locked
Explorer.exe keeps crashing RRS feed

  • Question

  • Firstly, apologies if I am posting at a wrong thread or if a thread is already existing with this issue.

    Issues:

    Explorer.exe keeps crashing after I installed an addin on my outlook 2007. The same Outlook addin on another computer with same Windows 7 does not cause the explorer.exe to crash. I have captured crash dumps and I see the following:

    FAULTING_IP: 
    ntdll!RtlFreeHeap+d0
    00000000`77703290 4c8b6308        mov    r12,qword ptr [rbx+8]

    EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 0000000077703290 (ntdll!RtlFreeHeap+0x00000000000000d0)
      ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
      Parameter[0]: 0000000000000000
      Parameter[1]: 00000177e1f4dbf8
    Attempt to read from address 00000177e1f4dbf8

    PROCESS_NAME:  explorer.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_PARAMETER1:  0000000000000000

    EXCEPTION_PARAMETER2:  00000177e1f4dbf8

    READ_ADDRESS:  00000177e1f4dbf8 

    FOLLOWUP_IP: 
    ntdll!RtlFreeHeap+d0
    00000000`77703290 4c8b6308        mov    r12,qword ptr [rbx+8]

    MOD_LIST: <ANALYSIS/>

    NTGLOBALFLAG:  0

    APPLICATION_VERIFIER_FLAGS:  0

    ADDITIONAL_DEBUG_TEXT:  Enable Pageheap/AutoVerifer

    FAULTING_THREAD:  000000000000194c

    DEFAULT_BUCKET_ID:  HEAP_CORRUPTION

    PRIMARY_PROBLEM_CLASS:  HEAP_CORRUPTION

    BUGCHECK_STR:  APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ_FILL_PATTERN_ffffffff

