• There seems to be an issue with CFileDialog causing an unhandled exception/access violation after the CFileDialog::DoModal window is closed.

Unhandled exception at MEMORYLOCATION (ntdll.dll) in FILENAME.exe: 0xC0000005: Access violation reading location 0xfeeefeee

  • According to Microsoft this is a known issue, caused by a race condition, within NetworkItemFactory.dll.
  • I can easily reproduce the crash on demand at least 60% of the time.
  • Crash occurs exactly 60 seconds after closing the CFileDialog when dynamically linking MFC.
  • Crash occurs immediately after closing the CFileDialog when statically linking MFC.
  • Crash occurs also when using ::GetOpenFileName.
  • In my experience, this crash only occurs while debugging.
  • This seems completely unrelated to other reported issues of CFileDialog causing access violations with VC6/VS2003, which seem related to the structure size of OPENFILENAME.
  • I'm using Win7 SP1 64-bit with Visual Studio 2010 SP1, Platform SDK 7.1.
  • Some 3rd party software, such as having Adobe Acrobat Reader installed, seems to make the crash occur more often.
  • Update 4/28/2014: I have re-ordered the suggestions based on reader feedback. Thanks for your input.

Steps to replicate:

  • There are many ways to replicate this crash, here is what I believe to be the absolute minimum necessary:
  • Create a new "MFC Application" project.
  • Add the following code snippet to theApp::InitInstance.
  • Put a breakpoint on the line Sleep( 1 ).
  • Start debugging.
  • Browse and select a file.
  • Wait (60 seconds) for the debugger to stop on your breakpoint.
  • Clicking Continue or pressing F5 should immediately trigger an Access Violation.
CFileDialog fileDialog( TRUE );  
fileDialog.DoModal();  
Sleep( 60000 );  
Sleep( 1 ); // put a breakpoint here  

Suggestion # 1: Disable "Vista Style" for debug builds

  • The problem seems to be avoided by disabling the vista style in debug builds. Thanks Michael Cotgrove.
  • FYI: I fixed the problem by installing the hotfix (see suggestion # 2), so I don't actually use this suggestion. I offer this as the # 1 solution because of my reader feedback, and I think its also the most convenient because you don't have to install/uninstall anything or change any settings.
  • Something like this can be used:
#ifdef _DEBUG
const BOOL VistaStyle = FALSE;  
#else
const BOOL VistaStyle = TRUE;  
#endif
CFileDialog Dlg( TRUE, NULL, NULL, OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, L"All Files (*.*)|*.*||", NULL, 0, VistaStyle );  
if( Dlg.DoModal() == IDOK )  
{
  // :todo:
}

Suggestion # 2: install experimental Hotfix from Microsoft:

  • Try installing this experimental Hot-fix from Microsoft (install at your own risk). Thanks Kelly.
  • This hotfix seems to be available only for Windows 7.
  • http://support.microsoft.com/kb/2718841/en-us
  • The Hot-fix is packaged in an self-extracting-exe. It prompts for an unzip path, which defaults to C:, however it does not seem to accept this as a valid path. Change the path to something besides the root path.
  • The installer does not seem to automatically create a system restore point, so I suggest manually creating one prior to installing. Thanks TD-er.
  • This step (or the first one listed above) should resolve the issue. If you're still getting the error it maybe another unrelated scenario which requires some other fix.

One or both of either the above 2 items should resolve the issue. While I was still researching this issue, I found the following items to cause the crash to occur less often. I no longer consider the following items part of the solution. I still list them for educational use, in case you are interested in doing further research on this issue.

Uninstall Acrobat Reader:

  • Uninstall Adobe Acrobat Reader.
  • This seems to make the crash occur less often. Most likely its related to the Adobe shell extensions which get installed by default.

Disable RPC debugging:

  • Tools-> Options-> Debugging-> Native-> Enable RPC debugging, uncheck it (disable it).
  • This seems to make the crash occur less often, not sure why.

Disable 3rd party shell extensions:

  • This is not really a solution, but for some reason these seem to cause the crash to occur less often.
  • Disable buggy 3rd party shell extensions.
  • Any software which adds special icons in Windows Explorer, or which adds menu items to the desktop or Windows Explorer right-click context menu is suspect.
  • These applications should be uninstalled, or disabled using ShellExView, and then *REBOOT*.
  • I recommend using Nirsoft's ShellExView, and disable *ALL* non-Microsoft shell extensions.

