Hi All,
i hope someone can shed some light into our issue. each time we open a .mov file in win media player, it crashes. i obtained the crash dump and can see that a heap corruption occures, but only MS core components are on the stack and thus can't make out what have possible caused it.
I have also checked with autoruns, and there are only MS and Citrix codecs on the server.
(unfortuantely i cannot test with any other media player whether it will crash too)
I hope someone can make it out what is going on based on the below. the system in question is 2008R2 TS, but the issue is reproducible for an admin in a console session.
0:012> kv
ChildEBP RetAddr Args to Child
04f1e518 77bd84d7 0000081c 00000001 00000000 ntdll!ZwWaitForSingleObject+0x15 (FPO: [3,0,0])
04f1e59c 77bd8605 04f1e73c 04f1e78c 00000000 ntdll!RtlReportExceptionEx+0x14b (FPO: [Non-Fpo])
04f1e5f4 77bfe656 04f1e73c 04f1e78c 00000000 ntdll!RtlReportException+0x86 (FPO: [Non-Fpo])
04f1e608 77bfe6d3 c0000374 04f1e63c 77ba73bc ntdll!RtlpTerminateFailureFilter+0x14 (FPO: [Non-Fpo])
04f1e614 77ba73bc 00000000 04f1eaec 77b5cfc0 ntdll!RtlReportCriticalFailure+0x67 (FPO: [SEH])
04f1e628 77ba7261 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
04f1e650 77b8b459 fffffffe 04f1eadc 04f1e78c ntdll!_except_handler4+0x8e (FPO: [Non-Fpo])
04f1e674 77b8b42b 04f1e73c 04f1eadc 04f1e78c ntdll!ExecuteHandler2+0x26 (FPO: [Uses EBP] [5,3,1])
04f1e698 77b8b3ce 04f1e73c 04f1eadc 04f1e78c ntdll!ExecuteHandler+0x24 (FPO: [5,0,3])
04f1e724 77b40133 01f1e73c 04f1e78c 04f1e73c ntdll!RtlDispatchException+0x127 (FPO: [Non-Fpo])
04f1e724 77bfe6c3 01f1e73c 04f1e78c 04f1e73c ntdll!KiUserExceptionDispatcher+0xf (FPO: [2,0,0]) (CONTEXT @ 04f1e78c)
04f1eaec 77bff5c9 c0000374 77c34268 04f1eb30 ntdll!RtlReportCriticalFailure+0x57 (FPO: [Non-Fpo])
04f1eafc 77bff6a9 00000002 55d8bb00 001c0000 ntdll!RtlpReportHeapFailure+0x21 (FPO: [Non-Fpo])
04f1eb30 77bff912 00000003 001c0000 0458f310 ntdll!RtlpLogHeapFailure+0xa1 (FPO: [Non-Fpo])
04f1eb88 77bbaf1b 001c0000 0458f310 00000000 ntdll!RtlpAnalyzeHeapFailure+0x25b (FPO: [Non-Fpo])
04f1ec6c 77b63cee 00000058 00000060 001c00c4 ntdll!RtlpAllocateHeap+0x62b (FPO: [Non-Fpo])
04f1ecf0 75ffade8 001c0000 00000008 00000058 ntdll!RtlAllocateHeap+0x23a (FPO: [Non-Fpo])
04f1ed30 75ffc470 00000058 00000058 04f1ed48 msvcrt!_calloc_impl+0x136 (FPO: [Non-Fpo])
04f1ed4c 58c103e9 00000001 00000058 04652ae8 msvcrt!calloc+0x1a (FPO: [Non-Fpo])
04f1ed6c 58bd8bdc 076e0020 58c3a628 58c3a77b msmpeg2vdec!StageInfo_Create+0x3d
04f1ed8c 58bfd438 58c3a628 58c3a77b 00000000 msmpeg2vdec!TaskScheduler_PushStageEx+0x36
