1

I have a user on windows 10 that is having windows explorer crash at seemingly random times. It does not look like it always shows up in the EventLog but here are two times I have seen it:

Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: verifier.dll, version: 10.0.14393.0, time stamp: 0x57899a0f
Exception code: 0x80000003
Fault offset: 0x00000000000067ea
Faulting process id: 0x25fc
Faulting application start time: 0x01d2a268dd411f2e
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\System32\verifier.dll
Report Id: abed9bed-5ee2-400a-b02b-e9ca156152e3
Faulting package full name: 
Faulting package-relative application ID: 

Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1e70
Faulting application start time: 0x01d29f6e3e1544fd
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ec2775c1-336e-4d5f-bd96-d41b76e515e6
Faulting package full name: 
Faulting package-relative application ID:

Here are links to two dumps I have collected. Unfortunately, I do not have any experience with dumps so I am hoping someone might be able use them.

Link1

Link2

Any help would be greatly appreciated!

Improve this question
4
  • Have you had any recent updates windows or drivers ?
    – Elie
    Commented Mar 21, 2017 at 21:30
  • You are missing several months worth of updates. Update your Windows 10 installation, when you do so, update the logs you have provided. We can't help you unless you update.
    – Ramhound
    Commented Mar 21, 2017 at 21:50
  • No recent updates or drivers. The issue has been ongoing for several months now. I am currently updating some Intel drivers and I will look into the windows updates.
    – tbrew1
    Commented Mar 22, 2017 at 16:31
  • I posted what I saw in the dump.
    – magicandre1981
    Commented Mar 22, 2017 at 17:33

1 Answer 1

Reset to default
3

The dumps are BREAKPOINT dumps ( STATUS_BREAKPOINT - (NTSTATUS) 0x80000003 because App Verifier is enabled. In the callstack I see telemetry related calls that trigger the crash:

ntdll!NtWaitForMultipleObjects
ntdll!WerpWaitForCrashReporting
ntdll!RtlReportExceptionHelper
ntdll!RtlReportException
verifier!AVrfpVectoredExceptionHandler
ntdll!RtlpCallVectoredHandlers
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpHandleSanityChecks
verifier!AVrfpNtQueryInformationProcess
windows_storage!DefaultAssocTelemetry::UtilGetProcessTelemetryAppSessionGuid
windows_storage!DefaultAssocTelemetry::CreateAssociatedProcess_
windows_storage!DefaultAssocTelemetry::CreateAssociatedProcess<enum ShellExecuteDdeStages & __ptr64,long & __ptr64,long & __ptr64,_PROCESS_INFORMATION & __ptr64,unsigned long & __ptr64,IUnknown * __ptr64 & __ptr64>
windows_storage!CInvokeCreateProcessVerb::Launch
windows_storage!CInvokeCreateProcessVerb::Execute
windows_storage!CBindAndInvokeStaticVerb::_DoCommand
windows_storage!CBindAndInvokeStaticVerb::_TryCreateProcessDdeHandler
windows_storage!CBindAndInvokeStaticVerb::Execute
windows_storage!CRegDataDrivenCommand::_TryInvokeAssociation
windows_storage!CRegDataDrivenCommand::_Invoke
shell32!CRegistryVerbsContextMenu::_Execute
shell32!CRegistryVerbsContextMenu::InvokeCommand
shell32!HDXA_LetHandlerProcessCommandEx
shell32!CDefFolderMenu::InvokeCommand
shell32!SHInvokeCommandOnContextMenu2
shell32!s_DoInvokeVerb
SHCore!Microsoft::WRL::Details::RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>::~RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>
verifier!AVrfpStandardThreadFunction
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart

Here an invalid handle (that is NULL) is used by Windows.

APPLICATION_VERIFIER_HANDLES_NULL_HANDLE (303)
NULL handle passed as parameter. A valid handle must be used.
This stop is generated if the function on the top of the stack passed a
NULL handle to system routines.

Import this .reg file to disable to disable app verifier and dump creation. this should lower the amount of crashes.

I also see that the GROOVEEX.dll is loaded:

*** ERROR: Symbol file could not be found. Defaulted to export symbols for GROOVEEX.DLL -

Use ShellExView to disable Office Groove entries and look if this fixes it.

Also, have you used tools that try to disable Windows 10 telemetry? if yes, undo those changes.

Improve this answer
4
  • Thank you magicandre1981, I have made the necessary changes. App Verifier is not on by default, correct? A developer was troubleshooting an application that was crashing a while back so I am thinking it was enabled then. I will give it a few days and respond back with the results.
    – tbrew1
    Commented Mar 22, 2017 at 19:10
  • app verifier is not set on by default. it has to be activated by the user.
    – magicandre1981
    Commented Mar 23, 2017 at 15:45
  • After disabling app verifier and the Office Groove entries, it seems to be working now. Thanks for the help!
    – tbrew1
    Commented Mar 24, 2017 at 17:03
  • Using ShellEXView to disable grooveex.dll worked for me. Thank you so much!
    – Craig Hindall
    Commented Nov 9, 2017 at 18:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .