A solution to the problem of a resource manager losing its response ,一次资源管理器失去响应的问题的解决
English is used in Google translation.
A solution to the problem of a resource manager losing its response
1.
Once again, after windows update, after the computer starts, sometimes the right-click property menu is opened, which resu lts in the resource manager losing its response. Sometimes, the advanced security settings in the attribute Security tab cause the resource manager to lose the response.
Two, to speculate on possible problems:
0x0, system problems.
0x1, hard disk may lose response at that time.
0x2, resource manager poisoning, or a shell program or module that has compatibility problems.
Three, the problem is excluded:
0x0, reloading system. It has important data, skipping. And I have a good habit of using the system, but even if this still doesn't rule out system problems, people are not confident at a critical moment.
0x1, update disk controller drive, check disk settings. S.M.A.R.T information is normal, the test continuous reading and writing, there is no problem.
0x2, check resource manager MD5 and SHA1, normal. But the module can't be viewed intuitively. Then the main analysis of the resource manager module.
Four, verify the hypothesis:
0x0, enter the safe mode, the performance of normal, no suspended animation, this assumption is likely to correct, but sti ll not sure.
0x1, because the latest version of win10 has no tools similar to IceSword in the XP era, PC Hunter does not support w in10 16299, so there is no good sword to increase the tedious degree of verification. For easy viewing, the procexp tool is used, but because of the number of modules, it can not be easily excluded, and the module can not be unloaded.
0x2, reproduce the problem, open the task manager, export the process dump file, use WinDbg to see, there are four excepti on, namely tv_x64.dll, 7-zip.dll, gvimext.dll, DragExt64.dll, and unknow is isoshl64.dll.
0x3, because it can not uninstall the module, it will end all the related process module, the module file all increased. Bak suffix to prevent loading, restart the explorer, the problem really excluded, verify, then the next need to test which is caused by loss of response module.
0x4, change the file name all back, and then leave a isoshl64.dll.bak, because this is unknow, but the discovery is still normal, indicating that it is not the module.
0x5, think of 7-zip.dll, gvimext.dll, DragExt64.dll three modules corresponding to the software 7-Zip, Vim, WinSCP, and ve rsion are very old, may be compatible problems, so renamed it, prevent loading, restart resource manager, the problem is s till.
0x6, try holding the attitude, the tv_x64.dll (corresponding software TeamViewer 13.0.6447) name, stop loading, restart th e explorer, TeamViewer 13.0.6447 prompts lost documents, point to determine whether it, the problem really ruled out, so t he problem identified in the TeamViewer 13.0.6447 tv_x64.
0x7, TeamViewer 13.0.6447 will be unloaded, and the problem is excluded. It will be analyzed further.
Five, draw the conclusion:
The presence of exception in the TeamViewer 13.0.6447's tv_x64.dll causes the resource manager to lose the response after opening the advanced security settings window.
PS:
0x1, has given feedback to TeamViewer.
0x2, took further analysis between modules, please wait for the following.
0x3, the problem is on the way.
0x4, reprint please indicate.
The following is the Chinese original
一次资源管理器失去响应的问题的解决
一、状况:
再一次windows更新后,电脑启动之后,有时候打开右键属性菜单导致资源管理器失去响应,有时候打开属性安全选项卡里的高级安全设置导致资源管理器失去响应,如下图:
二、推测可能出现的问题:
0x0、系统问题。
0x1、硬盘可能在那段时间失去响应。
0x2、资源管理器中毒或某个外壳程序或者模块出现兼容问题。
三、问题排除:
0x0、重装系统。 ——有重要数据,略过。并且本人用系统的习惯极好但是即使如此仍然不排除系统问题,人在关键时刻是没有信心的。。
0x1、更新磁盘控制器驱动,检测磁盘设置。——S.M.A.R.T信息均正常,测试连续读写,未出现问题。
0x2、校验资源管理器md5以及sha1,正常。但是模块无法直观的查看。接下来主要分析资源管理器模块。
四、验证假设:
0x0、进入安全模式,表现正常,没有出现假死状态,说明假设很有可能正确,但仍然不能确定。
0x1、由于最新版的win10没有类似于xp时代的IceSword的工具,PC Hunter不支持win10 16299,因此没有良好的手里剑,增加了验证繁琐程度。为了便于查看,使用了procexp工具,但是由于模块众多,无法方便的排除,也不能卸载模块。
0x2、重现问题,打开任务管理器,将进程转储文件导出,使用windbg查看,有四个exception,分别是,tv_x64.dll、7-zip.dll、gvimext.dll、DragExt64.dll;有一个unknow,是isoshl64.dll。
0x3、由于不能卸载模块,便将所有的模块相关进程结束,模块文件全部增加了.bak后缀防止加载,重启资源管理器,问题果然排除,验证正确,那么接下里就需要测试究竟是哪个模块造成失去响应。
0x4、将文件名称全部改回,然后留下一个isoshl64.dll.bak,因为这个是unknow,但发现还是正常,说明不是该模块。
0x5、想着7-zip.dll、gvimext.dll、DragExt64.dll三个模块所对应的软件7-Zip、Vim、WinSCP、版本很老了,可能会出兼容问题,于是将其改名,防止加载,重启资源管理器,问题依旧。
0x6、抱着试试的心态,将tv_x64.dll(对应软件TeamViewer 13.0.6447)改名,阻止加载,重启资源管理器,TeamViewer 13.0.6447提示丢失文件,点确定,不管它,问题果然排除,于是问题确认在TeamViewer 13.0.6447的tv_x64。
0x7,将TeamViewer 13.0.6447卸载,问题排除,正常,原本进一步分析原因,但是想想又是调试,又是捕捉,麻烦的很,暂时停止。
五、得出结论:
TeamViewer 13.0.6447的tv_x64.dll出现exception导致资源管理器打开高级安全设置窗口后失去响应。
PS:
0x1、已经向teamviewer提出反馈。
0x2、接下里进一步分析模块之间的问题,请等待后续。
0x3、这个问题走了弯路。
0x4、转载请注明。
