CRASH "library initializer failed" on Windows SDK 10.0.26100.0

sklaw commented 3 months ago

Describe the bug On Windows, when compiled with Windows SDK 10.0.26100.0, clients would crash with "library initializer failed". This occurred on multiple clients, including the "empty" sample client. This does not occur when compiled with older SDKs.

To Reproduce Steps to reproduce the behavior:

Install Visual Studio 2022 with Windows SDK 10.0.26100.0
Create a CMake project.

Set the following values in CMakePresets.json:

{
"configurePresets": [
    {
        ...
        "generator": "Visual Studio 17 2022",
        "cacheVariables": {
             "DynamoRIO_DIR": <path to dynamorio installation/release's cmake folder>,
             "CMAKE_GENERATOR_PLATFORM": "version=10.0.26100.0",
             ...
        },
        ...

Write a simple client for the project.
Build the project.
Test the output DLL with drrun.exe

Please also answer these questions:

What happens when you run without any client?
- No error.
What happens when you run with debug build ("-debug" flag to drrun/drconfig/drinject)?
- Crashed with "library initializer failed"

Screenshots or Pasted Text Command prompt output of injecting a simple client into tasklist:

<log dir=<removed>>
<Starting application C:\Windows\system32\tasklist.exe (42524)>
<Running on newer-than-this-build "Microsoft Windows 10-2009 x64">
<Early threads found>
<curiosity: rex.w on OPSZ_6_irex10_short4!>
<Initial options = -no_dynamic_options -loglevel 4 -client_lib '<removed>\myclient.dll;0;' -client_lib64 '<removed>\myclient.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Application C:\Windows\system32\tasklist.exe (42524). Unable to load client library: myclient.dll: library initializer failed..>

Excerpts from log 0:

privload_call_entry for myclient.dll: reason=1 ASYNCH intercepted exception in thread 15100 at pc 0x00000000150ffec7 SYSLOG_ERROR: Application C:\Windows\system32\tasklist.exe (42524). Unable to load client library: myclient.dll: library initializer failed..

Excerpts from the app log:

loader_init_epilogue: calling entry points for myclient.dll privload_call_entry: calling myclient.dll entry 0x00007ff5b4fa1460 for 1 redirect_LoadLibraryW: api-ms-win-core-synch-l1-2-0 privload_map_name: mapped API-set dll api-ms-win-core-synch-l1-2-0.dll to kernelbase.dll redirect_GetProcAddress: 0x000001fb00140000InitializeCriticalSectionEx drwinapi_redirect_getprocaddr: InitializeCriticalSectionEx => 0x0000000015425840 redirect_RtlInitializeCriticalSectionEx: 0x00007ff5b4ff4210 redirect_LoadLibraryW: api-ms-win-core-fibers-l1-1-1 privload_map_name: mapped API-set dll api-ms-win-core-fibers-l1-1-1.dll to kernelbase.dll redirect_GetProcAddress: 0x000001fb00140000FlsAlloc drwinapi_redirect_getprocaddr: FlsAlloc => 0x000000001541fdb0 redirect_GetProcAddress: 0x000001fb00140000FlsSetValue drwinapi_redirect_getprocaddr: FlsSetValue => 0x000000001541ff70 Variable-size block: allocating 0x000001fb1e101fc0 (1040 bytes [1040 aligned] in 1376 block) privload_call_entry: myclient.dll init routine 0x00007ff5b4fa1460 crashed! privload_load_finalize: entry routine failed privload_unload: myclient.dll refcount => 0 privload_unload: unloading myclient.dll @ 0x00007ff5b4fa0000 privload_call_entry for myclient.dll: reason=0 privload_call_entry: calling myclient.dll entry 0x00007ff5b4fa1460 for 0 privload_unload: dynamorio.dll refcount => 1 privload_unload: KERNEL32.dll refcount => 9 in remove_vm_area 0x00007ff5b4fa0000 0x00007ff5b4ffd000 completely removing 0x00007ff5b4fa0000-0x00007ff5b4ffd000 removing dynamo vm area: 0x00007ff5b4fa0000-0x00007ff5b4ffd000 in remove_vm_area 0x00007ff5b4fa0000 0x00007ff5b4ffd000 SYSLOG_ERROR: Application C:\Windows\system32\tasklist.exe (42524). Unable to load client library: myclient.dll: library initializer failed..

Versions

What version of DynamoRIO are you using?
- DynamoRIO version 10.93.19965, Windows release
Does the latest build from https://github.com/DynamoRIO/dynamorio/releases solve the problem?
- No
- What operating system version are you running on? ("Windows 10" is not sufficient: give the release number.)
- Windows 11 Home, 23H2
- Is your application 32-bit or 64-bit?
- Tested on both.

derekbruening commented 3 months ago

Thank you for the detailed report. Adding back the newlines to the log from above:

loader_init_epilogue: calling entry points for myclient.dll
privload_call_entry: calling myclient.dll entry 0x00007ff5b4fa1460 for 1
redirect_LoadLibraryW: api-ms-win-core-synch-l1-2-0
privload_map_name: mapped API-set dll api-ms-win-core-synch-l1-2-0.dll to kernelbase.dll
redirect_GetProcAddress: 0x000001fb00140000InitializeCriticalSectionEx
 drwinapi_redirect_getprocaddr: InitializeCriticalSectionEx => 0x0000000015425840
redirect_RtlInitializeCriticalSectionEx: 0x00007ff5b4ff4210
redirect_LoadLibraryW: api-ms-win-core-fibers-l1-1-1
privload_map_name: mapped API-set dll api-ms-win-core-fibers-l1-1-1.dll to kernelbase.dll
redirect_GetProcAddress: 0x000001fb00140000FlsAlloc 
drwinapi_redirect_getprocaddr: FlsAlloc => 0x000000001541fdb0
redirect_GetProcAddress: 0x000001fb00140000FlsSetValue 
drwinapi_redirect_getprocaddr: FlsSetValue => 0x000000001541ff70 
Variable-size block: allocating 0x000001fb1e101fc0 (1040 bytes [1040 aligned] in 1376 block)
privload_call_entry: myclient.dll init routine 0x00007ff5b4fa1460 crashed!
privload_load_finalize: entry routine failed
privload_unload: myclient.dll refcount => 0
privload_unload: unloading myclient.dll @ 0x00007ff5b4fa0000
privload_call_entry for myclient.dll: reason=0
privload_call_entry: calling myclient.dll entry 0x00007ff5b4fa1460 for 0
privload_unload: dynamorio.dll refcount => 1
privload_unload: KERNEL32.dll refcount => 9 
in remove_vm_area 0x00007ff5b4fa0000 0x00007ff5b4ffd000 
completely removing 0x00007ff5b4fa0000-0x00007ff5b4ffd000 
removing dynamo vm area: 0x00007ff5b4fa0000-0x00007ff5b4ffd000 
in remove_vm_area 0x00007ff5b4fa0000 0x00007ff5b4ffd000 
SYSLOG_ERROR: Application C:\Windows\system32\tasklist.exe (42524). Unable to load client library: myclient.dll: library initializer failed..

It looks like it's the myclient itself, and not some system library, that crashed: privload_call_entry: myclient.dll init routine 0x00007ff5b4fa1460 crashed!. Yet the crash PC is in dynamorio.dll: ASYNCH intercepted exception in thread 15100 at pc 0x00000000150ffec7. A redirected library import?

Would it be possible for you to run under a debugger and get the callstack of the Access Violation at 0x00000000150ffec7?

sklaw commented 3 months ago

You're welcome!

I found out that the second to last insturction before crashing is the syscall in NtRaiseException.

Below is my full WinDBG output:

1:001> .childdbg 1
Processes created by the current process will be debugged
1:001> sxe ld drinjectlib.dll 
1:001> g
ModLoad: 00007ffe`d6890000 00007ffe`d6942000   C:\Windows\System32\advapi32.dll
ModLoad: 00007ffe`d64b0000 00007ffe`d6557000   C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffe`d6980000 00007ffe`d6a29000   C:\Windows\System32\sechost.dll
ModLoad: 00007ffe`d3f80000 00007ffe`d3fa8000   C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffe`d4b10000 00007ffe`d4c24000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffe`d5c20000 00007ffe`d5fad000   C:\Windows\System32\combase.dll
ModLoad: 00007ffe`d6660000 00007ffe`d680e000   C:\Windows\System32\user32.dll
ModLoad: 00007ffe`d3e30000 00007ffe`d3e56000   C:\Windows\System32\win32u.dll
ModLoad: 00007ffe`d6950000 00007ffe`d6979000   C:\Windows\System32\GDI32.dll
ModLoad: 00007ffe`d4600000 00007ffe`d4719000   C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffe`d6100000 00007ffe`d6131000   C:\Windows\System32\IMM32.DLL
ModLoad: 00007ffe`d2cc0000 00007ffe`d2cd8000   C:\Windows\SYSTEM32\kernel.appcore.dll
ModLoad: 00007ffe`d4720000 00007ffe`d479b000   C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffe`d6230000 00007ffe`d62e0000   C:\Windows\System32\clbcatq.dll
ModLoad: 00007ffe`cd240000 00007ffe`cd25a000   C:\Windows\SYSTEM32\windows.staterepositorycore.dll
onecore\windows\core\console\open\src\server\iodispatchers.cpp(305)\conhost.exe!00007FF692D104CC: (caller: 00007FF692CF9BF3) Exception(1) tid(7e80) 80040154 Class not registered
(92e4.7e80): C++ EH exception - code e06d7363 (first chance)
(92e4.7e80): C++ EH exception - code e06d7363 (first chance)
(92e4.7e80): C++ EH exception - code e06d7363 (first chance)
onecore\windows\core\console\open\src\server\iodispatchers.cpp(403)\conhost.exe!00007FF692D10615: (caller: 00007FF692CF9BF3) LogHr(1) tid(7e80) 80040154 Class not registered
    Msg:[onecore\windows\core\console\open\src\server\iodispatchers.cpp(305)\conhost.exe!00007FF692D104CC: (caller: 00007FF692CF9BF3) Exception(1) tid(7e80) 80040154 Class not registered
] 
ModLoad: 00007ffe`d53b0000 00007ffe`d5c18000   C:\Windows\System32\shell32.dll
ModLoad: 00007ffe`d12a0000 00007ffe`d1350000   C:\Windows\system32\uxtheme.dll
onecore\windows\core\console\open\src\interactivity\win32\systemconfigurationprovider.cpp(194)\conhost.exe!00007FF692D026BF: (caller: 00007FF692CF4F34) LogHr(2) tid(7e80) 80004005 Unspecified error
ModLoad: 00007ffe`d4890000 00007ffe`d49eb000   C:\Windows\System32\MSCTF.dll
ModLoad: 00007ffe`d6560000 00007ffe`d6659000   C:\Windows\System32\shcore.dll
ModLoad: 00007ffe`bbdb0000 00007ffe`bbe60000   C:\Windows\SYSTEM32\TextShaping.dll
ModLoad: 00007ffe`c0dc0000 00007ffe`c1053000   C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955\comctl32.DLL
ModLoad: 00007ffe`d16c0000 00007ffe`d16eb000   C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffe`b5120000 00007ffe`b526e000   C:\Windows\SYSTEM32\textinputframework.dll
ModLoad: 00007ffe`d52c0000 00007ffe`d5397000   C:\Windows\System32\OLEAUT32.dll
ModLoad: 00007ffe`d06d0000 00007ffe`d0803000   C:\Windows\SYSTEM32\CoreMessaging.dll
ModLoad: 00007ffe`ccd70000 00007ffe`cd0dd000   C:\Windows\SYSTEM32\CoreUIComponents.dll
ModLoad: 00007ffe`d1b30000 00007ffe`d1c6f000   C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffe`d33c0000 00007ffe`d33cc000   C:\Windows\system32\CRYPTBASE.DLL
ModLoad: 00007ffe`d0b10000 00007ffe`d0ba7000   C:\Windows\SYSTEM32\apphelp.dll
ModLoad: 00007ffe`d6890000 00007ffe`d6942000   C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffe`d64b0000 00007ffe`d6557000   C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffe`d6980000 00007ffe`d6a29000   C:\Windows\System32\sechost.dll
ModLoad: 00007ffe`d3f80000 00007ffe`d3fa8000   C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffe`d4b10000 00007ffe`d4c24000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffe`35870000 00007ffe`35937000   <removed>\dynamorio\bin64\drconfiglib.dll
ModLoad: 00007ffd`f30b0000 00007ffd`f3200000   <removed>\dynamorio\bin64\drinjectlib.dll
DBGHELP: c:/myserversymbols*https://msdl.microsoft.com/download/symbols is not a valid store
ntdll!NtMapViewOfSection+0x14:
00007ffe`d6b104a4 c3              ret
0:012> .sympath <removed>\dynamorio\lib64;<removed>\dynamorio\ext\lib64\debug;<removed>\dynamorio\lib64\debug
Symbol search path is: <removed>\dynamorio\lib64;<removed>\dynamorio\ext\lib64\debug;<removed>\dynamorio\lib64\debug
Expanded Symbol search path is: <removed>\dynamorio\lib64;<removed>\dynamorio\ext\lib64\debug;<removed>\dynamorio\lib64\debug

