我使用windebug获得的信息是：
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(10cc.a5c): Unknown exception - code c0000374 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=7fffffff edx=00000000 esi=02850000 edi=000010cc
eip=77c6f8c1 esp=02fd95a0 ebp=02fd9624 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
ntdll!NtWaitForSingleObject+0x15:
77c6f8c1 83c404          add     esp,4

使用～* k,获取的信息如下：

   0  Id: 10cc.ed0 Suspend: 1 Teb: 7efdd000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0015f9fc 75fc1a2c ntdll!ZwWaitForMultipleObjects+0x15
0015fa44 7702086a kernel32!WaitForMultipleObjectsExImplementation+0xe0
0015fa98 775f37db user32!RealMsgWaitForMultipleObjectsEx+0x14d
0015fae8 775f6302 iertutil!IsoDispatchMessageToArtifacts+0x22c
0015fb08 667b5daa iertutil!IsoManagerThreadZero_WindowsPump+0x53
0015fb58 002814aa ieframe!LCIEStartAsTabProcess+0x273
0015fca4 00281286 iexplore!wWinMain+0x3ad
0015fd38 75fc33ca iexplore!_initterm_e+0x1b1
0015fd44 77c89ed2 kernel32!BaseThreadInitThunk+0xe
0015fd84 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
0015fd9c 00000000 ntdll!RtlInitializeExceptionChain+0x36

   1  Id: 10cc.50c Suspend: 1 Teb: 7efda000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0272f9d8 75fc33ca ntdll!ZwWaitForMultipleObjects+0x15
0272f9e4 77c89ed2 kernel32!BaseThreadInitThunk+0xe
0272fa24 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
0272fa3c 00000000 ntdll!RtlInitializeExceptionChain+0x36

   2  Id: 10cc.ca4 Suspend: 1 Teb: 7ef9f000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
02afead4 75fc1a2c ntdll!ZwWaitForMultipleObjects+0x15
02afeb1c 75fc4238 kernel32!WaitForMultipleObjectsExImplementation+0xe0
02afeb38 775f11a6 kernel32!WaitForMultipleObjects+0x18
02affb64 775f5caa iertutil!CForeignProcessToCurrentProcessMessaging::_vThreadProc+0xa1
02affb6c 75fc33ca iertutil!CForeignProcessToCurrentProcessMessaging::_sThreadProc+0xd
02affb78 77c89ed2 kernel32!BaseThreadInitThunk+0xe
02affbb8 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
02affbd0 00000000 ntdll!RtlInitializeExceptionChain+0x36

   3  Id: 10cc.12bc Suspend: 1 Teb: 7ef9c000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
02ccf6f8 75fc1a2c ntdll!ZwWaitForMultipleObjects+0x15
02ccf740 7702086a kernel32!WaitForMultipleObjectsExImplementation+0xe0
02ccf794 775f37db user32!RealMsgWaitForMultipleObjectsEx+0x14d
02ccf7e4 775f6275 iertutil!IsoDispatchMessageToArtifacts+0x22c
02ccf804 75fc33ca iertutil!IsoManagerThreadNonzero_WindowsPump+0x5a
02ccf810 77c89ed2 kernel32!BaseThreadInitThunk+0xe
02ccf850 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
02ccf868 00000000 ntdll!RtlInitializeExceptionChain+0x36

