From: "Jialiang Ge [MSFT]" on
Hello Bob

I agree. It's most likely a stack corruption that results in the problem.
There are generally three causes of stack corruption:

A. Stack Overrun
1. Array indexing errors cause the stack overrun.
2. Static buffer overrun on the stack.

B. Calling Convention Mismatch

We can detect stack corruption in compile time (if you have the source code
of the shell extension) or in runtime, but most of these skills require
that you have the source code of the shell extension, which may not be
feasible in this case. Therefore, Kerem's suggestion to disable shell
extension one by one may be the most effective and efficient way to find
the culprit module. Please try it. After locating the module, if it's a
third party module, you can consider checking for the product's update or
contacting the product's supports.

----------------------------------------------
Detecting Stack Corruption:

1. Detect stack overrun at compile time.

Because stack buffer overruns are such common problems, there is a tool
that can help detect these errors at compile time: PREfast.

PREfast is the codename for the /analyze compiler switch and SAL
annotations:
http://blogs.msdn.com/vcblog/archive/2008/02/05/prefast-and-sal-annotations.
aspx
To enable PREfast, open the project's properties, and turn to the Code
Analysis / General node. Change the value of "Enable Code Analysis For
C/C++ on Build" to "Yes (/analyze)", then rebuild the project. You will see
warning messages of buffer overrun in the Error List window of Visual
Studio. For example:

warning C6386: Buffer overrun: accessing 'n', the writable size is '8'
bytes, but '12' bytes might be written
warning C6201: Index '2' is out of valid index range '0' to '1' for
possibly stack allocated buffer 'n'
warning C6201: Index '3' is out of valid index range '0' to '1' for
possibly stack allocated buffer 'n'

, and these warnings for StaticBufferOverrun:

warning C6204: Possible buffer overrun in call to 'wcscpy': use of
unchecked parameter 'pszSource'
warning C4996: 'wcscpy': This function or variable may be unsafe. Consider
using wcscpy_s instead. To disable deprecation, use
_CRT_SECURE_NO_WARNINGS.

2. Detect stack overrun and calling convention mismatch at run-time.

Unfortunately, Application Verifier cannot detect stack overrun and calling
convention mismatch effectively at run-time.

In VC++ compiler, there is an option to enable the stack frame runtime
error checking: Project Properties / C/C++ / Code Generation / Basic
Runtime Check. Stack frame checking is enabled when the option is set to
"Stack Frames (/RTCs)". The stack frame checking switch is on in Debug
build, and it is off in Release build by default. The option helps protect
against a number of different stack corruptions:

Each time a function is called, it initializes all local variables to
nonzero values to prevent them from retaining old values from prior
function calls.

It verifies the stack pointer (esp register) to ensure that stack
corruptions caused by calling convention mismatches do not occur.

Protects against buffer overruns and underruns of local variables.

When any of the three corruptions happens, the application is broken into a
debugger with a break instruction exception. The callstack is like this:

0:000> k
ChildEBP RetAddr
0014efc4 00ac1ba9 ntdll!DbgBreakPoint
0014fe18 00ac1bef CppStackCorruption!failwithmessage+0x1ea
0014fe28 00ac18a6 CppStackCorruption!_RTC_Failure+0x37
0014fe4c 00ac1091 CppStackCorruption!_RTC_CheckEsp+0x18
0014fe54 00ac11fc CppStackCorruption!wmain+0x11
0014fe98 75c436d6 CppStackCorruption!__tmainCRTStartup+0x10f
0014fea4 770b883c kernel32!BaseThreadInitThunk+0xe
0014fee4 770b880f ntdll!__RtlUserThreadStart+0x70
0014fefc 00000000 ntdll!_RtlUserThreadStart+0x1b

It is important to note that the /RTC compiler options are designed to work
with debug builds and, as such, have no impact on released builds. The /RTC
switch is meant solely to test your code during development.

Other viable options to detect stack corruption at run-time include
Rational's Purify or NuMega's BoundsChecker.

Regards,
Jialiang Ge
Microsoft Online Community Support

=================================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg(a)microsoft.com.

This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================