none
资源管理器explorer崩溃的dump文件分析 RRS feed

  • 问题

  • 希望大神帮忙分析。

    dump已经上传

    链接: https://pan.baidu.com/s/1CTOGpE2DZca-ybLzyEj4vg 提取码: q8jy 复制这段内容后打开百度网盘手机App,操作更方便哦

    下面是自己的解析日志

    Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\explorerdump\explorer.exe.4184.dmp]
    User Mini Dump File: Only registers, stack and portions of memory are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    WARNING: Whitespace at start of path element
    Symbol search path is:  srv*c:\mss*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 10 Version 19044 MP (8 procs) Free x64
    Product: WinNt, suite: SingleUserTS
    19041.1.amd64fre.vb_release.191206-1406
    Machine Name:
    Debug session time: Tue Nov 29 14:49:18.000 2022 (UTC + 8:00)
    System Uptime: not available
    Process Uptime: 0 days 6:26:05.000
    ................................................................
    ................................................................
    ................................................................
    ................................................................
    .............................................................
    Loading unloaded module list
    ................................................................
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (1058.4740): Access violation - code c0000005 (first/second chance not available)
    For analysis of this file, run !analyze -v
    ntdll!NtWaitForMultipleObjects+0x14:
    00007ffe`2382dc14 c3              ret
    0:001> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************
    
    
    KEY_VALUES_STRING: 1
    
        Key  : AV.Fault
        Value: Write
    
        Key  : Timeline.Process.Start.DeltaSec
        Value: 23165
    
    
    PROCESSES_ANALYSIS: 1
    
    SERVICE_ANALYSIS: 1
    
    STACKHASH_ANALYSIS: 1
    
    TIMELINE_ANALYSIS: 1
    
    Timeline: !analyze.Start
        Name: <blank>
        Time: 2022-11-29T07:38:05.905Z
        Diff: 2927905 mSec
    
    Timeline: Dump.Current
        Name: <blank>
        Time: 2022-11-29T06:49:18.0Z
        Diff: 0 mSec
    
    Timeline: Process.Start
        Name: <blank>
        Time: 2022-11-29T00:23:13.0Z
        Diff: 23165000 mSec
    
    
    DUMP_CLASS: 2
    
    DUMP_QUALIFIER: 400
    
    CONTEXT:  (.ecxr)
    rax=0000000000000000 rbx=0000000005182240 rcx=0000000005182240
    rdx=0000000000000000 rsi=ffffffff80440000 rdi=0000000000000000
    rip=00007ffe0f61b83c rsp=000000000297ec40 rbp=000000000297ed41
     r8=0000000000000000  r9=0000000000000000 r10=00000fffc1ec2e4a
    r11=00007ffe0f5b0000 r12=0000000000000000 r13=000000000069108e
    r14=0000000005182240 r15=ffffffff80440000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
    comctl32!CToolbar::TB_GetItemRect+0x64:
    00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax ds:ffffffff`80440000=????????
    Resetting default scope
    
    FAULTING_IP: 
    comctl32!CToolbar::TB_GetItemRect+64
    00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax
    
    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 00007ffe0f61b83c (comctl32!CToolbar::TB_GetItemRect+0x0000000000000064)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000001
       Parameter[1]: ffffffff80440000
    Attempt to write to address ffffffff80440000
    
    PROCESS_NAME:  explorer.exe
    
    FOLLOWUP_IP: 
    comctl32!CToolbar::TB_GetItemRect+0
    00007ffe`0f61b7d8 48895c2408      mov     qword ptr [rsp+8],rbx
    
    WRITE_ADDRESS:  ffffffff80440000 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000001
    
    EXCEPTION_PARAMETER2:  ffffffff80440000
    
    WATSON_BKT_PROCSTAMP:  807ca158
    
    WATSON_BKT_PROCVER:  10.0.19041.2193
    
    PROCESS_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    WATSON_BKT_MODULE:  comctl32.dll
    
