What are "Modules" in a minidump (.mdmp) file mean? Are they loaded for the process?
I am debugging a minidump file that is made when my application is starting. I am viewing the dump file in Visual Studio 2010. What are the "Modules" shown? Are they all loaded for specifically my application ? Or some are just generic, system wide modules ? I am trying to determine if there are 3rd party modules/dlls that could be interfering with my application. I pointed out Sophos as an example in the dump. Could Sophos be intercepting disk write, or memory access and causing an issue with my application?
This is a commercial application that starts up fine, except for a few customer.
Thanks.
You are simply seeing the list of DLLs that were loaded in the process. The minidump is for a managed WPF application but you are also seeing all of the unmanaged DLLs. A minidump is fundamentally an unmanaged view of the process. You would get the same list if you debug your WPF app on your dev machine with the Project + Properties, Debug, "Enable unmanaged code debugging" option ticked.
And yes, that DLL you marked was injected by the Sophos anti-malware program. This is entirely normal, it is the way that they work. They absolutely do things like you suspect, mostly by hooking winapi functions, as the "detoured" name suggests. Detours is a Microsoft hooking library.
They are not automatically a simple explanation for a crash, although they certainly have a knack for destabilizing programs. Your program crashed with an access violation, you'll need to use the debugger to find out why. Not an easy kind of crash to diagnose btw. Good luck with it.