************* Path validation summary **************
Response                         Time (ms)     Location
OK                                             <removed>\dynamorio\lib64
OK                                             <removed>\dynamorio\ext\lib64\debug
OK                                             <removed>\dynamorio\lib64\debug
0:012> bp drinjectlib!inject_gencode_mapped_helper
0:012> g
(97a0.cab8): Break instruction exception - code 80000003 (first chance)
ntdll!LdrInitShimEngineDynamic+0x344:
00007ffe`d6b4bed4 cc              int     3
0:000> g
ModLoad: 00000000`15000000 00000000`15000000   dynamorio.dll
Breakpoint 1 hit
drinjectlib!inject_gencode_mapped_helper:
00007ffd`f30b8150 4c894c2420      mov     qword ptr [rsp+20h],r9 ss:0000009a`6d9cbba8=0000000000000000
0:000> gu
drinjectlib!inject_gencode_mapped+0x1ed:
00007ffd`f30b969d 4889442468      mov     qword ptr [rsp+68h],rax ss:0000009a`6d9cbbf8=0000000000000000
0:000> r $t0=poi(map)
0:000> g

************* Path validation summary **************
Response                         Time (ms)     Location
OK                                             <removed>\dynamorio\lib64
OK                                             <removed>\dynamorio\ext\lib64\debug
OK                                             <removed>\dynamorio\lib64\debug
Deferred                                       srv*C:/MyServerSymbols*https://msdl.microsoft.com/download/symbols
OK                                             C:/MyServerSymbols
DBGHELP: c:/myserversymbols*https://msdl.microsoft.com/download/symbols is not a valid store
Symbol search path is: <removed>\dynamorio\lib64;<removed>\dynamorio\ext\lib64\debug;<removed>\dynamorio\lib64\debug;srv*C:/MyServerSymbols*https://msdl.microsoft.com/download/symbols;C:/MyServerSymbols
Executable search path is: 
ModLoad: 00007ff6`01620000 00007ff6`0163d000   tasklist.exe
ModLoad: 00007ffe`d6a70000 00007ffe`d6c87000   ntdll.dll
ModLoad: 00007ffe`d6030000 00007ffe`d60f4000   C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ffe`d40e0000 00007ffe`d448d000   C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ffe`d0b10000 00007ffe`d0ba7000   C:\Windows\SYSTEM32\apphelp.dll
ModLoad: 00007ffe`d6890000 00007ffe`d6942000   C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffe`d64b0000 00007ffe`d6557000   C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffe`d6980000 00007ffe`d6a29000   C:\Windows\System32\sechost.dll
ModLoad: 00007ffe`d3f80000 00007ffe`d3fa8000   C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffe`d4b10000 00007ffe`d4c24000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffe`d5c20000 00007ffe`d5fad000   C:\Windows\System32\combase.dll
ModLoad: 00007ffe`d3e60000 00007ffe`d3f71000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffe`d52c0000 00007ffe`d5397000   C:\Windows\System32\OLEAUT32.dll
ModLoad: 00007ffe`d3d90000 00007ffe`d3e2a000   C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffe`d49f0000 00007ffe`d4a0f000   C:\Windows\System32\imagehlp.dll
ModLoad: 00007ffe`d6660000 00007ffe`d680e000   C:\Windows\System32\USER32.dll
ModLoad: 00007ffe`d3e30000 00007ffe`d3e56000   C:\Windows\System32\win32u.dll
ModLoad: 00007ffe`d2fc0000 00007ffe`d3003000   C:\Windows\system32\SspiCli.dll
ModLoad: 00007ffe`d6950000 00007ffe`d6979000   C:\Windows\System32\GDI32.dll
ModLoad: 00007ffe`d4600000 00007ffe`d4719000   C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffe`d6810000 00007ffe`d6881000   C:\Windows\System32\WS2_32.dll
ModLoad: 00007ffe`c3070000 00007ffe`c308e000   C:\Windows\system32\MPR.dll
