I need to run some queries on the WMI using C++, to do that one must call CoInitializeEx.
In 32bit mode it runs fine, and i can initialize COM and also query the wmi. But if i switch to 64bit (Debug or Release doesn't make a difference) i get an AccessViolation, but only if i debug the application(debugger is attached).
Reproduction of the issue: Create a new C++ Windows Application (no CLR) with Visual Studio(2019/17 was used). Replace the code with the example code below and start the application in debug mode (Win32/x86) by hitting run in Visual Studio, it should all work fine. Now switch to x64 and hit run again. Now you should get an AccessViolation exception.
I think the issue has to do something with the debugger. This code will be located in a separate DLL later, that will be used in different C# and C++ applications, since those applications are fairly big we need to be able to debug them.
Can somebody help me solve the issue?
If i open the Application directly from the command line or from the explorer it runs fine.
#include <iostream>
#include <Windows.h>
int main()
{
PVOID ThreadLocalStoragePointer = (PVOID)__readgsqword(0x58); //added because of request in comments
CoInitialize(0);
}
ThreadLocalStoragePointer = 0x000000ae2c859058;
Output window (cleared before CoInitialize(0) call):
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\tmumh\20019\AddOn\8.0.0.1056\TmUmEvt64.dll'.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\psapi.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\shlwapi.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Symbols loaded.
Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll) in ConsoleApplication4.exe: 0xC0000005: Access violation reading location 0x0000000000000000.
Stacktrace:
shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::Create(void)
shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::StaticInitialize(void)
shlwapi.dll!`dynamic initializer for 'Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::isInitialized''()
msvcrt.dll!_initterm()
shlwapi.dll!_CRT_INIT()
shlwapi.dll!__DllMainCRTStartup()
ntdll.dll!LdrpCallInitRoutine()
ntdll.dll!LdrpInitializeNode()
ntdll.dll!LdrpInitializeGraphRecurse()
ntdll.dll!LdrpInitializeGraphRecurse()
ntdll.dll!LdrpPrepareModuleForExecution()
ntdll.dll!LdrpLoadDllInternal()
ntdll.dll!LdrpLoadDll()
ntdll.dll!LdrLoadDll()
00000134cfac0124()
00000134cfac0124() i don't know where this instruction is lcoated, but it is different everytime i restart the programm. In the assembly there are only about 20 instructions before it and before those there are instructions with ?? ?? so i would guess it's the entry point of the program?
Dissasmbly of first entry in callstack (see last instruction)
000002504337004C ?? ??
000002504337004D ?? ??
000002504337004E ?? ??
000002504337004F ?? ??
0000025043370050 ?? ??
0000025043370051 ?? ??
0000025043370052 ?? ??
0000025043370053 and al,30h
0000025043370056 mov rax,qword ptr [rsp+50h]
000002504337005B mov rax,qword ptr [rax+408h]
0000025043370062 mov qword ptr [rsp+40h],rax
0000025043370067 lea rax,[rsp+48h]
000002504337006C mov qword ptr [rsp+20h],rax
0000025043370071 mov r9d,20h
0000025043370077 lea r8,[rsp+40h]
000002504337007C lea rdx,[rsp+30h]
0000025043370081 mov rcx,0FFFFFFFFFFFFFFFFh
0000025043370088 call qword ptr [rsp+38h]
000002504337008C mov dword ptr [rsp+60h],0
0000025043370094 jmp 00000250433700A1
0000025043370096 mov eax,dword ptr [rsp+60h]
000002504337009A add eax,1
000002504337009D mov dword ptr [rsp+60h],eax
00000250433700A1 mov rax,qword ptr [rsp+50h]
00000250433700A6 mov eax,dword ptr [rax+734h]
00000250433700AC cmp dword ptr [rsp+60h],eax
00000250433700B0 jae 0000025043370129
00000250433700B2 mov qword ptr [rsp+78h],0
00000250433700BB mov ecx,dword ptr [rsp+60h]
00000250433700BF imul rcx,rcx,104h
00000250433700C6 mov rax,qword ptr [rsp+50h]
00000250433700CB movzx eax,word ptr [rax+rcx+528h]
00000250433700D3 mov word ptr [rsp+68h],ax
00000250433700D8 mov ecx,dword ptr [rsp+60h]
00000250433700DC imul rcx,rcx,104h
00000250433700E3 mov rax,qword ptr [rsp+50h]
00000250433700E8 movzx eax,word ptr [rax+rcx+528h]
00000250433700F0 mov word ptr [rsp+6Ah],ax
00000250433700F5 mov ecx,dword ptr [rsp+60h]
00000250433700F9 imul rcx,rcx,104h
0000025043370100 mov rax,qword ptr [rsp+50h]
0000025043370105 lea rax,[rax+rcx+428h]
000002504337010D mov qword ptr [rsp+70h],rax
0000025043370112 lea r9,[rsp+78h]
0000025043370117 lea r8,[rsp+68h]
000002504337011C xor edx,edx
000002504337011E xor ecx,ecx
0000025043370120 call qword ptr [rsp+58h]
**0000025043370124 jmp 0000025043370096**
Exception is thrown at CoInitialize(NULL) Exception:
Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll)
in ConsoleApplication4.exe: 0xC0000005: Access violation reading location
0x0000000000000000.
The code is directly called in the main method from the application, not from any dll, although it is the same when called from a dll
Disassembly (Instruction that throws exception: 00007FFE24D53D3A with rax and rcx beeing 0)
Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create:
00007FFE24D53D20 push rbx
00007FFE24D53D22 sub rsp,20h
00007FFE24D53D26 mov rax,qword ptr gs:[58h]
00007FFE24D53D2F mov ecx,dword ptr [_tls_index (07FFE24D9A9C8h)]
00007FFE24D53D35 mov edx,4
00007FFE24D53D3A mov rcx,qword ptr [rax+rcx*8]
00007FFE24D53D3E mov eax,dword ptr [rdx+rcx]
00007FFE24D53D41 cmp dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],eax
00007FFE24D53D47 jle Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)
00007FFE24D53D49 lea rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]
00007FFE24D53D50 call _Init_thread_header (07FFE24D5A6B8h)
00007FFE24D53D55 cmp dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],0FFFFFFFFh
00007FFE24D53D5C jne Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)
00007FFE24D53D5E lea rax,[Microsoft::WRL::Details::DefaultModule<1>::`vftable' (07FFE24D7A010h)]
00007FFE24D53D65 lea rbx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]
00007FFE24D53D6C mov qword ptr [`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)],rax
00007FFE24D53D73 lea rcx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::`dynamic atexit destructor for 'moduleSingleton'' (07FFE24D5C3A0h)]
00007FFE24D53D7A mov qword ptr [Microsoft::WRL::Details::ModuleBase::module_ (07FFE24D9AB18h)],rbx
00007FFE24D53D81 call atexit (07FFE24D5A4ACh)
00007FFE24D53D86 lea rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]
00007FFE24D53D8D call _Init_thread_footer (07FFE24D5A658h)
00007FFE24D53D92 mov rax,rbx
00007FFE24D53D95 add rsp,20h
00007FFE24D53D99 pop rbx
00007FFE24D53D9A ret
00007FFE24D53D9B lea rax,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]
00007FFE24D53DA2 jmp Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+75h (07FFE24D53D95h)
00007FFE24D53DA4 int 3
00007FFE24D53DA5 int 3
00007FFE24D53DA6 int 3
00007FFE24D53DA7 int 3
00007FFE24D53DA8 int 3
00007FFE24D53DA9 int 3
00007FFE24D53DAA int 3
00007FFE24D53DAB int 3
00007FFE24D53DAC int 3
00007FFE24D53DAD int 3
00007FFE24D53DAE int 3
00007FFE24D53DAF int 3
User contributions licensed under CC BY-SA 3.0