Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Getting application crash for releasing of COM object

vaibhav_langotevaibhav_langote Member Posts: 24
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************


DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT: 000000000027f270 -- (.cxr 0x27f270)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000002085390 rsi=000000000266f208 rdi=0000000002085390
rip=000007fefdf9930f rsp=000000000027f830 rbp=000007fefe116aa0
r8=0000000000000001 r9=0000000000354de0 r10=0000000000000000
r11=0000000000000001 r12=00000000ffffffff r13=0000000000354de0
r14=0000000000000000 r15=000007fefe1453d8
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
ole32!CStdMarshal::ReleaseAllIPIDEntries+0xbf:
000007fe`fdf9930f 48894168 mov qword ptr [rcx+68h],rax ds:00000000`00000068=????????????????
Resetting default scope

FAULTING_IP:
ntdll!KiUserExceptionDispatch+2e
00000000`77cebcb8 84c0 test al,al

EXCEPTION_RECORD: 000000000027f760 -- (.exr 0x27f760)
ExceptionAddress: 000007fefdf9930f (ole32!CStdMarshal::ReleaseAllIPIDEntries+0x00000000000000bf)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000068
Attempt to write to address 0000000000000068

PROCESS_NAME: POWERPNT.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: 0000000000180fe8

WRITE_ADDRESS: 0000000000180fe8

FOLLOWUP_IP:

000007fe`e673604b 488bcb mov rcx,rbx

WATSON_BKT_PROCSTAMP: 58a903b6

WATSON_BKT_PROCVER: 16.0.7766.2060

PROCESS_VER_PRODUCT: Microsoft Office 2016

WATSON_BKT_MODULE: ucrtbase.dll

WATSON_BKT_MODSTAMP: 55a5b718

WATSON_BKT_MODOFFSET: 63d8e

WATSON_BKT_MODVER: 10.0.10240.16390

MODULE_VER_PRODUCT: Microsoft? Windows? Operating System

BUILD_VERSION_STRING: 6.1.7601.23677 (win7sp1_ldr.170209-0600)

MODLIST_WITH_TSCHKSUM_HASH: 80169872d5b4d94271d10e570ab2fe62e068f0c7

MODLIST_SHA1_HASH: 3c73cd96d04143c3d0f2657f603060a3bb78ea27

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_FLAGS: c07

DUMP_TYPE: 0

APP: powerpnt.exe

ANALYSIS_SESSION_HOST: VAIBHAV-T320

ANALYSIS_SESSION_TIME: 03-21-2017 15:43:17.0304

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

RECURRING_STACK: From frames 0x8 to 0x8

THREAD_ATTRIBUTES:
OS_LOCALE: ENU

PROBLEM_CLASSES:



INVALID_STACK_ACCESS
Tid [0x0]
Frame [0x00]



STACK_OVERFLOW
Tid [0x0]
Frame [0x00]



INVALID_POINTER_WRITE
Tid [0x2894]
Frame [0x00]: ucrtbase!seh_filter_exe



IN_CALL
Tid [0x2894]
Frame [0x00]: ucrtbase!seh_filter_exe
Failure Bucketing


BUGCHECK_STR: INVALID_STACK_ACCESS_STACK_OVERFLOW_INVALID_POINTER_WRITE_IN_CALL

DEFAULT_BUCKET_ID: INVALID_STACK_ACCESS_IN_CALL

LAST_CONTROL_TRANSFER: from 000007fefdf99218 to 000007fefdf9930f

STACK_TEXT:
00000000`0027f830 000007fe`fdf99218 : 00000000`00000000 00000000`0266f208 00000000`00354de0 00000000`00000001 : ole32!CStdMarshal::ReleaseAllIPIDEntries+0xbf
00000000`0027f880 000007fe`fdf990ec : 00000000`00000000 00000000`00000001 00000000`00354de0 00000000`00000001 : ole32!CStdMarshal::~CStdMarshal+0x18
00000000`0027f8b0 000007fe`fdf993d4 : 00000000`0266f200 00000000`00000001 00000000`00351d20 00000000`77cd0a7a : ole32!CStdIdentity::`scalar deleting destructor'+0x14
00000000`0027f8e0 000007fe`e673604b : 00000000`80000000 00000000`020786c0 00000000`00346260 00000000`00354de0 : ole32!CStdIdentity::CInternalUnk::Release+0xdc
00000000`0027f910 000007fe`e675dac4 : 000007fe`e676e320 00000000`6b9f1192 00000000`00000000 000007fe`e0397457 : MyHook!MyClass::Release+0x2b


