-
-
Save poqdavid/e4dc16afa8cf5a01ae686e82189a62e9 to your computer and use it in GitHub Desktop.
Windows 11 ucrtbase.dll explorer crash 0xc0000409
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64 | |
Copyright (c) Microsoft Corporation. All rights reserved. | |
Loading Dump File [C:\CrashDumps\explorer.exe.14740.dmp] | |
User Mini Dump File: Only registers, stack and portions of memory are available | |
************* Path validation summary ************** | |
Response Time (ms) Location | |
Deferred srv* | |
Symbol search path is: srv* | |
Executable search path is: | |
Windows 10 Version 22000 MP (12 procs) Free x64 | |
Product: WinNt, suite: SingleUserTS | |
Edition build lab: 22000.1.amd64fre.co_release.210604-1628 | |
Machine Name: | |
Debug session time: Mon Apr 4 07:14:26.000 2022 (UTC - 4:00) | |
System Uptime: not available | |
Process Uptime: 0 days 1:28:10.000 | |
................................................................ | |
................................................................ | |
................................................................ | |
................................................................ | |
.............................................. | |
Loading unloaded module list | |
............................................. | |
This dump file has an exception of interest stored in it. | |
The stored exception information can be accessed via .ecxr. | |
(3994.1d44): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available) | |
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT | |
For analysis of this file, run !analyze -v | |
ucrtbase!abort+0x4e: | |
00007fff`0507dd7e cd29 int 29h | |
0:053> !analyze -v | |
******************************************************************************* | |
* * | |
* Exception Analysis * | |
* * | |
******************************************************************************* | |
KEY_VALUES_STRING: 1 | |
Key : Analysis.CPU.mSec | |
Value: 8828 | |
Key : Analysis.DebugAnalysisManager | |
Value: Create | |
Key : Analysis.Elapsed.mSec | |
Value: 13702 | |
Key : Analysis.Init.CPU.mSec | |
Value: 765 | |
Key : Analysis.Init.Elapsed.mSec | |
Value: 3717 | |
Key : Analysis.Memory.CommitPeak.Mb | |
Value: 562 | |
Key : FailFast.Name | |
Value: FATAL_APP_EXIT | |
Key : FailFast.Type | |
Value: 7 | |
Key : Timeline.Process.Start.DeltaSec | |
Value: 5290 | |
Key : WER.OS.Branch | |
Value: co_release | |
Key : WER.OS.Timestamp | |
Value: 2021-06-04T16:28:00Z | |
Key : WER.OS.Version | |
Value: 10.0.22000.1 | |
Key : WER.Process.Version | |
Value: 10.0.22000.527 | |
FILE_IN_CAB: explorer.exe.14740.dmp | |
NTGLOBALFLAG: 0 | |
APPLICATION_VERIFIER_FLAGS: 0 | |
CONTEXT: (.ecxr) | |
rax=0000000000000001 rbx=000000001027bfd8 rcx=0000000000000007 | |
rdx=000000000000000f rsi=000000001027bfd8 rdi=0000000010c1f5b0 | |
rip=00007fff0507dd7e rsp=0000000002e9f5b0 rbp=0000000002e9f679 | |
r8=0000000000000001 r9=0000000002e9f558 r10=0000000000000012 | |
r11=00007ffec1cc1579 r12=0000000000000000 r13=000000001023fba0 | |
r14=000000001023fbd8 r15=00007ffec5854f30 | |
iopl=0 nv up ei pl nz na pe nc | |
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 | |
ucrtbase!abort+0x4e: | |
00007fff`0507dd7e cd29 int 29h | |
Resetting default scope | |
EXCEPTION_RECORD: (.exr -1) | |
ExceptionAddress: 00007fff0507dd7e (ucrtbase!abort+0x000000000000004e) | |
ExceptionCode: c0000409 (Security check failure or stack buffer overrun) | |
ExceptionFlags: 00000001 | |
NumberParameters: 1 | |
Parameter[0]: 0000000000000007 | |
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT | |
PROCESS_NAME: explorer.exe | |
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. | |
EXCEPTION_CODE_STR: c0000409 | |
EXCEPTION_PARAMETER1: 0000000000000007 | |
FAULTING_THREAD: 00001d44 | |
STACK_TEXT: | |
