Problem with VBScript and Ole32.dll

agrawalsau · Joined: 04 Oct 2007 Posts: 1

Hi,

I am facing crash in ole32.dll and from a long time there is no clue to

me what may be causing this problem. The problem happens only on some
machines (Windows XP SP2) and only after playing VBScript 6-7 times.
The crash is always happening at the same location.

Our application is hosting VBScript the same way as described in
http://support.microsoft.com/kb/221992. If VBscript is played few times

we experience the crash in ole32.dll. Following is the information,
which I could find by analyzing process dump through WinDbg.

1) The thread, which crashes, is started when VB Script is played.
2) Call stack of ole32 thread (Normal running)

039cff1c 7c91d85c ntdll!KiFastSystemCallRet
039cff20 7c8023ed ntdll!NtDelayExecution+0xc
039cff78 7c802451 kernel32!SleepEx+0x61
039cff88 774ce31d kernel32!Sleep+0xf
039cff94 774ce3dc ole32!CROIDTable::WorkerThreadLoop+0x14
039cffa8 774ce444 ole32!CRpcThread::WorkerLoop+0x1e
039cffb4 7c80b683 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1b
039cffec 00000000 kernel32!BaseThreadStart+0x37

3) Call stack of ole32 thread at the time of crash:

ChildEBP RetAddr
05aeff94 774ce3ee 0x0
05aeffa8 774ce456 ole32!CRpcThread::WorkerLoop+0x1e
05aeffb4 7c80b683 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1b
05aeffec 00000000 kernel32!BaseThreadStart+0x37

This ole32 thread is created by ole32::CacheCreateThread(). The
parameter to this thread is CRPCThread object pointer. CRPCThread
object occupies 20 bytes on Process Heap. First member of this class is

some Event handle and 3rd member is the pointer to
CROIDTable::WorkerThreadLoop function.

Code of CRpcThread::WorkerLoop function, which is last on the call
stack, looks like this:

774ce3d0 mov edi,edi
774ce3d2 push esi
774ce3d3 mov esi,ecx
774ce3d5 cmp dword ptr [esi+0x4],0x0
774ce3d9 jnz ole32!CRpcThread::WorkerLoop+0x67 (774ce434)
774ce3db push ebx
774ce3dc push edi
774ce3dd mov edi,[ole32!_imp__WaitForSingleObjectEx (774b12e0)]
774ce3e3 mov ebx,0x7530
774ce3e8 push dword ptr [esi+0xc]
774ce3eb call dword ptr [esi+0x8] ===========>>> Crashing
Instruction
774ce3ee call dword ptr [ole32!_imp__GetCurrentThread (774b12e8)]
774ce3f4 push eax

Here esi points to CRPCThread Object, 0x8 offset of which contains
address of CROIDTable::WorkerThreadLoop function. When the crash
happens this entry is NULL hence the crash.

Can anyone please help me in pointing out what may be the cause for
this? Why would this entry become NULL?
Please let me know if more information is required by me.

Thanks,
- Saurabh

Archived from group: microsoft>public>vb>ole

Problem with IApcProject::SaveCompleted Hello Ole programmers, I am debugging an application that has a strange problem. It is an MFC application that is implementing VBA (Using VBA SDK 6.0 V6.3). There is an file autobackup feature that sometimes fail and a MessageBox with "Path/File access er

Word save as MHT problem Howdy, I am trying to save files from Word as MHTML. I don't have a problem saving files unless they have JavaScript in them. When they contain JavaScript, any images are not saved. Is there a way to get Word to save those files from software? -- Frank

Ole Simple Problem(x2)? (VB/Word) I have an Ole Object in a vb6 form (class = I load the form calling the following: (this loads the word file into the ole object for display) Ole.SourceDoc = "here goes the file source" Ole.Action = Then, I have a button c

Strange problem with VB and macros Hi. I am using Word 2000 with VB on Windows 2000. We have created a macro (in WORD) which is called from VB through the "Run" method. The macro works fine. The problem is that when i run the VB code, from visual basic IDE, everything works fine as expecte

Help: Problem on oleaut32.dll for VB debugger? I write a program for simple server and client. Both of them use a VB6.0(Sp5) to develop run in Win2000 Server and Win2000 platform. No use third party for the applications. I use VB to build an ActiveX control for communication between