Using WIN10.0.19044 Pro x64 | DO 12.27.2
Not sure what is causing this. Any ideas?
Please send us the logs:
Logs sent as requested
Do you get a similar crash if you right-click the same folder from File Explorer or other software?
It seems to be crashing within Windows itself, when looking for the PintoStartScreen context menu (which itself is part of Windows). From what I can see via the assembler, Windows is comparing the string PintoStartScreen against another string with an invalid memory address within appresolver.dll (part of Windows) when asked for the name of one of the menu items the OS has added.
(For what it's worth, I don't see any issues when trying the same thing on two machines here.)
There are some guides on the web about changing the PintoStartScreen menu item via the registry. If you've done anything like that, it might be worth undoing it to see if it's related.
@Leo No issues right-clicking in File Explorer or any other applications I tried. I have also NOT messed with the registry.
I will continue to investigate.
@Leo Issue continues in DOpus only. I have no issues in File Explorer, xplorer2, or XYplorer.
Checked registry; from what I've found all PintoStartScreen entries are correct (reference: https://www.tenforums.com/tutorials/37258-add-remove-pin-start-context-menu-windows-10-a.html).
To clarify, the error only occurs in the Desktop folder. If I go to C:\Users and right-click on the folder in question, the context menu appears without issue.
Any other ideas?
The context_menu_debug output (see the FAQ on right click issues) may reveal something.
Are all the Windows updates installed?
@Leo Windows is up to date.
Attempted debug per the FAQ using DebugView. The output:
Not sure what, if anything, the DebugView output information tells me. That said, I disabled the last context menu item listed - Duplicate File Detective 7 - with no change. Right-clicking still causes a crash.
What’s the last item in the log after disabling that one?
@Leo The last item after that was Folder Sizes 9. Both it and Duplicate File Detective are Key Metric Software products. Removing both programs' context menu entries resolved the issue.
1 Like
UPDATE: Contacted Key Metric Software developer. He's actually a DOpus user, as well, and verified the problem. He's currently investigating.
2 Likes
Hello! Mark from Key Metric Software here.
Just started looking into this problem today, and have been using the following DOPUS stack trace as a starting point:
00000047`cfefce58 00007ffb`c1dc8dcf : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNELBASE!StrCmpICW+0x6
00000047`cfefce60 00007ffb`c1dca6db : 00000000`80004001 00007ffb`e609b86b 0000446f`06c52f3d 00000000`0000004c : appresolver!_CmdIDToMap+0x4f
00000047`cfefce90 00007ffb`e4be1fe8 : 00000047`cfefd4f0 00000000`00000003 00000000`00000004 00000000`fffffc18 : appresolver!StartPinUnpinContextMenu::GetCommandString+0x14b
00000047`cfefcec0 00007ffb`e4af7153 : 00000047`cfefd4f0 00000186`f3cd4d70 00007ffb`e4f3e5a0 00000047`cfefd009 : shell32!HDXA_GetCommandString+0xa0
00000047`cfefcf30 00007ff6`2d6a4064 : 00007ff6`2e3d0a40 00007ff6`2e3472a0 00000047`cfefd360 0000013f`19cd5f30 : shell32!CDefFolderMenu::GetCommandString+0x113003
00000047`cfefd1f0 00007ff6`2d69bebd : 00000047`00000004 00000186`f3cd4d70 00000000`00000000 00000000`00000000 : dopus+0x294064
00000047`cfefdd30 00007ff6`2d69bbc9 : 00007ff6`00000000 00000000`00000000 00000186`ecfb0ed0 00000000`00000000 : dopus+0x28bebd
00000047`cfefded0 00007ff6`2da5f017 : 00000186`ecfb0ed0 00000000`00210e50 00000186`f3ccbf10 00000186`ed65f3f0 : dopus+0x28bbc9
