WaitForSingleObject crash

I have a windows service (running on XP) which has run for years until recently, whereby the service crashes on a particualr machine when calling

DWORD waitErr = WaitForSingleObject(hClient,INFINITE);

where I can confirm at time of calling that hClient is not null.

hClient = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ClientThread, 0, 0, &clientThreadID);

I cannot even wrap a try/catch around it, as it blows as soon as WaitForSingleObject is called.

The only error I can find is in the Windows Event logs:Faulting application myservice.exe, version 3.20.0.0, faulting module swi_ifslsp.dll, version 3.2.100.0, fault address 0x0000349a.

swi_ifslsp.dll is reported as part of sophos AV products, however I have disabled all services relating to sophos and the error still occurs.

How can I resolve this implosion?.



Can you check if that DLL is listed under 'AppInit_DLLs' as described in http://support.microsoft.com/kb/197571 ("Working with the AppInit_DLLs registry value")? If so, it is probably used for API hooking and that mechanism interferes with your wait operation. Try to rename the registry entry to prevent it from loading.



Can you check if that DLL is listed under 'AppInit_DLLs' as described in http://support.microsoft.com/kb/197571 ("Working with the AppInit_DLLs registry value")? If so, it is probably used for API hooking and that mechanism interferes with your wait operation. Try to rename the registry entry to prevent it from loading.



it is more likely that the client thread function is crashing. a crash in the thread would also crash the main thread depending on the severity. also if the thread corrupted some memory it could have effects on the call stack and that could spoil the call of WaitForSingleObject.

you could add a sleep at the begin of the thread proc such that the wait call in the main thread happens earlier. if it crashes after sleep you might add log messages yourself to the client thread to narrow the issue.

note, if the machine is a multi-core or even multi-processor computer, your issues may come from code that is not thread-safe. if it runs ok before, it could be due by other factors such that the machine is more or less busy.

Sara



In the end it was indeed the Sophos LSP dll causing the problem!

Command line: netsh winsock show catalog highlighted its presence as part of a Web Intelligence service.

Customer disabled and problem disappeared.



Specific to Sophos.



Share this

Related Posts

There was an error in this gadget