C++ Application access violation - initalize COM with CoInitializeEx


I need to run some queries on the WMI using C++, to do that one must call CoInitializeEx.

In 32bit mode it runs fine, and i can initialize COM and also query the wmi. But if i switch to 64bit (Debug or Release doesn't make a difference) i get an AccessViolation, but only if i debug the application(debugger is attached).

Reproduction of the issue: Create a new C++ Windows Application (no CLR) with Visual Studio(2019/17 was used). Replace the code with the example code below and start the application in debug mode (Win32/x86) by hitting run in Visual Studio, it should all work fine. Now switch to x64 and hit run again. Now you should get an AccessViolation exception.

I think the issue has to do something with the debugger. This code will be located in a separate DLL later, that will be used in different C# and C++ applications, since those applications are fairly big we need to be able to debug them.

Can somebody help me solve the issue?

If i open the Application directly from the command line or from the explorer it runs fine.

#include <iostream>
#include <Windows.h>
int main()
    PVOID ThreadLocalStoragePointer = (PVOID)__readgsqword(0x58); //added because of request in comments

ThreadLocalStoragePointer = 0x000000ae2c859058;

Output window (cleared before CoInitialize(0) call):

 'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\tmumh\20019\AddOn\\TmUmEvt64.dll'. 
    'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\psapi.dll'. Symbols loaded.
    'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\shlwapi.dll'. Symbols loaded.
    'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Symbols loaded.
    'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Symbols loaded.
    Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll) in ConsoleApplication4.exe: 0xC0000005: Access violation reading location 0x0000000000000000.


shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::Create(void)
shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::StaticInitialize(void)
shlwapi.dll!`dynamic initializer for 'Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::isInitialized''()

Modules: Modules

00000134cfac0124() i don't know where this instruction is lcoated, but it is different everytime i restart the programm. In the assembly there are only about 20 instructions before it and before those there are instructions with ?? ?? so i would guess it's the entry point of the program?

Dissasmbly of first entry in callstack (see last instruction)

000002504337004C  ?? ?? 
000002504337004D  ?? ?? 
000002504337004E  ?? ?? 
000002504337004F  ?? ?? 
0000025043370050  ?? ?? 
0000025043370051  ?? ?? 
0000025043370052  ?? ?? 
0000025043370053  and         al,30h  
0000025043370056  mov         rax,qword ptr [rsp+50h]  
000002504337005B  mov         rax,qword ptr [rax+408h]  
0000025043370062  mov         qword ptr [rsp+40h],rax  
0000025043370067  lea         rax,[rsp+48h]  
000002504337006C  mov         qword ptr [rsp+20h],rax  
0000025043370071  mov         r9d,20h  
0000025043370077  lea         r8,[rsp+40h]  
000002504337007C  lea         rdx,[rsp+30h]  
0000025043370081  mov         rcx,0FFFFFFFFFFFFFFFFh  
0000025043370088  call        qword ptr [rsp+38h]  
000002504337008C  mov         dword ptr [rsp+60h],0  
0000025043370094  jmp         00000250433700A1  
0000025043370096  mov         eax,dword ptr [rsp+60h]  
000002504337009A  add         eax,1  
000002504337009D  mov         dword ptr [rsp+60h],eax  
00000250433700A1  mov         rax,qword ptr [rsp+50h]  
00000250433700A6  mov         eax,dword ptr [rax+734h]  
00000250433700AC  cmp         dword ptr [rsp+60h],eax  
00000250433700B0  jae         0000025043370129  
00000250433700B2  mov         qword ptr [rsp+78h],0  
00000250433700BB  mov         ecx,dword ptr [rsp+60h]  
00000250433700BF  imul        rcx,rcx,104h  
00000250433700C6  mov         rax,qword ptr [rsp+50h]  
00000250433700CB  movzx       eax,word ptr [rax+rcx+528h]  
00000250433700D3  mov         word ptr [rsp+68h],ax  
00000250433700D8  mov         ecx,dword ptr [rsp+60h]  
00000250433700DC  imul        rcx,rcx,104h  
00000250433700E3  mov         rax,qword ptr [rsp+50h]  
00000250433700E8  movzx       eax,word ptr [rax+rcx+528h]  
00000250433700F0  mov         word ptr [rsp+6Ah],ax  
00000250433700F5  mov         ecx,dword ptr [rsp+60h]  
00000250433700F9  imul        rcx,rcx,104h  
0000025043370100  mov         rax,qword ptr [rsp+50h]  
0000025043370105  lea         rax,[rax+rcx+428h]  
000002504337010D  mov         qword ptr [rsp+70h],rax  
0000025043370112  lea         r9,[rsp+78h]  
0000025043370117  lea         r8,[rsp+68h]  
000002504337011C  xor         edx,edx  
000002504337011E  xor         ecx,ecx  
0000025043370120  call        qword ptr [rsp+58h]  
**0000025043370124  jmp         0000025043370096**  

