I am trying to find the cause of an access violation using Konica Minolta PCL driver from a memory dump. I will try to provide as much info as needed. Maybe others in similar situations will benefit from this.
The software I am investegating is a combination of unmanaged windows written in Delphi 2007 hosting .net components via COM. Other crash dumps indicate possible connections with errors in setting floating point exceptions http://connect.microsoft.com/VisualStudio/feedback/details/535285/using-events-on-interop-assemblies-causes-system-stackoverflowexception#details, and I am trying to determine if there are any similarities.
A dump is created caused by a second chance exception: KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+36778 in C:\Windows\System32\spool\drivers\w32x86\3\KOAZ8J_O.DLL has caused an access violation exception (0xC0000005) when trying to read from memory location 0x1906ef0c on thread 16.
Loading up Windbg I find this call stack:
0:016> kL
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
253efdcc 22958881 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36778
253efe1c 2294eff5 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36819
253efe28 22976dde KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x2cf8d
253efe68 22976e85 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x54d76
253efe90 7795f731 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x54e1d
253eff34 7795f632 ntdll!LdrShutdownThread+0xe6
253eff44 75c576f5 ntdll!RtlExitUserThread+0x2a
253eff58 774c03c0 KERNELBASE!FreeLibraryAndExitThread+0x5f
253eff68 5e59367e kernel32!FreeLibraryAndExitThreadStub+0x10
253eff88 774ced6c +0x23367e
253eff94 7799377b kernel32!BaseThreadInitThunk+0xe
253effd4 7799374e ntdll!__RtlUserThreadStart+0x70
253effec 00000000 ntdll!_RtlUserThreadStart+0x1b
I do not have symbols for the printer drivers and by the offset on the last known function name I suspect the offending function is a completely different one.
0:016> r
eax=22920000 ebx=00000001 ecx=1906ef00 edx=22a01000 esi=24e42ff0 edi=229e6598
eip=229587e0 esp=253efdbc ebp=253efdcc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36778:
229587e0 3944d904 cmp dword ptr [ecx+ebx*8+4],eax ds:0023:1906ef0c=????????
0:016> db ecx+ebx*8+4
1906ef0c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef1c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef2c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef3c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef4c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef5c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef6c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
1906ef7c ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
0:016> uf 229587e0
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3676e:
229587d6 8b450c mov eax,dword ptr [ebp+0Ch]
229587d9 85c0 test eax,eax
229587db 7418 je KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3678d (229587f5)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36775:
229587dd 8b4f10 mov ecx,dword ptr [edi+10h]
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36778:
229587e0 3944d904 cmp dword ptr [ecx+ebx*8+4],eax
229587e4 740f je KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3678d (229587f5)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3677e:
229587e6 8b460c mov eax,dword ptr [esi+0Ch]
229587e9 833c9800 cmp dword ptr [eax+ebx*4],0
229587ed 741d je KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367a4 (2295880c)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36787:
229587ef 8365fc00 and dword ptr [ebp-4],0
229587f3 eb17 jmp KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367a4 (2295880c)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3678d:
229587f5 8b460c mov eax,dword ptr [esi+0Ch]
229587f8 8b0c98 mov ecx,dword ptr [eax+ebx*4]
229587fb 85c9 test ecx,ecx
229587fd 7406 je KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3679d (22958805)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36797:
229587ff 8b01 mov eax,dword ptr [ecx]
22958801 6a01 push 1
22958803 ff10 call dword ptr [eax]
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3679d:
22958805 8b460c mov eax,dword ptr [esi+0Ch]
22958808 83249800 and dword ptr [eax+ebx*4],0
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367a4:
2295880c 43 inc ebx
2295880d 3b5e08 cmp ebx,dword ptr [esi+8]
22958810 7cc4 jl KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x3676e (229587d6)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367aa:
22958812 837dfc00 cmp dword ptr [ebp-4],0
22958816 7435 je KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367e5 (2295884d)
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367b0:
22958818 8d5f1c lea ebx,[edi+1Ch]
2295881b 53 push ebx
2295881c ff1544c19e22 call dword ptr [KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0xca0dc (229ec144)]
22958822 56 push esi
22958823 8d4f14 lea ecx,[edi+14h]
22958826 e80bfcffff call KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x363ce (22958436)
2295882b 53 push ebx
2295882c ff1548c19e22 call dword ptr [KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0xca0e0 (229ec148)]
22958832 ff760c push dword ptr [esi+0Ch]
22958835 ff1530c19e22 call dword ptr [KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0xca0c8 (229ec130)]
2295883b 8b06 mov eax,dword ptr [esi]
2295883d 6a01 push 1
2295883f 8bce mov ecx,esi
22958841 ff10 call dword ptr [eax]
22958843 6a00 push 0
22958845 ff37 push dword ptr [edi]
22958847 ff15c8bf9e22 call dword ptr [KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0xc9f60 (229ebfc8)]
KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x367e5:
2295884d 5f pop edi
2295884e 5e pop esi
2295884f 5b pop ebx
22958850 c9 leave
22958851 c20800 ret 8
Is anybody able to spot any obvious errors in this assembly code? Why would it adress this invalid memory location. I am also looking for guidance as how to pinpoint the error further. My goal is to look for a workaround (so this code block is not run) and to supply the author of the driver with as much info as possible.
Got this assessment from Microsoft:
The problem was related to below printer driver which has bad DllMain implementations.
Image path: C:\Windows\System32\spool\drivers\w32x86\3\KOAZ8J_O.DLL Image name: KOAZ8J_O.DLL Timestamp: Mon Nov 02 15:14:30 2009 (4AEE86D6) CheckSum: 00000000 ImageSize: 000DE000 File version: 4.2.0.6 Product version: 4.2.0.6 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0000.04b0 ProductName: OpenAPIDrvLib Dynamic Link Library InternalName: OAPIDrvLib42.dll OriginalFilename: OAPIDrvLib42.dll ProductVersion: 4.2.0.6 FileVersion: 4.2.0.6 FileDescription: OpenAPI Driver Library for Ver.4.2 LegalCopyright: Copyright (C) 2009 Konica Minolta Business Technologies, Inc. All rights reserved.ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 2758fdcc 26ed8881 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36778
01 2758fe1c 26eceff5 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x36819
02 2758fe28 26ef6dde KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x2cf8d
03 2758fe68 26ef6e85 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x54d76
04 2758fe90 771af731 KOAZ8J_O!OAPIGetPrinterEncryptionSettingForDriver+0x54e1d
05 2758ff34 771af632 ntdll!LdrShutdownThread+0xe6
06 2758ff44 753b7695 ntdll!RtlExitUserThread+0x2a
07 2758ff58 766f0378 KERNELBASE!FreeLibraryAndExitThread+0x5f
08 2758ff68 51bb367e kernel32!FreeLibraryAndExitThreadStub+0x10
09 2758ff88 766fed6c +0x23367e
0a 2758ff94 771e377b kernel32!BaseThreadInitThunk+0xe
0b 2758ffd4 771e374e ntdll!__RtlUserThreadStart+0x70
0c 2758ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
The loader tried to call entry point method (mostly DllMain) for cleanup operations. Such module performed complicated tasks and damaged the memory. We observed the similar issue from other cases on this printer drivers.
You may try any printer driver or contact the printer driver vendor to fix the problem.
With the above information, you can discuss with the printer driver vendor to review their code in DllMain and check for failure possibilities. http://msdn.microsoft.com/en-us/library/ms682583(VS.85).aspx