{"id":16463,"date":"2009-10-07T10:00:00","date_gmt":"2009-10-07T10:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2009\/10\/07\/the-ways-people-mess-up-iunknownqueryinterface-episode-3\/"},"modified":"2009-10-07T10:00:00","modified_gmt":"2009-10-07T10:00:00","slug":"the-ways-people-mess-up-iunknownqueryinterface-episode-3","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20091007-00\/?p=16463","title":{"rendered":"The ways people mess up IUnknown::QueryInterface, episode 3"},"content":{"rendered":"<p>\nToday we&#8217;ll\ncombine information you already know,\nsome of which I covered in\n<a HREF=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2004\/03\/26\/96777.aspx\">\nThe ways people mess up IUnknown::QueryInterface<\/a>\nwith additional clues from\n<a HREF=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2004\/02\/05\/68017.aspx\">\nThe layout of a COM object<\/a>.\nThere&#8217;s still not enough information for you to solve the problem\nentirely on your own,\nbut maybe you can demonstrate your nascent\npsychic debugging powers and solve the problem.\n<\/p>\n<p>\nA customer contacted the shell team because their shell extension\nwas causing the shell to crash.\nPerhaps they were doing something wrong, but they couldn&#8217;t see what.\nThe crash looked like this:\n<\/p>\n<pre>\neax=cccccccc ebx=02b31798 ecx=0008db64 edx=02b26348 esi=001ea7fc edi=02b26348\neip=76381427 esp=0008db28 ebp=0008db30 iopl=0         nv up ei pl nz na pe nc\ncs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206\n76381427 8b08            mov     ecx,dword ptr [eax]  ds:0023:cccccccc=????????\n<\/pre>\n<p>\nYour next hint is that the crash takes place while the shell\nis trying to invoke a COM method.\n<\/p>\n<p>\nWhat you should recognize is that this is either at the fetch\nof a COM object&#8217;s vtable or at the fetch of the pointer to\nthe <code>IUnknown::QueryInterface<\/code> method\n(which is the first function in the vtable of any COM object).\n<\/p>\n<p>\nEither way, we obviously have a bad COM object pointer.\nThe next hint is that the pointer was the result of a call\nto <code>IUnknown::QueryInterface<\/code>:\n<\/p>\n<pre>\nISomeInterface* psi;\npunkObj-&gt;QueryInterface(IID_ISomeInterface, (void**)&amp;psi);\n...\n<\/pre>\n<p>\nIf you prefer to speak ATL, it would be something like\n<\/p>\n<pre>\nCComQIPtr&lt;ISomeInterface&gt; spsi(punkObj);\n...\n<\/pre>\n<p>\nEither way, the problem is that the <code>punkObj<\/code>\nresponded to <code>IUnknown::QueryInterface<\/code>\nby putting the special debugging value <code>0xCCCCCCCC<\/code>\ninto the output pointer rather than following the rules for\n<code>IUnknown::QueryInterface<\/code> which require you either\nto succeed and produce a valid object pointer\nor to fail and set the output pointer to <code>NULL<\/code>.\n<\/p>\n<p>\nThe object in question came from the customer&#8217;s shell extension.\nAfter we pointed out to the customer that their\n<code>IUnknown::QueryInterface<\/code> implementation did not adhere\nto the interface contract,\nall further communication ceased.\nWe never did get any acknowledgement or even a word of thanks.\nMaybe they were too embarrassed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today we&#8217;ll combine information you already know, some of which I covered in The ways people mess up IUnknown::QueryInterface with additional clues from The layout of a COM object. There&#8217;s still not enough information for you to solve the problem entirely on your own, but maybe you can demonstrate your nascent psychic debugging powers and [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-16463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Today we&#8217;ll combine information you already know, some of which I covered in The ways people mess up IUnknown::QueryInterface with additional clues from The layout of a COM object. There&#8217;s still not enough information for you to solve the problem entirely on your own, but maybe you can demonstrate your nascent psychic debugging powers and [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/16463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=16463"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/16463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=16463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=16463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=16463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}