microsoft
WinRTAct.dll from Microsoft.WindowsPackageManager.ComInterop NuGet Package crashes with Access Violation when RegFreeWinRT is used
Brief description of your issue
Using the module winrtact.dll to create WindowsPackageManager instances from an elevated process crashes if the executable uses RegFreeWinRT.
This makes it impossible to use the WinGet COM api from any elevated desktop (non-packaged) process that does use Register-Free WinRT (such as unpackaged self-contained app sdk projects and c++ Desktop Projects using WinRT APIs).
Event Viewer crash:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" />
<EventID>1000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>100</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2024-04-13T15:50:42.6827644Z" />
<EventRecordID>287262</EventRecordID>
<Correlation />
<Execution ProcessID="32324" ThreadID="30092" />
<Channel>Application</Channel>
<Computer>pc-name</Computer>
<Security UserID="<user-id>" />
</System>
<EventData>
<Data Name="AppName">WingetUI.exe</Data>
<Data Name="AppVersion">3.0.1.0</Data>
<Data Name="AppTimeStamp">65cd0000</Data>
<Data Name="ModuleName">winrtact.dll</Data>
<Data Name="ModuleVersion">1.22.2404.9003</Data>
<Data Name="ModuleTimeStamp">6615a9aa</Data>
<Data Name="ExceptionCode">c0000005</Data>
<Data Name="FaultingOffset">0000000000008aa3</Data>
<Data Name="ProcessId">0x8d9c</Data>
<Data Name="ProcessCreationTime">0x1da8dba54249668</Data>
<Data Name="AppPath">C:\SomePrograms\WingetUI-Store\src\UniGetUI\bin\x64\Release\net8.0-windows10.0.19041.0\win-x64\WingetUI.exe</Data>
<Data Name="ModulePath">C:\SomePrograms\WingetUI-Store\src\UniGetUI\bin\x64\Release\net8.0-windows10.0.19041.0\win-x64\winrtact.dll</Data>
<Data Name="IntegratorReportId">2c2a5dca-bcbd-4153-b3ac-a9975722ce1b</Data>
<Data Name="PackageFullName" />
<Data Name="PackageRelativeAppId" />
</EventData>
</Event>
Steps to reproduce
Two possible options to reproduce the bug:
-
Create a C#/WinUI3/AppSdk project and set the project to run unpackaged and AppSdk to be self-contained. Run the process elevated and attempt to create a WindowsPackageManager instance through winrtact.dll (WinGetServerManualActivation_CreateInstance). App will immediately hang and crash. Event viewer will report a crash on winrtact.dll
0xc0000005 -
Create a C++ console app and enable WinRT APIs from project properties. Import winrtact.dll thorugh and attempt to create a WindowsPackageManager instance with WinGetServerManualActivation_CreateInstance. App will immediately crash and exit with exit code
0xc0000005. Example code below:
typedef HRESULT(WINAPI* PFN_WinGetServerManualActivation_CreateInstance)(
const GUID& clsid,
const GUID& iid,
DWORD flags,
void** instance);
static T* WinRTActCreateInstance(const GUID& clsid, const GUID& iid)
{
void* pUnknown = nullptr;
HRESULT hr = S_OK;
HMODULE hModule = LoadLibrary("winrtact.dll");
if (hModule)
{
PFN_WinGetServerManualActivation_CreateInstance WinRTAct_DllCreateInstance = (PFN_WinGetServerManualActivation_CreateInstance)GetProcAddress(hModule, "WinGetServerManualActivation_CreateInstance");
try
{
hr = WinRTAct_DllCreateInstance(clsid, iid, CLSCTX_ALL, &pUnknown);
if (FAILED(hr))
throw hr;
T* pInterface;
hr = ((IUnknown*)pUnknown)->QueryInterface(iid, (void**)&pInterface);
if (FAILED(hr))
throw hr;
return pInterface;
}
catch (HRESULT hrException)
{
throw hrException;
}
catch (...)
{
throw;
}
}
else
{
throw HRESULT_FROM_WIN32(GetLastError());
}
}
int main()
{
PackageManager* pointer = WinRTActCreateInstance<PackageManager>(CLSID, IID);
// Everything OK
// Pointer is not nullptr
PackageManager winget = *pointer;
// Crash with 0xC0000005
}
Expected behavior
Instances get created and the api is usable
Actual behavior
Crashes with 0xC0000005
Environment
Windows 11 x64 10.0.22635.3430
Tested on Windows Sandbox and the issue still happens
WinGet versions tested:
- 1.7.xxx
- 1.8.xxx-preview
