每天,我的 Windows 7 x64 可靠性监视器都会报告至少一次 SearchIndexer.exe 崩溃。以下是日志。
Description
Faulting Application Path: C:\Windows\System32\SearchIndexer.exe
Problem signature
Problem Event Name: APPCRASH
Application Name: SearchIndexer.exe
Application Version: 7.0.7601.17610
Application Timestamp: 4dc0d019
Fault Module Name: msvcrt.dll
Fault Module Version: 7.0.7601.17744
Fault Module Timestamp: 4eeb033f
Exception Code: c0000005
Exception Offset: 00000000000011fd
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional Information 1: 8e9c
Additional Information 2: 8e9cc075dc50f01b9cac7ccc1eadbd5c
Additional Information 3: 7fa4
Additional Information 4: 7fa418f09a0afea8e8da8b9cc9b6d244
我该怎么做才能阻止它?
答案1
在转储中,我可以看到这个调用 t query!CSdidLookupTable::LookupSDIDOrAdd+0x152
,因此存在寻找权限的问题。
00 ntdll!NtWaitForMultipleObjects
01 KERNELBASE!WaitForMultipleObjectsEx
02 kernel32!WaitForMultipleObjectsExImplementation
03 kernel32!WerpReportFaultInternal
04 kernel32!WerpReportFault
05 kernel32!BasepReportFault
06 kernel32!UnhandledExceptionFilter
07 ntdll! ?? ::FNODOBFM::`string'
08 ntdll!_C_specific_handler
09 ntdll!RtlpExecuteHandlerForException
0a ntdll!RtlDispatchException
0b ntdll!KiUserExceptionDispatch
0c msvcrt!memcpy
0d tquery!CRcovStrmTrans::Read
0e tquery!CRcovStrmIter::GetRec
0f tquery!CSdidLookupTable::LookupSDIDOrAdd
10 tquery!CSecurityStoreWrapper::LookupSDID
11 mssrch!CPluginCollectionSink::PushProperties
12 mssrch!CRobotThread::Thread
13 kernel32!BaseThreadInitThunk
14 ntdll!RtlUserThreadStart
我可以看到这个字符串四处浮动C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
。因此请确保 SYSTEM 有权访问它。
guard64.dll
我还可以看到其中涉及一个第三方 dll 。
0x00000000051180f8 : 0x000007fefe0511fd : msvcrt!memcpy+0x250
0x0000000005118300 : 0x007600650044005c : !du "\Device\"
0x0000000005118348 : 0x0000000076c91a0a : kernel32!HeapFree+0xa
0x0000000005118360 : 0x007600650044005c : !du "\Device\Hard"
0x0000000005118368 : 0x005c006500630069 : !du "ice\Hard"
*** ERROR: Symbol file could not be found. Defaulted to export symbols for guard64.dll -
0x0000000005118380 : 0x0075006c006f0056 : !du "Volume?\*"
0x0000000005118388 : 0x005c003f0065006d : !du "me?\*"
0x0000000005118408 : 0x000007fefccc0480 : KERNELBASE!g_SbTableEntry_CreateFileDowngradeSwitch_Scenario
0x0000000005118458 : 0x000007fefcc6725e : KERNELBASE!CreateFileW+0x4aa
0x0000000005118500 : 0x000007fefe0511fd : msvcrt!memcpy+0x250
0x0000000005118588 : 0x00000000017a5680 : !du "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\S..."
这是 COMODO 的:
Image path: C:\Windows\System32\guard64.dll
Image name: guard64.dll
Browse all global symbols functions data
Timestamp: Tue Jun 14 23:11:46 2016 (57607312)
CheckSum: 000D15C2
ImageSize: 000C6000
File version: 8.4.0.5068
Product version: 8.4.0.5068
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: COMODO
ProductName: COMODO Internet Security
ProductVersion: 8, 4, 0, 5068
FileVersion: 8, 4, 0, 5068
FileDescription: COMODO Internet Security
LegalCopyright: 2005-2016 COMODO. All rights reserved.
将其删除并查看是否能解决崩溃问题。