THREAD_SHA1_HASH_MOD_FUNC: 0a2e5f795616c25ca1f1e993b730829aa071d7dc

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5bcb3ffd0edb7f13d6668f00ce00d6d4c955a07a

THREAD_SHA1_HASH_MOD: 9c998a442875458641df1816ef345d19856d0a66

FAULT_INSTR_CODE: ffcb8b48

FAULTING_SOURCE_LINE: <>

FAULTING_SOURCE_FILE: <>

FAULTING_SOURCE_LINE_NUMBER: 52

FAULTING_SOURCE_CODE:
48: InterlockedDecrement(&m_cRef);
49:
50: if (m_cRef == 0)
51: {
> 52: delete this;
53: return 0;
54: }
55:
56: return m_cRef;
57: }


SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: MyHook!MyClass::Release+2b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: MyHook

IMAGE_NAME: MyHook.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 58d07552

STACK_COMMAND: .cxr 0x27f270 ; kb

FAILURE_BUCKET_ID: INVALID_STACK_ACCESS_IN_CALL_c0000005_MyHook!MyClass::Release

BUCKET_ID: X64_INVALID_STACK_ACCESS_STACK_OVERFLOW_INVALID_POINTER_WRITE_IN_CALL_MyHook!MyClass::Release+2b

PRIMARY_PROBLEM_CLASS: X64_INVALID_STACK_ACCESS_STACK_OVERFLOW_INVALID_POINTER_WRITE_IN_CALL_MyHook!MyClass::Release+2b

BUCKET_ID_OFFSET: 2b

BUCKET_ID_MODULE_STR: MyHook64

BUCKET_ID_MODTIMEDATESTAMP: 58d07552

BUCKET_ID_MODCHECKSUM: 725c0

BUCKET_ID_MODVER_STR: 15.0.0.38013

BUCKET_ID_PREFIX_STR: X64_INVALID_STACK_ACCESS_STACK_OVERFLOW_INVALID_POINTER_WRITE_IN_CALL_

FAILURE_PROBLEM_CLASS: INVALID_STACK_ACCESS_IN_CALL

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: MyHook.dll

FAILURE_FUNCTION_NAME: MyClass::Release

BUCKET_ID_FUNCTION_STR: MyClass::Release

FAILURE_SYMBOL_NAME: MyHook.dll!MyClass::Release

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/POWERPNT.EXE/16.0.7766.2060/58a903b6/ucrtbase.dll/10.0.10240.16390/55a5b718/c0000005/00063d8e.htm?Retriage=1

TARGET_TIME: 2017-03-21T09:53:10.000Z

OSBUILD: 7601

OSSERVICEPACK: 23677

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

OSEDITION: Windows 7 WinNt (Service Pack 1) SingleUserTS

USER_LCID: 0

OSBUILD_TIMESTAMP: 2017-02-09 22:04:46

BUILDDATESTAMP_STR: 170209-0600

BUILDLAB_STR: win7sp1_ldr

BUILDOSVER_STR: 6.1.7601.23677

ANALYSIS_SESSION_ELAPSED_TIME: 17109

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:invalid_stack_access_in_call_c0000005_MyHook.dll!MyClass::release

FAILURE_ID_HASH: {0e43dbf7-729d-913d-963a-e07a9a01ab05}

Followup: MachineOwner

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 30 Nov 2020 LIVE ONLINE
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Developing Minifilters Early 2021 LIVE ONLINE