Sign in to follow this  

help with DLL exceptions on startup(not my dlls)

This topic is 3728 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, I've been having difficulties with my program. On some machines, after a while, it starts crashing the machine via the blue screen of death. I have not been able to trace that error to a specific location, but I have had this one lingering error that I cannot get rid of and would like to approach this problem one step at a time. Basically during a loading of DLLs, before it even goes into WinMain, I get access violations. I'm not attaching or requiring the use of any dlls. A while ago I thought that the culprit was wxvault.dll, which attaches itself automatically(some Dell computer thing). My program used to crash in weird places until I manually detached wxvault.dll right after WinMain like so:

int WINAPI WinMain(IN HINSTANCE hInstance, 

IN HINSTANCE hPrevInstance, 

IN LPSTR lpCmdLine, 

IN int nShowCmd )

{ 

//Brute force unload of stupid dlls:

{

HMODULE vaultHandler = GetModuleHandle( "wxvault.dll" );

if( vaultHandler )

{

FreeLibrary( vaultHandler );

}

vaultHandler = GetModuleHandle( "wxvault" );

if( vaultHandler )

{

FreeLibrary( vaultHandler );

}

}

...


This eliminated the random crashes, but the access violations were still there, and I would have to press "continue" twice when debugging the program. Wxvault.dll is some dll that comes with Dell computers, supposedly from Wave in their Embassy Security Suite. Here is the debug output I get:

'Garden_Release.exe': Loaded 'C:\Documents and Settings\Marv\Desktop\GardenD\PTKSkeleton_v5\output\Garden_Release.exe', Binary was not built with debug information.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\ntdll.dll', No symbols loaded.

AVRF: Garden_Release.exe: pid 0xB74: flags 0x80000181: application verifier enabled

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\verifier.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vrfcore.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfbasics.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfhangs.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\msvcrt.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\kernel32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfcompat.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\msvcp60.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfsvc.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfLuaPriv.dll', Symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\advapi32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\rpcrt4.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\psapi.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\ole32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\gdi32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\user32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\vfprint.dll', Symbols loaded.

AVRF: verifier.dll provider initialized for Garden_Release.exe with flags 0x80000181 

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\wxvault.dll', Binary was not built with debug information.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\mpr.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\version.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\shlwapi.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\detoured.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\shell32.dll', No symbols loaded.

LuaPriv: Attaching to process...

'Garden_Release.exe': Loaded 'C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll', No symbols loaded.

'Garden_Release.exe': Loaded 'C:\WINDOWS\system32\comctl32.dll', No symbols loaded.

 

=======================================

VERIFIER STOP 00000013 : pid 0xB74: First chance access violation for current stack trace. 

00157000 : Invalid address causing the exception.

1000B7C3 : Code address executing the invalid access.

0012E7C4 : Exception record.

0012E7E0 : Context record.

 

=======================================

This verifier stop is continuable.

After debugging it use `go' to continue.

=======================================

First-chance exception at 0xffbadd11 in Garden_Release.exe: 0xC0000005: Access violation.

 

=======================================

VERIFIER STOP 00000650 : pid 0xB74: Attempt to execute code in non-executable memory (first chance). 

FFBADD11 : Address being accessed.

FFBADD11 : Code performing invalid access.

0012ED8C : Exception record. Use .exr to display it.

0012EDA8 : Context record. Use .cxr to display it.

 

=======================================

This verifier stop is not continuable. Process will be terminated 

when you use the `go' debugger command.

=======================================

Garden_Release.exe has triggered a breakpoint

AVRF: Noncontinuable verifier stop 00000650 encountered. Terminating process ... 

The program '[2932] Garden_Release.exe: Native' has exited with code -1073741823 (0xc0000001).

 

I used App Verifier to run. When I don't use AppVerifier, it seems to crash after wxvault loads and loads 3 dependent dlls. The Callstack I get when running with App Verifier:

  ffbadd11() 
  vfhangs.dll!NS_HangVerifier::DelayLoad_NTDLL_NtGetTickCount()  Line 291 + 0x6 bytes C++
  vfhangs.dll!NS_HangVerifier::VfHookWaitForSingleObjectEx(void * hHandle=0x00000d01, unsigned long dwMilliseconds=4294967295, int bAlertable=0)  Line 1393 C++
  rpcrt4.dll!77e80acb()  
  [Frames below may be incorrect and/or missing, no symbols loaded for rpcrt4.dll] 
  rpcrt4.dll!77e80a81()  
  rpcrt4.dll!77e81289()  
  rpcrt4.dll!77e81247()  
  rpcrt4.dll!77e80898()  
  rpcrt4.dll!77e80e8d()  
  vfbasics.dll!AVrfpRtlFreeHeap(void * HeapHandle=0x030a6f00, unsigned long Flags=51293864, void * BaseAddress=0x00000001)  Line 385 C
  rpcrt4.dll!77e80e0d()  
  rpcrt4.dll!77e80c6f()  
  rpcrt4.dll!77e7b501()  
  rpcrt4.dll!77e80bbc()  
  rpcrt4.dll!77e8110b()  
  rpcrt4.dll!77e7a716()  
  rpcrt4.dll!77e7a747()  
  rpcrt4.dll!77ef3675()  
  ntdll.dll!7c91b298()  
  ntdll.dll!7c90d4ea()  
  ntdll.dll!7c9180ff()  
  ntdll.dll!7c91b686()  
  ntdll.dll!7c91b298()  
  ntdll.dll!7c9106eb()  
  ntdll.dll!7c95ef68()  
  ntdll.dll!7c95efb1()  
  ntdll.dll!7c95efed()  
  ntdll.dll!7c91b686()  
  ntdll.dll!7c91b298()  
  ntdll.dll!7c9106eb()  
  ntdll.dll!7c9106eb()  
  advapi32.dll!77dd7b76()  
  ntdll.dll!7c964f7f()  
  ntdll.dll!7c9654ad()  
  ntdll.dll!7c9650fa()  
  ntdll.dll!7c965584()  
  ntdll.dll!7c968c7f()  
  ntdll.dll!7c93a874()  
  vfbasics.dll!AVrfpRtlCreateHeap(unsigned long Flags=28916711, void * HeapBase=0x01b9410b, unsigned long ReserveSize=28916855, unsigned long CommitSize=3638685, void * Lock=0x003b105e, _RTL_HEAP_PARAMETERS * Parameters=0x7c9011a7)  Line 612 C
  vfLuaPriv.dll!NS_LuaPriv::NOTIFY_FUNCTION(unsigned long fdwReason=1)  Line 1218 C++
  vfLuaPriv.dll!DllMain(HINSTANCE__ * hInst=0x01b80000, unsigned long dwReason=1, void * Reserved=0x00000000)  Line 500 + 0x7 bytes C++
> vfLuaPriv.dll!__DllMainCRTStartup(void * hDllHandle=0x01b80000, unsigned long dwReason=1, void * lpreserved=0x00000000)  Line 568 + 0xc bytes C
  vfLuaPriv.dll!VfDllMainCRTStartup(HINSTANCE__ * hInst=0x01b80000, unsigned long dwReason=1, void * Reserved=0x00000000)  Line 379 C++
  vrfcore.dll!VfCoreStandardDllEntryPointRoutine(void * DllHandle=0x01b80000, unsigned long Reason=1, _CONTEXT * Context=0x00000000)  Line 557 + 0xc bytes C++
  vfbasics.dll!AVrfpStandardDllEntryPointRoutine(void * DllHandle=0x01b80000, unsigned long Reason=1, _CONTEXT * Context=0x00000000)  Line 705 + 0x14 bytes C
  ntdll.dll!7c9011a7()  
  ntdll.dll!7c91cbab()  
  ntdll.dll!7c9119fa()  
  ntdll.dll!7c919bd3()  
  ntdll.dll!7c919b78()  
  ntdll.dll!7c910833()  
  ntdll.dll!7c919ba0()  
  ntdll.dll!7c922334()  
  ntdll.dll!7c921639()  
  ntdll.dll!7c91a120()  
  ntdll.dll!7c922c66()  
  ntdll.dll!7c90eac7()  
  kernel32.dll!7c810665()  


The Local watch window, not sure how to use this information but it may be useful?:
  hDllHandle= 0x01b80000 void *
  dwReason= 1 unsigned long
  lpreserved= 0x00000000 void *
  retcode= 1 int 

Any help would be greatly appreciated. If there are any other forums I should try to ask this in I would like to know. Thanks! -Marvin Gouw

Share this post


Link to post
Share on other sites
Update:

I deleted wxvault.dll using hijack this(since it attaches itself to every program I boot up on my computer, I had to do a delete on restart). Deleting this file seemed to fix the access violations I was getting. But, another weird thing now shows up. During the DLL loading, before the program gets into WinMain(), setupapi.dll loads and unloads itself 5 seperate times. It will load, unload, reload, unload, .. until it finally stays loaded.

I read somewhere this may have to do with static functions? I'm not sure how static functions can do this, maybe static variables whose constructors are bashing memory somewhere? But I've checked, and none of my static variables do memcpys or fiddle with pointers or anything like that.



Under AppVerifier, I get one break now, on an unsafe call to TerminateThread(). I'm not sure if that's related.

Share this post


Link to post
Share on other sites

This topic is 3728 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this