    WATSON_BKT_MODSTAMP:  db2b08ef
    
    WATSON_BKT_MODOFFSET:  6b83c
    
    WATSON_BKT_MODVER:  6.10.19041.1110
    
    MODULE_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406
    
    MODLIST_WITH_TSCHKSUM_HASH:  20067caa99eeda97d1fd00461e1736383776715c
    
    MODLIST_SHA1_HASH:  a3917c9df2c5544c223c741a622f5bb74c8e782f
    
    NTGLOBALFLAG:  0
    
    APPLICATION_VERIFIER_FLAGS:  0
    
    DUMP_FLAGS:  94
    
    DUMP_TYPE:  1
    
    ANALYSIS_SESSION_HOST:  ANSON-PC2
    
    ANALYSIS_SESSION_TIME:  11-29-2022 15:38:05.0905
    
    ANALYSIS_VERSION: 10.0.18362.1 amd64fre
    
    THREAD_ATTRIBUTES: 
    ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [LocalContainsFunctionPtr] from Frame:[0] on thread:[4740] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
    
    OS_LOCALE:  CHS
    
    BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK
    
    DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK
    
    PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
    
    PROBLEM_CLASSES: 
    
        ID:     [0n313]
        Type:   [@ACCESS_VIOLATION]
        Class:  Addendum
        Scope:  BUCKET_ID
        Name:   Omit
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x4740]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n286]
        Type:   [INVALID_POINTER_WRITE]
        Class:  Primary
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x4740]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n167]
        Type:   [WINDOW_HOOK]
        Class:  Addendum
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [0x1058]
        TID:    [0x4740]
        Frame:  [1] : comctl32!CToolbar::ToolbarWndProc
    
    LAST_CONTROL_TRANSFER:  from 00007ffe0f617d60 to 00007ffe0f61b83c
    
    STACK_TEXT:  
    00000000`00000000 00000000`00000000 comctl32!CToolbar::TB_GetItemRect+0x0
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  40203d41e5ec801647e9be9be6eceb4fae349f8d
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8376508c35b7bf4b31e3888a7d3a0de74fe713f0
    
    THREAD_SHA1_HASH_MOD:  8b6c786b31185ccf07b05bcfdca7d61a5c798b51
    
    FAULT_INSTR_CODE:  245c8948
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  comctl32!CToolbar::TB_GetItemRect+0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: comctl32
    
    IMAGE_NAME:  comctl32.dll
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    STACK_COMMAND:  .ecxr ; ~~[0x4740]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 219f2502550 ** ; kb
    
    FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK_c0000005_comctl32.dll!CToolbar::TB_GetItemRect
    
    BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_comctl32!CToolbar::TB_GetItemRect+0
    
    FAILURE_EXCEPTION_CODE:  c0000005
    
    FAILURE_IMAGE_NAME:  comctl32.dll
    
    BUCKET_ID_IMAGE_STR:  comctl32.dll
    
    FAILURE_MODULE_NAME:  comctl32
    
    BUCKET_ID_MODULE_STR:  comctl32
    
    FAILURE_FUNCTION_NAME:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_FUNCTION_STR:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_OFFSET:  0
    
    BUCKET_ID_MODTIMEDATESTAMP:  0
    
    BUCKET_ID_MODCHECKSUM:  29fa3c
    
    BUCKET_ID_MODVER_STR:  6.10.19041.1110
    
    BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_
    
    FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
    
    FAILURE_SYMBOL_NAME:  comctl32.dll!CToolbar::TB_GetItemRect
    
    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer.exe/10.0.19041.2193/807ca158/comctl32.dll/6.10.19041.1110/db2b08ef/c0000005/0006b83c.htm?Retriage=1
    
    TARGET_TIME:  2022-11-29T06:49:18.000Z
    
    OSBUILD:  19044
    
    OSSERVICEPACK:  2251
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  256
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt SingleUserTS
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2031-07-13 07:55:23
    
    BUILDDATESTAMP_STR:  191206-1406
    
    BUILDLAB_STR:  vb_release
    
    BUILDOSVER_STR:  10.0.19041.1.amd64fre.vb_release.191206-1406
    
    ANALYSIS_SESSION_ELAPSED_TIME:  bb38e
    
    ANALYSIS_SOURCE:  UM
    
    FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_window_hook_c0000005_comctl32.dll!ctoolbar::tb_getitemrect
    
    FAILURE_ID_HASH:  {d0db70fb-178e-eece-4646-82114c404117}
    
    Followup:     MachineOwner
    ---------
    
    0:001> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************
    
    
    KEY_VALUES_STRING: 1
    
        Key  : AV.Fault
        Value: Write
    
        Key  : Timeline.Process.Start.DeltaSec
        Value: 23165
    
    
    PROCESSES_ANALYSIS: 1
    
    SERVICE_ANALYSIS: 1
    
    STACKHASH_ANALYSIS: 1
    
    TIMELINE_ANALYSIS: 1
    
    Timeline: !analyze.Start
        Name: <blank>
        Time: 2022-11-29T07:50:52.781Z
        Diff: 3694781 mSec
    
    Timeline: Dump.Current
        Name: <blank>
        Time: 2022-11-29T06:49:18.0Z
        Diff: 0 mSec
    
    Timeline: Process.Start
        Name: <blank>
        Time: 2022-11-29T00:23:13.0Z
        Diff: 23165000 mSec
    
    
    DUMP_CLASS: 2
    
    DUMP_QUALIFIER: 400
    
    CONTEXT:  (.ecxr)
    rax=0000000000000000 rbx=0000000005182240 rcx=0000000005182240
    rdx=0000000000000000 rsi=ffffffff80440000 rdi=0000000000000000
    rip=00007ffe0f61b83c rsp=000000000297ec40 rbp=000000000297ed41
     r8=0000000000000000  r9=0000000000000000 r10=00000fffc1ec2e4a
    r11=00007ffe0f5b0000 r12=0000000000000000 r13=000000000069108e
    r14=0000000005182240 r15=ffffffff80440000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
    comctl32!CToolbar::TB_GetItemRect+0x64:
    00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax ds:ffffffff`80440000=????????
    Resetting default scope
    
    FAULTING_IP: 
    comctl32!CToolbar::TB_GetItemRect+64
    00007ffe`0f61b83c 8906            mov     dword ptr [rsi],eax
    
    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 00007ffe0f61b83c (comctl32!CToolbar::TB_GetItemRect+0x0000000000000064)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000001
       Parameter[1]: ffffffff80440000
    Attempt to write to address ffffffff80440000
    
    PROCESS_NAME:  explorer.exe
    
    FOLLOWUP_IP: 
    comctl32!CToolbar::TB_GetItemRect+0
    00007ffe`0f61b7d8 48895c2408      mov     qword ptr [rsp+8],rbx
    
    WRITE_ADDRESS:  ffffffff80440000 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000001
    
    EXCEPTION_PARAMETER2:  ffffffff80440000
    
    WATSON_BKT_PROCSTAMP:  807ca158
    
    WATSON_BKT_PROCVER:  10.0.19041.2193
    
    PROCESS_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    WATSON_BKT_MODULE:  comctl32.dll
    
    WATSON_BKT_MODSTAMP:  db2b08ef
    
    WATSON_BKT_MODOFFSET:  6b83c
    
    WATSON_BKT_MODVER:  6.10.19041.1110
    
    MODULE_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406
    
    MODLIST_WITH_TSCHKSUM_HASH:  20067caa99eeda97d1fd00461e1736383776715c
    
    MODLIST_SHA1_HASH:  a3917c9df2c5544c223c741a622f5bb74c8e782f
    
    NTGLOBALFLAG:  0
    
    APPLICATION_VERIFIER_FLAGS:  0
    
    DUMP_FLAGS:  94
    
    DUMP_TYPE:  1
    
    ANALYSIS_SESSION_HOST:  ANSON-PC2
    
    ANALYSIS_SESSION_TIME:  11-29-2022 15:50:52.0781
    
    ANALYSIS_VERSION: 10.0.18362.1 amd64fre
    
    THREAD_ATTRIBUTES: 
    ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [LocalContainsFunctionPtr] from Frame:[0] on thread:[4740] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
    
    OS_LOCALE:  CHS
    
    BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK
    
    DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK
    
    PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
    
    PROBLEM_CLASSES: 
    
        ID:     [0n313]
        Type:   [@ACCESS_VIOLATION]
        Class:  Addendum
        Scope:  BUCKET_ID
        Name:   Omit
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x4740]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n286]
        Type:   [INVALID_POINTER_WRITE]
        Class:  Primary
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x4740]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n167]
        Type:   [WINDOW_HOOK]
        Class:  Addendum
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [0x1058]
        TID:    [0x4740]
        Frame:  [1] : comctl32!CToolbar::ToolbarWndProc
    
    LAST_CONTROL_TRANSFER:  from 00007ffe0f617d60 to 00007ffe0f61b83c
    
    STACK_TEXT:  
    00000000`00000000 00000000`00000000 comctl32!CToolbar::TB_GetItemRect+0x0
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  40203d41e5ec801647e9be9be6eceb4fae349f8d
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8376508c35b7bf4b31e3888a7d3a0de74fe713f0
    
