MemoryModulePP icon indicating copy to clipboard operation
MemoryModulePP copied to clipboard
verified publisher icon bb107

Crash after working some time.

Open mrzaxaryan opened this issue 2 years ago • 13 comments

Hi, thank you for your great job. I compile MemoryModulePP to MemoryModulePP.dll I have host.exe that is dynamically linked with MemoryModulePP.dll Host.exe loads plugin.dll from byte[] using MemoryModulePP App crash with Fail Fast exception after working for some time.

mrzaxaryan avatar Sep 23 '23 08:09 mrzaxaryan

Hi. Can you tell me the details about this exception? Thanks.

bb107 avatar Sep 23 '23 10:09 bb107

No exception is thrown app just crash. From event viewer. Faulting application name: Host.exe, version: 1.0.0.0, time stamp: 0x650ea3ea Faulting module name: 3F929562B0A1EF11.DLL, version: 0.0.0.0, time stamp: 0x650e2dbc Exception code: 0xc0000005 Fault offset: 0x000000000001b830 Faulting process id: 0x4094 Faulting application start time: 0x01d9edf9569ff980 Faulting application path: D:...\publish\Host.exe Faulting module path: 6F80ED08F9C18F55\3F929562B0A1EF11.DLL Report Id: 1e22cf37-50e8-44ed-9472-687aede1b8be Faulting package full name: Faulting package-relative application ID:

mrzaxaryan avatar Sep 23 '23 16:09 mrzaxaryan

WinDbg (c48.7adc): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. 00000297b0fa82fa 48032cc8 add rbp,qword ptr [rax+rcx*8] ds:000002d7b25cb0d0=????????????????

mrzaxaryan avatar Sep 23 '23 20:09 mrzaxaryan

I make a simple test plugin.dll that creates a new thread and prints "Hello World!" in console after printing app crash with Access violation - code c0000005 I think that it will make sense to write that plugin is written using C# net 8.0rc1 compiled using NativeAOT toolchain repro

pfn = GetProcAddress(hModule, "thread");
if (pfn && pfn()) {
	printf("thread test failed.\n");
}

test.zip

mrzaxaryan avatar Sep 23 '23 20:09 mrzaxaryan

Hi, I just created the MmpTlsFiber branch to solve this problem.

bb107 avatar Sep 24 '23 13:09 bb107

I can confirm that issue is fixed. Can you add crypto wallet address into readme for donations?

mrzaxaryan avatar Sep 25 '23 08:09 mrzaxaryan

Second round. Steps.

  1. Load dll.
  2. Call dll method.
  3. App crashed. I think app is crashed on method return.

mrzaxaryan avatar Sep 25 '23 19:09 mrzaxaryan

Any exception details in debugger?

bb107 avatar Sep 25 '23 22:09 bb107

exception

Exception thrown at 0x0000022A85E7E140 in test.exe: 0xC0000005: 
Access violation executing location 0x0000022A85E7E140.

repro test.zip

pfn = GetProcAddress(hModule, "thread");
if (pfn && pfn()) {
	printf("thread test failed.\n");
}

mrzaxaryan avatar Sep 26 '23 16:09 mrzaxaryan

The reason for this problem is that calling the thread function creates a thread that runs continuously and does not stop when the function returns. If you call FreeLibraryMemory at this point to release the module, it will result in a memory access conflict for the aforementioned thread. The solution is not to release this module. In addition, if the thread function is called, the module's load count will be set to -1, which means that FreeLibrary will not unload this module. screenshot

bb107 avatar Sep 27 '23 07:09 bb107

App is crashed before FreeLibraryMemory is called. After dll's method is called and on return application crashes.

mrzaxaryan avatar Sep 27 '23 20:09 mrzaxaryan

Can you explain what happened in this method?

bb107 avatar Sep 27 '23 22:09 bb107

In addition, if the DLL is a .NET assembly, the DLL file buffer passed to the LoadLibraryMemory series of functions must be released after the DLL is unloaded. Because CLR.DLL will remap program files, but I'm not sure if it is still needed after Native AOT. If you can provide a sample, it can help me locate the problem.

bb107 avatar Sep 28 '23 05:09 bb107