调试 Windows 8.1 文件资源管理器中的崩溃

调试 Windows 8.1 文件资源管理器中的崩溃

自从升级到 Windows 8.1 以来,我经常遇到 Windows 资源管理器崩溃的情况。它会锁定 10-30 秒,然后终止并自行重新启动。这种情况每天都会发生很多次,而且我没有看到一致的触发原因 - 有时即使我根本没有与资源管理器交互,它也会发生。

我已安装的 Shell 扩展:

  • 记事本++
  • TortoiseSVN
  • Dropbox
  • 7-Zip

我尝试禁用上述所有扩展但崩溃仍然发生。

我使用以下方法捕获了一个小型转储进程转储并尝试使用 WinDbg 对其进行分析,但我是一名 .NET 开发人员,所以我大多时候都不知道我在看什么。:) 转储文件在这里:https://dl.dropboxusercontent.com/u/407740/explorer.exe_150122_113351.dmp

当我第一次加载转储文件时,我看到以下内容:

This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(3cf0.1284): Stack overflow - code c00000fd (first/second chance not available)

我曾经.ecxr切换到崩溃的线程。这也输出了一些我不知道该如何处理的信息。

我曾经kn显示过堆栈跟踪,并且得到了这个:

 # Child-SP          RetAddr           Call Site
00 00000000`19ef4000 00007ffb`d917184a ntdll!RtlAllocateHeap+0xd2
01 00000000`19ef4110 00007ffb`d55b16cb combase!CoTaskMemAlloc+0x3a
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for shell32.dll - 
02 00000000`19ef4140 00007ffb`d7738d98 SHCore!SHStrDupW+0x4b
03 00000000`19ef4170 00007ffb`d90e1906 shell32!SHCreateItemFromIDList+0x2d8
04 00000000`19ef5410 00007ffb`d77f0b46 shlwapi!IShellFolder_GetDisplayNameOf+0x46
05 00000000`19ef5460 00007ffb`d7764733 shell32!SHRestricted+0x8f6
06 00000000`19ef6760 00007ffb`d7764b2a shell32!Shell_GetCachedImageIndexW+0x146d3
07 00000000`19ef6840 00007ffb`d7764a46 shell32!Shell_GetCachedImageIndexW+0x14aca
08 00000000`19ef6890 00007ffb`d776495c shell32!Shell_GetCachedImageIndexW+0x149e6
09 00000000`19ef6920 00007ffb`d776144d shell32!Shell_GetCachedImageIndexW+0x148fc
0a 00000000`19ef69f0 00007ffb`d7814b1e shell32!Shell_GetCachedImageIndexW+0x113ed
0b 00000000`19ef6b20 00007ffb`d77438ce shell32!SHChangeNotifyDeregister+0xb7e
0c 00000000`19ef8860 00007ffb`d7735f55 shell32!PathIsExeWorker+0x717e
0d 00000000`19ef9040 00007ffb`d77efe5b shell32!SHBindToObject+0x1705
0e 00000000`19ef95b0 00007ffb`d777853f shell32!Ordinal866+0x105b
0f 00000000`19ef9920 00007ffb`d7764c22 shell32!Ordinal880+0x1df
10 00000000`19ef9990 00007ffb`d780299c shell32!Shell_GetCachedImageIndexW+0x14bc2
11 00000000`19efaa80 00007ffb`d7735f55 shell32!Ordinal922+0x166c
12 00000000`19efb260 00007ffb`d77efe5b shell32!SHBindToObject+0x1705
13 00000000`19efb7d0 00007ffb`b7da1097 shell32!Ordinal866+0x105b
14 00000000`19efbb40 00007ffb`b7da035a SearchFolder!CScope::Load+0x377
15 00000000`19efbc80 00007ffb`b7d9ffb2 SearchFolder!CBinaryAutoList::Load+0x2ea
16 00000000`19efbef0 00007ffb`b7d46f4b SearchFolder!CAutoListCache::GetListDescriptionFromPropertyBag+0x4be
17 00000000`19efc050 00007ffb`d780065a SearchFolder!CDelegateFolderBase::BindToObject+0x3f2
18 00000000`19efc150 00007ffb`d77347c8 shell32!ILCloneFirst+0x4a2a
19 00000000`19efc230 00007ffb`d781792e shell32!ILCombine+0x468
1a 00000000`19efcba0 00007ffb`d77f56a8 shell32!Ordinal95+0x32e
1b 00000000`19efcf10 00007ffb`d7905cb6 shell32!SHBindToFolderIDListParentEx+0x338
1c 00000000`19efcff0 00007ffb`d78ca13b shell32!DriveType+0x386
1d 00000000`19efd2b0 00007ffb`d78bea34 shell32!Ordinal833+0x83b
1e 00000000`19efd310 00007ffb`d78beadc shell32!Ordinal825+0x20a4
1f 00000000`19efd370 00007ffb`d7a1d29f shell32!Ordinal825+0x214c
20 00000000`19efd3a0 00007ffb`d7a99f9e shell32!ReadCabinetState+0x205f
21 00000000`19efd3e0 00007ffb`d790eaa7 shell32!ILCreateFromPathW+0x58bbe
22 00000000`19efd490 00007ffb`d7a99fd3 shell32!SHBindToParent+0xa27
23 00000000`19efd750 00007ffb`d790eaa7 shell32!ILCreateFromPathW+0x58bf3
24 00000000`19efd490 00007ffb`d7a99fd3 shell32!SHBindToParent+0xa27
25 00000000`19efd750 00007ffb`d790eaa7 shell32!ILCreateFromPathW+0x58bf3
26 00000000`19efd490 00007ffb`d7a99fd3 shell32!SHBindToParent+0xa27
27 00000000`19efd750 00007ffb`d790eaa7 shell32!ILCreateFromPathW+0x58bf3
...
fe 00000000`19f14eb0 00007ffb`d7a99fd3 shell32!SHBindToParent+0xa27
ff 00000000`19f15170 00007ffb`d790eaa7 shell32!ILCreateFromPathW+0x58bf3

