DLL that was not present in memory despite not being formally unloaded
7 hours ago
- #stack-overflow
- #dll-unload
- #exception-handling
- A stack overflow crash in a third-party program led to a bug report against shell32.dll.
- Analysis revealed a recursive exception handling loop due to combase.dll's memory being forcibly unloaded.
- Shell32 was a victim, not the culprit, as it called into combase after its memory was freed by an unknown component.
- Multiple crashes (46% of sampled) showed similar patterns with different DLLs, indicating a single underlying cause.
- The root cause remains unidentified, with theories pointing to memory corruption or uninitialized variables in the third-party program.