资源管理器explorer崩溃的dump文件分析

• 问题

• 

  

  0

  登录进行投票

  希望大神帮忙分析。

  dump已经上传

  链接: https://pan.baidu.com/s/1CTOGpE2DZca-ybLzyEj4vg 提取码: q8jy 复制这段内容后打开百度网盘手机App，操作更方便哦

  下面是自己的解析日志

  Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
  Copyright (c) Microsoft Corporation. All rights reserved.
  
  
  Loading Dump File [C:\explorerdump\explorer.exe.4184.dmp]
  User Mini Dump File: Only registers, stack and portions of memory are available
  
  WARNING: Whitespace at start of path element
  Error: Empty Path.
  WARNING: Whitespace at start of path element
  Symbol search path is:  srv*c:\mss*http://msdl.microsoft.com/download/symbols
  Executable search path is: 
  Windows 10 Version 19044 MP (8 procs) Free x64
  Product: WinNt, suite: SingleUserTS
  19041.1.amd64fre.vb_release.191206-1406
  Machine Name:
  Debug session time: Tue Nov 29 14:49:18.000 2022 (UTC + 8:00)
  System Uptime: not available
  Process Uptime: 0 days 6:26:05.000
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  .............................................................
  Loading unloaded module list
  ................................................................
  This dump file has an exception of interest stored in it.
  The stored exception information can be accessed via .ecxr.
  (1058.4740): Access violation - code c0000005 (first/second chance not available)
  For analysis of this file, run !analyze -v
  ntdll!NtWaitForMultipleObjects+0x14:
  00007ffe`2382dc14 c3              ret
  0:001> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Exception Analysis                                   *
  *                                                                             *
  *******************************************************************************
  
  
  KEY_VALUES_STRING: 1
  
      Key  : AV.Fault
      Value: Write
  
      Key  : Timeline.Process.Start.DeltaSec
      Value: 23165
  
  
  PROCESSES_ANALYSIS: 1
  
  SERVICE_ANALYSIS: 1
  
  STACKHASH_ANALYSIS: 1
  
  TIMELINE_ANALYSIS: 1
  
  Timeline: !analyze.Start
      Name: <blank>
      Time: 2022-11-29T07:38:05.905Z
      Diff: 2927905 mSec
  
  Timeline: Dump.Current
      Name: <blank>
      Time: 2022-11-29T06:49:18.0Z
      Diff: 0 mSec
  
  Timeline: Process.Start
      Name: <blank>
      Time: 2022-11-29T00:23:13.0Z
      Diff: 23165000 mSec
  
  
  DUMP_CLASS: 2
  
  DUMP_QUALIFIER: 400
  
  CONTEXT:  (.ecxr)
  rax=0000000000000000 rbx=0000000005182240 rcx=0000000005182240
  rdx=0000000000000000 rsi=ffffffff80440000 rdi=0000000000000000
  rip=00007ffe0f61b83c rsp=000000000297ec40 rbp=000000000297ed41
   r8=0000000000000000  r9=0000000000000000 r10=00000fffc1ec2e4a
  r11=00007ffe0f5b0000 r12=0000000000000000 r13=000000000069108e
  r14=0000000005182240 r15=ffffffff80440000
  iopl=0         nv up ei pl zr na po nc
  cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
  comctl32!CToolbar::TB_GetItemRect+0x64:
  00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax ds:ffffffff`80440000=????????
  Resetting default scope
  
  FAULTING_IP: 
  comctl32!CToolbar::TB_GetItemRect+64
  00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax
  
  EXCEPTION_RECORD:  (.exr -1)
  ExceptionAddress: 00007ffe0f61b83c (comctl32!CToolbar::TB_GetItemRect+0x0000000000000064)
     ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
  NumberParameters: 2
     Parameter[0]: 0000000000000001
     Parameter[1]: ffffffff80440000
  Attempt to write to address ffffffff80440000
  
