Prev: KiFastSystemCall in the call stack
Next: WM_QUERYENDSESSION behavior
From: Bob Altman on 23 Sep 2009 14:03
Hi all,

On several different machines, explorer.exe gets a fatal error when I log
off or shut down. I get a dialog box telling me that explorer.exe has died.
Sometimes it waits for me to click Ok or Cancel, sometimes it just proceeds
to log off or shut down. This happens on both XP Pro and Vista machines. I
assume that some shell extension that I've installed on all of the machines
is the actual culprit, but I haven't yet figured out how to get an app dump
or any other data that I can use to figure it out.

I found an article (http://www.debuginfo.com/articles/ntsdwatson.html) that
describes how to fiddle with the AeDebug registry key to kick off NTSD to
create a process dump file, but I haven't yet succeeded in getting it to
produce a dump file when explorer.exe dies.

Any suggestions?

TIA - Bob


From: Kerem Gümrükcü on 24 Sep 2009 02:41
Hi Bob,

first i would give this a try:

[How to track and disable faulty shell extension]
http://www.altap.cz/salam_en/faulty_shell_extensions.html

There are MANY Tutorials like that in the www,...
Then have a look at this to dump any bad processes
that fail for some reason:

[User Mode Process Dumper Version 8.1]
http://www.microsoft.com/downloads/details.aspx?FamilyID=E089CA41-6A87-40C8-BF69-28AC08570B7E&displaylang=en

then i would try using this to disable all suspicious ShellExt's:

[ShellExView v1.41]
http://www.nirsoft.net/utils/shexview.html

Yes, mostly it is obviously some bad Shell-Extension
that makes the explorer.exe crash in its address
space, you easily can find it with some or little effort...

Regards

Kerem


--
--
-----------------------
Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."

From: "Jialiang Ge [MSFT]" on 24 Sep 2009 04:38

Hello

Thanks Kerem for the excellent suggestions!!

I have some additions:

You may consider trying this command to g
psexec -s adplus -crash -pn explorer.exe -o C:\Temp\

psexec is available at
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
adplus can be found in Debugging Tools for Windows
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
http://support.microsoft.com/kb/286350

The above command runs adplus and the consequent debugger (cdb.exe) as the
System user in the console session. Therefore, the debugger process should
not be affected by the logoff of your current user. When explorer crashes,
the debugger will generate a crash dump under C:\Temp\. Then you can
analyze the dump using Windbg and see what extension causes the problem in
the crash call-stack.


Regards,
Jialiang Ge
Microsoft Online Community Support

=================================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg(a)microsoft.com.

This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================

From: Kerem Gümrükcü on 24 Sep 2009 05:00
Hi Ge,

> Thanks Kerem for the excellent suggestions!!

you are welcome,...to make all this complete for
Bob, he could have a look at this:

[Debugging Tools for Windows
ADPlus]
http://msdn.microsoft.com/en-us/library/cc265629.aspx

[How to use ADPlus to troubleshoot "hangs" and "crashes"]
[http://support.microsoft.com/kb/286350/en-us]

[The Complete Idiot's Guide to Writing Shell Extensions]
http://www.codeproject.com/info/search.aspx?artkw=The+Complete+Idiot%27s+Guide+to+Writing+Shell+Extensions&sbo=kw

The last Link holds detailed informations about how ShellExt's work
in depth and is also some great reference for understanding what
and possible where something fails,...

Shell extensions are always vulnerabilities/flaws of the user
mode code for explorer and shell interfaces,... :-(

Regards

Kerem

--
--
-----------------------
Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."

From: Bob Altman on 24 Sep 2009 11:19
Thanks to both of you! With that good hard "shove" in the right direction,
I should have no problem getting to the root of my explorer crash.

Bob

 |  Next  |  Last
Pages: 1 2 3
Prev: KiFastSystemCall in the call stack
Next: WM_QUERYENDSESSION behavior