Exception is thrown at CoInitialize(NULL) Exception:

Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll) 
in ConsoleApplication4.exe: 0xC0000005: Access violation reading location 

The code is directly called in the main method from the application, not from any dll, although it is the same when called from a dll

Disassembly (Instruction that throws exception: 00007FFE24D53D3A with rax and rcx beeing 0)

Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create:
00007FFE24D53D20  push        rbx  
00007FFE24D53D22  sub         rsp,20h  
00007FFE24D53D26  mov         rax,qword ptr gs:[58h]  
00007FFE24D53D2F  mov         ecx,dword ptr [_tls_index (07FFE24D9A9C8h)]  
00007FFE24D53D35  mov         edx,4  
00007FFE24D53D3A  mov         rcx,qword ptr [rax+rcx*8]  
00007FFE24D53D3E  mov         eax,dword ptr [rdx+rcx]  
00007FFE24D53D41  cmp         dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],eax  
00007FFE24D53D47  jle         Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)  
00007FFE24D53D49  lea         rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]  
00007FFE24D53D50  call        _Init_thread_header (07FFE24D5A6B8h)  
00007FFE24D53D55  cmp         dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],0FFFFFFFFh  
00007FFE24D53D5C  jne         Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)  
00007FFE24D53D5E  lea         rax,[Microsoft::WRL::Details::DefaultModule<1>::`vftable' (07FFE24D7A010h)]  
00007FFE24D53D65  lea         rbx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]  
00007FFE24D53D6C  mov         qword ptr [`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)],rax  
00007FFE24D53D73  lea         rcx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::`dynamic atexit destructor for 'moduleSingleton'' (07FFE24D5C3A0h)]  
00007FFE24D53D7A  mov         qword ptr [Microsoft::WRL::Details::ModuleBase::module_ (07FFE24D9AB18h)],rbx  
00007FFE24D53D81  call        atexit (07FFE24D5A4ACh)  
00007FFE24D53D86  lea         rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]  
00007FFE24D53D8D  call        _Init_thread_footer (07FFE24D5A658h)  
00007FFE24D53D92  mov         rax,rbx  
00007FFE24D53D95  add         rsp,20h  
00007FFE24D53D99  pop         rbx  
00007FFE24D53D9A  ret  
00007FFE24D53D9B  lea         rax,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]  
00007FFE24D53DA2  jmp         Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+75h (07FFE24D53D95h)  
00007FFE24D53DA4  int         3  
00007FFE24D53DA5  int         3  
00007FFE24D53DA6  int         3  
00007FFE24D53DA7  int         3  
00007FFE24D53DA8  int         3  
00007FFE24D53DA9  int         3  
00007FFE24D53DAA  int         3  
00007FFE24D53DAB  int         3  
00007FFE24D53DAC  int         3  
00007FFE24D53DAD  int         3  
00007FFE24D53DAE  int         3  
00007FFE24D53DAF  int         3  
asked on Stack Overflow Sep 3, 2019 by Fabian Burgmann • edited Sep 4, 2019 by Fabian Burgmann

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0