    THREAD_SHA1_HASH_MOD:  8b6c786b31185ccf07b05bcfdca7d61a5c798b51
    
    FAULT_INSTR_CODE:  245c8948
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  comctl32!CToolbar::TB_GetItemRect+0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: comctl32
    
    IMAGE_NAME:  comctl32.dll
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    STACK_COMMAND:  .ecxr ; ~~[0x4740]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 219fa97c160 ** ; kb
    
    FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK_c0000005_comctl32.dll!CToolbar::TB_GetItemRect
    
    BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_comctl32!CToolbar::TB_GetItemRect+0
    
    FAILURE_EXCEPTION_CODE:  c0000005
    
    FAILURE_IMAGE_NAME:  comctl32.dll
    
    BUCKET_ID_IMAGE_STR:  comctl32.dll
    
    FAILURE_MODULE_NAME:  comctl32
    
    BUCKET_ID_MODULE_STR:  comctl32
    
    FAILURE_FUNCTION_NAME:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_FUNCTION_STR:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_OFFSET:  0
    
    BUCKET_ID_MODTIMEDATESTAMP:  0
    
    BUCKET_ID_MODCHECKSUM:  29fa3c
    
    BUCKET_ID_MODVER_STR:  6.10.19041.1110
    
    BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_
    
    FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
    
    FAILURE_SYMBOL_NAME:  comctl32.dll!CToolbar::TB_GetItemRect
    
    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer.exe/10.0.19041.2193/807ca158/comctl32.dll/6.10.19041.1110/db2b08ef/c0000005/0006b83c.htm?Retriage=1
    
    TARGET_TIME:  2022-11-29T06:49:18.000Z
    
    OSBUILD:  19044
    
    OSSERVICEPACK:  2251
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  256
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt SingleUserTS
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2031-07-13 07:55:23
    
    BUILDDATESTAMP_STR:  191206-1406
    
    BUILDLAB_STR:  vb_release
    
    BUILDOSVER_STR:  10.0.19041.1.amd64fre.vb_release.191206-1406
    
    ANALYSIS_SESSION_ELAPSED_TIME:  1811
    
    ANALYSIS_SOURCE:  UM
    
    FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_window_hook_c0000005_comctl32.dll!ctoolbar::tb_getitemrect
    
    FAILURE_ID_HASH:  {d0db70fb-178e-eece-4646-82114c404117}
    
    Followup:     MachineOwner
    ---------
    
    

    2022年11月29日 8:49

全部回复

  • 您好,

    初步分析可能跟华为的 HwTrayWnd 有关,建议卸载看看。

    Best Regards,
    Wesley Li


    Please remember to mark the replies as answersif they help.

    2022年11月30日 9:33
  • 谢谢Wesley LW,我现在验证。

    您能否分享一下排查方法?

    2022年11月30日 10:10
  • 谢谢Wesley LW,已经卸载HwTrayWnd,今天又遇到问题了。

    链接: https://pan.baidu.com/s/1fJbIIux7l23dW0V7DZTUfA 提取码: ms6t 复制这段内容后打开百度网盘手机App,操作更方便哦

    您能否分享一下排查方法?

    2022年12月2日 11:03
  • 新的debug

    Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\explorerdump\explorer.exe.24296.dmp]
    User Mini Dump File: Only registers, stack and portions of memory are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    WARNING: Whitespace at start of path element
    Symbol search path is:  srv*c:\mss*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 10 Version 19044 MP (8 procs) Free x64
    Product: WinNt, suite: SingleUserTS
    19041.1.amd64fre.vb_release.191206-1406
    Machine Name:
    Debug session time: Wed Dec  7 14:12:06.000 2022 (UTC + 8:00)
    System Uptime: not available
    Process Uptime: 0 days 6:10:01.000
    ................................................................
    ................................................................
    ................................................................
    ................................................................
    .......................................................
    Loading unloaded module list
    ................................................................
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (5ee8.2b64): Access violation - code c0000005 (first/second chance not available)
    For analysis of this file, run !analyze -v
    ntdll!NtWaitForMultipleObjects+0x14:
    00007ffa`f68adc14 c3              ret
    0:001> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************
    