#  4  Id: 10cc.a5c Suspend: 0 Teb: 7ef99000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
02fd9624 77cf8595 ntdll!NtWaitForSingleObject+0x15
02fd967c 77d1e5e6 ntdll!RtlReportException+0x86
02fd9690 77d1e663 ntdll!RtlpNtEnumerateSubKey+0x1ab8
02fd9cf0 77d1f559 ntdll!RtlpNtEnumerateSubKey+0x1b35
02fd9d00 77d1f639 ntdll!RtlpNtEnumerateSubKey+0x2a2b
02fd9d34 77cd9bc2 ntdll!RtlpNtEnumerateSubKey+0x2b0b
02fd9d5c 75aa625c ntdll!RtlUlonglongByteSwap+0xc7d2
02fd9d70 76ed443a ole32!CRetailMalloc_GetSize+0x21 [d:\w7rtm\com\ole32\com\class\memapi.cxx @ 710]
02fd9d94 76ed3ea3 oleaut32!APP_DATA::FreeCachedMem+0x30
02fd9db0 76ed4870 oleaut32!SysFreeString+0x6b
02fd9dc4 667ce433 oleaut32!VariantClear+0xc3
02fd9dd8 63ea7175 ieframe!Detour_VariantClear+0x2f
02fd9de8 63ea444c jscript!VAR::Clear+0x9c
02fd9e10 63ea6e46 jscript!GcAlloc::ReclaimGarbage+0x94
02fd9e2c 63ea43e9 jscript!GcContext::Reclaim+0xb6
02fd9e40 63ea42e9 jscript!GcContext::CollectCore+0x123
02fd9e54 63ea4b2a jscript!GcContext::Collect+0x3a
02fd9fd4 63e95d7d jscript!CScriptRuntime::Run+0x39dc
02fda0bc 63e95cdb jscript!ScrFncObj::CallWithFrameOnStack+0xce
02fda104 63e95ef1 jscript!ScrFncObj::Call+0x8d

   5  Id: 10cc.fcc Suspend: 1 Teb: 7ef90000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0392fb18 75fc33ca ntdll!ZwWaitForWorkViaWorkerFactory+0x12
0392fb24 77c89ed2 kernel32!BaseThreadInitThunk+0xe
0392fb64 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
0392fb7c 00000000 ntdll!RtlInitializeExceptionChain+0x36

   6  Id: 10cc.ee0 Suspend: 1 Teb: 7ef8d000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
03d4f9b4 75fc33ca ntdll!ZwWaitForWorkViaWorkerFactory+0x12
03d4f9c0 77c89ed2 kernel32!BaseThreadInitThunk+0xe
03d4fa00 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
03d4fa18 00000000 ntdll!RtlInitializeExceptionChain+0x36

   7  Id: 10cc.13e8 Suspend: 1 Teb: 7ef8a000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
03a8fa0c 777f3520 ntdll!NtDelayExecution+0x15
03a8fa1c 75a8d98d KERNELBASE!Sleep+0xf
03a8fa28 75a8cd48 ole32!CROIDTable::WorkerThreadLoop+0x14 [d:\w7rtm\com\ole32\com\dcomrem\refcache.cxx @ 1345]
03a8fa44 75a8d87a ole32!CRpcThread::WorkerLoop+0x26 [d:\w7rtm\com\ole32\com\dcomrem\threads.cxx @ 257]
03a8fa54 75fc33ca ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x16 [d:\w7rtm\com\ole32\com\dcomrem\threads.cxx @ 63]
03a8fa60 77c89ed2 kernel32!BaseThreadInitThunk+0xe
03a8faa0 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
03a8fab8 00000000 ntdll!RtlInitializeExceptionChain+0x36

   8  Id: 10cc.2a8 Suspend: 1 Teb: 7ef87000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
03f8fb04 75fc33ca ntdll!ZwWaitForWorkViaWorkerFactory+0x12
03f8fb10 77c89ed2 kernel32!BaseThreadInitThunk+0xe
03f8fb50 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
03f8fb68 00000000 ntdll!RtlInitializeExceptionChain+0x36

   9  Id: 10cc.13f8 Suspend: 1 Teb: 7ef84000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
040afb04 75fc1194 ntdll!NtWaitForSingleObject+0x15
040afb1c 75fc1148 kernel32!WaitForSingleObjectExImplementation+0x75
040afb30 632cff25 kernel32!WaitForSingleObject+0x12
040afb54 632d5d47 mshtml!CDwnTaskExec::ThreadExec+0x23f
040afb5c 6323e726 mshtml!CExecFT::ThreadProc+0x39
040afb68 75fc33ca mshtml!CExecFT::StaticThreadProc+0xe
040afb74 77c89ed2 kernel32!BaseThreadInitThunk+0xe
040afbb4 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
040afbcc 00000000 ntdll!RtlInitializeExceptionChain+0x36

  10  Id: 10cc.eb0 Suspend: 1 Teb: 7ef81000 Unfrozen
ChildEBP RetAddr  
04edf7b4 77017c1d user32!NtUserGetMessage+0x15
04edf7d4 746b2840 user32!GetMessageA+0xa1
04edf80c 75fc33ca winmm!mciwindow+0x102
04edf818 77c89ed2 kernel32!BaseThreadInitThunk+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
04edf858 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
04edf870 00000000 ntdll!RtlInitializeExceptionChain+0x36

  11  Id: 10cc.1204 Suspend: 1 Teb: 7ef7e000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0713fac8 75fc33ca ntdll!ZwWaitForWorkViaWorkerFactory+0x12
0713fad4 77c89ed2 kernel32!BaseThreadInitThunk+0xe
0713fb14 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
0713fb2c 00000000 ntdll!RtlInitializeExceptionChain+0x36

  12  Id: 10cc.c08 Suspend: 1 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
06ecfb44 75fc33ca ntdll!ZwWaitForWorkViaWorkerFactory+0x12
06ecfb50 77c89ed2 kernel32!BaseThreadInitThunk+0xe
06ecfb90 77c89ea5 ntdll!RtlInitializeExceptionChain+0x63
06ecfba8 00000000 ntdll!RtlInitializeExceptionChain+0x36