Use CoInitializeEx:

  • This is not really a solution, but for some reason these seem to cause the crash to occur less often.
  • Use CoInitialize Ex, instead of AfxOleInit or CoInitialize.
  • If you replace use of AfxOleInit, you must also add CoUninitialize in your YourApp::ExitInstance.

Debug Output:

  • The last 3 lines appear exactly 60 seconds after closing the CFileDialog.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x000006BA: The RPC server is unavailable.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x000006BA: The RPC server is unavailable.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x80010108: Server Disconnected from clients.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x80010108: Server Disconnected from clients.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x80010108: Server Disconnected from clients.
First-chance exception at 0x7677c99e (ole32.dll) in maint32.exe: 0xC0000005: Access violation reading location 0xfeeefeee.
First-chance exception at 0x7652b9bc (KernelBase.dll) in maint32.exe: 0x80010108: Server Disconnected from clients.
Unhandled exception at 0x77bb15de (ntdll.dll) in maint32.exe: 0xC0000005: Access violation reading location 0xfeeefeee.

Call Stack, main thread:

  • I enabled load all symbols in Tools-> Options-> Debug-> Symbols to get complete call stack.
ntdll.dll!_ZwRaiseException@12() + 0x12 bytes
 ntdll.dll!_ZwRaiseException@12() + 0x12 bytes
 ole32.dll!SilentlyReportExceptions(_EXCEPTION_POINTERS * lpep) Line 133 C++
 ole32.dll!ServerExceptionFilter(_EXCEPTION_POINTERS * lpep) Line 190 C++
 ole32.dll!AppInvokeExceptionFilterWithMethodAddress(_EXCEPTION_POINTERS * lpep, void * pvObject, const _GUID & riid, unsigned long dwMethod, void * pvVtableAddress, const char * szPossibleCause) Line 379 C++
 ole32.dll!AppInvokeExceptionFilter(_EXCEPTION_POINTERS * lpep, void * pvObject, const _GUID & riid, unsigned long dwMethod) Line 485 C++
 ole32.dll!FinishShutdown() Line 1037 + 0x19 bytes C++
 msvcrt.dll!@_EH4_CallFilterFunc@8() + 0x12 bytes
 msvcrt.dll!__except_handler4_common() + 0x87 bytes
 ole32.dll!_except_handler4(_EXCEPTION_RECORD * ExceptionRecord, _EXCEPTION_REGISTRATION_RECORD * EstablisherFrame, _CONTEXT * ContextRecord, void * DispatcherContext) Line 90 + 0x1b bytes C
 ntdll.dll!ExecuteHandler2@20() + 0x26 bytes
 ntdll.dll!ExecuteHandler@20() + 0x24 bytes
 ntdll.dll!_RtlDispatchException@8() + 0xd3 bytes
 ntdll.dll!_KiUserExceptionDispatcher@8() + 0xf bytes
 ole32.dll!CStdMarshal::Disconnect(unsigned long dwType) Line 3420 C++
 ole32.dll!DisconnectSwitch(void * pv) Line 3119 C++
 ole32.dll!CStdMarshal::DisconnectAndRelease(unsigned long dwType) Line 3167 C++
 ole32.dll!COIDTable::ThreadCleanup() Line 1760 + 0xa bytes C++
 ole32.dll!FinishShutdown() Line 1035 C++
 ole32.dll!ApartmentUninitialize(int fHostThread) Line 1291 C++
 ole32.dll!wCoUninitialize(COleTls & Tls, int fHostThread) Line 2766 + 0x8 bytes C++
 ole32.dll!CoUninitialize() Line 2620 C++
 networkitemfactory.dll!FDBackgroundThreadHandler() + 0x21 bytes
 shlwapi.dll!WrapperThreadProc() + 0xd3 bytes
 kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes
 ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes
 ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes

0xC0000005 · 0xfeeefeee · access violation · acrobat · adobe · AfxOleInit · C/C++ · CFileDialog · CoInitialize · CoInitializeEx · crash · Debug · debug · DoModal · GetOpenFileName · Hot-fix · KB2718841 · MFC · reader · reading location · unhanded exception