  PROCESS_NAME:  explorer.exe
  
  FOLLOWUP_IP: 
  comctl32!CToolbar::TB_GetItemRect+0
  00007ffe`0f61b7d8 48895c2408      mov     qword ptr [rsp+8],rbx
  
  WRITE_ADDRESS:  ffffffff80440000 
  
  ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
  
  EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
  
  EXCEPTION_CODE_STR:  c0000005
  
  EXCEPTION_PARAMETER1:  0000000000000001
  
  EXCEPTION_PARAMETER2:  ffffffff80440000
  
  WATSON_BKT_PROCSTAMP:  807ca158
  
  WATSON_BKT_PROCVER:  10.0.19041.2193
  
  PROCESS_VER_PRODUCT:  Microsoft? Windows? Operating System
  
  WATSON_BKT_MODULE:  comctl32.dll
  
  WATSON_BKT_MODSTAMP:  db2b08ef
  
  WATSON_BKT_MODOFFSET:  6b83c
  
  WATSON_BKT_MODVER:  6.10.19041.1110
  
  MODULE_VER_PRODUCT:  Microsoft? Windows? Operating System
  
  BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406
  
  MODLIST_WITH_TSCHKSUM_HASH:  20067caa99eeda97d1fd00461e1736383776715c
  
  MODLIST_SHA1_HASH:  a3917c9df2c5544c223c741a622f5bb74c8e782f
  
  NTGLOBALFLAG:  0
  
  APPLICATION_VERIFIER_FLAGS:  0
  
  DUMP_FLAGS:  94
  
  DUMP_TYPE:  1
  
  ANALYSIS_SESSION_HOST:  ANSON-PC2
  
  ANALYSIS_SESSION_TIME:  11-29-2022 15:38:05.0905
  
  ANALYSIS_VERSION: 10.0.18362.1 amd64fre
  
  THREAD_ATTRIBUTES: 
  ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [LocalContainsFunctionPtr] from Frame:[0] on thread:[4740] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
  
  OS_LOCALE:  CHS
  
  BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK
  
  DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK
  
  PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
  
  PROBLEM_CLASSES: 
  
      ID:     [0n313]
      Type:   [@ACCESS_VIOLATION]
      Class:  Addendum
      Scope:  BUCKET_ID
      Name:   Omit
      Data:   Omit
      PID:    [Unspecified]
      TID:    [0x4740]
      Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
  
      ID:     [0n286]
      Type:   [INVALID_POINTER_WRITE]
      Class:  Primary
      Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
              BUCKET_ID
      Name:   Add
      Data:   Omit
      PID:    [Unspecified]
      TID:    [0x4740]
      Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
  
      ID:     [0n167]
      Type:   [WINDOW_HOOK]
      Class:  Addendum
      Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
              BUCKET_ID
      Name:   Add
      Data:   Omit
      PID:    [0x1058]
      TID:    [0x4740]
      Frame:  [1] : comctl32!CToolbar::ToolbarWndProc
  
  LAST_CONTROL_TRANSFER:  from 00007ffe0f617d60 to 00007ffe0f61b83c
  
  STACK_TEXT:  
  00000000`00000000 00000000`00000000 comctl32!CToolbar::TB_GetItemRect+0x0
  
  
  THREAD_SHA1_HASH_MOD_FUNC:  40203d41e5ec801647e9be9be6eceb4fae349f8d
  
  THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8376508c35b7bf4b31e3888a7d3a0de74fe713f0
  
  THREAD_SHA1_HASH_MOD:  8b6c786b31185ccf07b05bcfdca7d61a5c798b51
  
  FAULT_INSTR_CODE:  245c8948
  
  SYMBOL_STACK_INDEX:  0
  
  SYMBOL_NAME:  comctl32!CToolbar::TB_GetItemRect+0
  
  FOLLOWUP_NAME:  MachineOwner
  
  MODULE_NAME: comctl32
  
  IMAGE_NAME:  comctl32.dll
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  0
  
  STACK_COMMAND:  .ecxr ; ~~[0x4740]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 219f2502550 ** ; kb
  
  FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK_c0000005_comctl32.dll!CToolbar::TB_GetItemRect
  
  BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_comctl32!CToolbar::TB_GetItemRect+0
  
  FAILURE_EXCEPTION_CODE:  c0000005
  
  FAILURE_IMAGE_NAME:  comctl32.dll
  
  BUCKET_ID_IMAGE_STR:  comctl32.dll
  
  FAILURE_MODULE_NAME:  comctl32
  
  BUCKET_ID_MODULE_STR:  comctl32
  
  FAILURE_FUNCTION_NAME:  CToolbar::TB_GetItemRect
  
  BUCKET_ID_FUNCTION_STR:  CToolbar::TB_GetItemRect
  
  BUCKET_ID_OFFSET:  0
  
  BUCKET_ID_MODTIMEDATESTAMP:  0
  
  BUCKET_ID_MODCHECKSUM:  29fa3c
  
  BUCKET_ID_MODVER_STR:  6.10.19041.1110
  
  BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_
  
  FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
  
  FAILURE_SYMBOL_NAME:  comctl32.dll!CToolbar::TB_GetItemRect
  
  WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer.exe/10.0.19041.2193/807ca158/comctl32.dll/6.10.19041.1110/db2b08ef/c0000005/0006b83c.htm?Retriage=1
  
  TARGET_TIME:  2022-11-29T06:49:18.000Z
  
  OSBUILD:  19044
  
  OSSERVICEPACK:  2251
  
  SERVICEPACK_NUMBER: 0
  
  OS_REVISION: 0
  
  SUITE_MASK:  256
  
  PRODUCT_TYPE:  1
  
  OSPLATFORM_TYPE:  x64
  
  OSNAME:  Windows 10
  
  OSEDITION:  Windows 10 WinNt SingleUserTS
  
  USER_LCID:  0
  
  OSBUILD_TIMESTAMP:  2031-07-13 07:55:23
  
  BUILDDATESTAMP_STR:  191206-1406
  
  BUILDLAB_STR:  vb_release
  
  BUILDOSVER_STR:  10.0.19041.1.amd64fre.vb_release.191206-1406
  
  ANALYSIS_SESSION_ELAPSED_TIME:  bb38e
  
  ANALYSIS_SOURCE:  UM
  
  FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_window_hook_c0000005_comctl32.dll!ctoolbar::tb_getitemrect
  
  FAILURE_ID_HASH:  {d0db70fb-178e-eece-4646-82114c404117}
  
  Followup:     MachineOwner
  ---------
  
  0:001> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Exception Analysis                                   *
  *                                                                             *
  *******************************************************************************
  
  
  KEY_VALUES_STRING: 1
  
      Key  : AV.Fault
      Value: Write
  
      Key  : Timeline.Process.Start.DeltaSec
      Value: 23165
  
  
  PROCESSES_ANALYSIS: 1
  
  SERVICE_ANALYSIS: 1
  
  STACKHASH_ANALYSIS: 1
  
  TIMELINE_ANALYSIS: 1
  
  Timeline: !analyze.Start
      Name: <blank>
      Time: 2022-11-29T07:50:52.781Z
      Diff: 3694781 mSec
  
  Timeline: Dump.Current
      Name: <blank>
      Time: 2022-11-29T06:49:18.0Z
      Diff: 0 mSec
  
  Timeline: Process.Start
      Name: <blank>
      Time: 2022-11-29T00:23:13.0Z
      Diff: 23165000 mSec
  
