Unexplained crashes related to ntdll.dll

c# windows dll ntdll
Jesse Roper picture Jesse Roper · Dec 11, 2018 · Viewed 41.7k times · Source

I have an application that I've written that crashes intermittently, but I'm unable to capture an exception at the application layer. I always get an entry in the event log but doesn't give me much info:

Faulting application name: BCS-UI.exe, version: 1.0.11.0, time stamp: 0x5c0edcbd
Faulting module name: ntdll.dll, version: 10.0.17134.376, time stamp: 0x4358e406
Exception code: 0xc0000374
Fault offset: 0x000d8829
Faulting process id: 0x39b0
Faulting application start time: 0x01d49161c80079a0
Faulting application path: C:\Gogs Local\SMR_Windows_UI\BCS-UI\BCS-UI\bin\Release\BCS-UI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1fbc4761-d256-44b0-99b0-4d9d758e4fe0
Faulting package full name: 
Faulting package-relative application ID: 

    - System 

  - Provider 

   [ Name]  Application Error 

  - EventID 1000 

   [ Qualifiers]  0 

   Level 2 

   Task 100 

   Keywords 0x80000000000000 

  - TimeCreated 

   [ SystemTime]  2018-12-11T15:12:28.109191000Z 

   EventRecordID 23318 

   Channel Application 

   Computer Leviathan 

   Security 


- EventData 

   BCS-UI.exe 
   1.0.11.0 
   5c0edcbd 
   ntdll.dll 
   10.0.17134.376 
   4358e406 
   c0000374 
   000d8829 
   39b0 
   01d49161c80079a0 
   C:\Gogs Local\SMR_Windows_UI\BCS-UI\BCS-UI\bin\Release\BCS-UI.exe 
   C:\WINDOWS\SYSTEM32\ntdll.dll 
   1fbc4761-d256-44b0-99b0-4d9d758e4fe0

As you can see, I get this:

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll.

I'm not sure what that is or how it relates to the crashes, but I've been able to reproduce it on multiple machines and I'm at a loss on how to determine the cause or prevent it from happening.

Update: I've gotten to a point where the application crashes on startup with the above reason. It gets to the end of the MainWindow constructor (it is a WPF application), sits there for about 10 seconds on a white screen and then dies. I've rolled back to older versions of the software and reproduced this behavior. I have also moved it to another machine and did NOT see this behavior, so my current theory is in agreement with what was said in the comments - that something corrupted the heap and it only gets cleared up on a reboot.

Update 2: I'm able to produce this error message when running outside of the debugger, although when running in the debugger, I'm not able to get it to stop on an exception:

a generic error occurred in GDI+

So that's what I'll be hunting today. Interestingly and disturbingly enough, the app crashes every time on startup, even after rebooting. The same behavior does not occur on other machines at this time.

Answer

Hainan Zhao picture Hainan Zhao · Dec 19, 2018

To debug these kind of system internal issues, I suggest you try Process Monitor.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

enter image description here

Basically you need to look out for the "NAME NOT FOUND" errors, which means missing dlls or registry keys, or any other suspisious errors in the monitor screen.

Related questions

C# Missing MSVCR100.dll

I'm developing an app that execute another app and I received this error: the program can't start because MSVCR100.dll is missing from your computer with my C# app, can I fix this problem copying this .dll into windows/system32 …

Read More
C#: Could not load types from assembly

After adding Lucene.net and Lucene.net Contrib to a C# MVC3, I get the message below after the first successful run. After receiving this error, I need to completely wipe C:\Users\Me\AppData\Local\Temp\Temporary ASP.NET …

Read More
Check if a DLL is present in the system

quick question. I want to find out if a DLL is present in the system where my application is executing. Is this possible in C#? (in a way that would work on ALL Windows OS?) For DLL i mean a …

Read More