Windows 10 explorer.exe heap corruption ntdll.dll when opened from taskbar
I have a strange problem with File Explorer. If I run it by clicking the icon pinned to the taskbar, it doesn't open, and explorer.exe restarts after a few seconds. If I press Windows + e, it opens up correctly.
Event Viewer shows this:
Faulting application name: explorer.exe, version: 10.0.14393.0, time stamp: 0x57899981
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000374
Fault offset: 0x00000000000f73e3
Faulting process ID: 0xb28
Faulting application start time: 0x01d1fa2b5e3c55e2
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 7cee4732-0e54-425a-ad3e-85f25a098c17
Faulting package full name:
Faulting package-relative application ID:
I have imported a registry key to create dumps, and opened in windmg. Running !analyze -v just shows me lots of heap_corruption, and I don't know enough about windmg to know what to look for. If anyone can give me a pointer, or if you want the dmp file (7-zipped), let me know. Many thanks.
Paul
James P1 Answer
Looking at the dump, shows that an nvidia driver causes the crash:
0:092> !heap -p -a 00000000145e7870
address 00000000145e7870 found in
_HEAP @ 145e0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
00000000145e7820 0021 0000 [00] 00000000145e7870 001a0 - (busy)
7ffe3e34401f verifier!AVrfDebugPageHeapAllocate+0x000000000000039f
7ffe460ceefb ntdll!RtlDebugAllocateHeap+0x000000000003c357
7ffe460bc586 ntdll!RtlpAllocateHeap+0x0000000000082f86
7ffe46037ad7 ntdll!RtlpAllocateHeapInternal+0x0000000000000727
7ffe3e362ed7 verifier!AVrfpRtlAllocateHeap+0x00000000000000e7
7ffe26fb40f7 nv3dappshext!DllInstall+0x000000000007873f
7ffe26f37973 nv3dappshext+0x0000000000007973
7ffe26f37f6d nv3dappshext+0x0000000000007f6d
7ffe26f37fa5 nv3dappshext+0x0000000000007fa5
7ffe26fa4168 nv3dappshext!DllInstall+0x00000000000687b0
7ffe26fa50be nv3dappshext!DllInstall+0x0000000000069706
7ffe26f3de49 nv3dappshext!DllInstall+0x0000000000002491
7ffe26f3edbc nv3dappshext!DllInstall+0x0000000000003404
7ffe4444773b shell32!DllCanUnloadNow+0x000000000000079b
7ffe444436c4 shell32!SHRestricted+0x0000000000001e64
7ffe4359e13f shlwapi!SHInvokeCommandOnContextMenu2+0x00000000000000d7
7ffe4359e034 shlwapi!SHInvokeCommandWithFlagsAndSite+0x00000000000000b4
7ff679e811ba explorer!LaunchNewInstanceWithOptionalElevate+0x000000000000012a
7ff679e896be explorer!CTaskBand::CLauncherTask::_Launch+0x000000000000016a
7ff679e8aa0c explorer!CTaskBand::CLauncherTask::_ThreadProc+0x0000000000000038
7ff679e8abee explorer!CTaskBand::CLauncherTask::s_ThreadProc+0x000000000000000e
7ffe43235aad +0x0000000000000135
7ffe3e35d684 verifier!AVrfpStandardThreadFunction+0x0000000000000044
7ffe440a8364 kernel32!BaseThreadInitThunk+0x0000000000000014
7ffe46065e91 ntdll!RtlUserThreadStart+0x0000000000000021
The driver is from 2012,
Image path: C:\Windows\System32\nv3dappshext.dll
Image name: nv3dappshext.dll
Browse all global symbols functions data
Timestamp: Wed Aug 22 21:53:10 2012 (503538A6)
CheckSum: 000DA2D4
ImageSize: 000E5000
File version: 8.17.13.604
Product version: 8.17.13.604
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: NVIDIA Corporation
ProductName: NVIDIA Shell Extensions
InternalName: Nv3DAppShExt.dll
OriginalFilename: Nv3DAppShExt.dll
ProductVersion: 8.17.13.0604
FileVersion: 8.17.13.0604
FileDescription: NVIDIA Shell Extensions
LegalCopyright: (C) 2012 NVIDIA Corporation. All rights reserved.
so update the driver to a version that is tested with Windows 10. Import the uninstall.reg to disable app verifier and the dump generation.
magicandre1981User contributions licensed under CC BY-SA 3.0