  
  DUMP_CLASS: 2
  
  DUMP_QUALIFIER: 400
  
  CONTEXT:  (.ecxr)
  rax=0000000000000000 rbx=0000000005182240 rcx=0000000005182240
  rdx=0000000000000000 rsi=ffffffff80440000 rdi=0000000000000000
  rip=00007ffe0f61b83c rsp=000000000297ec40 rbp=000000000297ed41
   r8=0000000000000000  r9=0000000000000000 r10=00000fffc1ec2e4a
  r11=00007ffe0f5b0000 r12=0000000000000000 r13=000000000069108e
  r14=0000000005182240 r15=ffffffff80440000
  iopl=0         nv up ei pl zr na po nc
  cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
  comctl32!CToolbar::TB_GetItemRect+0x64:
  00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax ds:ffffffff`80440000=????????
  Resetting default scope
  
  FAULTING_IP: 
  comctl32!CToolbar::TB_GetItemRect+64
  00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax
  
  EXCEPTION_RECORD:  (.exr -1)
  ExceptionAddress: 00007ffe0f61b83c (comctl32!CToolbar::TB_GetItemRect+0x0000000000000064)
     ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
  NumberParameters: 2
     Parameter[0]: 0000000000000001
     Parameter[1]: ffffffff80440000
  Attempt to write to address ffffffff80440000
  
  PROCESS_NAME:  explorer.exe
  
  FOLLOWUP_IP: 
  comctl32!CToolbar::TB_GetItemRect+0
  00007ffe`0f61b7d8 48895c2408      mov     qword ptr [rsp+8],rbx
  
  WRITE_ADDRESS:  ffffffff80440000 
  
  ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
  
  EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
  
  EXCEPTION_CODE_STR:  c0000005
  
  EXCEPTION_PARAMETER1:  0000000000000001
  
  EXCEPTION_PARAMETER2:  ffffffff80440000
  
  WATSON_BKT_PROCSTAMP:  807ca158
  
  WATSON_BKT_PROCVER:  10.0.19041.2193
  
  PROCESS_VER_PRODUCT:  Microsoft? Windows? Operating System
  
  WATSON_BKT_MODULE:  comctl32.dll
  
  WATSON_BKT_MODSTAMP:  db2b08ef
  
  WATSON_BKT_MODOFFSET:  6b83c
  
  WATSON_BKT_MODVER:  6.10.19041.1110
  
  MODULE_VER_PRODUCT:  Microsoft? Windows? Operating System
  
  BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406
  
  MODLIST_WITH_TSCHKSUM_HASH:  20067caa99eeda97d1fd00461e1736383776715c
  
  MODLIST_SHA1_HASH:  a3917c9df2c5544c223c741a622f5bb74c8e782f
  
  NTGLOBALFLAG:  0
  
  APPLICATION_VERIFIER_FLAGS:  0
  
  DUMP_FLAGS:  94
  
  DUMP_TYPE:  1
  
  ANALYSIS_SESSION_HOST:  ANSON-PC2
  
  ANALYSIS_SESSION_TIME:  11-29-2022 15:50:52.0781
  
  ANALYSIS_VERSION: 10.0.18362.1 amd64fre
  
  THREAD_ATTRIBUTES: 
  ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [LocalContainsFunctionPtr] from Frame:[0] on thread:[4740] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
  
  OS_LOCALE:  CHS
  
  BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK
  
  DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK
  
  PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
  
  PROBLEM_CLASSES: 
  
      ID:     [0n313]
      Type:   [@ACCESS_VIOLATION]
      Class:  Addendum
      Scope:  BUCKET_ID
      Name:   Omit
      Data:   Omit
      PID:    [Unspecified]
      TID:    [0x4740]
      Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
  
      ID:     [0n286]
      Type:   [INVALID_POINTER_WRITE]
      Class:  Primary
      Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
              BUCKET_ID
      Name:   Add
      Data:   Omit
      PID:    [Unspecified]
      TID:    [0x4740]
      Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
  