00000000`02e9f5b0 00007fff`0507d499 : 00000000`00000003 00000000`00000003 00000000`00000000 0000e166`4a63b2a2 : ucrtbase!abort+0x4e | |
00000000`02e9f5e0 00007ffe`b121a5d4 : 00007ffe`b15590a0 00000000`00000002 00000000`134f35ec 00000000`00000068 : ucrtbase!terminate+0x29 | |
00000000`02e9f610 00007ffe`b1472373 : 00000000`00000000 00000000`134f2fd0 00000000`00000000 00000000`10392410 : ExplorerExtensions!winrt::hstring::~hstring+0x64 | |
00000000`02e9f640 00007ffe`b141525b : 00000000`00000000 00000000`10392410 00000000`10392420 00000000`10392418 : ExplorerExtensions!winrt::SystemTray::implementation::MicrophoneSystemTrayIconDataModel::OnCapabilityUsagechanged+0xd3 | |
00000000`02e9f6e0 00007ffe`c5938298 : 00000000`00000000 00000000`00000000 00000000`00000000 00007fff`076bb680 : ExplorerExtensions!winrt::impl::delegate<winrt::Windows::Foundation::EventHandler<winrt::Windows::Foundation::IInspectable>,<lambda_3863875ba69e35d0218a25b15afef9eb> >::Invoke+0x3b | |
00000000`02e9f730 00007ffe`c593806d : 00000000`005f0c50 00000000`00000000 00000000`00000000 00000000`00000000 : windowsudk_shellcommon!winrt::Windows::Foundation::TypedEventHandler<winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::CapabilityUsageInfo,winrt::Windows::Foundation::IInspectable>::operator()+0x24 | |
00000000`02e9f760 00007ffe`c5937e9d : 00000000`00000000 00000000`1023fbb0 00000000`00000000 00000000`00000000 : windowsudk_shellcommon!winrt::impl::invoke<winrt::Windows::Foundation::TypedEventHandler<winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::CapabilityUsageInfo,winrt::Windows::Foundation::IInspectable>,winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::implementation::CapabilityUsageInfo,std::nullptr_t>+0x25 | |
00000000`02e9f790 00007ffe`c5855034 : 00000000`1023fbc0 00000000`0c68f6e0 00000000`10392410 00007fff`076c250d : windowsudk_shellcommon!winrt::event<winrt::Windows::Foundation::TypedEventHandler<winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::CapabilityUsageInfo,winrt::Windows::Foundation::IInspectable> >::operator()<winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::implementation::CapabilityUsageInfo,std::nullptr_t>+0x71 | |
00000000`02e9f7d0 00007fff`076fa8cb : 00000000`00000000 02821b2c`a3bc4075 00000000`0c68ff90 00000000`10245df8 : windowsudk_shellcommon!winrt::WindowsUdk::Security::Authorization::AppCapabilityAccess::implementation::CapabilityUsageInfo::HandleAudioAssistantWNF+0x104 | |
00000000`02e9f850 00007fff`076fa58a : 00000000`00000000 00000000`0c68f6a0 00000000`00000000 00000000`00000000 : ntdll!RtlpWnfWalkUserSubscriptionList+0x257 | |
00000000`02e9f930 00007fff`076fa3e0 : 00000000`006c78d0 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlpWnfProcessCurrentDescriptor+0x10e | |
00000000`02e9f980 00007fff`076bfe52 : 00000000`00612000 00000000`00612188 00000000`7ffe0386 00007fff`076bfd5e : ntdll!RtlpWnfNotificationThread+0x80 | |
00000000`02e9f9e0 00007fff`076b6d98 : 00000000`00612188 00000000`133a4380 00000000`00000000 00000000`1037dce0 : ntdll!TppExecuteWaitCallback+0xae | |
00000000`02e9fa30 00007fff`067554e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x448 | |
00000000`02e9fd20 00007fff`076a485b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x10 | |
00000000`02e9fd50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2b | |
SYMBOL_NAME: ucrtbase!abort+4e | |
MODULE_NAME: ucrtbase | |
IMAGE_NAME: ucrtbase.dll | |
STACK_COMMAND: ~53s ; .cxr ; kb | |
FAILURE_BUCKET_ID: FAIL_FAST_FATAL_APP_EXIT_c0000409_ucrtbase.dll!abort | |
OS_VERSION: 10.0.22000.1 | |
BUILDLAB_STR: co_release | |
OSPLATFORM_TYPE: x64 | |
OSNAME: Windows 10 | |
IMAGE_VERSION: 10.0.22000.1 | |
FAILURE_ID_HASH: {e31753ac-c98a-8055-3663-47e707543d20} | |
Followup: MachineOwner | |
--------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment