43,2771298    hg.exe    6656    CloseFile    D:\devel.x86    SUCCESS   
    >
    >
    >
     
     
    Monday, January 09, 2012 3:57 PM
  • Yes. This is also hg.exe specific. If I write an extremely simple C program, there is no "BUFFER OVERFLOW", yet the remaining entries look nearly the same. And the process quits with the same error shortly after loading the kernelbase.dll.
    Monday, January 09, 2012 4:06 PM
  • Maybe someone else will see something of interest who has more Windows
    system experience than me.   I sure wish people from Microsoft itself
    were participating in this forum.
     
     
    Monday, January 09, 2012 4:13 PM
  • Does it work by adding the path to your app ?

    Check your path and pathext with

    Get-ChildItem env:path

    Get-ChildItem env:pathext

    Make sure it is not blank, and doesn't contains any comma

    Monday, January 09, 2012 4:28 PM
  • Does it work by adding the path to your app ?

    Check your path and pathext with

    Get-ChildItem env:path

    Get-ChildItem env:pathext

    Make sure it is not blank, and doesn't contains any comma

    Nope. Why should the behavior change if adding a path?
    Wednesday, January 11, 2012 7:44 AM
  • I've been experiencing the exact same problem (PowerShell randomly stops executing programs) for the last few months. It's been sporadic enough that I haven't spent too much time diagnosing it, but it doesn't get annoying sometimes.

    Interestingly, I also use Mercurial on a daily basis, along with Vim, Java, and Microsoft's Visual C++ command line tools.

    Thursday, January 12, 2012 1:42 PM
  • It just happened to me for the first time just now.
     
    There's apparently something that needs to get fixed in PowerShell 2.0
    as provided with Windows 7.
     
    .
    On 1/12/2012 7:42 AM, jason0x43 wrote:
    > I've been experiencing the exact same problem (PowerShell randomly stops
    > executing programs) for the last few months. It's been sporadic enough
    > that I haven't spent too much time diagnosing it, but it doesn't get
    > annoying sometimes.
    >
     
    Thursday, January 12, 2012 2:18 PM