Open Cracked5pider opened 5 months ago
What does windbg show?
Copy the value from the address column and from windbg try execute:
FindAppDomain ADDR
!DumpDomain ADDR
!DumpDomain
should also list all the appdomains
dt coreclr!appdomain ADDR
I have same issue when patching ETW in a powershell process :
Process Hacker :
System Informer :
Brief description of your issue
While writing a small function to host the CLR in the current process and load and invoke an assembly. After invoking the assembly the app domain is getting unloaded but still shown in System Informer (just with the loaded assembly name missing). More shown below. When interacting with the CLR API to query all app domains and assemblies, the app domain that has been unloaded is no longer visible (API used are:
ICorRuntimeHost::EnumDomains
,ICorRuntimeHost::NextDomain
,mscorlib::_AppDomain::GetAssemblies
).Code that unloads the App domain:
Steps to reproduce (optional)
No response
Expected behavior (optional)
I downloaded ProcessHacker to see if the same behavior is occurring. Which wasn't the case. (stomper.x64.exe is the process that I wrote to host the CLR and execute my .NET assembly).
Actual behavior (optional)
Under SystemInformer the AppDomain is still shown after calling
ICorRuntimeHost::UnloadDomain
.Environment (optional)