    
    KEY_VALUES_STRING: 1
    
        Key  : AV.Fault
        Value: Write
    
        Key  : Timeline.Process.Start.DeltaSec
        Value: 22201
    
    
    PROCESSES_ANALYSIS: 1
    
    SERVICE_ANALYSIS: 1
    
    STACKHASH_ANALYSIS: 1
    
    TIMELINE_ANALYSIS: 1
    
    Timeline: !analyze.Start
        Name: <blank>
        Time: 2022-12-07T06:17:46.167Z
        Diff: 340167 mSec
    
    Timeline: Dump.Current
        Name: <blank>
        Time: 2022-12-07T06:12:06.0Z
        Diff: 0 mSec
    
    Timeline: Process.Start
        Name: <blank>
        Time: 2022-12-07T00:02:05.0Z
        Diff: 22201000 mSec
    
    
    DUMP_CLASS: 2
    
    DUMP_QUALIFIER: 400
    
    CONTEXT:  (.ecxr)
    rax=0000000000000000 rbx=00000000044b6ec0 rcx=00000000044b6ec0
    rdx=0000000000000000 rsi=ffffffff80030000 rdi=0000000000000000
    rip=00007ffae27ab83c rsp=000000000376ea70 rbp=000000000376eb71
     r8=0000000000000000  r9=0000000000000000 r10=00000fff5c4f4e4a
    r11=00007ffae2740000 r12=0000000000000000 r13=00000000003919e2
    r14=00000000044b6ec0 r15=ffffffff80030000
    iopl=0         nv up ei pl zr na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
    comctl32!CToolbar::TB_GetItemRect+0x64:
    00007ffa`e27ab83c 8906            mov     dword ptr [rsi],eax ds:ffffffff`80030000=????????
    Resetting default scope
    
    FAULTING_IP: 
    comctl32!CToolbar::TB_GetItemRect+64
    00007ffa`e27ab83c 8906            mov     dword ptr [rsi],eax
    
    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 00007ffae27ab83c (comctl32!CToolbar::TB_GetItemRect+0x0000000000000064)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000001
       Parameter[1]: ffffffff80030000
    Attempt to write to address ffffffff80030000
    
    PROCESS_NAME:  explorer.exe
    
    FOLLOWUP_IP: 
    comctl32!CToolbar::TB_GetItemRect+0
    00007ffa`e27ab7d8 48895c2408      mov     qword ptr [rsp+8],rbx
    
    WRITE_ADDRESS:  ffffffff80030000 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000001
    
    EXCEPTION_PARAMETER2:  ffffffff80030000
    
    WATSON_BKT_PROCSTAMP:  807ca158
    
    WATSON_BKT_PROCVER:  10.0.19041.2193
    
    PROCESS_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    WATSON_BKT_MODULE:  comctl32.dll
    
    WATSON_BKT_MODSTAMP:  db2b08ef
    
    WATSON_BKT_MODOFFSET:  6b83c
    
    WATSON_BKT_MODVER:  6.10.19041.1110
    
    MODULE_VER_PRODUCT:  Microsoft? Windows? Operating System
    
    BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406
    
    MODLIST_WITH_TSCHKSUM_HASH:  d9caa209caa9c73244ae198b0445ebf08d62ed06
    
    MODLIST_SHA1_HASH:  7db6c7511a8b4bfaeace2e6df47584e1b3e53106
    
    NTGLOBALFLAG:  0
    
    APPLICATION_VERIFIER_FLAGS:  0
    
    DUMP_FLAGS:  94
    
    DUMP_TYPE:  1
    
    ANALYSIS_SESSION_HOST:  ANSON-PC2
    
    ANALYSIS_SESSION_TIME:  12-07-2022 14:17:46.0167
    
    ANALYSIS_VERSION: 10.0.18362.1 amd64fre
    
    THREAD_ATTRIBUTES: 
    ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [LocalContainsFunctionPtr] from Frame:[0] on thread:[2b64] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
    
    OS_LOCALE:  CHS
    
    BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK
    
    DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK
    
    PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
    
    PROBLEM_CLASSES: 
    
        ID:     [0n313]
        Type:   [@ACCESS_VIOLATION]
        Class:  Addendum
        Scope:  BUCKET_ID
        Name:   Omit
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x2b64]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n286]
        Type:   [INVALID_POINTER_WRITE]
        Class:  Primary
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x2b64]
        Frame:  [0] : comctl32!CToolbar::TB_GetItemRect
    
        ID:     [0n167]
        Type:   [WINDOW_HOOK]
        Class:  Addendum
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [0x5ee8]
        TID:    [0x2b64]
        Frame:  [1] : comctl32!CToolbar::ToolbarWndProc
    