    LAST_CONTROL_TRANSFER:  from 0000000077131a4a to 0000000077703290

    STACK_TEXT:  
    00000000`0756ec60 00000000`77131a4a : 00000000`00000000 00000000`00000000 000007fe`ff085c28 00000000`087a9790 : ntdll!RtlFreeHeap+0xd0
    00000000`0756ece0 000007fe`fc2c0b50 : 00000000`05e41d10 00000000`00000000 00000000`05e41d10 000007fe`fedb123c : kernel32!HeapFree+0xa
    00000000`0756ed10 000007fe`fecd67f9 : 00000000`00000000 00000000`087a9790 00000000`05e41ef0 00000000`00000000 : comctl32!DSA_Destroy+0x34
    00000000`0756ed40 000007fe`fedb134a : 00000000`00000000 00000000`05e41ef0 00000000`00000000 000007fe`fedb123c : shell32!DSA_DestroyCallback+0x4d
    00000000`0756ed70 000007fe`fedb12bb : 00000000`00000000 00000000`00000000 000007fe`fedb123c 000007fe`fedaa733 : shell32!CDefEventSinkContainer::`scalar deleting destructor'+0xd6
    00000000`0756edd0 000007fe`fedb12a7 : 00000000`08857b18 00000000`08857ad0 000007fe`fedb123c 00000000`00000000 : shell32!CDefEventSinkContainer::Release+0x20
    00000000`0756ee00 000007fe`fc2c0c04 : 00000000`0884efd0 00000000`00000000 00000000`08652510 000007fe`fecac5bf : shell32!CItemStore::s_ClearEntry+0x34
    00000000`0756ee30 000007fe`fecc74a9 : 00000000`00000000 00000000`80004005 00000000`087a9790 000007fe`fecac57d : comctl32!DSA_EnumCallback+0x48
    00000000`0756ee60 000007fe`fedaf416 : 00000000`060d2810 00000000`00000000 00000000`00200001 00000000`06226400 : shell32!DSA_EnumCallback+0x4d
    00000000`0756ee90 000007fe`fedaf5b5 : 00000000`08652510 00000000`00000000 00000000`00000000 00000000`08652510 : shell32!CItemStore::DeleteItem+0x87
    00000000`0756eec0 000007fe`fedafafe : 00000000`08652510 00000000`08652510 00000000`00000000 00000000`08652510 : shell32!CDefCollection::_RemoveAllItems+0x1d5
    00000000`0756ef30 000007fe`fedaf7b5 : 00000000`08652510 000007fe`fe5f44e7 00000000`060e4680 00000000`060e4680 : shell32!CDefCollection::_DestroyCollection+0x92
    00000000`0756ef60 000007fe`fedaf6c8 : 00000000`00000001 00000000`00000000 00000000`80004005 00000000`00000000 : shell32!CDefCollection::~CDefCollection+0xc5
    00000000`0756ef90 000007fe`fec7ae5f : 00000000`00000000 00000000`00000000 00000000`08652510 0000190a`36e509ba : shell32!CDefCollection::`vector deleting destructor'+0x14
    00000000`0756efc0 000007fe`fedaa07b : 00000000`088bd700 00000000`00000000 00000000`088bd700 00000000`00000000 : shell32!CCDBurn::Release+0x25
    00000000`0756eff0 000007fe`fedabcde : 00000000`088bd700 00000000`088bd700 00000000`088bd700 00000000`00000000 : shell32!CDefView::_ReleaseCurrentCollection+0xd9
    00000000`0756f030 000007fe`fc9043f2 : 00000000`087a9f10 00000000`00000001 00000000`80004005 00000000`00000000 : shell32!CDefView::_DestroyView+0x22d
    00000000`0756f060 000007fe`fc90438c : 00000000`05eab648 00000000`00000000 00000000`00000001 0000190a`36e5166a : EXPLORERFRAME!CShellViewProvider::Release+0x33
    00000000`0756f090 000007fe`fc9033e5 : 00000000`05eab500 00000000`00000000 00000000`05eab500 00000000`00000001 : EXPLORERFRAME!CShellBrowser::_ClearNavigationState+0x49
    00000000`0756f0c0 000007fe`fc90a81f : 00000000`05eab580 00000000`05eab500 00000000`00000000 00000000`beef0016 : EXPLORERFRAME!CShellBrowser::_ReleaseNavigationState+0x17c
    00000000`0756f100 000007fe`fc90a122 : 00000000`00000000 00000000`0756f430 00000000`0756f430 00000000`00000000 : EXPLORERFRAME!CShellBrowser::_SwitchNavigationState+0xed
    00000000`0756f390 000007fe`fc909fcb : 00000000`00000001 00000000`00000000 00000000`0877c350 00000000`05eab500 : EXPLORERFRAME!CShellBrowser::_ActivateNavigation+0xfd