00000047`cfefdf60 00007ff6`2da47f2d : 00000186`ed8b10c0 00000186`ed895c38 00000000`00210e50 00000186`ed895c38 : dopus+0x64f017
00000047`cfefe910 00007ff6`2d79595b : 00000186`ed8b10c0 00000000`00210e50 00000000`00210e50 00000047`cfefeec8 : dopus+0x637f2d
00000047`cfefedf0 00007ff6`2d7e2715 : 00000186`00000047 00000186`ed64e810 ffffffff`ffffffff 00000000`40804010 : dopus+0x38595b
00000047`cfeff120 00007ff6`2d7e10f0 : 00000000`00000001 00000000`00000001 00000000`00000000 00000047`cfeff4a8 : dopus+0x3d2715
00000047`cfeff250 00007ff6`2d7978f5 : 00000000`00000000 00000000`00000205 00000000`00000000 00000047`00000064 : dopus+0x3d10f0
00000047`cfeff490 00007ffb`e45be858 : 00000000`00000001 00000047`cfeff810 00000000`00000000 00000000`8000c011 : dopus+0x3878f5
00000047`cfeff500 00007ffb`e45be299 : 00000000`0000015c 00007ff6`2d797450 00000000`00070a72 00007ffb`00000205 : user32!UserCallWinProcCheckWow+0x2f8
00000047`cfeff690 00007ff6`2dde7df5 : 00007ff6`2d797450 00000186`e9530480 00000186`ed616c00 00000186`ed6335b0 : user32!DispatchMessageWorker+0x249
00000047`cfeff710 00007ffb`996c7df4 : 00000186`ed6335f0 00000186`ed582ea0 00000000`00000000 00000000`00000000 : dopus+0x9d7df5
00000047`cfeff870 00007ffb`99787c8c : 00000186`eafbac90 00000000`00000000 00000000`00000000 00000000`00000000 : dopuslib!IsWow64+0x34
00000047`cfeff8a0 00007ffb`e4907034 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dopuslib!DummyDllFunctionToAvoidSymbolConfusion+0xbb0ec
00000047`cfeff8d0 00007ffb`e60c2651 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
00000047`cfeff900 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
DOPUS appears to be invoking GetCommandString() via the Windows shell, which results in an invalid pointer read shortly thereafter.
INVALID_POINTER_READ_c0000005_appresolver.dll!_CmdIDToMap
Interestingly, both the FolderSizes (and Duplicate File Detective) implementations of IContextMenu::GetCommandString() are very simple. Still, I stripped down the implementation to simply return E_INVALIDARG (no copies to the provided buffer, etc.) and re-tested. Unfortunately, the crash persists.
I've also noticed that I cannot reproduce this crash unless I first navigate to the Desktop folder within DOPUS and then right-click on my user folder. Right-clicking on the user folder in the folder tree works just fine and no other folder path appears to trigger this crash.
So far I'm not really sure what to make of this, but will continue investigating as time permits.
1 Like
Thanks for the update. Looking forward to a solution...
In case it helps, I think this is the call on our side:
wchar_t wchCmd[1024] = { 0 };
lpCM->GetCommandString(mii.wID - iIDOffset, GCS_VERBW, 0, reinterpret_cast<LPSTR>(wchCmd), _countof(wchCmd)));
We have seen some GetCommandString handler bugs in the past, which might be worth checking for:
- Assumes the buffer is 1 char longer than specified (e.g. writing a string of 1024 chars plus null terminator, so the terminator goes off the end of the buffer).
- Always returns an ASCII string when asked for a UTF16 one.
- Always returns a UTF16 string when asked for an ASCII one (which in turn can double the buffer requirement).
We have protections against those elsewhere when we call GetCommandString for GCS_HELPTEXTW and GCS_HELPTEXTA, but I noticed we don't protect against them in the GCS_VERBW call here, FWIW. We also never try for GCS_VERBA (at least in the code in the stack trace; it is used elsewhere)
Let us know if we can help or try anything to get to the bottom of things, or if you find anything that looks like it's wrong on our side.
1 Like