如果我使用,!analyze -v我会得到一些其他信息,但我不知道如何使用。

我通过执行加载了最后一帧.frame ff,并尝试使用dv查看变量,但这给出了错误“ Private symbols (symbols.pri) are required for locals”。我不知道接下来该怎么做。我如何才能获得有关 Explorer 崩溃时尝试执行的操作的更多信息?

答案1

我转储了堆栈并发现,sysfer.dll当 Explorer 尝试使用 进行搜索操作时 (Symantec DLL) 会参与其中C:\Windows\System32\connectedsearch-appcmd.searchconnector-ms,该搜索会在 Windows 搜索中显示 Bing 结果:

0x0000000019ef98c8 : 0x00007ffbd7778a80 : shell32!CSearchConnectorFolder::v_InternalQueryInterface+0x30
0x0000000019ef98d8 : 0x00007ffbd7949030 :  !du "ParentFolder"
0x0000000019ef98f8 : 0x00007ffbd77f0fb0 : shell32!CShellItem::BindToHandler
0x0000000019ef9918 : 0x00007ffbd777853f : shell32!CSearchConnectorFolder::Initialize+0xcf
0x0000000019ef9938 : 0x00007ffbd7739590 : shell32!CShellItem::GetAttributes
0x0000000019ef9948 : 0x00007ffbd7732330 : shell32!CFSFolder::Release
0x0000000019ef9978 : 0x00007ffbd7778460 : shell32!CSearchConnectorFolder::InitializeEx
0x0000000019ef9980 : 0x0000000019ef9a90 :  !du "earchconnector-ms"
0x0000000019ef9988 : 0x00007ffbd7764c22 : shell32!CFSFolder::_InitFolder+0xe1b
0x0000000019ef9990 : 0x00007ffbd75972c0 : ole32!CBindCtx::RegisterObjectParam
0x0000000019ef9a38 : 0x0057005c003a0043 :  !du "C:\Windows\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a40 : 0x006f0064006e0069 :  !du "indows\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a48 : 0x0053005c00730077 :  !du "ws\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a50 : 0x0065007400730079 :  !du "ystem32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a58 : 0x005c00320033006d :  !du "m32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a60 : 0x006e006e006f0063 :  !du "connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a68 : 0x0065007400630065 :  !du "ectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a70 : 0x0061006500730064 :  !du "dsearch-appcmd.searchconnector-ms"
0x0000000019ef9a78 : 0x002d006800630072 :  !du "rch-appcmd.searchconnector-ms"
0x0000000019ef9a80 : 0x0063007000700061 :  !du "appcmd.searchconnector-ms"
0x0000000019ef9a88 : 0x0073002e0064006d :  !du "md.searchconnector-ms"
0x0000000019ef9a90 : 0x0063007200610065 :  !du "earchconnector-ms"
0x0000000019ef9a98 : 0x006e006f00630068 :  !du "hconnector-ms"
0x0000000019ef9aa0 : 0x007400630065006e :  !du "nector-ms"
0x0000000019ef9aa8 : 0x006d002d0072006f :  !du "or-ms"
*** WARNING: Unable to verify timestamp for sysfer.dll
*** ERROR: Module load completed but symbols could not be loaded for sysfer.dll
0x0000000019ef9e78 : 0x00007ffbd9bebb95 : ntdll!RtlpLowFragHeapAllocFromContext+0x355
0x0000000019ef9ed0 : 0x00007ffbd7952a90 :  dt shell32!CFileExtension
0x0000000019ef9ef0 : 0x00007ffbd7957960 : shell32!CLSID_LibraryFolder
0x0000000019ef9f28 : 0x00007ffbd917c922 : combase!CComActivator::DoCreateInstance+0x162
0x0000000019ef9f38 : 0x00007ffbd7731f9e : shell32!CAggregatedUnknown::AddRef+0x1e
0x0000000019ef9f48 : 0x00007ffbd9beb6f7 : ntdll!RtlAllocateHeap+0xd7
0x0000000019ef9f68 : 0x00007ffbd6de24b1 : KERNELBASE!QISearch+0x91
0x0000000019ef9f70 : 0x00007ffbd7732ae0 : shell32!CCommonPlaceFolder::AddRef
0x0000000019ef9f98 : 0x00007ffbd7800e65 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface+0x2cb
0x0000000019ef9fa0 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019ef9fa8 : 0x00007ffbd7922480 : shell32!CLibraryFolder::v_InternalQueryInterface
0x0000000019ef9fc0 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019ef9fc8 : 0x00007ffbd7778ab4 : shell32!CSearchConnectorFolder::v_InternalQueryInterface+0x64
0x0000000019ef9fd8 : 0x00007ffbd7732110 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface
0x0000000019ef9ff8 : 0x00007ffbd773208d : shell32!CAggregatedUnknown::Release+0x2d
0x0000000019efa000 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019efa028 : 0x00007ffbd773208d : shell32!CAggregatedUnknown::Release+0x2d
0x0000000019efa038 : 0x00007ffbd7732110 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface
0x0000000019efa058 : 0x00007ffbd79220bc : shell32!CSearchConnectorFolder::s_CreateInstance+0x14c
0x0000000019efa060 : 0x00007ffbd7777cb0 : shell32!CCommonPlaceFolder::Release
0x0000000019efa0b8 : 0x00007ffbd794f120 : 0x00007ffbd794fa40 : 0x00007ffbd79ecf00 : shell32!ECFQueryInterface
0x0000000019efa0c8 : 0x00007ffbd7733ebe : shell32!_SHCoCreateInstance+0x21b
0x0000000019efa0d0 : 0x00007ffbd7778390 : shell32!CSearchConnectorFolder_CreateInstance
0x0000000019efa0d8 : 0x00007ffbd72c2771 : msvcrt!fputwc_nolock+0x1e0
0x0000000019efa150 : 0x00630065006e006e :  !du "nnectedsearch-appcmd.searchconnector-ms"
0x0000000019efa158 : 0x0073006400650074 :  !du "tedsearch-appcmd.searchconnector-ms"
0x0000000019efa160 : 0x0063007200610065 :  !du "earch-appcmd.searchconnector-ms"
0x0000000019efa168 : 0x00700061002d0068 :  !du "h-appcmd.searchconnector-ms"
0x0000000019efa170 : 0x0064006d00630070 :  !du "pcmd.searchconnector-ms"

也许 Symantec DLL 尝试扫描搜索结果以查找不良结果,这可能会导致问题。

相关内容