On 7/25/2011 1:58 PM, Stefan Küng wrote:
>
> I tried to install the bluetooth stack on my machine, but it won't
> install since I don't have a compatible bluetooth device. So I can't
> debug this myself.
>
> Does this happen as well if you force the TSVN shell extension to
> only load in explorer? Settings dialog->Icon Overlays->Show overlays
> and context menu only in explorer
It still crashes...
> If it doesn't crash, then it hooks into the shell and therefore also
> into the TSVN shell extension.
>
> Searching the web about this, there really seems to be a big problem
> in BtMmHook.dll - TSVN isn't the only app affected by this :(
Hmm, I spotted various crash reports where BtMmHook.dll happened to be
loaded, but didn't see many reports of the crash actually occurring in
that DLL... I didn't look that hard though.
In any case, the problem seems to be related to TSVN's CrashRpt.dll...
does it seriously patch kernel32.dll in-memory? CCrashHandler::Install()
seems to GetProcAddress on kernel32's "SetUnhandledExceptionFilter",
then does a WriteProcessMemory() to that address:
http://code.google.com/p/tortoisesvn/source/browse/trunk/src/crashrpt/CrashHandler.cpp#124
The problem is that BtMmHook's DllMain DLL_PROCESS_DETACH handler calls
SetUnhandledExceptionFilter() to remove its handler from the chain, but
the first instructions of SetUnhandledExceptionFilter() are mov r11,
offset CrashRpt.dll+0xe614 (which is what CCrashHandler::Install()
patched it to be) followed by jmp r11. And the problem with that is
CrashRpt.dll has already been unloaded, but it didn't clean up after
itself, so BtMmHook ends up jmp-ing to memory that's already been unmapped.
This kernel32 patching business was added in r20060:
Prevent the CRT from removing our exception handler.
See this blog post for more details:
http://blog.kalmbach-software.de/2008/04/02/unhandled-exceptions-in-vc8-and-above-for-x86-and-x64/
That code is problematic though; as commenter huasheng says, "First of all, thanks for posting the solution. One question is if this
function is invoked in a dll which is loaded and free dynamically, the application may crash because the dummy funciton address becomes
invalid." The blog author agrees: "Good point… I need to make an “undo” function;)"
So, from what I see, the bug is in TSVN after all, not BtMmHook.dll.
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2803590
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-07-26 10:42:12 CEST