The application compatibility team reported that a program was crashing in its installer. Debugging the installer revealed that it actually triggered three<\/i> exceptions. <\/p>\n
The first exception was due to passing an invalid pointer to the It did this twice, so that is the second exception as well. <\/p>\n The third exception is the one that crashed the installer: A system function wanted to report a runtime issue. It did this by checking if a debugger was present, and if so, it printed a diagnostic message to the debugger so that the developer could see that there was a problem and get a chance to investigate it. <\/p>\n The problem is that the call to And it was crashing because the installer used a DLL<\/a> which detours the But notice that the DLL does not un-detour the function when it is unloaded.¹ <\/p>\n Therefore, if you load the DLL and then unload it, you leave the (Also curious is that the DLL is licensed under the GPL, yet the product that uses it makes no mention of the GPL in its license agreement.) <\/p>\n The fix was to remove the debugging message for the particular case that this program’s installer was tripping over. <\/p>\nlstrlen<\/code> function. However, this didn’t crash the installer because the lstrlen<\/code> function contains an application compatibility mitigation: If you pass a pointer to invalid memory, it handles the access violation exception by reporting that the string length is zero. <\/p>\nIsDebuggerPresent<\/code> was crashing. <\/p>\nIsDebuggerPresent<\/code> function when it is loaded, presumably to make it harder to reverse-engineer (though since the source code is freely available<\/a>, it’s not sure why they are so concerned about it). <\/p>\nIsDebuggerPresent<\/code> function detoured to a function that no longer exists. And the next person to call the IsDebuggerPresent<\/code> function will crash. <\/p>\n