Depurando uma falha no Windows 8.1 File Explorer

0

Desde a atualização para o Windows 8.1, tenho experimentado falhas frequentes no Windows Explorer. Ele trava por 10 a 30 segundos, depois termina e se reinicia. Isso acontece muitas vezes ao dia e não vejo um gatilho consistente - às vezes acontece se eu não estiver nem mesmo interagindo com o Explorer.

Extensões de shell que eu instalei:

  • Notepad ++
  • TortoiseSVN
  • Dropbox
  • 7-zip

Eu tentei desativar todas as extensões acima, mas as falhas continuaram acontecendo.

Capturei um minidump usando o procdump e tentei analisá-lo com o WinDbg, mas sou um Desenvolvedor .NET, então eu realmente não sei o que estou vendo. :) O arquivo de despejo está aqui: link

Quando carrego o arquivo de despejo pela primeira vez, vejo isso:

This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(3cf0.1284): Stack overflow - code c00000fd (first/second chance not available)

Eu usei .ecxr para alternar para o segmento com falha. Isso também gera algumas informações que eu não sei o que fazer com isso.

Eu usei kn para mostrar o rastreio da pilha e recebi isto:

 # Child-SP          RetAddr           Call Site
00 00000000'19ef4000 00007ffb'd917184a ntdll!RtlAllocateHeap+0xd2
01 00000000'19ef4110 00007ffb'd55b16cb combase!CoTaskMemAlloc+0x3a
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for shell32.dll - 
02 00000000'19ef4140 00007ffb'd7738d98 SHCore!SHStrDupW+0x4b
03 00000000'19ef4170 00007ffb'd90e1906 shell32!SHCreateItemFromIDList+0x2d8
04 00000000'19ef5410 00007ffb'd77f0b46 shlwapi!IShellFolder_GetDisplayNameOf+0x46
05 00000000'19ef5460 00007ffb'd7764733 shell32!SHRestricted+0x8f6
06 00000000'19ef6760 00007ffb'd7764b2a shell32!Shell_GetCachedImageIndexW+0x146d3
07 00000000'19ef6840 00007ffb'd7764a46 shell32!Shell_GetCachedImageIndexW+0x14aca
08 00000000'19ef6890 00007ffb'd776495c shell32!Shell_GetCachedImageIndexW+0x149e6
09 00000000'19ef6920 00007ffb'd776144d shell32!Shell_GetCachedImageIndexW+0x148fc
0a 00000000'19ef69f0 00007ffb'd7814b1e shell32!Shell_GetCachedImageIndexW+0x113ed
0b 00000000'19ef6b20 00007ffb'd77438ce shell32!SHChangeNotifyDeregister+0xb7e
0c 00000000'19ef8860 00007ffb'd7735f55 shell32!PathIsExeWorker+0x717e
0d 00000000'19ef9040 00007ffb'd77efe5b shell32!SHBindToObject+0x1705
0e 00000000'19ef95b0 00007ffb'd777853f shell32!Ordinal866+0x105b
0f 00000000'19ef9920 00007ffb'd7764c22 shell32!Ordinal880+0x1df
10 00000000'19ef9990 00007ffb'd780299c shell32!Shell_GetCachedImageIndexW+0x14bc2
11 00000000'19efaa80 00007ffb'd7735f55 shell32!Ordinal922+0x166c
12 00000000'19efb260 00007ffb'd77efe5b shell32!SHBindToObject+0x1705
13 00000000'19efb7d0 00007ffb'b7da1097 shell32!Ordinal866+0x105b
14 00000000'19efbb40 00007ffb'b7da035a SearchFolder!CScope::Load+0x377
15 00000000'19efbc80 00007ffb'b7d9ffb2 SearchFolder!CBinaryAutoList::Load+0x2ea
16 00000000'19efbef0 00007ffb'b7d46f4b SearchFolder!CAutoListCache::GetListDescriptionFromPropertyBag+0x4be
17 00000000'19efc050 00007ffb'd780065a SearchFolder!CDelegateFolderBase::BindToObject+0x3f2
18 00000000'19efc150 00007ffb'd77347c8 shell32!ILCloneFirst+0x4a2a
19 00000000'19efc230 00007ffb'd781792e shell32!ILCombine+0x468
1a 00000000'19efcba0 00007ffb'd77f56a8 shell32!Ordinal95+0x32e
1b 00000000'19efcf10 00007ffb'd7905cb6 shell32!SHBindToFolderIDListParentEx+0x338
1c 00000000'19efcff0 00007ffb'd78ca13b shell32!DriveType+0x386
1d 00000000'19efd2b0 00007ffb'd78bea34 shell32!Ordinal833+0x83b
1e 00000000'19efd310 00007ffb'd78beadc shell32!Ordinal825+0x20a4
1f 00000000'19efd370 00007ffb'd7a1d29f shell32!Ordinal825+0x214c
20 00000000'19efd3a0 00007ffb'd7a99f9e shell32!ReadCabinetState+0x205f
21 00000000'19efd3e0 00007ffb'd790eaa7 shell32!ILCreateFromPathW+0x58bbe
22 00000000'19efd490 00007ffb'd7a99fd3 shell32!SHBindToParent+0xa27
23 00000000'19efd750 00007ffb'd790eaa7 shell32!ILCreateFromPathW+0x58bf3
24 00000000'19efd490 00007ffb'd7a99fd3 shell32!SHBindToParent+0xa27
25 00000000'19efd750 00007ffb'd790eaa7 shell32!ILCreateFromPathW+0x58bf3
26 00000000'19efd490 00007ffb'd7a99fd3 shell32!SHBindToParent+0xa27
27 00000000'19efd750 00007ffb'd790eaa7 shell32!ILCreateFromPathW+0x58bf3
...
fe 00000000'19f14eb0 00007ffb'd7a99fd3 shell32!SHBindToParent+0xa27
ff 00000000'19f15170 00007ffb'd790eaa7 shell32!ILCreateFromPathW+0x58bf3

Se eu usar !analyze -v , recebo outras informações, mas nada que eu saiba usar.

Carreguei o último quadro fazendo .frame ff e tentei usar dv para ver as variáveis, mas isso deu um erro " Private symbols (symbols.pri) are required for locals ". Não tenho certeza do que fazer daqui. Como posso obter mais informações sobre o que o Explorer estava tentando fazer quando caiu?

    
por jon without an h 22.01.2015 / 21:06

1 resposta

0

Eu despejei a pilha e vi que o sysfer.dll (Symantec DLL) estava envolvido quando o Explorer tentava fazer operações de pesquisa com C:\Windows\System32\connectedsearch-appcmd.searchconnector-ms , que é a pesquisa que exibe os resultados do Bing no Windows Search:

0x0000000019ef98c8 : 0x00007ffbd7778a80 : shell32!CSearchConnectorFolder::v_InternalQueryInterface+0x30
0x0000000019ef98d8 : 0x00007ffbd7949030 :  !du "ParentFolder"
0x0000000019ef98f8 : 0x00007ffbd77f0fb0 : shell32!CShellItem::BindToHandler
0x0000000019ef9918 : 0x00007ffbd777853f : shell32!CSearchConnectorFolder::Initialize+0xcf
0x0000000019ef9938 : 0x00007ffbd7739590 : shell32!CShellItem::GetAttributes
0x0000000019ef9948 : 0x00007ffbd7732330 : shell32!CFSFolder::Release
0x0000000019ef9978 : 0x00007ffbd7778460 : shell32!CSearchConnectorFolder::InitializeEx
0x0000000019ef9980 : 0x0000000019ef9a90 :  !du "earchconnector-ms"
0x0000000019ef9988 : 0x00007ffbd7764c22 : shell32!CFSFolder::_InitFolder+0xe1b
0x0000000019ef9990 : 0x00007ffbd75972c0 : ole32!CBindCtx::RegisterObjectParam
0x0000000019ef9a38 : 0x0057005c003a0043 :  !du "C:\Windows\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a40 : 0x006f0064006e0069 :  !du "indows\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a48 : 0x0053005c00730077 :  !du "ws\System32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a50 : 0x0065007400730079 :  !du "ystem32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a58 : 0x005c00320033006d :  !du "m32\connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a60 : 0x006e006e006f0063 :  !du "connectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a68 : 0x0065007400630065 :  !du "ectedsearch-appcmd.searchconnector-ms"
0x0000000019ef9a70 : 0x0061006500730064 :  !du "dsearch-appcmd.searchconnector-ms"
0x0000000019ef9a78 : 0x002d006800630072 :  !du "rch-appcmd.searchconnector-ms"
0x0000000019ef9a80 : 0x0063007000700061 :  !du "appcmd.searchconnector-ms"
0x0000000019ef9a88 : 0x0073002e0064006d :  !du "md.searchconnector-ms"
0x0000000019ef9a90 : 0x0063007200610065 :  !du "earchconnector-ms"
0x0000000019ef9a98 : 0x006e006f00630068 :  !du "hconnector-ms"
0x0000000019ef9aa0 : 0x007400630065006e :  !du "nector-ms"
0x0000000019ef9aa8 : 0x006d002d0072006f :  !du "or-ms"