    00000000`0756f3d0 000007fe`fc909c18 : 00000000`05eab5e8 00000000`00000000 00000000`0877c350 00000000`05eab5e8 : EXPLORERFRAME!CShellBrowser::_OnConnectionCreated+0x2b5
    00000000`0756f4f0 000007fe`fc909b71 : 00000000`087a9f10 00000000`00000000 00000000`000700c2 00000000`088a1348 : EXPLORERFRAME!CShellBrowser::OnNavigationResult+0x98
    00000000`0756f560 000007fe`fc9093c9 : 00000000`0866a940 00000000`80004005 00000000`000700c2 00000000`088a1348 : EXPLORERFRAME!CPendingNavigation::OnConnectionCreated+0x4d
    00000000`0756f5c0 000007fe`fc9099c2 : 00000000`00000000 00000000`0000001a 00000000`00000000 00000000`0877c350 : EXPLORERFRAME!CShellViewFactory::BeginCreateConnection+0x116
    00000000`0756f630 000007fe`fc90961e : 00000000`038d9f00 00000000`038d9f00 00000000`038d9f00 00000000`038d9f00 : EXPLORERFRAME!CShellBrowser::_CreateConnectionForItem+0x36d
    00000000`0756f7f0 000007fe`fc909522 : 00000000`00000000 00000000`05e575c0 00000000`00200001 00000000`00000000 : EXPLORERFRAME!CShellBrowser::_CreateNewConnection+0xd9
    00000000`0756f840 000007fe`fc961e5d : 00000000`088a1348 00000000`00000000 00000000`05e575c0 000007fe`ff0787a8 : EXPLORERFRAME!CShellBrowser::_NavigateToPidl+0x167
    00000000`0756f890 000007fe`fc961d89 : 00000000`05eab500 00000000`00000700 00000000`00000700 00000000`0756f990 : EXPLORERFRAME!CShellBrowser::_OnGoto+0xeb
    00000000`0756f8d0 000007fe`fc9005dd : 0000190a`00000000 000007fe`fc1e03d2 00000000`00000000 00000000`00000000 : EXPLORERFRAME!CShellBrowser::WndProcBS+0xc26
    00000000`0756f9a0 00000000`77469bd1 : 00000000`00000000 00000000`03983100 00000000`00000001 00000000`00000030 : EXPLORERFRAME!IEFrameWndProc+0xef
    00000000`0756f9f0 00000000`774698da : 00000000`0756fb60 000007fe`fc900570 000007fe`fca3b550 00000000`008bcec0 : user32!UserCallWinProcCheckWow+0x1ad
    00000000`0756fab0 000007fe`fc9004b0 : 00000000`03983104 00000000`03983104 000007fe`fc900570 00000000`00000000 : user32!DispatchMessageWorker+0x3b5
    00000000`0756fb30 000007fe`fc904925 : 00000000`03983100 00000000`00000002 00000000`00000000 00000000`00000000 : EXPLORERFRAME!CExplorerFrame::FrameMessagePump+0x436
    00000000`0756fbb0 000007fe`fc90509b : 00000000`03983100 00000000`0399e800 00000000`00000000 00000000`00000000 : EXPLORERFRAME!BrowserThreadProc+0x180
    00000000`0756fc30 000007fe`fc905032 : 1047c67a`00000001 00000000`038d9900 00000000`7fffffff 000007fe`fdc02d40 : EXPLORERFRAME!BrowserNewThreadProc+0x53
    00000000`0756fc60 000007fe`fc8fbe50 : 00000000`038d9b40 00000000`05e412c0 00000000`00000000 000007fe`feccf07c : EXPLORERFRAME!CExplorerTask::InternalResumeRT+0x12
    00000000`0756fc90 000007fe`feccefcb : 80000000`01000000 00000000`0756fd20 00000000`038d9b40 00000000`00000009 : EXPLORERFRAME!CRunnableTask::Run+0xda
    00000000`0756fcc0 000007fe`fecd2b56 : 00000000`038d9b40 00000000`00000000 00000000`038d9b40 00000000`00000002 : shell32!CShellTask::TT_Run+0x124
    00000000`0756fcf0 000007fe`fecd2cb2 : 00000000`0391bc70 00000000`0391bc70 00000000`00000000 00000000`00000010 : shell32!CShellTaskThread::ThreadProc+0x1d2
    00000000`0756fd90 000007fe`fe5ec71e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shell32!CShellTaskThread::s_ThreadProc+0x22
    00000000`0756fdc0 00000000`771259ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : shlwapi!WrapperThreadProc+0x19b
    00000000`0756fec0 00000000`776dc541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`0756fef0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


    SYMBOL_NAME:  heap_corruption!heap_corruption

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: heap_corruption

    IMAGE_NAME:  heap_corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    STACK_COMMAND:  ~22s; .ecxr ; kb

    FAILURE_BUCKET_ID:  HEAP_CORRUPTION_c0000005_heap_corruption!heap_corruption

    BUCKET_ID:  X64_APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ_FILL_PATTERN_ffffffff_heap_corruption!heap_corruption

    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer_exe/6_1_7601_17567/4d672ee4/ntdll_dll/6_1_7601_18247/5...

    Followup: MachineOwner
    ---------

    I have uploaded the dump file at the following link: https://onedrive.live.com/redir?resid=497DA1BB5BE3BBFF!145&authkey=!AGeZyXW_JB1NWUc&ithint=file%2cdmp

    Any help on fixing this issue is appreciated.

    Thanks

    Tuesday, December 16, 2014 2:29 PM

Answers

  • Hi,

    According to your dump file, this problem seems like caused by

    SnagitShellExt64; "C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll"

    Please try to disable this app's extension or try to uninstall it temporarilly for test.


    Roger Lu
    TechNet Community Support

    • Marked as answer by WRAITHBLADE Friday, December 26, 2014 3:08 PM
    Monday, December 22, 2014 8:24 AM

All replies

  • Still waiting! Anyone that can help me here please?
    Friday, December 19, 2014 11:57 AM
  • Hi,

    According to your dump file, this problem seems like caused by

    SnagitShellExt64; "C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll"

    Please try to disable this app's extension or try to uninstall it temporarilly for test.


    Roger Lu
    TechNet Community Support

    • Marked as answer by WRAITHBLADE Friday, December 26, 2014 3:08 PM
    Monday, December 22, 2014 8:24 AM
  • Hi Roger, could you help me understand how did you find the location for the shell extension from the dump file? Any specific commands you use to run in the windbg cmd prompt to obtain this results? Any light you can provide on analyzing the dump file is highly appreciated. Thank you helping in figuring out the crash issue

    Friday, December 26, 2014 3:10 PM
  • Hi,

    Firstly, using !analyze -v command to generate a results of this crash events. We can see

    Attempt to read from address 00000177e1f4dbf8, then using !address command to check this address information:

    0:022> !address 00000177e1f4dbf8

                                        
    Mapping file section regions...
    Mapping module regions...
    Mapping PEB regions...
    Mapping TEB and stack regions...
    Mapping heap regions...
    Mapping page heap regions...
    Mapping other regions...
    Mapping stack trace database regions...
    Mapping activation context regions...


    Usage:                  Free
    Base Address:           00000001`001d0000
    End Address:            000007fe`ecd50000
    Region Size:            000007fd`ecb80000
    State:                  00010000 MEM_FREE
    Protect:                00000001 PAGE_NOACCESS
    Type:                   <info not present at the target>

    Here we should remember the end address and region address. Then using !address command to displays information about the whole address space. After that, check above address around process if there is any program that may caused the crash.


    Roger Lu
    TechNet Community Support

    Monday, December 29, 2014 3:30 AM
  • This is amazing info. I didn't know about the !address command. Thank you very much for all these information. You've been really helpful! Thanks again
    Monday, December 29, 2014 11:36 AM
  • Hi Roger,

    I am in need of your expertise once again. One my Windows 7 PC is exhibiting explorer crash while right clicking on a folder for the first time after booting the pc, once I restart the explorer, the right works fine. Here's the crash dump: http://goo.gl/U24oyj

    I followed your instruction as last time, but could find any shell extension causing this issue. Looking forward for your expert opinion.

    Friday, February 6, 2015 6:15 PM
  • I realised that the shared link for the dump expired. i've uploaded it here: https://onedrive.live.com/redir?resid=497DA1BB5BE3BBFF!146&authkey=!AND2qxdEaE1pAuk&ithint=file%2cdmp

    Any insight on this is much appreciated.

    Monday, February 16, 2015 4:54 PM
  • Hello Folks,

    Any help on this is appreciated!

    Tuesday, February 24, 2015 1:41 PM
  • Hi,

    Have you installed any 3rd theme in your system? According to the dump file, it seems like the crash is relate with Windows Theme, please try to revert to Windows basic theme for test.


    Roger Lu
    TechNet Community Support

    Wednesday, February 25, 2015 9:17 AM
  • Hello Roger,

    It's always been basic theme, so not really sure what I could do. perhaps I'll try formatting and re-installing windows to check the behavior

    Thursday, March 5, 2015 11:50 AM