- Dec
- 32
- 0
Recently I've had some crashes in conhost.exe while TCC is executing
a "simple" text-search alias.
This is the WinDbg report from the last incident. First the modules:
And the call-stack:
Seems some illegal data to WriteConsole() is causing this.
This is the call-stack for the TCC thread that started this output
(I used ProcessExplorer to inspect while WinDbg was blocking TCC):
Has anybody seen such crashes before?
a "simple" text-search alias.
This is the WinDbg report from the last incident. First the modules:
Code:
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\advapi32.dll
C:\Windows\System32\sechost.dll
C:\Windows\SYSTEM32\ConhostV1.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.DLL
C:\Windows\SYSTEM32\kernel.appcore.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\textinputframework.dll
C:\Windows\SYSTEM32\CoreMessaging.dll
C:\Windows\SYSTEM32\CoreUIComponents.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\wintypes.dll
C:\Windows\SYSTEM32\TextShaping.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\System32\clbcatq.dll
C:\Windows\System32\AppExtension.dll
C:\Windows\System32\twinapi.appcore.dll
C:\Windows\System32\AppXDeploymentClient.dll
C:\Windows\System32\Windows.StateRepositoryPS.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ole32.dll
(4ba0.f4): Access violation - code c0000005 (!!! second chance !!!)
rax=000000000000000f rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000001 rsi=000000000000001b rdi=0000000000000000
rip=00007ff8050d5249 rsp=0000007db46ff400 rbp=0000007db46ff580
r8=0000007db46ff489 r9=0000000000000001 r10=0000007db46ff480
r11=0000000000000001 r12=0000020ceb171106 r13=0000007db46ffb78
r14=000000000000001b r15=0000000000000010
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200
ntdll!RtlCustomCPToUnicodeN+0xa9:
00007ff8`050d5249 0fb70c47 movzx ecx,word ptr [rdi+rax*2] ds:00000000`0000001e=????
And the call-stack:
Code:
ntdll!RtlCustomCPToUnicodeN+0xa9
ConhostV1!SB_CharToWcharGlyph+0x43
ConhostV1!SB_WriteChars+0x257
ConhostV1!SB_DoWriteConsole+0x253
ConhostV1!SB_DoSrvWriteConsole+0x162
ConhostV1!SrvWriteConsole+0x143
ConhostV1!ConsoleIoThread+0x290
KERNEL32!BaseThreadInitThunk+0x14
ntdll!RtlUserThreadStart+0x21
Seems some illegal data to WriteConsole() is causing this.
This is the call-stack for the TCC thread that started this output
(I used ProcessExplorer to inspect while WinDbg was blocking TCC):
Code:
ntoskrnl.exe!KeSynchronizeExecution+0x6c56
ntoskrnl.exe!KeWaitForMutexObject+0x1460
ntoskrnl.exe!KeWaitForMutexObject+0x98f
ntoskrnl.exe!KeWaitForMutexObject+0x233
ntoskrnl.exe!wcsncpy_s+0x1942c
ntoskrnl.exe!NtDeviceIoControlFile+0x124b
ntoskrnl.exe!NtDeviceIoControlFile+0xce1
ntoskrnl.exe!NtDeviceIoControlFile+0x56
ntoskrnl.exe!setjmpex+0x8338
ntdll.dll!NtDeviceIoControlFile+0x14
KERNELBASE.dll!WriteConsoleW+0x191
KERNELBASE.dll!WriteConsoleW+0x6a
TakeCmd.dll!wwriteXP+0xd6
TakeCmd.dll!HtmlDecode+0x234
TakeCmd.dll!Ffind_Command+0x264b
TakeCmd.dll!Ffind_Command+0x3354
TakeCmd.dll!Ffind_Command+0x1bdc
TakeCmd.dll!ExecuteInternalCommand+0x55e
TakeCmd.dll!Command_S+0x1f69
TakeCmd.dll!Command_S+0x179d
tcc.exe+0x4182
tcc.exe+0x8cf8
KERNEL32.DLL!BaseThreadInitThunk+0x14
ntdll.dll!RtlUserThreadStart+0x21
Has anybody seen such crashes before?