Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Sept/Oct 2019 Issue of The NT Insider available
Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf
It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.Can anyone help analyze a crash dump of explorer.exe
Hi experts,
My explorer.exe always crash occasionally whenever I try to rename /new a file or folder. I tried to use WINDBG to do run the "!analyze -v" command but it always give a blank output. Can anyone help to analyze the attached dump file and help me to locate where the issue is ?
thanks
Han
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
| Upcoming OSR Seminars | ||
|---|---|---|
| Writing WDF Drivers | 21 Oct 2019 | OSR Seminar Space & ONLINE |
| Internals & Software Drivers | 18 Nov 2019 | Dulles, VA |
| Kernel Debugging | 30 Mar 2020 | OSR Seminar Space |
| Developing Minifilters | 27 Apr 2020 | OSR Seminar Space & ONLINE |
Comments
Hi
The crash is due to ShellExtension_x64.dll.
I don't have symbols for this dll.
Try removing this shell extension dll.
To know further provide me pdb of this dll.
0:024> !analyze -v
*** WARNING: Unable to verify timestamp for FileSyncShell64.dll
*** ERROR: Module load completed but symbols could not be loaded for FileSyncShell64.dll
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=00007ffad523afc0 rbx=0000000000000000 rcx=00000000090f4170
rdx=0000000000000044 rsi=00000000000910aa rdi=0000000000000044
rip=00007ffaa99030a0 rsp=000000001e55e638 rbp=000000001e55e6d0
r8=00000000947aab5f r9=00000000090f4160 r10=00000fff5aa475f8
r11=0100000040001000 r12=000000001e55ed50 r13=000000001e55ed50
r14=000000000930da58 r15=0000000009430950
iopl=0 nv up ei pl zr na po cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010247
<Unloaded_wpdshext.dll>+0x1130a0:
00007ffa`a99030a0 ?? ???
Resetting default scope
FAULTING_IP:
wpdshext!unloaded+1130a0
00007ffa`a99030a0 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffaa99030a0 (<Unloaded_wpdshext.dll>+0x00000000001130a0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 00007ffaa99030a0
Attempt to execute non-executable address 00007ffaa99030a0
DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 00007ffaa99030a0
WRITE_ADDRESS: 00007ffaa99030a0
FOLLOWUP_IP:
windows_storage!SHCreateFileOperation+61
00007ffa`d5283355 8bd8 mov ebx,eax
FAILED_INSTRUCTION_ADDRESS:
wpdshext!unloaded+1130a0
00007ffa`a99030a0 ?? ???
WATSON_BKT_PROCSTAMP: b4a88dff
WATSON_BKT_PROCVER: 10.0.17134.677
PROCESS_VER_PRODUCT: Microsoft® Windows® Operating System
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: a99030a0
BUILD_VERSION_STRING: 10.0.17134.753 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: c942d13804215539838e394c7bc8a3e9c382943e
MODLIST_SHA1_HASH: 43088930a88aa5969f0f88ae7c3ade208c31e6cc
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
DUMP_FLAGS: 94
DUMP_TYPE: 1
APP: explorer.exe
ANALYSIS_SESSION_HOST: INENTRIPAR5L1C
ANALYSIS_SESSION_TIME: 07-15-2019 15:32:49.0799
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: CHS
PROBLEM_CLASSES:
BAD_INSTRUCTION_PTR
Tid [0x21e0]
Frame [0x00]: wpdshext!unloaded
SOFTWARE_NX_FAULT
Tid [0x21e0]
Frame [0x00]: wpdshext!unloaded
BUGCHECK_STR: BAD_INSTRUCTION_PTR_SOFTWARE_NX_FAULT
LAST_CONTROL_TRANSFER: from 00007ffad5283355 to 00007ffaa99030a0
STACK_TEXT:
00000000
1e55e638 00007ffad5283355 : 0000000000000000 0000000009430950 000000001e55e6d0 00007ffad57687f8 : <Unloaded_wpdshext.dll>+0x1130a000000000
1e55e640 00007ffad564bf03 : 0000000000000000 000000001e55e720 0000000000000000 00007ffad4e17a1c : windows_storage!SHCreateFileOperation+0x6100000000
1e55e6a0 00007ffad564bd55 : 00000000094cd910 00000000094cd910 000000001e55ef60 00000000000910aa : windows_storage!RenameWithOperationsEngine+0xaf00000000
1e55e760 00007ffad55a5953 : 0000000000000000 000000001e55e940 000000001e55e940 0000000080070057 : windows_storage!RenameItemHelper+0x2ad00000000
1e55e840 00007ffad7006123 : 0000000004b61450 0000000006e447b0 00000000092f56b0 00000000092f5770 : windows_storage!CFSFolder::SetNameOf+0x3c300000000
1e55f1c0 00007ffad6ffbb94 : 0000000009253320 00007ffaad68ebb0 000000000929a1e8 00007ffad82e4abf : shell32!CDefView::_ExecuteRename+0x1bb00000000
1e55f270 00007ffaad7e339c : 0000000000003045 000000000000000d 000000000000000d 0000000009430a98 : shell32!CDefView::OnEndLabelEdit+0xb400000000
1e55f300 00007ffaad7e2e0d : 0000000000000000 0000000004b61450 0000000000000000 000000001e55f968 : explorerframe!CInplaceRename::_EndEdit+0x32c00000000
1e55f3c0 00007ffaad7e476f : 00000000001c0001 00000000002f106c 0000000000000100 00007ffad5e87649 : explorerframe!CInplaceRename::_EditSubclassProc+0x14500000000
1e55f410 00007ffac614d9c7 : 000000001e55f760 00000000001c0001 0000000000000000 0000000000000001 : explorerframe!CInplaceRename::s_EditSubclassProc+0x4f00000000
1e55f460 00007ffac614d737 : 00000000001c0001 00000000002f106c 00000000001c0001 0000000000000001 : comctl32!CallNextSubclassProc+0x11700000000
1e55f540 00007ffad6ef2ed2 : 00000000001c0001 00000000002f106c 0000000000000100 000000000f719da0 : comctl32!DefSubclassProc+0x7700000000
1e55f590 00007ffad70b29ca : 00000000060637e0 00000000001c0001 00000000002f106c 0000000000000000 : shell32!DefSubclassProc+0x4600000000
1e55f5d0 00007ffac614d9c7 : 0000000003c10288 00000000001c0001 0000000000000001 0000000000000000 : shell32!CInputLimiter::SubclassProc+0xca00000000
1e55f630 00007ffac614d802 : 0000000000000000 00000000002f106c 000000000000000d 0000000000000058 : comctl32!CallNextSubclassProc+0x11700000000
1e55f710 00007ffad82d6d41 : 000000008000a811 00007ffa9df4c940 00007ffad871a850 00000000002f106c : comctl32!MasterSubclassProc+0xa200000000
1e55f7b0 00007ffad82d6713 : 0000000006cc64e0 00007ffac614d760 00000000002f106c 00007ffa00000100 : user32!UserCallWinProcCheckWow+0x2c100000000
1e55f940 00007ffad6f94d20 : 000000001e55fb20 00007ffa00000000 00000000000910aa 00007ffad82d344a : user32!DispatchMessageWorker+0x1c300000000
1e55f9d0 00007ffaad7a4feb : 00000000091a1740 00000000091a1740 00000298f148d814 00007ffad6138ea2 : shell32!CDefView::TranslateAcceleratorW+0xa983000000000
1e55fa00 00007ffaad7a4e61 : 0000000080004005 000000000033093a 0000000000000001 000000001e55fb20 : explorerframe!CShellBrowser::_MayTranslateAcceleratorNoMenuband+0xf300000000
1e55fa30 00007ffaad7602ad : 00000000092566f0 00007ffad8343070 0000000000000001 000000001e55fb20 : explorerframe!CShellBrowser::_MayTranslateAccelerator+0xdd00000000
1e55fa60 00007ffaad7727c3 : 00000000092566f0 000000001e55fb20 0000000000000000 0000000001b64790 : explorerframe!CBrowserHost::TranslateAcceleratorIO+0x1d00000000
1e55fa90 00007ffaad76cca3 : 000000001e55fb20 00000000092566e0 0000000000000001 000000001e55fd80 : explorerframe!CInputObjectContainer::TranslateAcceleratorIO+0x6300000000
1e55fac0 00007ffaad722776 : 00000000ffffffff 00000000092566e0 00000000ffffffff 0000000000000002 : explorerframe!CExplorerFrame::TranslateAcceleratorIO+0x3300000000
1e55faf0 00007ffaad68d02e : 00000000092566e0 000000001e55fcb9 0000000000000039 0000000000000000 : explorerframe!CExplorerFrame::FrameMessagePump+0xa2ac600000000
1e55fb80 00007ffaad68d26e : 00000000092566e0 000000000942a940 0000000009497170 0000000000000000 : explorerframe!BrowserThreadProc+0x7600000000
1e55fbd0 00007ffaad68d1b2 : 1a9365dc00000001 00000000061ce030 000000001e55fd28 00007ffad5bb0fa5 : explorerframe!BrowserNewThreadProc+0x3a00000000
1e55fc00 00007ffaad6e3d05 : 0000000000000000 0000000000000001 000000000000ea60 00007ffad532d0f9 : explorerframe!CExplorerTask::InternalResumeRT+0x1200000000
1e55fc30 00007ffad532e1b4 : 0000000000000ca8 00000000000021e0 00000000000000ff 0000000000000009 : explorerframe!CRunnableTask::Run+0x8b500000000
1e55fd20 00007ffad532ce63 : fffffffffffffffe 0000000000000000 fffffffffffffffe 000000001e55fea9 : windows_storage!CShellTask::TT_Run+0x4c00000000
1e55fd50 00007ffad532cb6f : 000000000605ad20 000000000605ad20 000000001e55fea9 0000000000000000 : windows_storage!CShellTaskThread::ThreadProc+0xcb00000000
1e55fe00 00007ffad6503fb5 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : windows_storage!CShellTaskThread::s_ThreadProc+0x2f00000000
1e55fe30 00007ffad61a4034 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : SHCore!_WrapperThreadProc+0xf500000000
1e55ff10 00007ffad86f3691 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x1400000000
1e55ff40 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21THREAD_SHA1_HASH_MOD_FUNC: cf8443bd73c9bd3014499df69e34cdbcfad0da92
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 91e261c7fc74cbeab836f00f83e03bc59e122fca
THREAD_SHA1_HASH_MOD: 8e24cff2d454c1834861dc555d37c759992b97bb
FAULT_INSTR_CODE: c085d88b
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: windows_storage!SHCreateFileOperation+61
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: windows_storage
IMAGE_NAME: windows.storage.dll