Windows Rundll32 (child process of DllHost) is crashing. How can I even identify it?
Solution 1:
What causes the crashes? Can they be resolved somehow?
Apparently, the crashes are caused by validating the UserTile of this specific user.
I believe this refers to the picture that is shown when you log in. After setting the user's picture to an arbitrary image file taken from Pictures/, the crash was no longer triggered when I go to switch users and log in as the specific user.
How can I identify this?
It looks like "Exception offset" is a code offset inside the DLL/EXE (i.e. avoiding the effect of relocation / address randomization). So the crash location can be identified by "Exception offset" + the specific DLL/EXE contents -
- Fault Module Name: Windows.UI.Immersive.dll
- Fault Module Version: 10.0.16299.125
- "x64-based PC" (the 64 bit version of the DLL, not 32-bit "x86").
If you have debugging symbols for the DLL/EXE, you may be able to take extra effort to look up this location. Use procdump as described to capture a crash dump. Open the dump with any debugger which supports the Microsoft Symbol Service, if the DLL/EXE is from Microsoft. The names of the symbols are less likely to change over time (or different hardware platforms) than the numeric addresses. A debugger will also show a full trace of the nested function calls leading to the crash.
- Symbolic location:
Windows_UI_Immersive!CUserTileValidator::_SetReadOnlyCapability+1detc.