    LAST_CONTROL_TRANSFER:  from 00007ffae27a7d60 to 00007ffae27ab83c
    
    STACK_TEXT:  
    00000000`00000000 00000000`00000000 comctl32!CToolbar::TB_GetItemRect+0x0
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  40203d41e5ec801647e9be9be6eceb4fae349f8d
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8376508c35b7bf4b31e3888a7d3a0de74fe713f0
    
    THREAD_SHA1_HASH_MOD:  8b6c786b31185ccf07b05bcfdca7d61a5c798b51
    
    FAULT_INSTR_CODE:  245c8948
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  comctl32!CToolbar::TB_GetItemRect+0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: comctl32
    
    IMAGE_NAME:  comctl32.dll
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    STACK_COMMAND:  .ecxr ; ~~[0x2b64]s ; .frame 0 ; ** Pseudo Context ** ManagedPseudo ** Value: 1bedc8762a0 ** ; kb
    
    FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_WINDOW_HOOK_c0000005_comctl32.dll!CToolbar::TB_GetItemRect
    
    BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_comctl32!CToolbar::TB_GetItemRect+0
    
    FAILURE_EXCEPTION_CODE:  c0000005
    
    FAILURE_IMAGE_NAME:  comctl32.dll
    
    BUCKET_ID_IMAGE_STR:  comctl32.dll
    
    FAILURE_MODULE_NAME:  comctl32
    
    BUCKET_ID_MODULE_STR:  comctl32
    
    FAILURE_FUNCTION_NAME:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_FUNCTION_STR:  CToolbar::TB_GetItemRect
    
    BUCKET_ID_OFFSET:  0
    
    BUCKET_ID_MODTIMEDATESTAMP:  0
    
    BUCKET_ID_MODCHECKSUM:  29fa3c
    
    BUCKET_ID_MODVER_STR:  6.10.19041.1110
    
    BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_WINDOW_HOOK_
    
    FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
    
    FAILURE_SYMBOL_NAME:  comctl32.dll!CToolbar::TB_GetItemRect
    
    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer.exe/10.0.19041.2193/807ca158/comctl32.dll/6.10.19041.1110/db2b08ef/c0000005/0006b83c.htm?Retriage=1
    
    TARGET_TIME:  2022-12-07T06:12:06.000Z
    
    OSBUILD:  19044
    
    OSSERVICEPACK:  2251
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  256
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt SingleUserTS
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2031-07-13 07:55:23
    
    BUILDDATESTAMP_STR:  191206-1406
    
    BUILDLAB_STR:  vb_release
    
    BUILDOSVER_STR:  10.0.19041.1.amd64fre.vb_release.191206-1406
    
    ANALYSIS_SESSION_ELAPSED_TIME:  4fb7
    
    ANALYSIS_SOURCE:  UM
    
    FAILURE_ID_HASH_STRING:  um:invalid_pointer_write_window_hook_c0000005_comctl32.dll!ctoolbar::tb_getitemrect
    
    FAILURE_ID_HASH:  {d0db70fb-178e-eece-4646-82114c404117}
    
    Followup:     MachineOwner
    ---------
    
    0:001> lmvm comctl32
    Browse full module list
    start             end                 module name
    00007ffa`e2740000 00007ffa`e29da000   comctl32 # (pdb symbols)          c:\mss\comctl32.pdb\829A1D6FC7F0C20F8489775F10E933451\comctl32.pdb
        Loaded symbol image file: comctl32.dll
        Mapped memory image file: c:\mss\comctl32.dll\DB2B08EF29a000\comctl32.dll
        Image path: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
        Image name: comctl32.dll
        Browse all global symbols  functions  data
        Image was built with /Brepro flag.
        Timestamp:        DB2B08EF (This is a reproducible build file hash, not a timestamp)
        CheckSum:         0029FA3C
        ImageSize:        0029A000
        File version:     6.10.19041.1110
        Product version:  10.0.19041.1110
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0409.04b0
        Information from resource tables:
            CompanyName:      Microsoft Corporation
            ProductName:      Microsoft® Windows® Operating System
            InternalName:     comctl32
            OriginalFilename: comctl32.DLL
            ProductVersion:   10.0.19041.1288
            FileVersion:      6.10 (WinBuild.160101.0800)
            FileDescription:  User Experience Controls Library
            LegalCopyright:   © Microsoft Corporation. All rights reserved.
    


    2022年12月7日 6:19