I always see on one specific Win XP machine (SP2 + latest hotfixes) that a call to ole32!StgCreateDocfile hangs infinite. On other test machines it's fine. I gathered a user full dump of the process in the hang scenario. The blocking thread looks like this: Calling code: TEST_HR_THROW(StgCreateDocfile(NULL,STGM_READWRITE | STGM_SHARE_DENY_WRITE | STGM_TRANSACTED,0,&pStgCopy)); Stack: 0:006> k 100 ChildEBP RetAddr 019ec824 7c90d68e ntdll!KiFastSystemCallRet 019ec828 7c810916 ntdll!NtCreateFile+0xc 019ec8c0 7756c8c9 kernel32!CreateFileW+0x35f 019ecb20 77506ec7 ole32!CFileStream::Init_OpenOrCreate+0x188 019ed37c 77506cd4 ole32!CFileStream::InitWorker+0xe0 019ed3c4 77544cc3 ole32!DfFromName+0x83 019ed3fc 77544d06 ole32!DfCreateDocfile+0x1d6 019ed420 023221eb ole32!StgCreateDocfile+0x1b [... my own code ...] 019ef6b0 77ef321a rpcrt4!Invoke+0x30 019efab4 77ef4f4a rpcrt4!NdrStubCall2+0x297 019efb0c 771366b4 rpcrt4!CStdStubBuffer_Invoke+0x3f 019efb30 77600c31 oleaut32!CUnivStubWrapper::Invoke+0xc5 019efb70 77600bdb ole32!SyncStubInvoke+0x33 019efbb8 7750f237 ole32!StubInvoke+0xa7 019efc90 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3 019efcac 7750fc79 ole32!MTAInvoke+0x1a 019efcd8 77600e3b ole32!STAInvoke+0x4a 019efd0c 776009bc ole32!AppInvoke+0x7e 019efde0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0 019efe0c 7750fcb3 ole32!ComInvoke+0x60 019efe20 7750fae9 ole32!ThreadDispatch+0x23 019efe38 77d48734 ole32!ThreadWndProc+0xfe 019efe64 77d48816 user32!InternalCallWinProc+0x28 019efecc 77d489cd user32!UserCallWinProcCheckWow+0x150 019eff2c 77d48a10 user32!DispatchMessageWorker+0x306 019eff3c 77513787 user32!DispatchMessageW+0xf 019eff70 775270d5 ole32!CDllHost::STAWorkerLoop+0x5c 019eff8c 77527008 ole32!CDllHost::WorkerThread+0xc8 019eff94 774fe3dc ole32!DLLHostThreadEntry+0xd 019effa8 774fe444 ole32!CRpcThread::WorkerLoop+0x1e 019effb4 7c80b683 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1b 019effec 00000000 kernel32!BaseThreadStart+0x37
My guess would be a sharing error. Try taking ownership of the folder for that user. -- Mark L. Ferguson "vve" wrote: > I always see on one specific Win XP machine (SP2 + latest hotfixes) > that a call to ole32!StgCreateDocfile hangs infinite. On other test > machines it's fine. I gathered a user full dump of the process in the > hang scenario. The blocking thread looks like this: > > Calling code: > TEST_HR_THROW(StgCreateDocfile(NULL,STGM_READWRITE | > STGM_SHARE_DENY_WRITE | STGM_TRANSACTED,0,&pStgCopy)); > > Stack: > 0:006> k 100 > ChildEBP RetAddr > 019ec824 7c90d68e ntdll!KiFastSystemCallRet > 019ec828 7c810916 ntdll!NtCreateFile+0xc > 019ec8c0 7756c8c9 kernel32!CreateFileW+0x35f > 019ecb20 77506ec7 ole32!CFileStream::Init_OpenOrCreate+0x188 > 019ed37c 77506cd4 ole32!CFileStream::InitWorker+0xe0 > 019ed3c4 77544cc3 ole32!DfFromName+0x83 > 019ed3fc 77544d06 ole32!DfCreateDocfile+0x1d6 > 019ed420 023221eb ole32!StgCreateDocfile+0x1b > [... my own code ...] > 019ef6b0 77ef321a rpcrt4!Invoke+0x30 > 019efab4 77ef4f4a rpcrt4!NdrStubCall2+0x297 > 019efb0c 771366b4 rpcrt4!CStdStubBuffer_Invoke+0x3f > 019efb30 77600c31 oleaut32!CUnivStubWrapper::Invoke+0xc5 > 019efb70 77600bdb ole32!SyncStubInvoke+0x33 > 019efbb8 7750f237 ole32!StubInvoke+0xa7 > 019efc90 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3 > 019efcac 7750fc79 ole32!MTAInvoke+0x1a > 019efcd8 77600e3b ole32!STAInvoke+0x4a > 019efd0c 776009bc ole32!AppInvoke+0x7e > 019efde0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0 > 019efe0c 7750fcb3 ole32!ComInvoke+0x60 > 019efe20 7750fae9 ole32!ThreadDispatch+0x23 > 019efe38 77d48734 ole32!ThreadWndProc+0xfe > 019efe64 77d48816 user32!InternalCallWinProc+0x28 > 019efecc 77d489cd user32!UserCallWinProcCheckWow+0x150 > 019eff2c 77d48a10 user32!DispatchMessageWorker+0x306 > 019eff3c 77513787 user32!DispatchMessageW+0xf > 019eff70 775270d5 ole32!CDllHost::STAWorkerLoop+0x5c > 019eff8c 77527008 ole32!CDllHost::WorkerThread+0xc8 > 019eff94 774fe3dc ole32!DLLHostThreadEntry+0xd > 019effa8 774fe444 ole32!CRpcThread::WorkerLoop+0x1e > 019effb4 7c80b683 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1b > 019effec 00000000 kernel32!BaseThreadStart+0x37 > >
As you can see, the first parameter is NULL, so it's windows duty to create a temp file and make sure that works.
I found the problem myself, StgCreateDocfile was used with pwcsName = NULL and grfMode without STGM_DELETEONRELEASE. This caused the windows\temp folder to contain tons of ~df... files. I assume that the algorithm to create a temp file name takes a long time then. A 'del /s /q /a-r *.* in c:\windows\temp' then solved the problem.