使用VS2010进行分析，拿到的调用栈：
>        ntdll.dll!_RtlReportCriticalFailure@8()  + 0x57 字节       
        ntdll.dll!_RtlpReportHeapFailure@4()  + 0x21 字节       
        ntdll.dll!_RtlpLogHeapFailure@24()  + 0xa1 字节       
        ntdll.dll!_RtlSizeHeap@12()  + 0x56bc0 字节       
        ole32.dll!CRetailMalloc_GetSize(IMalloc * pThis, void * pv)  行 710        C++
        oleaut32.dll!APP_DATA::FreeCachedMem()  + 0x24 字节       
        oleaut32.dll!_SysFreeString@4()  + 0x4a 字节       
        oleaut32.dll!_VariantClear@4()  + 0x9c2 字节       
        ieframe.dll!Detour_VariantClear()  + 0x2b 字节       
        jscript.dll!VAR::Clear()  + 0x428 字节       
        jscript.dll!GcAlloc::ReclaimGarbage()  - 0x2a 字节       
        jscript.dll!GcContext::Reclaim()  + 0x8d 字节       
        jscript.dll!GcContext::CollectCore()  + 0xdb 字节       
        jscript.dll!GcContext::Collect()  + 0x27 字节       
        jscript.dll!CScriptRuntime::Run()  + 0xe5db 字节       
        jscript.dll!ScrFncObj::CallWithFrameOnStack()  + 0x8a 字节       
        jscript.dll!ScrFncObj::Call()  + 0x84 字节       
        jscript.dll!CSession::Execute()  + 0x139 字节       
        jscript.dll!NameTbl::InvokeDef()  + 0x147 字节       
        jscript.dll!NameTbl::InvokeEx()  + 0xf5 字节       
        jscript.dll!IDispatchExInvokeEx2()  + 0x8f 字节       
        jscript.dll!IDispatchExInvokeEx()  + 0x4f 字节       
        jscript.dll!NameTbl::InvokeEx()  + 0xcc3 字节       
        mshtml.dll!CScriptCollection::InvokeEx()  + 0x8e 字节       
        mshtml.dll!CWindow::InvokeEx()  + 0x24d 字节       
        mshtml.dll!CBase::VersionedInvokeEx()  + 0x20 字节       
        mshtml.dll!PlainInvokeEx()  + 0x89 字节       
        mshtml.dll!COmWindowProxy::InvokeEx()  + 0xd35d 字节       
        mshtml.dll!COmWindowProxy::subInvokeEx()  + 0x26 字节       
        mshtml.dll!CBase::VersionedInvokeEx()  + 0x20 字节       
        mshtml.dll!PlainInvokeEx()  + 0x89 字节       
        jscript.dll!IDispatchExInvokeEx2()  + 0x8f 字节       
        jscript.dll!IDispatchExInvokeEx()  + 0x4f 字节       
        jscript.dll!InvokeDispatchEx()  + 0x98 字节       
        jscript.dll!VAR::InvokeByDispID()  + 0x3818f 字节       
        jscript.dll!CScriptRuntime::Run()  + 0x7f78 字节       
        jscript.dll!ScrFncObj::CallWithFrameOnStack()  + 0x8a 字节       
        jscript.dll!ScrFncObj::Call()  + 0x84 字节       
        jscript.dll!CSession::Execute()  + 0x139 字节       
        jscript.dll!NameTbl::InvokeDef()  + 0x147 字节       
        jscript.dll!NameTbl::InvokeEx()  + 0xf5 字节       
        mshtml.dll!CBase::InvokeDispatchWithThis()  + 0xad 字节       
        mshtml.dll!CBase::InvokeEvent()  + 0x903b9 字节       
        mshtml.dll!CBase::FireEvent()  + 0xdc 字节       
        mshtml.dll!CElement::BubbleEventHelper()  - 0xa 字节       
        mshtml.dll!CElement::FireEvent()  + 0x2fa93 字节       
        mshtml.dll!CElement::Fire_onclick()  + 0x1c 字节       
        mshtml.dll!CElement::DoClick()  + 0x96 字节       
        mshtml.dll!CInput::DoClick()  + 0x3f 字节       
        mshtml.dll!CDoc::PumpMessage()  + 0x8996b 字节       
        mshtml.dll!CDoc::OnMouseMessage()  + 0x1d2 字节       
        mshtml.dll!CDoc::OnWindowMessage()  + 0x8dca2 字节       
        mshtml.dll!CServer::WndProc()  + 0x4c 字节       
        user32.dll!_InternalCallWinProc@20()  + 0x23 字节       
        user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 字节       
        user32.dll!_DispatchMessageWorker@8()  + 0xed 字节       
        user32.dll!_DispatchMessageW@4()  + 0xf 字节       
        ieframe.dll!CTabWindow::_TabWindowThreadProc()  + 0x386 字节       
        ieframe.dll!LCIETab_ThreadProc()  + 0x282 字节       
        iertutil.dll!CIsoScope::RegisterThread()  - 0x34f1 字节       
        kernel32.dll!@BaseThreadInitThunk@12()  + 0x12 字节       
        ntdll.dll!___RtlUserThreadStart@8()  + 0x27 字节       
        ntdll.dll!__RtlUserThreadStart@8()  + 0x1b 字节

我刚开始使用WINDEBUG，几乎没有思路，清大伙帮忙啦，谢谢啦。

(10cc.a5c): Unknown exception - code c0000374 (first/second chance not available)  是不是用到map搞崩了？ 我也刚使用windbg，调试就会俩命令，~*kbn 这个下面找exception确定出问题的线程，查看线程的堆栈。!analyze -v 这个命令直接分析你的崩溃，定位到代码如果你有pdb的话。

ocx有代码吗，有代码可以跟进去调试或者打日志

有代码，关键是我OCX的代码都执行完成啦，然后才崩溃的，让我郁闷很久啦。

终于确定问题啦，虽然没闹明白为啥。
环境：WIN7系统（32位和64位都可以）+IE8浏览器（奇怪的是，在WINXP上安装IE8就不出这个问题）；
控件的线程模式选择单元（Apartment）、中性（Neutral）或两者（both）。
然后浏览器调用控件时就会出这个问题（偶尔，不是每次都出）。后来我把线程模式改为单线程模式或者自由模式（free）就不出这个问题啦。很奇怪的一个问题，我猜测试微软的问题，具体为啥说不上来。
在此做个总结，以后有朋友们遇到这个问题，可以参考下。