Windows explorer crashing

[Dan]

Running win2k pro on a 2 hdd, dual boot system with 3 partitions. I am
having random shutdowns of WE, typically when I attempt some right click
operation on a directory, such as search, rename etc. I use search a
lot, have not yet seen it crash on search when I use the button on the
task bar. An error log is created, reads as follows. Below this is a
huge stack dump. ANY idea what this might be & a cure? Do I have to
reload the damned OS to fix this???

TIA

Dan

Application exception occurred:
App: explorer.exe (pid=840)
When: 8/15/2004 @ 20:17:32.592
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: NO-33R1ED7P8R1W
User Name: no name
Number of Processors: 1
Processor Type: x86 Family 6 Model 4 Stepping 2
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: no name

*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
192 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
408 svchost.exe
428 spoolsv.exe
456 NAVAPSVC.exe
480 NISUM.exe
492 svchost.exe
564 mstask.exe
588 SYMPROXYSVC.exe
628 mspmspsv.exe
652 NISSERV.exe
840 explorer.exe
920 NAVAPW32.exe
932 IAMAPP.exe
948 iTouch.exe
956 SpySweeper.exe
968 1stClock.exe
1016 Ad-watch.exe
1128 ATRACK.exe
284 DRWTSN32.exe
0 _Total.exe

 

[Pat [MSFT]]

Can you check to see if a USER.DMP file was created in the OS directory
(c:\winnt or whatever)? If so, we may be able to tell you what the problem
was.


Pat

 

[Dan]

Pat-Thanks for the reply. I do have such a file, but it's 36 meg in
size & when opened as text appears to only be code. How would I read
this file?

TIA

Dan

 

[Pat [MSFT]]

The dmp file is a binary file. You will need to use one of the MS debuggers
to read it:

1) Download and install WinDBG - it comes in the debugger pack
(http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx)
2) Create a directory for the symbols, c:\symbols
3) Launch WinDBG (Start-->Programs-->Debugging Tools For Windows)
4) Open the .dmp file (File-->Open Crash Dump)
5) Set the symbol path: .symfix c:\symbols <enter>
6) Reset the symbols: .reload <enter>
7) Type !analyze -v <enter>

This will spew a bunch of information, but included will an analysis of the
most likely cause of the failure. If you need help understanding the
output, you can post it to the group.

BTW, this method also works on mini-dumps, kernel dumps, etc.


Pat

 

[Dan]

Pat-OK, I think I did everything as you described, the following is what
I got. Seems like there was an error with the analysis??? Maybe you
can make some sense of it ;-)

Thanks for taking a look!

Dan

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\we crash user.dmp]
User Dump File: Only application data is available

Windows 2000 Version 2195 UP Free x86 compatible
Product: WinNt
Debug session time: Tue Aug 17 18:47:31 2004
System Uptime: 0 days 0:58:16.051
Process Uptime: not available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
..............................................................................
(cc.3c8): Access violation - code c0000005 (!!! second chance !!!)
eax=033022b8 ebx=00000065 ecx=000bc938 edx=00000003 esi=000bc938
edi=00000003
eip=78313a7f esp=025df38c ebp=025df400 iopl=0 nv up ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for SHELL32.dll -
SHELL32!Ordinal701+0xb0d:
78313a7f 8b08 mov ecx,[eax]
ds:0023:033022b8=????????
0:010> .symfix e:\symbols
Symbol search path is:
SRV*e:\symbols*http://msdl.microsoft.com/download/symbols
0:010> .reload
..............................................................................
0:010> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for COMCTL32.DLL -

FAULTING_IP:
SHELL32!HDXA_DeleteAll+1e
78313a7f 8b08 mov ecx,[eax]

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 78313a7f (SHELL32!HDXA_DeleteAll+0x0000001e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 033022b8
Attempt to read from address 033022b8

FAULTING_THREAD: 000003c8

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: Explorer.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 033022b8

BUGCHECK_STR: ACCESS_VIOLATION

THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 783155e4 to 78313a7f

STACK_TEXT:
025df390 783155e4 000bc938 000e61c0 7831555a SHELL32!HDXA_DeleteAll+0x1e
025df39c 7831555a 000bc938 000e61e0 000e61c0 SHELL32!HDXA_Destroy+0xf
025df3b4 7831551a 70bffd08 000d7858 7107e558
SHELL32!CDefFolderMenu::~CDefFolderMenu+0x2e
025df3c0 7107e558 000e61c0 000d79cc 000d7858
SHELL32!CDefFolderMenu::Release+0x3f
025df400 710439f3 00e0005e 000000e0 000ec3e8
SHDOCVW!CNscTree::_OnContextMenu+0x256
025df430 7102865e 025df8a0 000ec448 00000000
SHDOCVW!CNscTree::_OnNotify+0x3a2
025df444 7102861d 000d7980 00010208 0000004e
SHDOCVW!CNscTree::OnWinEvent+0x4f
025df474 711675c5 000ec3e8 00010208 0000004e
SHDOCVW!CNSCBand::OnWinEvent+0x6b
025df4a8 7116c0d4 00010208 0000004e 00000064
browseui!CBandSite::_SendToToolband+0x42
025df4d4 71183c1f 000efa48 00010200 00000000
browseui!CBandSite::OnWinEvent+0x141
025df520 711928dd 000efa48 00010200 0000004e
browseui!CBrowserBandSite::OnWinEvent+0x14a
025df54c 71183805 0000004e 00000064 025df8a0
browseui!CBaseBar::_CheckForwardWinEvent+0x84
025df568 7116c7ad 0000004e 00000064 025df8a0
browseui!CBaseBar::_OnCommand+0x1a
025df584 7118397b 00010200 0000004e 00000064
browseui!CBaseBar::v_WndProc+0x4d
025df5d4 7118391b 00010200 0000004e 00000064
browseui!CDockingBar::v_WndProc+0x433
025df604 7116c695 00010200 0000004e 00000064
browseui!CBrowserBar::v_WndProc+0x97
025df628 77e12ca8 00010200 0000004e 00000064
browseui!CImpWndProc::s_WndProc+0x66
025df648 77e14398 7116c659 00010200 0000004e USER32!UserCallWinProc+0x18
025df678 77e14925 0047b6a8 0000004e 00000064 USER32!SendMessageWorker+0x31f
025df698 7171603f 00010200 0000004e 00000064 USER32!SendMessageW+0x8c
WARNING: Stack unwind information not available. Following frames may be
wrong.
025df728 71722215 025df744 fffffffb 025df8a0 COMCTL32!Ordinal73+0xbd6
025df768 71750134 00010200 ffffffff fffffffb COMCTL32!Ordinal342+0x5c
025df7cc 77e12ca8 00010202 0000004e 00000064 COMCTL32!Ordinal383+0x3f38
025df7ec 77e14398 7174ff1b 00010202 0000004e USER32!UserCallWinProc+0x18
025df81c 77e14925 0047aa18 0000004e 00000064 USER32!SendMessageWorker+0x31f
025df83c 7171603f 00010202 0000004e 00000064 USER32!SendMessageW+0x8c
025df8cc 71752cb5 000f0718 fffffffb 00000000 COMCTL32!Ordinal73+0xbd6
025df8f0 71755551 00010208 0000005a 0000006b COMCTL32!Ordinal413+0x799
025df940 77e12ca8 00010208 00000204 00000002 COMCTL32!Ordinal413+0x3035
025df960 77e152e6 71755025 00010208 00000204 USER32!UserCallWinProc+0x18
025df984 77e16487 71755025 00010208 00000204 USER32!CallWindowProcAorW+0x94
025df9a4 717521f0 71755025 00010208 00000204 USER32!CallWindowProcW+0x19
025df9c0 7175276f 00010208 00000204 00000002 COMCTL32!Ordinal363+0x1c9
025dfa1c 71752574 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfa40 710276b0 00010208 00000204 00000002 COMCTL32!Ordinal413+0x58
025dfa5c 7175276f 00010208 00000204 00000002
SHDOCVW!CNotifySubclassWndProc::_SubclassWndProc+0xa5
025dfab8 71752574 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfadc 7102765a 00010208 00000204 00000002 COMCTL32!Ordinal413+0x58
025dfb28 710275e1 00010208 00000204 00000002
SHDOCVW!CNscTree::_SubClassTreeWndProc+0x369
025dfb48 7175276f 00010208 00000204 00000002
SHDOCVW!CNscTree::s_SubClassTreeWndProc+0x32
025dfba4 71752643 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfc00 77e12ca8 00010208 00000204 00000002 COMCTL32!Ordinal413+0x127
025dfc20 77e12dc5 717525ac 00010208 00000204 USER32!UserCallWinProc+0x18
025dfcac 77e12f0f 025dfef0 00000000 71162200
USER32!DispatchMessageWorker+0x2e4
025dfcb8 71162200 025dfef0 00000000 000c7a70 USER32!DispatchMessageW+0xb
025dfcd0 71181cf9 025dfef0 00000000 0006ea0c
browseui!TimedDispatchMessage+0x35
025dff28 71181acf 00000000 00000000 0006ea0c
browseui!BrowserThreadProc+0x2d5
025dffb4 7c4e987c 000c2bf0 00000000 0006ea0c
browseui!BrowserProtectedThreadProc+0xce
025dffec 00000000 71181a8b 000c2bf0 00000000 KERNEL32!BaseThreadStart+0x52