      ID:     [0n167]
      Type:   [WINDOW_HOOK]
      Class:  Addendum
      Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
              BUCKET_ID
      Name:   Add
      Data:   Omit
      PID:    [0x1058]
      TID:    [0x4740]
      Frame:  [1] : comctl32!CToolbar::ToolbarWndProc
  
  LAST_CONTROL_TRANSFER:  from 00007ffe0f617d60 to 00007ffe0f61b83c
  
  STACK_TEXT:  
  00000000`00000000 00000000`00000000 comctl32!CToolbar::TB_GetItemRect+0x0
  
  
  THREAD_SHA1_HASH_MOD_FUNC:  40203d41e5ec801647e9be9be6eceb4fae349f8d
  
  THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8376508c35b7bf4b31e3888a7d3a0de74fe713f0
  
  THREAD_SHA1_HASH_MOD:  8b6c786b31185ccf07b05bcfdca7d61a5c798b51
  
  FAULT_INSTR_CODE:  245c8948
  
  SYMBOL_STACK_INDEX:  0
  
  SYMBOL_NAME:  comctl32!CToolbar::TB_GetItemRect+0
  
  FOLLOWUP_NAME:  MachineOwner
  
  MODULE_NAME: comctl32
  
  IMAGE_NAME:  comctl32.dll
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  0
  
  STACK_COMMAND:  .ecxr ; ~~[0x4740]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 219fa97c160 ** ; kb
  
  FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK_c0000005_comctl32.dll!CToolbar::TB_GetItemRect
  
  BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_comctl32!CToolbar::TB_GetItemRect+0
  
  FAILURE_EXCEPTION_CODE:  c0000005
  
  FAILURE_IMAGE_NAME:  comctl32.dll
  
  BUCKET_ID_IMAGE_STR:  comctl32.dll
  
  FAILURE_MODULE_NAME:  comctl32
  
  BUCKET_ID_MODULE_STR:  comctl32
  
  FAILURE_FUNCTION_NAME:  CToolbar::TB_GetItemRect
  
  BUCKET_ID_FUNCTION_STR:  CToolbar::TB_GetItemRect
  
  BUCKET_ID_OFFSET:  0
  
  BUCKET_ID_MODTIMEDATESTAMP:  0
  
  BUCKET_ID_MODCHECKSUM:  29fa3c
  
  BUCKET_ID_MODVER_STR:  6.10.19041.1110
  
  BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_
  
  FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
  
  FAILURE_SYMBOL_NAME:  comctl32.dll!CToolbar::TB_GetItemRect
  
  WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer.exe/10.0.19041.2193/807ca158/comctl32.dll/6.10.19041.1110/db2b08ef/c0000005/0006b83c.htm?Retriage=1
  
  TARGET_TIME:  2022-11-29T06:49:18.000Z
  
  OSBUILD:  19044
  
  OSSERVICEPACK:  2251
  
  SERVICEPACK_NUMBER: 0
  
  OS_REVISION: 0
  
  SUITE_MASK:  256
  
  PRODUCT_TYPE:  1
  
  OSPLATFORM_TYPE:  x64
  
  OSNAME:  Windows 10
  
  OSEDITION:  Windows 10 WinNt SingleUserTS
  
  USER_LCID:  0
  
  OSBUILD_TIMESTAMP:  2031-07-13 07:55:23
  
  BUILDDATESTAMP_STR:  191206-1406
  
  BUILDLAB_STR:  vb_release
  
  BUILDOSVER_STR:  10.0.19041.1.amd64fre.vb_release.191206-1406
  
  ANALYSIS_SESSION_ELAPSED_TIME:  1811
  
  ANALYSIS_SOURCE:  UM
  
  FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_window_hook_c0000005_comctl32.dll!ctoolbar::tb_getitemrect
  
  FAILURE_ID_HASH:  {d0db70fb-178e-eece-4646-82114c404117}
  
  Followup:     MachineOwner
  ---------
  
  

  
  

  2022年11月29日 8:49

  回复

  |

  引用