Closed learn-more closed 2 years ago
What I know so far:
The crash happens when Visual Studio, which is a 32-bit process, launches a 64-bit process.
The crash occurs here, while calling NtQueueApcThread
via heaven's gate.
The wow64ext library is used for the heaven's gate call, and the crash inside wow64ext happens in 64-bit assembly code here.
According to the exception record, an access violation occurred while attempting to read from address 87aaeb58
. The address looks valid, between esp and ebp (esp=87aaeb1c ebp=87aaeb68
).
So it seems that everything is fine, and yet there's a crash. Last time I had to handle a crash related to a heaven's gate call, it was an AMD-specific bug. Let's hope this one will be easier to diagnose and fix.
Things that might help with the investigation:
OK, I think I found the problem. The address is 87aaeb58
, which has the upper bit set. When sign extended, it becomes ffffffff87aaeb58
which is obviously an invalid address. The sign extended operation occurs here. The error is not common because it only occurs with the /LARGEADDRESSAWARE
flag which allows a user-mode address to have its upper bit set.
I can reproduce the crash with the following code: https://gist.github.com/m417z/7177d820252ab42f4d86c905589b6f05
Fixed in Windhawk v0.9.2.
Thanks!
This is happening for me. I'm using Windhawk 1.4.1. I started using Windhawk on my Intel desktop at home without any issues to speak of, but at the office on my AMD laptop (not sure if it matters) my VSCode became unresponsive and crashed. I spent hours troubleshooting. I wasn't even able to run the latest VSCode installer. I was able to get through the installation process with an older installer I had, but I still couldn't open VSCode after it finished. It wasn't until I exited Windhawk on a whim, and now VSCode works perfectly. It installs correctly without issue (even the latest VSCode release). If I start up Windhawk again, the same issue occurs. Unable to install VSCode and unable to open VSCode via .exe or CLI.
It's a total bummer because I was loving the Taskbar Thumbnail Reorder mod... Any ideas?
EDIT: Oh just noticed this post is for Visual Studio, whereas my problem is with Microsoft VS Code.
@callmejed please open a new issue. In the new issue, please provide the following information:
Do you see the issues even when all mods are disabled?
Does excluding VSCode in Windhawk's advanced settings help?
Also, please capture a crash dump. You should be able to get it with the following steps:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
LocalDumps
DumpType
with value 2
%LocalAppData%\CrashDumps
folder, you should see a dump file in there@callmejed please open a new issue. In the new issue, please provide the following information:
Do you see the issues even when all mods are disabled?
Does excluding VSCode in Windhawk's advanced settings help?
Also, please capture a crash dump. You should be able to get it with the following steps:
- Open regedit
- Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
- Create a key named
LocalDumps
- Create a DWORD value named
DumpType
with value2
- Trigger the crash
- Go to the
%LocalAppData%\CrashDumps
folder, you should see a dump file in there
Thanks for the comment. Sorry for the extremely late reply. I haven't had too much time to look into this just yet, but I'm wondering if it may have been caused by my company's antivirus/malware service, Crowdstrike. They sent our admin several notices the day I was experiencing this issue that they blocked VSCode with some injections and some such multiple times and wanted to know if it was legitimate. I had the admin contact them to say it was, but have yet to hear back. I'll need to follow up with them. If the issue persists after working with them, I will open a new issue as requested.
Indeed, sometimes security software and Windhawk don't play well together, for example see https://github.com/ramensoftware/windhawk/discussions/6. If nothing else works, you can try excluding some processes in Windhawk's advanced options, or exclude all processes but the ones you want to customize. See also this comment for details: https://github.com/ramensoftware/windhawk/discussions/21#discussioncomment-4556812.
Recently I have noticed more visual studio (2019) crashes than before.
This entry from the event log seems to incriminate Windhawk:
The solutions I am commonly working with are medium-sized (150 - 250 projects loaded).
I am assuming this is not enough info for you to track the actual issue down, so what more info would you need / what steps can I take to aid you in debugging this?
----- edit ------ It crashed again, and this time I was able to capture a minidump. This line was printed a ton of times, so I removed it from the output:
WARNING: Stack pointer is outside the normal stack bounds. Stack unwinding can be inaccurate.
Here is the output (with only that line removed from it):
And here is a dump of the 4 addresses in Windhawk: