Recently I had some explorer crash with the following error

---------------------------
Explorer.EXE - Application Error
---------------------------
The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read".


Click on OK to terminate the program
Click on CANCEL to debug the program
---------------------------
OK Cancel
---------------------------

And some error about invalid virtual call or something like that? I am wonder if anyone knows what went wrong? Or at least how come my eip is now 0? Anyway my os is win2k sp3.

PS: After that crash, all IE windows refuses to work. Not really a problem though...
Posted on 2003-11-05 02:56:27 by roticv
Originally posted by roticv
And some error about invalid virtual call or something like that? I am wonder if anyone knows what went wrong? Or at least how come my eip is now 0? Anyway my os is win2k sp3.

Eip=0, happens when for instance not balancing the stack and then the ret executes. My guess, some progrmmer at M$ amde a typo somewhere :/
Posted on 2003-11-05 08:51:00 by scientica
I think it's some C++ code, trying to call a non-existent virtual function of some object. In other words:


Object_Version1 struct ; structure of virtual table
destructor dd ?
func1 dd ?
func2 dd ?
Object_Version1 ends


Object_Version2 struct
destructor dd ?
func1 dd ?
func2 dd ?
func3 dd ?
Object_Version2 ends

mov ecx,_this
mov ecx,[ecx] ; get virtual table
call [ecx].Object_Version2.func3

Explorer probably has loaded a DLL, that is older than expected, which doesn't contain func3. Thus, the data at offset 12 will contain 0, and the code will jump to 0.
This problem, I think, can only occur, if some program that you installed has replaced some system DLL with an older version.
This DLL is probably not an OLE object, otherwise version change would be noticed. Maybe you can use some debugger to see the stack return address, and to which loaded DLL module this address belongs. Then, replace that dll with the default file, taken from the win2k installation/service_pack cab files.
Posted on 2003-11-05 10:22:06 by Ultrano
Ultrano,

Anyway, I think the dll is related to IE. Because IE seems unable to lanuch after the crash. I will take a look at the stack dump. Kinda sick of having my explorer crashing. Anyway I think the problem helped when I opened a folder that contained my mp3, then I tried to drag it into a msn messenger window. Before I can drop it, the crashed occured.
Posted on 2003-11-05 10:47:24 by roticv
Originally posted by roticv
Anyway I think the problem helped when I opened a folder that contained my mp3, then I tried to drag it into a msn messenger window. Before I can drop it, the crashed occured.

M$ and the RIIA or RIAA (whatever), are allied, they don't allow any mp3's

Seriously, maybe it's a bug in MSN (whlie processing the D'n'D events), try drag a single sile (or compressing the folder and drag the archive), I think MSNmsngr uses IE (dlls) for the html thingy or to get/send data. -- You know intergrating more and more iwht eachother so you get a nice depancy chain forcing uses to have certain programs installed. :/
Posted on 2003-11-05 16:30:08 by scientica
I had the same problem earlier on my PC when I had Win2K installed, EXPLORER would crash and it says the instruction at xxxxx reference data at address 0 and I'm like WTF?!?
So It gives me the option to debug (since I have MSVC++ 6.0), and I saw some code that goes like this:

call
mov edx, Something like that

The problem turned out that my main NTFS drive had no space left on it so I guess a function call was failing and causing the program to crash, no idea why?! but it might be advantageous to double check how much space u have left.
Posted on 2003-11-05 19:52:27 by x86asm
True, I am running low on hard disk space :grin: Even disk defragmentor claims that there is not enough space for effective deframgentation. Hehe. But to think explorer crash because of low disk space is stupid. I will try to debug explorer when it crashes again. Grr.
Posted on 2003-11-05 22:18:18 by roticv
Hi roticv,

Low disk space causing crashes makes perfect sense. NTFS is a journalling system (2000 and XP). IOW the OS tries to store info about file system changes before actually writing them. If an allocation fails, the OS could get confused (pointers bollixed). I noticed more funny things happening just before my main (c: ) drive failed because the journalling system compensated for failing drive writes until it couldn't do so anymore. Diskeeper would hang during defrag operations intermittently. Finally, the drive controller started signalling imminent failure. I swapped it out before it failed.

Your other scenario makes sense, too; particularly for the NTFS and OS changes made when XP was released. One side effect of redoing the API's will be fixing some of the buffer handling problems propagated from MS-DOS/Win 3.1-9X and NT 3. Inside Windows 2000 says this about low memory: Addresses 0x00000000 through 0x0000FFFF is a no access region to aid programmers in avoiding incorrect pointer references; attempts to access an address within this range will cause an access violation. Remember, this is the virtual address; which isn't the same as the physical address space. On page 444 there is a table of reasons for access faults.

Charles
Posted on 2003-11-06 00:14:07 by cdquarles