04f1edbc 58bfd6bc 00000000 077d8648 076e0020 msmpeg2vdec!Decoder_TaskGraphInit_SoftwareFineGrain+0x20e
04f1edd8 58bc5a62 00000000 00000001 0653f238 msmpeg2vdec!Decoder_TaskGraphInit+0x9c
04f1edec 58ce6f64 000f9af0 04f1f440 04f1f6ec msmpeg2vdec!H264DecodeCreate+0x136
04f1f198 58ce71d5 00989680 00065d3b ffffffff msmpeg2vdec!CCoreH264Decoder::Initialize+0x341 (FPO: [Non-Fpo])
04f1f6f0 58ce9a6e 04f1f74c 0653ee78 0653ee78 msmpeg2vdec!CH264DecoderSoftware::StartDecoder+0x132 (FPO: [Non-Fpo])
04f1f704 58ce4926 04f1f74c 04f1f808 01613438 msmpeg2vdec!CH264DecoderBase::InitDecoder+0xe6 (FPO: [Non-Fpo])
04f1f718 58ce21bb 04f1f74c d6c2c119 00000000 msmpeg2vdec!CH264DecoderSoftware::InitDecoder+0x12 (FPO: [Non-Fpo])
04f1fa28 58cdfe5f 00000000 06532a20 04f1fa58 msmpeg2vdec!CMFTH264DecoderTransform::OnBeginStreaming+0x2f5 (FPO: [Non-Fpo])
04f1fa38 58ce256f 06532a20 10000000 00000000 msmpeg2vdec!CMFTSimpleBase::ProcessMessage+0x7d (FPO: [Non-Fpo])
Unable to load image C:\Windows\System32\mf.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mf.dll
*** ERROR: Module load completed but symbols could not be loaded for mf.dll
04f1fa58 58ecd9c3 00000001 10000000 00000000 msmpeg2vdec!CMFTH264DecoderTransform::ProcessMessage+0x37 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
04f1fa90 58ece59f 00000000 0473fbd8 00000000 mf+0x11d9c3
04f1faa4 58ecf572 00000002 047345d8 00000000 mf+0x11e59f
04f1faec 58ecff28 04f1fb04 0473fbd8 047345d8 mf+0x11f572
04f1fbb8 58ed056e 00000000 0473fbd8 00000000 mf+0x11ff28
04f1fbd4 58eca887 00000000 0473fbd8 04737050 mf+0x12056e
04f1fc08 58ed1c41 00000000 04706400 04737050 mf+0x11a887
04f1fc1c 58ec8784 04706400 04737074 04f1fc44 mf+0x121c41
04f1fc2c 58ecab0a 04706400 04706400 04737074 mf+0x118784
04f1fc44 5900029b 04706400 00000000 04724538 mf+0x11ab0a
04f1fc60 60ee1f7b 04737080 04769900 04f1fd78 mf+0x25029b
04f1fc70 60ee1b3c 04769900 00000000 00000000 mfplat!CCompletionPort::InvokeCallback+0x12 (FPO: [Non-Fpo])
04f1fd78 60ee8cab 04f1fdb8 76001287 04724538 mfplat!CWorkQueue::CThread::ThreadMain+0xa5 (FPO: [Non-Fpo])
04f1fd80 76001287 04724538 d6a61310 00000000 mfplat!CWorkQueue::CThread::ThreadFunc+0xd (FPO: [Non-Fpo])
04f1fdb8 76001328 04f1fdcc 758333aa 0450b5d0 msvcrt!_endthreadex+0x44 (FPO: [Non-Fpo])
04f1fdc0 758333aa 0450b5d0 04f1fe0c 77b69ef2 msvcrt!_endthreadex+0xce (FPO: [Non-Fpo])
04f1fdcc 77b69ef2 0450b5d0 55d8ae3c 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
04f1fe0c 77b69ec5 760012e5 0450b5d0 ffffffff ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
04f1fe24 00000000 760012e5 0450b5d0 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])