crash when using F2 (background)

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: white, Hacker, petermad, Stefan2

NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

crash when using F2 (background)

Post by *NMM2 »

this phenomenon appers in windows 10, starting with TC 9.x and is still there in 9.12RC3: if you copy a file from a to b and use F2, it crashes.
Same, if you start the copy without F2 and choose then "send to background". If you send packaging (ZIP) to background, no crash appear.

I already installed procdump64.exe and get two DUMP-files from every crash, but they are 250 MBytes long each, so I can not post them here.

The problm ist reproducible ever time. Unfortunatley Windows only pop up the sensless messagge

===================
[Window Title]
Total Commander

[Main Instruction]
Total Commander funktioniert nicht mehr

[Content]
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

[Debuggen] [Programm schließen]
=========================

Any idea, what the cause may be?

Regards
MM
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

I couldn't reproduce the problem here, so I would be happy with a crash dump.

You can either put the dump (zipped) on a cloud service like Google Drive, Dropbox or OneDrive, and share the file with me, or analyze the file by yourself. It's easy when you follow the instructions below:

1. Get Windbg from Microsoft:
https://developer.microsoft.com/en-us/windows/hardware/download-windbg

Usage:
1. Create new directory c:\Symbols
2. Run Windbg
3. File - Symbol search path, add the following:
srv*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
4. File - Open crash dump - choose the dmp file
5. Enter the following in the command line:
!analyze -v
(including the exclamation mark!) and press ENTER.
6. Wait. It can take several Minutes!
7. When the result is there, select all, press Ctrl+C and paste the result to the email body.

Deutsche Anleitung:

Windbg bei Microsoft herunterladen:
https://developer.microsoft.com/en-us/windows/hardware/download-windbg

Benutzung:
1. Neues Verzeichnis c:\Symbols anlegen
2. Windbg starten
3. File - Symbol search path, folgendes einfügen:
srv*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
4. File - Open crash dump - dmp-Datei auswählen
5. In der Befehlszeile unten folgendes eintragen
!analyze -v
(inklusive dem Ausrufezeichen!) und ENTER drücken.
6. Warten. Es kann mehrere Minuten dauern!
7. Wenn das Resultat da ist, alles markieren, Strg+C kopieren, ins mail an mich einfügen
Author of Total Commander
https://www.ghisler.com
NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

Post by *NMM2 »

OK, I did it:


here what it says: (dont know, why it is "Unable to verify timestamp for TOTALCMD64.EXE": it was
TOTALCMD64.EXE 8.863.880 09.11.2017 09:12 -a--)
(it looks like there are some additional problems also: "Module load completed but symbols could not be loaded for TOTALCMD64.EXE"...).

The dump-file was this time 3 GB big!!

(I'll try to get smaller ones to send it to you, if you want, later)

(after the operation there where in c:\symbols many new directories with files, about 140 MB overall size)


here the result of "!analyze -v":

Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\dumps\TOTALCMD64.EXE_171110_190201.dmp]
User Mini Dump File with Full Memory: Only application data is available

Comment: '
*** "C:\tools\procdump64.exe" -accepteula -ma -j "c:\dumps" 1192 344 000000000A030000
*** Just-In-Time debugger. PID: 1192 Event Handle: 344 JIT Context: .jdinfo 0xa030000'
WARNING: Whitespace at end of path element
Error: Empty Path.
WARNING: Whitespace at end of path element
Symbol search path is: srv*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Version 15063 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
15063.0.amd64fre.rs2_release.170317-1834
Machine Name:
Debug session time: Fri Nov 10 19:02:01.000 2017 (UTC + 1:00)
System Uptime: 0 days 23:54:19.651
Process Uptime: 0 days 0:00:25.000
................................................................
.......................................
Loading unloaded module list
...
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(4a8.8dc): Access violation - code c0000005 (first/second chance not available)
ntdll!memcpy+0x1cc:
00007fff`aa49bccc 488901 mov qword ptr [rcx],rax ds:ffffffff`fe8ec522=????????????????
0:020> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** WARNING: Unable to verify timestamp for TOTALCMD64.EXE
*** ERROR: Module load completed but symbols could not be loaded for TOTALCMD64.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for tishell64.dll -
GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT: (.ecxr)
rax=0065007300750061 rbx=000000000000000a rcx=fffffffffe8ec522
rdx=0000000003a608d0 rsi=0000000000000001 rdi=0000000000000005
rip=00007fffaa49bccc rsp=00000001038b6378 rbp=00000001038b6411
r8=000000000000000a r9=0000000000000000 r10=000000000234cdf0
r11=fffffffffe8ec520 r12=0000000000090aec r13=000000000000000d
r14=0000000000000006 r15=fffffffffe8ec520
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010244
ntdll!memcpy+0x1cc:
00007fff`aa49bccc 488901 mov qword ptr [rcx],rax ds:ffffffff`fe8ec522=????????????????
Resetting default scope