FOLLOWUP_IP:
SHDOCVW!CNscTree::_OnContextMenu+256
7107e558 6a00 push 0x0

SYMBOL_STACK_INDEX: 4

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: SHDOCVW!CNscTree::_OnContextMenu+256

MODULE_NAME: SHDOCVW

IMAGE_NAME: SHDOCVW.DLL

DEBUG_FLR_IMAGE_TIMESTAMP: 3d6e2bf2

STACK_COMMAND: ~10s ; kb

BUCKET_ID: ACCESS_VIOLATION_SHDOCVW!CNscTree::_OnContextMenu+256

Followup: MachineOwner
---------

 

[Pat [MSFT]]

It's possibly bug in Shell32.dll. If you haven't done so already, try
installing Win2kSP4. The other likely culprit is IE (SHDOCVW.dll). You
should verify that you have the latest security patch for IE installed.

If the problem continues, you'll need to contact MS-Support.


Pat

Pat-OK, I think I did everything as you described, the following is what I
got. Seems like there was an error with the analysis??? Maybe you can
make some sense of it ;-)

Thanks for taking a look!

Dan

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\we crash user.dmp]
User Dump File: Only application data is available

Windows 2000 Version 2195 UP Free x86 compatible
Product: WinNt
Debug session time: Tue Aug 17 18:47:31 2004
System Uptime: 0 days 0:58:16.051
Process Uptime: not available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.
*
* Use .symfix to have the debugger choose a symbol path.
*
* After setting your symbol path, use .reload to refresh symbol locations.
*
****************************************************************************
Executable search path is:
.............................................................................
(cc.3c8): Access violation - code c0000005 (!!! second chance !!!)
eax=033022b8 ebx=00000065 ecx=000bc938 edx=00000003 esi=000bc938
edi=00000003
eip=78313a7f esp=025df38c ebp=025df400 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for SHELL32.dll -
SHELL32!Ordinal701+0xb0d:
78313a7f 8b08 mov ecx,[eax] ds:0023:033022b8=????????
0:010> .symfix e:\symbols
Symbol search path is:
SRV*e:\symbols*http://msdl.microsoft.com/download/symbols
0:010> .reload
.............................................................................
0:010> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for COMCTL32.DLL -

FAULTING_IP:
SHELL32!HDXA_DeleteAll+1e
78313a7f 8b08 mov ecx,[eax]

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 78313a7f (SHELL32!HDXA_DeleteAll+0x0000001e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 033022b8
Attempt to read from address 033022b8

FAULTING_THREAD: 000003c8

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: Explorer.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 033022b8

