This is the link to my zipped dump file, any help would be greatly appreciated.
https://www.dropbox.com/s/64ed3c820lee72y/explorer.exe.2208.7z?dl=0
Asked
Active
Viewed 610 times
0
-
I [told you here how to debug it](https://superuser.com/a/1233294/174557). Post the dump there and not in a new question. – magicandre1981 Jul 26 '17 at 15:51
-
Actually you didn't say any such thing. You told me the name of a debug program (for windows10) nothing more. Following that link just left me totally confused. As for the upload info, you simply said upload it here followed by a link to a webpage to post new questions. – Pauline Lawson Jul 26 '17 at 16:31
-
I posted a large answer with all required steps to debug a dmp. Also apply my [uninstall.reg](https://www.dropbox.com/s/69dxy4bahgvutug/WER_Explorer_full_uninstall.reg?dl=1) to disable app verifier. Also if my reply helped, [accept it as answer](https://meta.stackexchange.com/a/5235) – magicandre1981 Jul 26 '17 at 16:37
-
any update? have you updated the driver? – magicandre1981 Jul 29 '17 at 18:05
-
Pauline, in general if you have more information to add to an existing question, even one that has answers posted but which has not yet been solved, the correct action is to continue to edit that answer. The goal is to have a complete question and a good answer contained within a single, easy to navigate and follow, page. When asked to upload your logs on your own question, the assumption should always be that we'd like you to use that EDIT button to link those logs right there on the same question. – music2myear Aug 02 '17 at 20:32
1 Answers
2
Analyzing the dump with Windbg.exe as I told you yesterday shows me that the Realtek Audio driver DLL RtkAPO.dll causes he crash:
APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_HEAP (202)
Freeing heap block containing an active critical section.
This stop is generated if a heap allocation contains a critical section,
the allocation is freed and the critical section has not been deleted.
To debug this stop use the following debugger commands:
$ !cs -s parameter1 - dump information about this critical section.
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
$ dps parameter2 - to dump the stack trace for this critical section initialization.
$ parameter3 and parameter4 might help understand where this heap block was
allocated (the size of the allocation is probably significant).
Arguments:
Arg1: 0790d83c, Critical section address. Run !cs -s <address> to get more information.
Arg2: 00db2e6c, Critical section initialization stack trace. Run dps <address> to dump the stack trace.
Arg3: 0790d4d0, Heap block address.
Arg4: 000020f8, Heap block size.
Cannot find frame 0x12, previous scope unchanged
GetUrlPageData2 (WinHttp) failed: 12002.
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=00000002 ebx=0790d4d0 ecx=001a1da0 edx=001a1da0 esi=0559f040 edi=6fcc40c0
eip=6fcac0de esp=03474404 ebp=0347461c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200202
verifier!VerifierStopMessageEx+0x5ce:
6fcac0de cc int 3
Resetting default scope
FAULTING_IP:
verifier!VerifierStopMessageEx+5ce
6fcac0de cc int 3
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 6fcac0de (verifier!VerifierStopMessageEx+0x000005ce)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 85352030
Parameter[2]: 001a1da0
BUGCHECK_STR: BREAKPOINT_AVRF
DEFAULT_BUCKET_ID: BREAKPOINT_AVRF
PROCESS_NAME: explorer.exe
CRITICAL_SECTION: 0790d83c -- (!cs -s 0790d83c)
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.
NTGLOBALFLAG: 2000100
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 48004
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: c07
DUMP_TYPE: 3
APPLICATION_VERIFIER_LOADED: 1
THREAD_ATTRIBUTES:
OS_LOCALE: ENA
PROBLEM_CLASSES:
ID: [0n309]
Type: [@APPLICATION_FAULT_STRING]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Omit
Data: Add
String: [BREAKPOINT]
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
ID: [0n92]
Type: [AVRF]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x8a0]
TID: [0x950]
Frame: [0] : verifier!VerifierStopMessageEx
PRIMARY_PROBLEM_CLASS: BREAKPOINT
LAST_CONTROL_TRANSFER: from 6fcb98e8 to 6fcac0de
STACK_TEXT:
0347461c 6fcb98e8 6fcc40c0 00000202 0790d83c verifier!VerifierStopMessageEx+0x5ce
03474650 6fcb3e4c 00000000 0790d4d0 000020f8 verifier!AVrfpFreeMemLockChecks+0xd0
03474674 6fcbcbff 00000000 0790d4d0 000020f8 verifier!AVrfpFreeMemNotify+0x2b
034746c0 772e98cd 00860000 00000000 0790d4d0 verifier!AVrfpRtlFreeHeap+0x36
0347470c 6fcbd61f 0790d4d0 6de7070d 00000000 msvcrt!free+0xcd
03474740 6513895a 0790d4d0 0790d4d0 03474764 verifier!AVrfp_delete+0x2c
WARNING: Stack unwind information not available. Following frames may be wrong.
03474750 651382f8 00000001 00000001 00000001 RtkAPO+0x8895a
03474764 05d27a3f 0790d4d0 6423eed1 074a4f68 RtkAPO+0x882f8
03474830 05db022e 00000000 05e102f8 00000000 ALSNDMGR!CPlApplet+0x341f
03474840 05d23a13 00000000 6423e1f5 00000000 ALSNDMGR!CPlApplet+0x8bc0e
00000000 00000000 00000000 00000000 00000000 ALSNDMGR+0x3a13
THREAD_SHA1_HASH_MOD_FUNC: 128245e1c5a144067c7294143b1d70e44a9ee3fa
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 35e2a119c101d670bb94135875c4d22686f3a219
THREAD_SHA1_HASH_MOD: a972caf98c89a7775743fa4131f66224f77c3960
FOLLOWUP_IP:
RtkAPO+8895a
6513895a 59 pop ecx
FAULT_INSTR_CODE: 5ec68b59
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: rtkapo+8895a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RtkAPO
IMAGE_NAME: RtkAPO.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 494f46bb
STACK_COMMAND: ~5s ; .ecxr ; kb
BUCKET_ID: BREAKPOINT_AVRF_rtkapo+8895a
FAILURE_EXCEPTION_CODE: 80000003
FAILURE_IMAGE_NAME: RtkAPO.dll
BUCKET_ID_IMAGE_STR: RtkAPO.dll
FAILURE_MODULE_NAME: RtkAPO
BUCKET_ID_MODULE_STR: RtkAPO
FAILURE_FUNCTION_NAME: Unknown
BUCKET_ID_FUNCTION_STR: Unknown
BUCKET_ID_OFFSET: 8895a
BUCKET_ID_MODPRIVATE: 1
BUCKET_ID_MODTIMEDATESTAMP: 494f46bb
BUCKET_ID_MODCHECKSUM: 26d77a
BUCKET_ID_MODVER_STR: 11.0.6000.85
BUCKET_ID_PREFIX_STR: BREAKPOINT_AVRF_
FAILURE_PROBLEM_CLASS: BREAKPOINT
FAILURE_SYMBOL_NAME: RtkAPO.dll!Unknown
FAILURE_BUCKET_ID: BREAKPOINT_AVRF_80000003_RtkAPO.dll!Unknown
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/explorer.exe/6.1.7601.23537/57c44cc4/verifier.dll/6.1.7600.16385/4a5bdb2a/80000003/0000c0de.htm?Retriage=1
TARGET_TIME: 2017-07-20T21:46:36.000Z
OSBUILD: 7601
OSSERVICEPACK: 23392
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-03-17 23:29:12
BUILDDATESTAMP_STR: 160317-0600
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23392
ANALYSIS_SESSION_ELAPSED_TIME: ef94
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:breakpoint_avrf_80000003_rtkapo.dll!unknown
FAILURE_ID_HASH: {c97b21a6-fb5d-c17e-e29a-6d8fa44dca70}
Followup: MachineOwner
---------
0:005> !cs -s 0790d83c
-----------------------------------------
Critical section = 0x0790d83c (+0x790D83C)
DebugInfo = 0x05772518
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
Stack trace for DebugInfo = 0x05772518:
0x77566cd0: ntdll!RtlInitializeCriticalSectionEx+0xB3
0x7756ed1c: ntdll!RtlInitializeCriticalSectionAndSpinCount+0x19
0x6fcb8fc0: verifier!AVrfpInitializeCriticalSectionCommon+0xD8
0x6fcb90f9: verifier!AVrfpRtlInitializeCriticalSection+0x11
0x65137b05: RtkAPO+0x87B05
0x65138255: RtkAPO+0x88255
0x6513b5d6: RtkAPO+0x8B5D6
0x651338a7: RtkAPO+0x838A7
0x75ce8c66: ole32!CServerContextActivator::CreateInstance+0x172
0x75d03128: ole32!ActivationPropertiesIn::DelegateCreateInstance+0x108
0x75ce8d8a: ole32!CApartmentActivator::CreateInstance+0x112
0x75ce8cff: ole32!CProcessActivator::CCICallback+0x6D
0x75ce8a82: ole32!CProcessActivator::AttemptActivation+0x2C
0x75ce8a33: ole32!CProcessActivator::ActivateByContext+0x4F
0x75ce8ded: ole32!CProcessActivator::CreateInstance+0x49
0x75d03128: ole32!ActivationPropertiesIn::DelegateCreateInstance+0x108
0x75d02eac: ole32!CClientContextActivator::CreateInstance+0xB0
0x75d03128: ole32!ActivationPropertiesIn::DelegateCreateInstance+0x108
0x75d03050: ole32!ICoCreateInstanceEx+0x404
0x75d09dd5: ole32!CComActivator::DoCreateInstance+0xD9
0:005> lmvm RtkAPO
Browse full module list
start end module name
650b0000 6531c000 RtkAPO (export symbols) RtkAPO.dll
Loaded symbol image file: RtkAPO.dll
Image path: C:\Windows\System32\RtkAPO.dll
Image name: RtkAPO.dll
Browse all global symbols functions data
Timestamp: Mon Dec 22 08:50:19 2008 (494F46BB)
CheckSum: 0026D77A
ImageSize: 0026C000
File version: 11.0.6000.85
Product version: 11.0.6000.85
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Realtek Semiconductor Corp.
ProductName: Realtek(r) LFX/GFX DSP component
InternalName: RTKAPODll
OriginalFilename: RTKAPO.Dll
ProductVersion: 11, 0, 6000, 85
FileVersion: 11, 0, 6000, 85
FileDescription: Realtek(r) LFX/GFX DSP component
LegalCopyright: Copyright (c) Realtek Semiconductor Corp. 2008
The driver is from 2008, so very old. Update the Realtek driver or delete the ALSNDMGR.cpl from C:\WINDOWS\system32\ to fix it.
magicandre1981
- 97,301
- 30
- 179
- 245
-
Well I have absolutely no idea how that was revealed to you amongst all that gobbeldy gook but if getting a new audio driver will fix things then I thank you for your most valued time Sir. – Pauline Lawson Jul 26 '17 at 16:34
-
He used windbg and analyzed the dump file, RtkAPO.dll, is the offending dll which is a Realtek Audio file. It's the only file listed. – Ramhound Jul 26 '17 at 23:38
-
@Ramhound I've link my answer from yesterday where I posted all steps. I have no idea what else I should post ♂️ – magicandre1981 Jul 27 '17 at 15:27
-
@magicandre1981 You shouldn't have to submit anything else your answer is crystal clear – Ramhound Jul 27 '17 at 22:54