*** WARNING: Unable to verify timestamp for sysfer.dll
*** ERROR: Module load completed but symbols could not be loaded for sysfer.dll
0x0000000019ef9e78 : 0x00007ffbd9bebb95 : ntdll!RtlpLowFragHeapAllocFromContext+0x355
0x0000000019ef9ed0 : 0x00007ffbd7952a90 :  dt shell32!CFileExtension
0x0000000019ef9ef0 : 0x00007ffbd7957960 : shell32!CLSID_LibraryFolder
0x0000000019ef9f28 : 0x00007ffbd917c922 : combase!CComActivator::DoCreateInstance+0x162
0x0000000019ef9f38 : 0x00007ffbd7731f9e : shell32!CAggregatedUnknown::AddRef+0x1e
0x0000000019ef9f48 : 0x00007ffbd9beb6f7 : ntdll!RtlAllocateHeap+0xd7
0x0000000019ef9f68 : 0x00007ffbd6de24b1 : KERNELBASE!QISearch+0x91
0x0000000019ef9f70 : 0x00007ffbd7732ae0 : shell32!CCommonPlaceFolder::AddRef
0x0000000019ef9f98 : 0x00007ffbd7800e65 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface+0x2cb
0x0000000019ef9fa0 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019ef9fa8 : 0x00007ffbd7922480 : shell32!CLibraryFolder::v_InternalQueryInterface
0x0000000019ef9fc0 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019ef9fc8 : 0x00007ffbd7778ab4 : shell32!CSearchConnectorFolder::v_InternalQueryInterface+0x64
0x0000000019ef9fd8 : 0x00007ffbd7732110 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface
0x0000000019ef9ff8 : 0x00007ffbd773208d : shell32!CAggregatedUnknown::Release+0x2d
0x0000000019efa000 : 0x00007ffbd79556b8 : shell32!GUID_000214e6_0000_0000_c000_000000000046
0x0000000019efa028 : 0x00007ffbd773208d : shell32!CAggregatedUnknown::Release+0x2d
0x0000000019efa038 : 0x00007ffbd7732110 : shell32!CAggregatedUnknown::CUnkInner::QueryInterface
0x0000000019efa058 : 0x00007ffbd79220bc : shell32!CSearchConnectorFolder::s_CreateInstance+0x14c
0x0000000019efa060 : 0x00007ffbd7777cb0 : shell32!CCommonPlaceFolder::Release
0x0000000019efa0b8 : 0x00007ffbd794f120 : 0x00007ffbd794fa40 : 0x00007ffbd79ecf00 : shell32!ECFQueryInterface
0x0000000019efa0c8 : 0x00007ffbd7733ebe : shell32!_SHCoCreateInstance+0x21b
0x0000000019efa0d0 : 0x00007ffbd7778390 : shell32!CSearchConnectorFolder_CreateInstance
0x0000000019efa0d8 : 0x00007ffbd72c2771 : msvcrt!fputwc_nolock+0x1e0
0x0000000019efa150 : 0x00630065006e006e :  !du "nnectedsearch-appcmd.searchconnector-ms"
0x0000000019efa158 : 0x0073006400650074 :  !du "tedsearch-appcmd.searchconnector-ms"
0x0000000019efa160 : 0x0063007200610065 :  !du "earch-appcmd.searchconnector-ms"
0x0000000019efa168 : 0x00700061002d0068 :  !du "h-appcmd.searchconnector-ms"
0x0000000019efa170 : 0x0064006d00630070 :  !du "pcmd.searchconnector-ms"

Talvez o symantec DLL tente verificar os resultados da pesquisa por resultados ruins e isso pode causar problemas.

    
por 23.01.2015 / 17:23