How to change my IE extension to resolve an Access Violation in another module (flash.ocx) crashing IE?
I have an Internet Explorer extension (a BHO) that works nicely on thousands of machines but in some scenarios seems to cause Flash to crash the iexplore.exe with an Access Violation. What can I try doing to avoid this clash?
More details:
In one customer's environment we have a situation where when after visiting a website with Flash and closing the IE tab the tab process crashes. This only happens if both Flash and my extension are enabled and isn't replicable so far on workstations outside this company's environment. It still happens if my extension is configured to do nothing on that page - i.e. some of my code still executes but very little.
If the website isn't in Trusted Sites then the tab is running in Protected Mode and the result of the crash is a window saying the web page wants to run dw20.exe (i.e. Dr Watson) 
.
If the website is added to Trusted Sites then an error is written to the windows application event log and IE reopens the tab with a small info bar message saying IE recovered it from a crash. Either way it's frustrating! The user really doesn't care if the process crashes when they close the tab, so I'd be happy with a workaround that means no error message is shown to the user and the tab doesn't reopen.
The windows application event log doesn't say much but it does say that the iexplore.exe process crashed with faulting module flash:
Error / Application Error / EventID=1000
Faulting application name: iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7
Faulting module name: Flash32_13_0_0_214.ocx, version 13.0.0.214, time stamp 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x00073678
Faulting application start time: 0x01d0099db319df49
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_13_0_0_214.ocx
ReportId: 0094988b-7591-11e4-93e6-6cf0492a8610
This was a fairly new version of flash but not the latest. They've tried upgrading to the latest version but that had the same symptoms.
Their workstations have Sophos antivirus running, and in some rare cases we've seen antivirus causing problems with our extension. We tested after stopping all the windows services that mentioned Sophos and the same problem occurred so I'm fairly sure it's not related to that.
My extension is built using .NET 3.5 SP1, which isn't an ideal way to do it because of potential runtime conflicts with other extensions, but that's how it is for now.
If I disable my extension the problem goes away. If I disable Flash the problem goes away. The faulting module being Flash32_13_0_0_214.ocx strongly points to it being a bug there but I suppose in theory it could be a problem in my code. No unmanaged code is being executed from my extension so it can't be that, so I can't think of anything my extension could do that could cause an AccessViolation. That leaves the possibility of a bug in Flash, which seems entirely possible, or a problem with the way I interact with the COM objects from IE. However, it's unlikely that the Flash team would investigate such a bug report unless I can point to something specific and replicable, and right now I can't replicate on any dev machines so that's not great. And even if it is a Flash bug, from the customer's point of view that's no different from it being a bug in my product: either I get it fixed or my product will be uninstalled and they'll keep Flash.
Options
What I'm hoping for are some ideas about:
Is there anything I can try in my code/product that might avoid conflicting with Flash? For example, would rebasing my dlls to move my extension into a different area of memory have any hope of working? Would recompiling for .NET 4.0/4.5 have a chance in working?
What can I do to replicate the problem ... and why would this not be a problem at dozens of other companies but be a problem at this one? Any thoughts on what could be the environmental factor that triggers the problem here but not on workstations set up differently?
Is there any point trying to get a crash dump or other diagnostic information about the crash (e.g. ProcMon at the time of crash)? I don't have expertise to go through such diagnostics so I'd like to avoid it unless it's likely to lead me to an answer about what I can do differently in my product or pinpoint an exact bug in the flash module (if there really is one).
I'd be happy with a way to make it crash silently, so for example something to stop IE reopening the tab when it crashes.
It can be a while before I get time with the customer to test different options, so I'd like a few things to try. Any ideas GREATLY appreciated.
Some random ideas I've had so far. Any of them sound worth trying?
- recompile using .net 4
- In my SetSite(null) method (the event that occurs when my extension is being unloaded) I have a few lines of cleanup code, like
Marshal.FinalReleaseComObject(webBrowser)andGC.Collect(). Remove one or more of these: perhaps the GC or COM cleanup messes with Flash's memory space. - rebase my dlls.
