0:024> !analyze -v
*** WARNING: Unable to verify timestamp for FileSyncShell64.dll
*** ERROR: Module load completed but symbols could not be loaded for FileSyncShell64.dll
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=00007ffad523afc0 rbx=0000000000000000 rcx=00000000090f4170
rdx=0000000000000044 rsi=00000000000910aa rdi=0000000000000044
rip=00007ffaa99030a0 rsp=000000001e55e638 rbp=000000001e55e6d0
r8=00000000947aab5f r9=00000000090f4160 r10=00000fff5aa475f8
r11=0100000040001000 r12=000000001e55ed50 r13=000000001e55ed50
r14=000000000930da58 r15=0000000009430950
iopl=0 nv up ei pl zr na po cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010247
<Unloaded_wpdshext.dll>+0x1130a0:
00007ffa`a99030a0 ?? ???
Resetting default scope
FAULTING_IP:
wpdshext!unloaded+1130a0
00007ffa`a99030a0 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffaa99030a0 (<Unloaded_wpdshext.dll>+0x00000000001130a0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 00007ffaa99030a0
Attempt to execute non-executable address 00007ffaa99030a0
DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 00007ffaa99030a0
WRITE_ADDRESS: 00007ffaa99030a0
FOLLOWUP_IP:
windows_storage!SHCreateFileOperation+61
00007ffa`d5283355 8bd8 mov ebx,eax
FAILED_INSTRUCTION_ADDRESS:
wpdshext!unloaded+1130a0
00007ffa`a99030a0 ?? ???
WATSON_BKT_PROCSTAMP: b4a88dff
WATSON_BKT_PROCVER: 10.0.17134.677
PROCESS_VER_PRODUCT: Microsoft® Windows® Operating System
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: a99030a0
BUILD_VERSION_STRING: 10.0.17134.753 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: c942d13804215539838e394c7bc8a3e9c382943e
MODLIST_SHA1_HASH: 43088930a88aa5969f0f88ae7c3ade208c31e6cc
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
DUMP_FLAGS: 94
DUMP_TYPE: 1
APP: explorer.exe
ANALYSIS_SESSION_HOST: INENTRIPAR5L1C
ANALYSIS_SESSION_TIME: 07-15-2019 15:32:49.0799
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: CHS
PROBLEM_CLASSES:
BAD_INSTRUCTION_PTR
Tid [0x21e0]
Frame [0x00]: wpdshext!unloaded
SOFTWARE_NX_FAULT
Tid [0x21e0]
Frame [0x00]: wpdshext!unloaded
BUGCHECK_STR: BAD_INSTRUCTION_PTR_SOFTWARE_NX_FAULT
LAST_CONTROL_TRANSFER: from 00007ffad5283355 to 00007ffaa99030a0
STACK_TEXT:
000000001e55e638 00007ffa
d5283355 : 0000000000000000 00000000
09430950 000000001e55e6d0 00007ffa
d57687f8 : <Unloaded_wpdshext.dll>+0x1130a0
000000001e55e640 00007ffa
d564bf03 : 0000000000000000 00000000
1e55e720 0000000000000000 00007ffa
d4e17a1c : windows_storage!SHCreateFileOperation+0x61
000000001e55e6a0 00007ffa
d564bd55 : 00000000094cd910 00000000
094cd910 000000001e55ef60 00000000
000910aa : windows_storage!RenameWithOperationsEngine+0xaf
000000001e55e760 00007ffa
d55a5953 : 0000000000000000 00000000
1e55e940 000000001e55e940 00000000
80070057 : windows_storage!RenameItemHelper+0x2ad
000000001e55e840 00007ffa
d7006123 : 0000000004b61450 00000000
06e447b0 00000000092f56b0 00000000
092f5770 : windows_storage!CFSFolder::SetNameOf+0x3c3
000000001e55f1c0 00007ffa
d6ffbb94 : 0000000009253320 00007ffa
ad68ebb0 000000000929a1e8 00007ffa
d82e4abf : shell32!CDefView::_ExecuteRename+0x1bb
000000001e55f270 00007ffa
ad7e339c : 0000000000003045 00000000
0000000d 000000000000000d 00000000
09430a98 : shell32!CDefView::OnEndLabelEdit+0xb4
000000001e55f300 00007ffa
ad7e2e0d : 0000000000000000 00000000
04b61450 0000000000000000 00000000
1e55f968 : explorerframe!CInplaceRename::_EndEdit+0x32c
000000001e55f3c0 00007ffa
ad7e476f : 00000000001c0001 00000000
002f106c 0000000000000100 00007ffa
d5e87649 : explorerframe!CInplaceRename::_EditSubclassProc+0x145
000000001e55f410 00007ffa
c614d9c7 : 000000001e55f760 00000000
001c0001 0000000000000000 00000000
00000001 : explorerframe!CInplaceRename::s_EditSubclassProc+0x4f
000000001e55f460 00007ffa
c614d737 : 00000000001c0001 00000000
002f106c 00000000001c0001 00000000
00000001 : comctl32!CallNextSubclassProc+0x117
000000001e55f540 00007ffa
d6ef2ed2 : 00000000001c0001 00000000
002f106c 0000000000000100 00000000
0f719da0 : comctl32!DefSubclassProc+0x77
000000001e55f590 00007ffa
d70b29ca : 00000000060637e0 00000000
001c0001 00000000002f106c 00000000
00000000 : shell32!DefSubclassProc+0x46
000000001e55f5d0 00007ffa
c614d9c7 : 0000000003c10288 00000000
001c0001 0000000000000001 00000000
00000000 : shell32!CInputLimiter::SubclassProc+0xca
000000001e55f630 00007ffa
c614d802 : 0000000000000000 00000000
002f106c 000000000000000d 00000000
00000058 : comctl32!CallNextSubclassProc+0x117
000000001e55f710 00007ffa
d82d6d41 : 000000008000a811 00007ffa
9df4c940 00007ffad871a850 00000000
002f106c : comctl32!MasterSubclassProc+0xa2
000000001e55f7b0 00007ffa
d82d6713 : 0000000006cc64e0 00007ffa
c614d760 00000000002f106c 00007ffa
00000100 : user32!UserCallWinProcCheckWow+0x2c1
000000001e55f940 00007ffa
d6f94d20 : 000000001e55fb20 00007ffa
00000000 00000000000910aa 00007ffa
d82d344a : user32!DispatchMessageWorker+0x1c3
000000001e55f9d0 00007ffa
ad7a4feb : 00000000091a1740 00000000
091a1740 00000298f148d814 00007ffa
d6138ea2 : shell32!CDefView::TranslateAcceleratorW+0xa9830
000000001e55fa00 00007ffa
ad7a4e61 : 0000000080004005 00000000
0033093a 0000000000000001 00000000
1e55fb20 : explorerframe!CShellBrowser::_MayTranslateAcceleratorNoMenuband+0xf3
000000001e55fa30 00007ffa
ad7602ad : 00000000092566f0 00007ffa
d8343070 0000000000000001 00000000
1e55fb20 : explorerframe!CShellBrowser::_MayTranslateAccelerator+0xdd
000000001e55fa60 00007ffa
ad7727c3 : 00000000092566f0 00000000
1e55fb20 0000000000000000 00000000
01b64790 : explorerframe!CBrowserHost::TranslateAcceleratorIO+0x1d
000000001e55fa90 00007ffa
ad76cca3 : 000000001e55fb20 00000000
092566e0 0000000000000001 00000000
1e55fd80 : explorerframe!CInputObjectContainer::TranslateAcceleratorIO+0x63
000000001e55fac0 00007ffa
ad722776 : 00000000ffffffff 00000000
092566e0 00000000ffffffff 00000000
00000002 : explorerframe!CExplorerFrame::TranslateAcceleratorIO+0x33
000000001e55faf0 00007ffa
ad68d02e : 00000000092566e0 00000000
1e55fcb9 0000000000000039 00000000
00000000 : explorerframe!CExplorerFrame::FrameMessagePump+0xa2ac6
000000001e55fb80 00007ffa
ad68d26e : 00000000092566e0 00000000
0942a940 0000000009497170 00000000
00000000 : explorerframe!BrowserThreadProc+0x76
000000001e55fbd0 00007ffa
ad68d1b2 : 1a9365dc00000001 00000000
061ce030 000000001e55fd28 00007ffa
d5bb0fa5 : explorerframe!BrowserNewThreadProc+0x3a
000000001e55fc00 00007ffa
ad6e3d05 : 0000000000000000 00000000
00000001 000000000000ea60 00007ffa
d532d0f9 : explorerframe!CExplorerTask::InternalResumeRT+0x12
000000001e55fc30 00007ffa
d532e1b4 : 0000000000000ca8 00000000
000021e0 00000000000000ff 00000000
00000009 : explorerframe!CRunnableTask::Run+0x8b5
000000001e55fd20 00007ffa
d532ce63 : fffffffffffffffe 00000000
00000000 fffffffffffffffe 00000000
1e55fea9 : windows_storage!CShellTask::TT_Run+0x4c
000000001e55fd50 00007ffa
d532cb6f : 000000000605ad20 00000000
0605ad20 000000001e55fea9 00000000
00000000 : windows_storage!CShellTaskThread::ThreadProc+0xcb
000000001e55fe00 00007ffa
d6503fb5 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : windows_storage!CShellTaskThread::s_ThreadProc+0x2f
000000001e55fe30 00007ffa
d61a4034 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : SHCore!_WrapperThreadProc+0xf5
000000001e55ff10 00007ffa
d86f3691 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : kernel32!BaseThreadInitThunk+0x14
000000001e55ff40 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : ntdll!RtlUserThreadStart+0x21
THREAD_SHA1_HASH_MOD_FUNC: cf8443bd73c9bd3014499df69e34cdbcfad0da92
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 91e261c7fc74cbeab836f00f83e03bc59e122fca
THREAD_SHA1_HASH_MOD: 8e24cff2d454c1834861dc555d37c759992b97bb
FAULT_INSTR_CODE: c085d88b
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: windows_storage!SHCreateFileOperation+61
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: windows_storage
IMAGE_NAME: windows.storage.dll