Hang in ConEmuHk on exit from CygWin program

[Maximus5]

Originally reported on Google Code with ID 465

Steps to reproduce:
1) Download http://smithii.com/files/cdrtools-latest.zip
2) Run mkisofs.exe from FAR+ConEmu

Result is hang with this stacktrace (deepest first):

ntoskrnl.exe!KiSwapContext+0x7f
ntoskrnl.exe!KiSwapThread+0x13a
ntoskrnl.exe!KeWaitForSingleObject+0x2cb
ntoskrnl.exe!KiSuspendThread+0x29
ntoskrnl.exe!KiDeliverApc+0x2d7
ntoskrnl.exe!KiApcInterrupt+0x103
ntdll.dll!_RtlDispatchException@8+0x98
kernel32.dll!_StringCchCopyW@12+0x31
MSCTF.dll!?s_szCompClassName@@3QBGB
ntdll.dll!_RtlDispatchException@8+0x98
ntdll.dll!_KiUserExceptionDispatcher@8+0xf
kernel32.dll!_RaiseException@16+0x58
kernel32.dll!_OutputDebugStringA@4+0x285
kernel32.dll!_OutputDebugStringW@4+0x41
ConEmuHk.dll!SetFarHookMode+0x3b96
ntdll.dll!_LdrpCallInitRoutine@16+0x14
ntdll.dll!_LdrShutdownProcess@0+0x1a9
ntdll.dll!_RtlExitUserProcess@4+0x64
kernel32.dll!_ExitProcess@4+0x12
cygwin1.dll!cygwin32_split_path+0x5e39
cygwin1.dll!__main+0xc7
cygwin1.dll!_exit+0x12
cygwin1.dll!wmemset+0x5c
cygwin1.dll!exit+0x21
mkisofs.exe+0x1603
mkisofs.exe+0x1c01
cygwin1.dll!_exit+0xf08
cygwin1.dll!_dll_crt0@0+0x263

Core dump:

http://dump.thecybershadow.net/916a9b64a12b43115aed14716c3b6b56/mkisofs.7z

DebugView output:

[17532] CreateProcessW without CREATE_SUSPENDED Flag!
[10656] GetThreadContext(x86) for PID=7392: ContextFlags=0x00010007, Eip=0x774AE540
[10656] VirtualAllocEx(x86) for PID=7392: 0x00290000
[10656] SetThreadContext(x86) for PID=7392: ContextFlags=0x00010007, Eip=0x00290000

Reported by thecybershadow on 2011-12-26 05:09:26

[Maximus5]

please, supply following files:
ntdll.dll, kernel32.dll, advapi32.dll, rpcrt4.dll, secur32.dll, user32.dll, gdi32.dll,
MSCTF.dll, ntoskrnl.exe

Reported by ConEmu.Maximus5 on 2011-12-26 06:46:58

[Maximus5]

You can download them from the Windows Symbol Server, together with the accompanying
debug information (PDB files), if you open the core dump in a dbghelp-enabled debugger
(that includes Visual Studio and WinDbg).

Here are the DLL files. Please let me know when you've got them, so I can delete the
file - distributing them is not legal. http://dump.thecybershadow.net/e506118b2266acb9ad8b5f61508a7136/dlls.7z

ntoskrnl executes in kernel space, so it is of no use to you.

Reported by thecybershadow on 2011-12-26 06:54:26

[Maximus5]

Yes, I got them.

Reported by ConEmu.Maximus5 on 2011-12-26 06:59:32

[Maximus5]

ntdll.dll does not match

ntdll.dll   *C:\Windows\System32\ntdll.dll  N/A N/A No matching binary found.       2   6.00.6002.18327 14.10.2010
22:37   00000000772D0000-0000000077456000   mkisofs.dmp: Native 

Reported by ConEmu.Maximus5 on 2011-12-26 07:02:24

[Maximus5]

Everything looks fine here.

    ntdll.dll   C:\Windows\System32\ntdll.dll   N/A N/A Symbols loaded (source information
stripped).  C:\symbols\ntdll.pdb\CD01D4B826F3453D8A16ADC056AEF9442\ntdll.pdb    2   6.00.6002.18327 2010.10.14
20:37   00000000772D0000-0000000077456000   mkisofs.dmp: Native 

Have you tried the symbol server yet? Set up instructions for Visual Studio 2008 are
here: http://msdn.microsoft.com/en-us/library/b8ttk8zy(v=VS.90).aspx

Reported by thecybershadow on 2011-12-26 07:17:51

[Maximus5]

Of course, I'm using symbol servers.

Lioks fine on YOUR system.
Symbols downloading failed, when there is NO matching binary.

Reported by ConEmu.Maximus5 on 2011-12-26 07:24:53

[Maximus5]

The line I pasted above clearly shows that the PDB file matching the DLL was downloaded
from Microsoft's symbol servers. Note that dbghelp does not download just the PDB files,
but the binaries as well.

Below is sigcheck's output, which shows that the file is not modified:

C:\Windows\SysWOW64> sigcheck -h -i -a ntdll.dll

Sigcheck v1.70 - File version and signature viewer
Copyright (C) 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\Windows\SysWOW64\ntdll.dll:
        Verified:       Signed
        Catalog:        C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_8_for_KB2393802~31bf3856ad364e35~amd64~~6.0.1.3.cat
        Signers:
                Microsoft Windows
                Microsoft Windows Verification PCA
                Microsoft Root Certificate Authority
        Signing date:   12:06 2010.11.02
        Publisher:      Microsoft Corporation
        Description:    NT Layer DLL
        Product:        Microsoftо Windowsо Operating System
        Version:        6.0.6001.18000
        File version:   6.0.6001.18000 (longhorn_rtm.080118-1840)
        Strong Name:    Unsigned
        Original Name:  ntdll.dll.mui
        Internal Name:  ntdll.dll
        Copyright:      й Microsoft Corporation. All rights reserved.
        Comments:       n/a
        MD5:    56007cfc52167c26e4a3f899b8d29ccd
        SHA1:   e2d8d63d9e0713750e09d02aec4074d848446d43
        SHA256: 0f7ca78849ebc2210d012bd595f21e88b8d61bed86cf64b8f9a49677a610ff24

Reported by thecybershadow on 2011-12-26 07:30:14

[Maximus5]

I don't know what the problem might be. Perhaps you're using an old version of dbghelp?
You can get the latest by installing the latest Debugging Tools for Windows package.

Reported by thecybershadow on 2011-12-26 07:32:11

[Maximus5]

Issue 466 has been merged into this issue.

Reported by ConEmu.Maximus5 on 2011-12-26 07:34:32

[Maximus5]

I'm using VS 2008. And latest versions of Win7 SDK (7.0 & 7.1).

> Note that dbghelp does not download just the PDB files, but the binaries as well.
Hm, I had downloaded binary file only once, and only kernelbase.dll (using Visual Studio).

Reported by ConEmu.Maximus5 on 2011-12-26 07:40:29

[Maximus5]

get last version from svn again
check new version

Reported by ConEmu.Maximus5 on 2011-12-26 07:50:07

[Maximus5]

Reported by ConEmu.Maximus5 on 2011-12-26 08:54:17

• Status changed: Fixed