New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RESOLVED - AV then try creat memory dump in Win7 after fix #355 #366
Comments
Additional information^ I download and tray test for 3.0.6633.2106 Git-0bfcb231 in to https://wj32.org/processhacker/nightly.php and also have AV then try make dump... |
v3.0.6651.2124 Git-b6564f3c - also crashed :( |
I apologize for noticing the Issues label just now and responding .... Well, I sort of came up with a way to bypass the lock - I took a dump through the Windows Task Manager and previously deciphered it: ProcessHacker-v3.0.6654.2127-bin.tar.xz - this archive included my test-copy and have all .PDB for here. ProcessHacker-v3.0.6654.2127-dump.tar.xz - ProcessHacker.DMP, unpacked size ~ 212 MB. ProcessHacker-v3.0.6654.2127-debug-report.tar.xz - VS2015 dump decode screenshots. |
Step for repro - in to Win7 SP1 x64: RMsClick -> Create dump file... -> have AV then click any Minidump button in to error dialog have secondary AV, Dump make after primary AV then try create dump for process Far.exe.... |
For users laid out such instructions for creating a dump:
I did my own for it, please look at it whenever possible - have I missed anything here? And nowhere was it wrong? |
I checked the minidump and you should remove or disable these files that are installing hooks into Process Hacker: TortoiseGit, TortoiseSVN and LinkShellExtension have also injected (about 40) binaries into Process Hacker... You should disable/remove those programs then check if the crashing persists. You also have lots of unofficial plugins that are known to cause crashes... You need to remove or disable: I can't reproduce any crashes anywhere and I dont see anything in that minidump related to any crashes... This means either those injected binaries or those unofficial plugins caused the crash which is not something that can be fixed. |
Ok, I to test computer I unload Tortoise*, Far Manager, Dexpot tree process, uninstall Link Shell Extension, antivirus is turn off, delete all Plugins Extra but if try Create dump file... command also have AV... Test binary is - ProcessHacker-v3.0.6669.2142-bin.tar.xz and dump is ProcessHacker-v3.0.6669.2142-dump.tar.xz But, I also try check old version 2.39.0.124 and see messages: "The specified procedure could not be found". Is it possible that the reason is not in Process Hacker but in unknown to me OS changes? Something I'm completely confused with this ... edit: fix typo |
dbghelp.dll has a dependency on dbgcore.dll which is probably missing? |
For sure! How did I miss it? |
HUGE THANKS! Then I try copy dbghelp.dll and dbgcore.dll version 10.0.17763.1 form compiler this problems is resolved - dump is work w/o AV. For some reason, it didn’t occur to me to have a hidden dependency on dbghelp.dll - in the ./imports section, the copy of the DLL I had had links only to kernel32.dll and msvcrt.dll and I was sure that all the dependencies it needed were in place , but just in it and there was AV. Well, on the network, I will replace it with a script in no time, and on the githaba I will now make an adjustment. Once again, HUGE THANKS! |
Then I try create dump or minidimp then PH crashed and press MsRClick -> Create dump file... command I have AV (Access Violation) in if press Minidump have new AV in to circuit cycle before not press Restart or Close button:
:( I try send crashed process in to debugger, but he says whats process already close and send to OS return code is 0. Created files .dump or .minidumps have size 0 bytes and not included any data or hidden NTFS streams.
I say any users and all say whats this phenomena exists on Windows 7. Users use Win10 don't see it. I don't known whats find source for this phenomena. Also I see old problem #355 and only after recompile. I try clean all setting PH_config.zip - helps .... until the next update. I'm already completely confused in the search for the causes of the phenomenon. Obviously something simple, but slipping away ...
The text was updated successfully, but these errors were encountered: