O Windows Explorer trava aleatoriamente

tag-icon tag-icon windows windows-explorer crash dump windbg
O Windows Explorer trava aleatoriamente

Eu tenho um usuário no Windows 10 que está travando no Windows Explorer em momentos aparentemente aleatórios. Não parece que sempre aparece no EventLog, mas aqui estão duas vezes que vi isso:

Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: verifier.dll, version: 10.0.14393.0, time stamp: 0x57899a0f
Exception code: 0x80000003
Fault offset: 0x00000000000067ea
Faulting process id: 0x25fc
Faulting application start time: 0x01d2a268dd411f2e
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\System32\verifier.dll
Report Id: abed9bed-5ee2-400a-b02b-e9ca156152e3
Faulting package full name: 
Faulting package-relative application ID: 

Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1e70
Faulting application start time: 0x01d29f6e3e1544fd
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ec2775c1-336e-4d5f-bd96-d41b76e515e6
Faulting package full name: 
Faulting package-relative application ID:

Aqui estão links para dois lixões que coletei. Infelizmente, não tenho nenhuma experiência com dumps, então espero que alguém possa usá-los.

Link1

Link2

Qualquer ajuda seria muito apreciada!

Responder1

Os dumps são dumps BREAKPOINT ( STATUS_BREAKPOINT - (NTSTATUS) 0x80000003porqueVerificador de aplicativosestá ativado. Na pilha de chamadas, vejo chamadas relacionadas à telemetria que acionam a falha:

ntdll!NtWaitForMultipleObjects
ntdll!WerpWaitForCrashReporting
ntdll!RtlReportExceptionHelper
ntdll!RtlReportException
verifier!AVrfpVectoredExceptionHandler
ntdll!RtlpCallVectoredHandlers
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
verifier!VerifierStopMessageEx
verifier!AVrfpHandleSanityChecks
verifier!AVrfpNtQueryInformationProcess
windows_storage!DefaultAssocTelemetry::UtilGetProcessTelemetryAppSessionGuid
windows_storage!DefaultAssocTelemetry::CreateAssociatedProcess_
windows_storage!DefaultAssocTelemetry::CreateAssociatedProcess<enum ShellExecuteDdeStages & __ptr64,long & __ptr64,long & __ptr64,_PROCESS_INFORMATION & __ptr64,unsigned long & __ptr64,IUnknown * __ptr64 & __ptr64>
windows_storage!CInvokeCreateProcessVerb::Launch
windows_storage!CInvokeCreateProcessVerb::Execute
windows_storage!CBindAndInvokeStaticVerb::_DoCommand
windows_storage!CBindAndInvokeStaticVerb::_TryCreateProcessDdeHandler
windows_storage!CBindAndInvokeStaticVerb::Execute
windows_storage!CRegDataDrivenCommand::_TryInvokeAssociation
windows_storage!CRegDataDrivenCommand::_Invoke
shell32!CRegistryVerbsContextMenu::_Execute
shell32!CRegistryVerbsContextMenu::InvokeCommand
shell32!HDXA_LetHandlerProcessCommandEx
shell32!CDefFolderMenu::InvokeCommand
shell32!SHInvokeCommandOnContextMenu2
shell32!s_DoInvokeVerb
SHCore!Microsoft::WRL::Details::RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>::~RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>
verifier!AVrfpStandardThreadFunction
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart

Aqui, um identificador inválido (NULL) é usado pelo Windows.

APPLICATION_VERIFIER_HANDLES_NULL_HANDLE (303)
NULL handle passed as parameter. A valid handle must be used.
This stop is generated if the function on the top of the stack passed a
NULL handle to system routines.

Importe istoarquivo .regdesabilitar para desabilitar o verificador de aplicativos e a criação de dump. isso deve diminuir a quantidade de falhas.

Também vejo que o GROOVEEX.dll está carregado:

*** ERRO: O arquivo de símbolos não foi encontrado. Padrão para exportar símbolos para GROOVEEX.DLL -

UsarShellExViewpara desativar as entradas do Office Groove e verificar se isso resolve o problema.

Além disso, você usou ferramentas que tentam desabilitar a telemetria do Windows 10? se sim, desfaça essas alterações.

informação relacionada