ModLoad: 00007ffe`bf270000 00007ffe`bf2c2000   C:\Windows\system32\framedynos.dll
ModLoad: 00007ffe`c2d70000 00007ffe`c2d98000   C:\Windows\system32\srvcli.dll
ModLoad: 00007ffe`d27c0000 00007ffe`d27cc000   C:\Windows\system32\netutils.dll
(abe8.f76c): Break instruction exception - code 80000003 (first chance)
DBGHELP: c:/myserversymbols*https://msdl.microsoft.com/download/symbols is not a valid store
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffe`d6b4bed4 cc              int     3
2:013> .reload dynamorio.dll=@$t0
2:013> bp dynamorio!dynamorio_earliest_init_takeover
2:013> g
ModLoad: 00007ffe`d6100000 00007ffe`d6131000   C:\Windows\System32\IMM32.DLL
Breakpoint 2 hit
dynamorio!dynamorio_earliest_init_takeover:
00000000`1542cf56 50              push    rax
2:013> g
ModLoad: 00000000`72000000 00000000`7205f000   myclient.dll
ModLoad: 00007ff5`f7260000 00007ff5`f72bf000   myclient.dll
ModLoad: 00000000`74000000 00000000`74012000   drwrap.dll
ModLoad: 00007ff5`f72c0000 00007ff5`f72d2000   drwrap.dll
ModLoad: 00000000`73000000 00000000`73013000   drmgr.dll
ModLoad: 00007ff5`f72e0000 00007ff5`f72f3000   drmgr.dll
ModLoad: 00000000`76000000 00000000`7609e000   drsyms.dll
ModLoad: 00007ff5`f7300000 00007ff5`f739e000   drsyms.dll
ModLoad: 00007ffd`f2e70000 00007ffd`f30b0000   dbghelp.dll
ModLoad: 00007ff5`f73a0000 00007ff5`f75e0000   dbghelp.dll
ModLoad: 0000018d`00000000 0000018d`00111000   ucrtbase.dll
ModLoad: 0000018d`00120000 0000018d`001e4000   KERNEL32.dll
ModLoad: 0000018d`001f0000 0000018d`0059d000   KERNELBASE.dll
ModLoad: 0000018d`005a0000 0000018d`0092d000   combase.dll
ModLoad: 0000018d`00930000 0000018d`00a44000   RPCRT4.dll
ModLoad: 0000018d`00a50000 0000018d`00b27000   OLEAUT32.dll
ModLoad: 0000018d`30810000 0000018d`308aa000   msvcp_win.dll
ModLoad: 00000000`77000000 00000000`7701a000   drx.dll 
ModLoad: 00007ff5`f75e0000 00007ff5`f75fa000   drx.dll 
ModLoad: 00000000`78000000 00000000`78010000   drreg.dll
ModLoad: 00007ff5`f7600000 00007ff5`f7610000   drreg.dll
(abe8.f76c): Break instruction exception - code 80000003 (first chance)
DBGHELP: c:/myserversymbols*https://msdl.microsoft.com/download/symbols is not a valid store
combase_18d005a0000!BreakIntoDebugger+0x4:
0000018d`00761208 cc              int     3
2:013> k
 # Child-SP          RetAddr               Call Site
00 00000068`b352e2a0 0000018d`0074e6bb     combase_18d005a0000!BreakIntoDebugger+0x4 [onecore\com\combase\inc\DebuggerUtils.h @ 33] 
01 (Inline Function) --------`--------     combase_18d005a0000!BreakIntoUserModeDebuggerIfPresent+0x15 [onecore\com\combase\inc\DebuggerUtils.h @ 48] 
02 00000068`b352e2d0 0000018d`006ae171     combase_18d005a0000!HandlePossibleBadComBaseDllLoad+0xc40e7 [onecore\com\combase\class\compobj.cxx @ 1763] 
03 00000068`b352e740 0000018d`006a3f25     combase_18d005a0000!DllMain+0x165 [onecore\com\combase\class\compobj.cxx @ 1906] 
04 00000068`b352e770 00000000`153f7dfe     combase_18d005a0000!dllmain_dispatch+0x99 [VCCRT\vcstartup\src\startup\dll_dllmain.cpp @ 281] 
05 00000068`b352e7d0 00000000`00000000     dynamorio!privload_call_entry+0xb7e
2:013> bp ntdll!NtRaiseException
2:013> g
Breakpoint 3 hit
ntdll!NtRaiseException:
00007ffe`d6b12dc0 4c8bd1          mov     r10,rcx
2:013> k
 # Child-SP          RetAddr               Call Site
00 00000068`b352db78 00007ffe`d6b1d4e4     ntdll!NtRaiseException
01 00000068`b352db80 0000018d`0024fabc     ntdll!RtlRaiseException+0x58d34
02 00000068`b352e1f0 0000018d`0074e6cf     KERNELBASE_18d001f0000!RaiseException+0x6c
03 00000068`b352e2d0 0000018d`006ae171     combase_18d005a0000!HandlePossibleBadComBaseDllLoad+0xc40fb [onecore\com\combase\class\compobj.cxx @ 1763] 
04 00000068`b352e740 0000018d`006a3f25     combase_18d005a0000!DllMain+0x165 [onecore\com\combase\class\compobj.cxx @ 1906] 
05 00000068`b352e770 00000000`153f7dfe     combase_18d005a0000!dllmain_dispatch+0x99 [VCCRT\vcstartup\src\startup\dll_dllmain.cpp @ 281] 
06 00000068`b352e7d0 00000000`00000000     dynamorio!privload_call_entry+0xb7e
2:013> t
ntdll!NtRaiseException+0x3:
00007ffe`d6b12dc3 b872010000      mov     eax,172h
2:013> t
ntdll!NtRaiseException+0x8:
00007ffe`d6b12dc8 f604250803fe7f01 test    byte ptr [SharedUserData+0x308 (00000000`7ffe0308)],1 ds:00000000`7ffe0308=00
2:013> t
ntdll!NtRaiseException+0x10:
00007ffe`d6b12dd0 7503            jne     ntdll!NtRaiseException+0x15 (00007ffe`d6b12dd5) [br=0]
2:013> t
ntdll!NtRaiseException+0x12:
00007ffe`d6b12dd2 0f05            syscall
2:013> r
rax=0000000000000172 rbx=0000000000000000 rcx=00000068b352e210
rdx=00000068b352dbc0 rsi=00000068b352e210 rdi=00000068b352dbc0
rip=00007ffed6b12dd2 rsp=00000068b352db78 rbp=00000068b352e0c0
 r8=0000000000000001  r9=00000068b352e1e0 r10=00000068b352e210
r11=00000068b352db70 r12=0000000000000006 r13=0000000000000000
r14=00007ffed6ac48a5 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!NtRaiseException+0x12:
00007ffe`d6b12dd2 0f05            syscall
2:013> k
 # Child-SP          RetAddr               Call Site
00 00000068`b352db78 00007ffe`d6b1d4e4     ntdll!NtRaiseException+0x12
01 00000068`b352db80 0000018d`0024fabc     ntdll!RtlRaiseException+0x58d34
02 00000068`b352e1f0 0000018d`0074e6cf     KERNELBASE_18d001f0000!RaiseException+0x6c
03 00000068`b352e2d0 0000018d`006ae171     combase_18d005a0000!HandlePossibleBadComBaseDllLoad+0xc40fb [onecore\com\combase\class\compobj.cxx @ 1763] 
04 00000068`b352e740 0000018d`006a3f25     combase_18d005a0000!DllMain+0x165 [onecore\com\combase\class\compobj.cxx @ 1906] 
05 00000068`b352e770 00000000`153f7dfe     combase_18d005a0000!dllmain_dispatch+0x99 [VCCRT\vcstartup\src\startup\dll_dllmain.cpp @ 281] 
06 00000068`b352e7d0 00000000`00000000     dynamorio!privload_call_entry+0xb7e
2:013> t
(abe8.f76c): Unknown exception - code 8000ffff (first chance)
(abe8.f76c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
dynamorio!atomic_aligned_read_int+0x57:
00000000`15100b17 8b00            mov     eax,dword ptr [rax] ds:00000000`00000018=????????
2:013> r
rax=0000000000000018 rbx=0000000000000000 rcx=0000000000000018
rdx=00007ff5f72bc100 rsi=0000000000000000 rdi=0000000000000000
rip=0000000015100b17 rsp=00000068b352e140 rbp=0000000000000000
 r8=00007ff5f72bc100  r9=0000000000000000 r10=7efefefeff64746b
r11=8101010101010100 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
dynamorio!atomic_aligned_read_int+0x57:
00000000`15100b17 8b00            mov     eax,dword ptr [rax] ds:00000000`00000018=????????
2:013> k
 # Child-SP          RetAddr               Call Site
00 00000068`b352e140 00000000`00000000     dynamorio!atomic_aligned_read_int+0x57

(Edit: with dynamorio PDBs loaded)

derekbruening commented 2 months ago

Though it would be best to fully understand and address the issue, lack or resources may prevent that in the short term. #7003 may work around it, as many times only a small fraction of a private library is really needed (these chains of dependent libraries end up pulled in just for small features used by clients) and side failures can be ignored and tolerated. Does everything else work fine if #7003 is applied and the init issue becomes non-fatal?

DynamoRIO / dynamorio

CRASH "library initializer failed" on Windows SDK 10.0.26100.0 #6962