FAULTING_IP:
ntdll!memcpy+1cc
00007fff`aa49bccc 488901 mov qword ptr [rcx],rax

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fffaa49bccc (ntdll!memcpy+0x00000000000001cc)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: fffffffffe8ec522
Attempt to write to address fffffffffe8ec522

DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE

PROCESS_NAME: TOTALCMD64.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%p verwies auf Arbeitsspeicher bei 0x%p. Der Vorgang %s konnte im Arbeitsspeicher nicht durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%p verwies auf Arbeitsspeicher bei 0x%p. Der Vorgang %s konnte im Arbeitsspeicher nicht durchgef hrt werden.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: fffffffffe8ec522

FOLLOWUP_IP:
TOTALCMD64+614c63
00000000`00a14c63 488945b8 mov qword ptr [rbp-48h],rax

WRITE_ADDRESS: fffffffffe8ec522

WATSON_BKT_PROCSTAMP: 0

WATSON_BKT_PROCVER: 9.1.1.0

PROCESS_VER_PRODUCT: Total Commander

WATSON_BKT_MODULE: ntdll.dll

WATSON_BKT_MODSTAMP: 8274fd8b

WATSON_BKT_MODOFFSET: abccc

WATSON_BKT_MODVER: 6.2.15063.608

MODULE_VER_PRODUCT: Microsoft® Windows® Operating System

BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)

MODLIST_WITH_TSCHKSUM_HASH: 9f9f5dd9cc6a41f0fc5f8ecc681a6ecfd448c932

MODLIST_SHA1_HASH: 8f67b7d51cc3b016af7c5b62d375a15819df258c

NTGLOBALFLAG: 0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_FLAGS: 8000c07

DUMP_TYPE: 3

ANALYSIS_SESSION_HOST: THINGOL

ANALYSIS_SESSION_TIME: 11-10-2017 19:03:39.0066

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

THREAD_ATTRIBUTES:
OS_LOCALE: DEU

PROBLEM_CLASSES:

ID: [0n292]
Type: [@ACCESS_VIOLATION]
Class: Addendum
Scope: BUCKET_ID
Name: Omit
Data: Omit
PID: [Unspecified]
TID: [0x8dc]
Frame: [0] : ntdll!memcpy

ID: [0n265]
Type: [INVALID_POINTER_WRITE]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [0x8dc]
Frame: [0] : ntdll!memcpy

BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT

LAST_CONTROL_TRANSFER: from 00007fffa98c9e09 to 00007fffaa49bccc

STACK_TEXT:
00000001`038b6378 00007fff`a98c9e09 : 00000000`01cd08c0 00007fff`a694ad24 000012df`dacc3ada 00000000`00000136 : ntdll!memcpy+0x1cc
00000001`038b6380 00007fff`a98c9bbc : 00000000`003d4800 00000000`00000000 00000000`00000000 00000000`023c5240 : user32!RealDefWindowProcWorker+0x119
00000001`038b6470 00007fff`96e746b1 : 00000000`0000000d 00000000`10116b20 00000000`00000006 00000000`00090aec : user32!DefWindowProcW+0x18c
00000001`038b64e0 00007fff`a98cbc50 : 00000000`80000011 00000000`0000000e 00000000`00000000 00000000`00000000 : comctl32!Button_WndProc+0x81
00000001`038b65a0 00007fff`a98cb80b : 00000000`00090aec 00007fff`96e74630 00000000`00090aec 00000000`0000000d : user32!UserCallWinProcCheckWow+0x280
00000001`038b6700 00000000`00a14c63 : 00007fff`96e74630 00000001`038b6800 00000000`00000000 00000000`00000000 : user32!CallWindowProcW+0x8b
00000001`038b6750 00007fff`96e7462f : 00000001`038b6800 00000000`00000000 00000000`00000000 ffffffff`fe8ec520 : TOTALCMD64+0x614c63
00000001`038b6758 00000001`038b6800 : 00000000`00000000 00000000`00000000 ffffffff`fe8ec520 00000000`00000000 : comctl32!CCompositedDraw::EndCompositedPaint+0x63
00000001`038b6760 00000000`00000000 : 00000000`00000000 ffffffff`fe8ec520 00000000`00000000 00000000`00000001 : 0x00000001`038b6800


THREAD_SHA1_HASH_MOD_FUNC: e96d26417aaff3b02463910defa81e676ecfb114

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6596c7a5346feda9b5a55b152fc614aa7dbfc71c

THREAD_SHA1_HASH_MOD: 81801f57255fa6ded5c2b84d29bba81492365aef

FAULT_INSTR_CODE: b8458948

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: totalcmd64+614c63

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: TOTALCMD64

IMAGE_NAME: TOTALCMD64.EXE

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .ecxr ; kb

FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_TOTALCMD64.EXE!Unknown

BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_WRITE_totalcmd64+614c63

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: TOTALCMD64.EXE

BUCKET_ID_IMAGE_STR: TOTALCMD64.EXE

FAILURE_MODULE_NAME: TOTALCMD64

BUCKET_ID_MODULE_STR: TOTALCMD64

FAILURE_FUNCTION_NAME: Unknown

BUCKET_ID_FUNCTION_STR: Unknown

BUCKET_ID_OFFSET: 614c63

BUCKET_ID_MODTIMEDATESTAMP: 0

BUCKET_ID_MODCHECKSUM: 87de66

BUCKET_ID_MODVER_STR: 9.1.1.0

BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: TOTALCMD64.EXE!Unknown

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/TOTALCMD64.EXE/9.1.1.0/ 0/ntdll.dll/6.2.15063.608/8274fd8b/c0000005/000abccc.htm?Retriage=1

TARGET_TIME: 2017-11-10T18:02:01.000Z

OSBUILD: 15063

OSSERVICEPACK: 296

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt SingleUserTS

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 160101.0800

BUILDLAB_STR: WinBuild

BUILDOSVER_STR: 10.0.15063.296

ANALYSIS_SESSION_ELAPSED_TIME: 8617

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:invalid_pointer_write_c0000005_totalcmd64.exe!unknown

FAILURE_ID_HASH: {b3979966-ddf0-f938-85a5-7e21b4146d29}

Followup: MachineOwner
---------
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Thanks for the analysis. Unfortunately the stack trace isn't really that helpful:

STACK_TEXT:
ntdll!memcpy+0x1cc
user32!RealDefWindowProcWorker+0x119
user32!DefWindowProcW+0x18c
comctl32!Button_WndProc+0x81
user32!UserCallWinProcCheckWow+0x280
user32!CallWindowProcW+0x8b
TOTALCMD64+0x614c63
comctl32!CCompositedDraw::EndCompositedPaint+0x63

The only code within Total Commander itself, TOTALCMD64+0x614c63, is this:

result:=CallWindowProcW(defproc, hWnd, uMsg, wParam, lParam)

This is a subclassing of a dialog box control - since Button_WndProc is called, it must be for one of the buttons.
I will try to find out what could be wrong, but I can't currently see any errors in my code.
Author of Total Commander
https://www.ghisler.com
NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

Post by *NMM2 »

>I will try to find out what could be wrong, but I can't currently see any errors in my code.

I see.
I have just checked: if I use 32-Bit Version of TC, the phenomenon does not occur.

I observed, that my system has two versions of NTDLL (may be this is normal):

If I look at them with 32 Bit TC I see:
c:\Windows\System32\ntdll.dll 1.620.880 05.09.2017 06:53 -a--
and
c:\Windows\SysWOW64\ntdll.dll 1.620.880 05.09.2017 06:53 -a--
(they are identical (contentcheck)!)

If I look with 64 Bit TC, I see:

c:\Windows\System32\ntdll.dll 1.930.840 05.09.2017 07:26 -a--
and
c:\Windows\SysWOW64\ntdll.dll 1.620.880 05.09.2017 06:53 -a--


This is curious!!

I checked the digital signatures of them all, and Windows shows, that they are all valid.

Dont know, wether is is relevant or helpfull, I just observed it.

Yours
Mircea
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Can you give me more details please?
1. Does this happen when you open empty background transfer manager via menu Commands?
2. If no, does it happen when you then click on the buttons in that background transfer manager?
3. If no, does it happen when you open two empty background transfer managers, and then close the first?
4. If no, does it happen when you open one empty background transfer manager, and then copy files with F5-F2 through that manager?
I observed, that my system has two versions of NTDLL (may be this is normal):
This is normal! The one in
c:\Windows\SysWOW64\ntdll.dll
is the 32-bit version. WOW means "Windows on Windows", which means the 32-bit subsystem on 64-bit windows.

c:\Windows\Sysnative\ntdll.dll
is the 64-bit version. c:\Windows\System32\ shows the 32-bit version in 32-bit programs, and the 64-bit version in 64-bit programs.
Author of Total Commander
https://www.ghisler.com
NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

Post by *NMM2 »

Hello,

>1. Does this happen when you open empty background transfer manager via menu Commands?

Yes!! the same happens!!


Further I observed, that on a different comuter (B) - also Win 10 - the problm does not occur, so it shlould be somting wrong with the first Win10 comupter (A).

I can not imaigene, what the problm is. One difference is the history: (A) was a Windos 8.0 computer, that was suczessive updatet to Win 8.1 and then Win 10, (B) is a completely new installation of Win 10 (extra key).
((B) is a VM running in VirtualBox whith (A) as the host!)

(both are now Win 10 Pro 1702, Build 15063.674, ntdll.dll are identical on both computers).

My be I have to change samething in windows on computer (A), but no idea what...

Regards
MM
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

It could be caused by a third party application setting a Windows hook for all programs, e.g. a secure password entry system (or a keylogger).
Author of Total Commander
https://www.ghisler.com
NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

Post by *NMM2 »

ghisler(Author) wrote:It could be caused by a third party application setting a Windows hook for all programs, e.g. a secure password entry system (or a keylogger).
I think, this is the crucial point! I run ac'tvAid on that computer: <https://activaid.telgkamp.de/>. If I stop that, the phenomenon disappear.

ac'tvAid is actually AutoHotkey.

Regards
MM
User avatar
Horst.Epp
Power Member
Power Member
Posts: 6450
Joined: 2003-02-06, 17:36 UTC
Location: Germany

Post by *Horst.Epp »

NMM2 wrote:
ghisler(Author) wrote:It could be caused by a third party application setting a Windows hook for all programs, e.g. a secure password entry system (or a keylogger).
I think, this is the crucial point! I run ac'tvAid on that computer: <https://activaid.telgkamp.de/>. If I stop that, the phenomenon disappear.

ac'tvAid is actually AutoHotkey.

Regards
MM
Autohotkey itself makes no such problems.
So its some bad programmed module in ac'tvAid
Windows 11 Home x64 Version 23H2 (OS Build 22631.3374)
TC 11.03 x64 / x86
Everything 1.5.0.1371a (x64), Everything Toolbar 1.3.2, Listary Pro 6.3.0.69
QAP 11.6.3.2 x64
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

2NMM2
I have installed ac'tivAid now, but nothing crashes. I guess that I need to activate one or more of the available extensions. Which ones do you use? Did you already find out which of them causes the crash?
Author of Total Commander
https://www.ghisler.com
kkimber
Junior Member
Junior Member
Posts: 18
Joined: 2009-05-30, 05:08 UTC

Post by *kkimber »

9.10 betas, 9.10rcs, 9.10, 9.11rc, 9.12rcs, 9.12 tested.
f5+f2 and f6+f2 randomize crash.



User Mini Dump File with Full Memory: Only application data is available

Comment: '
*** "C:\z\procdump64.exe" -accepteula -ma -j "c:\z" 10180 348 0000000004840000
*** Just-In-Time debugger. PID: 10180 Event Handle: 348 JIT Context: .jdinfo 0x4840000'

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Deferred srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols;srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Version 16299 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
16299.15.amd64fre.rs3_release.170928-1534
Machine Name:
Debug session time: Thu Dec 14 09:16:02.000 2017 (UTC + 3:00)
System Uptime: 0 days 12:17:21.539
Process Uptime: 0 days 11:58:38.000
................................................................
................................................................
.........................................................
Loading unloaded module list
................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(27c4.22dc): Access violation - code c0000005 (first/second chance not available)
00000000`a1fe5580 ee out dx,al
0:026> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** WARNING: Unable to verify timestamp for TOTALCMD64.EXE
*** ERROR: Module load completed but symbols could not be loaded for TOTALCMD64.EXE
GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT: (.ecxr)
rax=0000000000000000 rbx=000004b000000000 rcx=fc7a71ecae540000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00000000a1fe5580 rsp=00000000a1fe5270 rbp=00000000a1fe52d0
r8=0000000000415598 r9=0000000000000005 r10=00007ffe08f385eb
r11=00000000ffffffeb r12=000027c4000027c4 r13=00000000a1fe51c0
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
00000000`a1fe5580 ee out dx,al
Resetting default scope

FAULTING_IP:
+0
00000000`a1fe5580 ee out dx,al

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00000000a1fe5580
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 00000000a1fe5580
Attempt to execute non-executable address 00000000a1fe5580

PROCESS_NAME: TOTALCMD64.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000008

EXCEPTION_PARAMETER2: 00000000a1fe5580

FOLLOWUP_IP:
+0
00000000`a1fe5580 ee out dx,al

EXECUTE_ADDRESS: a1fe5580

FAILED_INSTRUCTION_ADDRESS:
+0
00000000`a1fe5580 ee out dx,al

WATSON_BKT_PROCSTAMP: 0

WATSON_BKT_PROCVER: 9.1.2.0

PROCESS_VER_PRODUCT: Total Commander

WATSON_BKT_MODULE: unknown

WATSON_BKT_MODVER: 0.0.0.0

WATSON_BKT_MODOFFSET: a1fe5580

WATSON_BKT_MODSTAMP: bbbbbbb4

BUILD_VERSION_STRING: 10.0.16299.15 (WinBuild.160101.0800)

MODLIST_WITH_TSCHKSUM_HASH: 12c8700bc5cdea535b13cacbb1d3ae0018980a46

MODLIST_SHA1_HASH: 579e4d3d27632c020f156fdcc03d89a9b691ac75

NTGLOBALFLAG: 0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_FLAGS: 8000c07

DUMP_TYPE: 3

ANALYSIS_SESSION_HOST:

ANALYSIS_SESSION_TIME: 12-14-2017 11:14:32.0013

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

IP_ON_STACK:
+0
00000000`a1fe5580 ee out dx,al

THREAD_ATTRIBUTES:
OS_LOCALE: TRK

PROBLEM_CLASSES:

ID: [0n294]
Type: [STACKIMMUNE]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]

ID: [0n292]
Type: [@ACCESS_VIOLATION]
Class: Addendum
Scope: BUCKET_ID
Name: Omit
Data: Omit
PID: [Unspecified]
TID: [0x22dc]
Frame: [0] : unknown!unknown

ID: [0n266]
Type: [INVALID_POINTER_EXECUTE]
Class: Primary
Scope: BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [0x22dc]
Frame: [0] : unknown!unknown

ID: [0n274]
Type: [SOFTWARE_NX_FAULT]
Class: Primary
Scope: BUCKET_ID
Name: Add
Data: Omit
PID: [0x27c4]
TID: [0x22dc]
Frame: [0] : unknown!unknown

ID: [0n197]
Type: [CODE_RUNNING_ON_STACK]
Class: Primary
Scope: BUCKET_ID
Name: Add
Data: Omit
PID: [0x27c4]
TID: [0x22dc]
Frame: [0] : unknown!unknown

BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_INVALID_POINTER_EXECUTE_CODE_RUNNING_ON_STACK

DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_CODE_RUNNING_ON_STACK

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT

IP_ON_HEAP: 000004b000000000
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

IP_IN_FREE_BLOCK: 4b000000000

FRAME_ONE_INVALID: 1

LAST_CONTROL_TRANSFER: from 0000000000000000 to 0000000000000000

ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

STACK_TEXT:
00000000`a1fe5270 000004b0`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000068 : 0xa1fe5580
00000000`a1fe5278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000068 00000000`09dd4a10 : 0x000004b0`00000000


THREAD_SHA1_HASH_MOD_FUNC: 7b1c1a28abd3c0a4e37d375ffab205575870aa5b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 35a4325c69b9f03b40fc038779b21d8ae7fc5c94

THREAD_SHA1_HASH_MOD: b55820315e0a12a0a2e118a342247d2189834c72

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: TOTALCMD64.EXE!unknown_error_in_process

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: TOTALCMD64

IMAGE_NAME: TOTALCMD64.EXE

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .ecxr ; kb

FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_CODE_RUNNING_ON_STACK_c0000005_TOTALCMD64.EXE!unknown_error_in_process

BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_INVALID_POINTER_EXECUTE_CODE_RUNNING_ON_STACK_BAD_IP_TOTALCMD64.EXE!unknown_error_in_process

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: TOTALCMD64.EXE

BUCKET_ID_IMAGE_STR: TOTALCMD64.EXE

FAILURE_MODULE_NAME: TOTALCMD64

BUCKET_ID_MODULE_STR: TOTALCMD64

FAILURE_FUNCTION_NAME: unknown_error_in_process

BUCKET_ID_FUNCTION_STR: unknown_error_in_process

BUCKET_ID_OFFSET: 0

BUCKET_ID_MODTIMEDATESTAMP: 0

BUCKET_ID_MODCHECKSUM: 87bea9

BUCKET_ID_MODVER_STR: 9.1.2.0

BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_INVALID_POINTER_EXECUTE_CODE_RUNNING_ON_STACK_BAD_IP_

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: TOTALCMD64.EXE!unknown_error_in_process

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/TOTALCMD64.EXE/9.1.2.0/ 0/unknown/0.0.0.0/bbbbbbb4/c0000005/a1fe5580.htm?Retriage=1

TARGET_TIME: 2017-12-14T06:16:02.000Z

OSBUILD: 16299

OSSERVICEPACK: 15

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt SingleUserTS

USER_LCID: 0

OSBUILD_TIMESTAMP: 1976-06-22 09:45:20

BUILDDATESTAMP_STR: 160101.0800

BUILDLAB_STR: WinBuild

BUILDOSVER_STR: 10.0.16299.15

ANALYSIS_SESSION_ELAPSED_TIME: 40aa7

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:software_nx_fault_code_running_on_stack_c0000005_totalcmd64.exe!unknown_error_in_process

FAILURE_ID_HASH: {900969ad-062f-b725-4898-767b3dbb929a}

Followup: MachineOwner
---------
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

2kkimber
Apparently Windows tried to run code from the stack. TC doesn't do that anywhere in my code. Probably a third party program injecting code in TC.
Author of Total Commander
https://www.ghisler.com
kkimber
Junior Member
Junior Member
Posts: 18
Joined: 2009-05-30, 05:08 UTC

Post by *kkimber »

tc log enable, 1-2/days crash.
I just disable the tc log settings then ~6days no crash.
NMM2
Junior Member
Junior Member
Posts: 15
Joined: 2007-06-12, 15:39 UTC

Re:

Post by *NMM2 »

ghisler(Author) wrote: 2017-11-16, 14:12 UTC 2NMM2
I have installed ac'tivAid now, but nothing crashes. I guess that I need to activate one or more of the available extensions. Which ones do you use? Did you already find out which of them causes the crash?
Hello,

ok, it's been a year, but I think, I should post a last message her:

I still dont know the reason of the problem, but the good news is, that it apparently does not occur in Windows 10 1803.

Regards
MM
Post Reply