I’ve the hellish problem of a third party DLL appearing to cause a recursive stack overflow crash when it gets unloaded. I wind up with this pattern on the stack (using windbg):
<Unloaded_ThirdParty.dll>+0xdd01
ntdll!ExecuteHandler2+0x26
ntdll!ExecuteHandler+0x24
ntdll!KiUserExceptionDispatcher+0xf
<Unloaded_ThirdParty.dll>+0xdd01
ntdll!ExecuteHandler2+0x26
ntdll!ExecuteHandler+0x24
ntdll!KiUserExceptionDispatcher+0xf
...
As you would guess, I don’t have the source code to ThirdParty.dll.
Q: What does the prefix “Unloaded_” mean in the stack dump. I haven’t run across this before.
This means that
ThirdParty.dllwas no longer being referenced and has already been removed from memory at the time that the crash occurs. To find out the actual stack trace, you need to reload the .dll at its original place in memory with the following command:Of course you need to replace
0xaaaaaaaawith the original base address of the module. This may be somewhat hard to figure out if the module has already been unloaded, but if you have anHMODULElying around that refers to the dll, the value of thatHMODULEis the base address. Worst case, you can add a debugger trace statement to your code that logs theHMODULEof the dll just before you unload it.