- uninstall and reinstall IE9 on the workstation, to see if that has any effect. Not a solution that will work company-wide but might indicate something dodgy with their IE image.
Update
The customer replicated the problem again and instead of the Flash ocx the faulting module was jscript9.dll. They also reported seeing the same with ntdll.dll although I haven't seen that myself.
Faulting application name: iexplore.exe, version: 9.0.8112.16575, time stamp: 0x53ee1acb
Faulting module name: jscript9.dll, version: 9.0.8112.16575, time stamp: 0x53ee1c49
Exception code: 0xc0000005
Fault offset: 0x00007264
Faulting process id: 0x1bb4
Faulting application start time: 0x01cfec57f247cb53
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\jscript9.dll
Report Id: 50b58f63-584b-11e4-bc66-6cf0492a8610
Faulting package full name: %14
Faulting package-relative application ID: %15
So I guess this opens it up to not being Flash-related...
Problem is, with .Net you can do nearly nothing to actively mess the memory. So, unless you are playing a lot with Api calls, it's really difficult it's something in your code causing the fault.
Relocating the dll seems to me the most promising thing to do; not messing with GCC, too, seems a really good option (and it is ALWAYS, not only in this case).
Another problem is that it's not your module who is faulting, and this is something to consider seriously: it's not your code who is trying to reach a memory area malloc'ed by another dll, but it's their code trying to mess with your dll's memory space.
Probably your best bet is DW; by letting it save the dump, you can travel trough the stack trace to find the code causing the problem. Back tracing again, you can find the moment when some parameter become garbage. Finally, you can use this https://msdn.microsoft.com/en-us/windows/hardware/hh852365 to debug the crash in real time. Why all of this? Well, because if you are not doing anything strange in your dll (like manually malloc'ing), in .Net you cannot in any way mess with memory so to 'cause an 0x05 in another dll; 99% it's this specific IE with its specific configuration the cause of everything, so your fastest solution would be to debug, find the offending code, then zip every information you have and mail it to MS.
- 2D Array. Set all values to specific value
- Is string.Length in C# (.NET) instant variable?
- .NET Where to start a RabbitMQ Client connection in a web application
- RDLC Report Data not refreshing and crashing Visual studio
- Catch External API Error Message as in Postman Body
- How to represent Unicode characters in an API
- Connecting through Https sites
- How to force inner join in Include?
- How to programatically do file versioning with SVN and .NET?
- Completely replace an indexing JSON in Cosmos DB using the .NET API
- Difference between Google.Cloud.Compute.V1 and Google.Apis.Compute.v1
- Optimize in Z3 .NET API giving incorrect results - bug?
- Trying to integrate PayPal checkout express, using classes\dll provided by PayPal, getting: Could not load file or assembly 'log4net
- What is the Microsoft.Practices.Unity ResolverOverride equivalent in Microsoft.Extensions.DependencyInjection
- Getting Windows user's name in "Firstname Lastname" format when user is part of a group
- unable to get results from jsoup while giving post request
- IQueryable<T> extension method to take data in batches
- Missing "Platforms" folder when setting up a .NET MAUI project for xUnit testing
- Execute certain logic till it meets the requirement
- Sharing cache between two MVC applications
- How to install the .NET Native AOT compiler (ilc) for command-line usage outside of dotnet?
- ASP.NET Core 8 : singleton pattern with HttpContextAccessor does not work together
- .net Custom Configuration How to case insensitive parse an enum ConfigurationProperty
- Pragmatic use of code-behind in MVVM pattern
- Npoi Round Formula
- Disabling Smooth Scrolling on Richtextbox
- Is there any possible way to send Udp requests faster in SharpPcap (.NET 8)?
- SignInManager always fails for TwoFactorAuthenticatorSignInAsync() and TwoFactorSignInAsync()
- Any way to add arrays into HTTP request URI by using C#?
- How to start creating an application API in .NET