I'm debugging a crash dump which gets an Access Violation exception (0xC0000005). The AVE comes from jumping to an address that doesn't belong to any of the 2 loaded modules in the process:
What would cause this so early in the process?
It appears that the process is mapping memory (_ZwCreateSection
) to load a module... did the module fail to load in some way which LoadLibrary
succeeds but the module isn't actually loaded?
The cause for this behavior was an anti-virus software (Norton) hijacking the DLL load. Running GFlags to debug LoadLibrary showed that the mscorlib.dll library was being prevented from loading.
User contributions licensed under CC BY-SA 3.0