Re: 点击“计算机”属性,“分辨率”,“控制面板”等操作都会crash……
转储分析
点击“计算机”属性,“分辨率”,“控制面板”等操作都会crash……
Memory_code
2014-05-27, 10:13 上午
最近朋友的电脑出了问题,就如标题所言的点击都会导致explorer崩溃~
The stored exception information can be accessed via .ecxr.
(a10.1a00): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=09c0d478 edx=00000000 esi=09b958e8 edi=00000000
eip=75de8436 esp=09eff074 ebp=09eff088 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
shell32!CControlPanelCategoryModuleInner::OnItemsLoaded+0xa8:
75de8436 8b07 mov eax,dword ptr [edi] ds:0023:00000000=????????
0:067> kvn
# ChildEBP RetAddr Args to Child
00 09eff088 75de83a2 00000000 00000000 00000000 shell32!CControlPanelCategoryModuleInner::OnItemsLoaded+0xa8 (FPO: [Non-Fpo])
01 09eff09c 75e50c46 099ab908 09eff0c0 7408e53a shell32!CControlPanelDataWorkItem::Dispatch+0x21 (FPO: [Non-Fpo])
02 09eff0a8 7408e53a 099ab908 09c0f1d8 09c0f1d8 shell32!CFrameTaskManager::s_DispatchWorkItem+0xe (FPO: [Non-Fpo])
03 09eff0c0 75e50c13 0431a908 75e50c38 09c0f1d8 comctl32!DPA_EnumCallback+0x25 (FPO: [Non-Fpo])
04 09eff0e8 75680450 ffffffff 00000202 00000001 shell32!CFrameTaskManager::DispatchCompletedWorkItems+0xd8 (FPO: [Non-Fpo])
05 09eff100 756e6311 75e50b85 09eff2f0 00000001 rpcrt4!Invoke+0x2a
06 09eff508 7598d7e6 09c1d9d0 0977dfc0 09765e18 rpcrt4!NdrStubCall2+0x2d6
07 09eff550 7598d876 09c1d9d0 09765e18 0977dfc0 ole32!CStdStubBuffer_Invoke+0xb6 (CONV: stdcall) [d:\w7rtm\com\rpc\ndrole\stub.cxx @ 1590]
08 09eff598 7598ddd0 09765e18 096a95fc 0964b108 ole32!SyncStubInvoke+0x3c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1187]
09 09eff5e4 758a8a43 09765e18 09a57598 09c1d9d0 ole32!StubInvoke+0xb9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1396]
0a 09eff6c0 758a8938 0977dfc0 00000000 09c1d9d0 ole32!CCtxComChnl::ContextInvoke+0xfa (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\ctxchnl.cxx @ 1262]
0b 09eff6dc 758a950a 09765e18 00000001 09c1d9d0 ole32!MTAInvoke+0x1a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\callctrl.cxx @ 2105]
0c 09eff708 7598dccd 09765e18 00000001 09c1d9d0 ole32!STAInvoke+0x46 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\callctrl.cxx @ 1924]
0d 09eff73c 7598db41 d0908070 0977dfc0 09c1d9d0 ole32!AppInvoke+0xab (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1086]
0e 09eff81c 7598e1fd 09765dc0 09653f28 00000000 ole32!ComInvokeWithLockAndIPID+0x372 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1724]
0f 09eff844 758a9367 09765dc0 00000400 096d62f0 ole32!ComInvoke+0xc5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1469]
10 09eff858 758a9326 09765dc0 09eff918 00000400 ole32!ThreadDispatch+0x23 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\chancont.cxx @ 298]
11 09eff89c 7547c4e7 00060174 00000400 0000babe ole32!ThreadWndProc+0x161 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\chancont.cxx @ 654]
12 09eff8c8 7547c5e7 758a9286 00060174 00000400 user32!InternalCallWinProc+0x23
13 09eff940 7547cc19 00000000 758a9286 00060174 user32!UserCallWinProcCheckWow+0x14b (FPO: [Non-Fpo])
14 09eff9a0 7547cc70 758a9286 00000000 09eff9f4 user32!DispatchMessageWorker+0x35e (FPO: [Non-Fpo])
15 09eff9b0 6f82c76b 09eff9c8 00000004 00000000 user32!DispatchMessageW+0xf (FPO: [Non-Fpo])
16 09eff9f4 6f830cb3 00000000 00000000 09effa1c EXPLORERFRAME!CExplorerFrame::FrameMessagePump+0x4c3 (FPO: [Non-Fpo])
17 09effa04 6f830f5d 02babe88 75468203 0971d260 EXPLORERFRAME!BrowserThreadProc+0x49 (FPO: [Non-Fpo])
18 09effa1c 6f830f0a 09a30548 0971d260 09effa4c EXPLORERFRAME!BrowserNewThreadProc+0x43 (FPO: [Non-Fpo])
19 09effa2c 6f8008f6 0971d260 01000000 80000000 EXPLORERFRAME!CExplorerTask::InternalResumeRT+0x11 (FPO: [Non-Fpo])
1a 09effa4c 75d862fb 0971d274 7fffffff 09bd3db8 EXPLORERFRAME!CRunnableTask::Run+0xce (FPO: [Non-Fpo])
1b 09effa68 75d88b77 09effaa4 00000000 00000000 shell32!CShellTask::TT_Run+0x167 (FPO: [Non-Fpo])
1c 09effab0 75d88cab 09effb40 771543c0 09bd3db8 shell32!CShellTaskThread::ThreadProc+0xa3 (FPO: [Non-Fpo])
1d 09effab8 771543c0 09bd3db8 00000000 00000000 shell32!CShellTaskThread::s_ThreadProc+0x1b (FPO: [Non-Fpo])
1e 09effb40 75c4ee1c 001ff0d0 09effb8c 770437eb shlwapi!WrapperThreadProc+0x1b5 (FPO: [Non-Fpo])
1f 09effb4c 770437eb 001ff0d0 7ee409ba 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
20 09effb8c 770437be 771542ed 001ff0d0 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
21 09effba4 00000000 771542ed 001ff0d0 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
我自己尝试跟了一下不一会就迷失了……找到了几个GUID去注册表翻了一下也没找到~
dump已经上传,如果张老师有闲暇时间希望能帮帮忙哈~
http://pan.baidu.com/s/1jGqm3jg
Re: 点击“计算机”属性,“分辨率”,“控制面板”等操作都会crash……
qiliu3
2014-05-29, 16:12 下午
关注啊,希望张老师能给一个分析过程,看堆栈好像和COM有关,每次碰到这种问题都无从下手。。。
Re: 点击“计算机”属性,“分辨率”,“控制面板”等操作都会crash……
格蠹老雷
2014-05-30, 14:51 下午
在外地,看了下文件还不小,端午后会下载看一下
Re: 点击“计算机”属性,“分辨率”,“控制面板”等操作都会crash……
Memory_code
2014-05-30, 15:14 下午
嗯嗯~好的,等张老师有空的时候看两眼就好~毕竟堆栈应该还是挺清晰的,指点一下方向~