BUGCHECK_STR: ACCESS_VIOLATION

THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 783155e4 to 78313a7f

STACK_TEXT:
025df390 783155e4 000bc938 000e61c0 7831555a SHELL32!HDXA_DeleteAll+0x1e
025df39c 7831555a 000bc938 000e61e0 000e61c0 SHELL32!HDXA_Destroy+0xf
025df3b4 7831551a 70bffd08 000d7858 7107e558
SHELL32!CDefFolderMenu::~CDefFolderMenu+0x2e
025df3c0 7107e558 000e61c0 000d79cc 000d7858
SHELL32!CDefFolderMenu::Release+0x3f
025df400 710439f3 00e0005e 000000e0 000ec3e8
SHDOCVW!CNscTree::_OnContextMenu+0x256
025df430 7102865e 025df8a0 000ec448 00000000
SHDOCVW!CNscTree::_OnNotify+0x3a2
025df444 7102861d 000d7980 00010208 0000004e
SHDOCVW!CNscTree::OnWinEvent+0x4f
025df474 711675c5 000ec3e8 00010208 0000004e
SHDOCVW!CNSCBand::OnWinEvent+0x6b
025df4a8 7116c0d4 00010208 0000004e 00000064
browseui!CBandSite::_SendToToolband+0x42
025df4d4 71183c1f 000efa48 00010200 00000000
browseui!CBandSite::OnWinEvent+0x141
025df520 711928dd 000efa48 00010200 0000004e
browseui!CBrowserBandSite::OnWinEvent+0x14a
025df54c 71183805 0000004e 00000064 025df8a0
browseui!CBaseBar::_CheckForwardWinEvent+0x84
025df568 7116c7ad 0000004e 00000064 025df8a0
browseui!CBaseBar::_OnCommand+0x1a
025df584 7118397b 00010200 0000004e 00000064
browseui!CBaseBar::v_WndProc+0x4d
025df5d4 7118391b 00010200 0000004e 00000064
browseui!CDockingBar::v_WndProc+0x433
025df604 7116c695 00010200 0000004e 00000064
browseui!CBrowserBar::v_WndProc+0x97
025df628 77e12ca8 00010200 0000004e 00000064
browseui!CImpWndProc::s_WndProc+0x66
025df648 77e14398 7116c659 00010200 0000004e USER32!UserCallWinProc+0x18
025df678 77e14925 0047b6a8 0000004e 00000064
USER32!SendMessageWorker+0x31f
025df698 7171603f 00010200 0000004e 00000064 USER32!SendMessageW+0x8c
WARNING: Stack unwind information not available. Following frames may be
wrong.
025df728 71722215 025df744 fffffffb 025df8a0 COMCTL32!Ordinal73+0xbd6
025df768 71750134 00010200 ffffffff fffffffb COMCTL32!Ordinal342+0x5c
025df7cc 77e12ca8 00010202 0000004e 00000064 COMCTL32!Ordinal383+0x3f38
025df7ec 77e14398 7174ff1b 00010202 0000004e USER32!UserCallWinProc+0x18
025df81c 77e14925 0047aa18 0000004e 00000064
USER32!SendMessageWorker+0x31f
025df83c 7171603f 00010202 0000004e 00000064 USER32!SendMessageW+0x8c
025df8cc 71752cb5 000f0718 fffffffb 00000000 COMCTL32!Ordinal73+0xbd6
025df8f0 71755551 00010208 0000005a 0000006b COMCTL32!Ordinal413+0x799
025df940 77e12ca8 00010208 00000204 00000002 COMCTL32!Ordinal413+0x3035
025df960 77e152e6 71755025 00010208 00000204 USER32!UserCallWinProc+0x18
025df984 77e16487 71755025 00010208 00000204
USER32!CallWindowProcAorW+0x94
025df9a4 717521f0 71755025 00010208 00000204 USER32!CallWindowProcW+0x19
025df9c0 7175276f 00010208 00000204 00000002 COMCTL32!Ordinal363+0x1c9
025dfa1c 71752574 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfa40 710276b0 00010208 00000204 00000002 COMCTL32!Ordinal413+0x58
025dfa5c 7175276f 00010208 00000204 00000002
SHDOCVW!CNotifySubclassWndProc::_SubclassWndProc+0xa5
025dfab8 71752574 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfadc 7102765a 00010208 00000204 00000002 COMCTL32!Ordinal413+0x58
025dfb28 710275e1 00010208 00000204 00000002
SHDOCVW!CNscTree::_SubClassTreeWndProc+0x369
025dfb48 7175276f 00010208 00000204 00000002
SHDOCVW!CNscTree::s_SubClassTreeWndProc+0x32
025dfba4 71752643 000c5ca8 00010208 00000204 COMCTL32!Ordinal413+0x253
025dfc00 77e12ca8 00010208 00000204 00000002 COMCTL32!Ordinal413+0x127
025dfc20 77e12dc5 717525ac 00010208 00000204 USER32!UserCallWinProc+0x18
025dfcac 77e12f0f 025dfef0 00000000 71162200
USER32!DispatchMessageWorker+0x2e4
025dfcb8 71162200 025dfef0 00000000 000c7a70 USER32!DispatchMessageW+0xb
025dfcd0 71181cf9 025dfef0 00000000 0006ea0c
browseui!TimedDispatchMessage+0x35
025dff28 71181acf 00000000 00000000 0006ea0c
browseui!BrowserThreadProc+0x2d5
025dffb4 7c4e987c 000c2bf0 00000000 0006ea0c
browseui!BrowserProtectedThreadProc+0xce
025dffec 00000000 71181a8b 000c2bf0 00000000 KERNEL32!BaseThreadStart+0x52


FOLLOWUP_IP:
SHDOCVW!CNscTree::_OnContextMenu+256
7107e558 6a00 push 0x0

SYMBOL_STACK_INDEX: 4

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: SHDOCVW!CNscTree::_OnContextMenu+256

MODULE_NAME: SHDOCVW

IMAGE_NAME: SHDOCVW.DLL

DEBUG_FLR_IMAGE_TIMESTAMP: 3d6e2bf2

STACK_COMMAND: ~10s ; kb

BUCKET_ID: ACCESS_VIOLATION_SHDOCVW!CNscTree::_OnContextMenu+256

Followup: MachineOwner
---------

The dmp file is a binary file. You will need to use one of the MS
debuggers to read it:

1) Download and install WinDBG - it comes in the debugger pack
(http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx)
2) Create a directory for the symbols, c:\symbols
3) Launch WinDBG (Start-->Programs-->Debugging Tools For Windows)
4) Open the .dmp file (File-->Open Crash Dump)
5) Set the symbol path: .symfix c:\symbols <enter>
6) Reset the symbols: .reload <enter>
7) Type !analyze -v <enter>

This will spew a bunch of information, but included will an analysis of
the most likely cause of the failure. If you need help understanding the
output, you can post it to the group.

BTW, this method also works on mini-dumps, kernel dumps, etc.


Pat