Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Crash loading exes/dlls on Win 7

See original GitHub issue

I get a crash loading any file, it seems to be something systemic. I’m on Windows 7 x64 SP1 which I would guess is important.

I was able to build and debug a bit, here’s what I found so far:

It crashes with System.ArgumentOutOfRangeException: 'Length cannot be less than zero.' here. The reason being that ApiSetEntryName is empty and so the LastIndexOf is returning -1.

ApiSetEntryName is empty because ApiSetEntryIterator->NameLength is 0. The rest of ApiSetEntryIterator doesn’t look quite right, I think the struct is different in memory because ValueCount seems too high. Likewise ApiSetEntryNameBuffer contains the API set but not at the right offset - it has the filename before:

-		ApiSetEntryIterator
		Flags	1	unsigned long
		NameOffset	500	unsigned long
		NameLength	0	unsigned long
		HashedLength	500	unsigned long
		ValueOffset	24	unsigned long
		ValueCount	6619243	unsigned long
+		ApiSetEntryNameBuffer	0x000007feff6c01f4 L"kernel32.dllMS-Win-Core-DateTime-L1-1-0"	wchar_t *

Even fixing that up though, after that point things quickly go off the rails - the value entries seem to be pointing nonsense, and the subsequent ApiSetEntryIterator after 0 are all wrong.

It looks like maybe the struct size is different and contains different elements, but I wouldn’t know where to begin figuring out the difference.

btw, I ran into some issues building. When I tried to build out of a plain checkout I was missing ntstatus.h. It seems for some reason that has been removed in the 10.0.15063.0 SDK, so I switched the C++ projects to 10.0.14393.0. I was then missing atlstr.h and I’m not sure where that should come from - some MFC thing and I don’t know whether I didn’t install that or it’s something with my configuration or what.

In case you’re interested, I applied this patch below to remove the use of CString and eliminate that dependency based on this page. If you don’t care then just ignore this 😄.

diff --git a/ClrPhlib/src/managed/PE.cpp b/ClrPhlib/src/managed/PE.cpp
index 26c5c7f..775d663 100644
--- a/ClrPhlib/src/managed/PE.cpp
+++ b/ClrPhlib/src/managed/PE.cpp
@@ -1,6 +1,5 @@
 #include <ClrPhlib.h>
 #include <UnmanagedPh.h>
-#include <atlstr.h>

 using namespace System;
 using namespace System::Text;
@@ -10,12 +9,16 @@ PE::PE(
     _In_ String ^ Filepath
 )
 {
-    CString PvFilePath(Filepath);
     m_Impl = new UnmanagedPE();

-       this->LoadSuccessful = m_Impl->LoadPE(PvFilePath.GetBuffer());
+       using namespace Runtime::InteropServices;
+       wchar_t* PvFilepath = (wchar_t*)(Marshal::StringToHGlobalUni(Filepath)).ToPointer();
+
+       this->LoadSuccessful = m_Impl->LoadPE(PvFilepath);
        this->Filepath = gcnew String(Filepath);

+       Marshal::FreeHGlobal(IntPtr((void*)PvFilepath));
+
        if (LoadSuccessful)
                InitProperties();

@@ -135,7 +138,7 @@ String^ PE::GetManifest()
        // Converting to wchar* and passing it to a C#-recognized String object
        UTF8Encoding Utf8Decoder;

-       array<byte> ^buffer = gcnew array<byte>(rawManifestLen + 1);
+       array<unsigned char> ^buffer = gcnew array<unsigned char>(rawManifestLen + 1);
        for (int i = 0; i < rawManifestLen; i++)
        {
                buffer[i] = rawManifest[i];
diff --git a/ClrPhlib/src/managed/PhSymbolProvider.cpp b/ClrPhlib/src/managed/PhSymbolProvider.cpp
index a05c549..2c5b5e3 100644
--- a/ClrPhlib/src/managed/PhSymbolProvider.cpp
+++ b/ClrPhlib/src/managed/PhSymbolProvider.cpp
@@ -1,6 +1,5 @@
 #include <ClrPhlib.h>
 #include <UnmanagedPh.h>
-#include <atlstr.h>

 using namespace System;
 using namespace ClrPh;
@@ -32,19 +31,22 @@ String^ PhSymbolProvider::UndecorateName(
 {
        String ^ManagedUndName;
        PPH_STRING UndecoratedName = NULL;
-       CString PvDecoratedName(DecoratedName);

        if (!m_Impl) {
                return gcnew String("");
        }


+       using namespace Runtime::InteropServices;
+       wchar_t* PvDecoratedName = (wchar_t*)(Marshal::StringToHGlobalUni(DecoratedName)).ToPointer();

        UndecoratedName = PhUndecorateNameW(
                m_Impl->m_SymbolProvider->ProcessHandle,
-               PvDecoratedName.GetBuffer()
+               PvDecoratedName
        );

+       Marshal::FreeHGlobal(IntPtr((void*)PvDecoratedName));
+
        if (!UndecoratedName) {
                return gcnew String("");
        }
diff --git a/ClrPhlib/src/managed/Phlib.cpp b/ClrPhlib/src/managed/Phlib.cpp
index 3b96e0a..3d0797a 100644
--- a/ClrPhlib/src/managed/Phlib.cpp
+++ b/ClrPhlib/src/managed/Phlib.cpp
@@ -1,6 +1,5 @@
 #include <ClrPhlib.h>
 #include <UnmanagedPh.h>
-#include <atlstr.h>
 #include <ApiSet.h>

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
lucasgcommented, Nov 26, 2017

I’ve added support for Win7 apiset parsing : fbae9ee64790e02962d8fcbccff2a04a47b3bfe4

0reactions
lucasgcommented, Nov 26, 2017

Thanks for spotting it. I’ve removed the include.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Windows 7 explorer.exe keeps crashing - ntdll.dll fault
Windows 7 explorer.exe keeps crashing - ntdll.dll fault · 1. Click Start, type msconfig.exe in the Start Search box, and then press ENTER....
Read more >
mbshlext.dll crashing explorer.exe in Windows 7
I am told that explorer.exe has crashed and a report is being generated to find a solution. This is followed by explorer.exe is...
Read more >
Labview crashing when trying to load a dll - NI Community
Hello All, I try to call a dll from labview (8.5, 8.6.1 or 2011) and labview is crashing when labview is trying to...
Read more >
Windows 7 dsound.dll load from dll crash
(it's always 0x44 for some reason). It works on Windows XP or when loading directly from the .exe (not from a separate DLL)....
Read more >
Windows 7 64bit crash during gameplay. Caused by ...
I've downloaded a program called BlueScreenView from www.nirsoft.net and it is showing me that the first 3 crashes were caused by the driver...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Can't run Dependencies.exe on Windows Server 2012 Standard x64

Next page

'Ooops, an unexpected error occurred'