Jump to content
Sign in to follow this  
Cristian Peța

Strange exception with "Write of address 00400000"

Recommended Posts

Delphi 10.4.2

I try to understand this exception. I occurs at the app start and this is the only message, then the app closes.

It happens only on one machine and the same code but truncated by some IFDEFs (a reduced version of the main app) is working.

I suppose that class destructor TDBNavigator.Destroy is called when class constructor TDBNavigator.Create is still looping with FButtonsImageCollection.Add()

But what means this address 400000?

exception class    : EAccessViolation
exception message  : Access violation at address 76B6C9ED in module 'combase.dll'. Write of address 00400000.

thread $4b7c:
76b6c9ed +db combase.dll
00e3c89a +22 WinArhi.exe  Vcl.ImageCollection   282  +2 TImageCollectionSourceItem.Create
0054c757 +0b WinArhi.exe  System.Classes       6213  +1 TCollection.Add
00e3c965 +05 WinArhi.exe  Vcl.ImageCollection   325  +1 TImageCollectionItemSources.Add
00e3d48b +53 WinArhi.exe  Vcl.ImageCollection   651  +9 TImageCollection.CreateSourceItem
00e3d576 +2a WinArhi.exe  Vcl.ImageCollection   670  +1 TImageCollection.Add
00e3d65a +76 WinArhi.exe  Vcl.ImageCollection   683  +2 TImageCollection.Add
00e4f11d +7d WinArhi.exe  Vcl.DBCtrls          4188  +3 InitButtonsImageCollection
026cb28d +09 WinArhi.exe  Vcl.DBCtrls          4192  +1 TDBNavigator.Create@
0040b186 +42 WinArhi.exe  System              23832 +21 InitUnits
0040b1ef +3f WinArhi.exe  System              23907 +14 @StartExe
004140fa +42 WinArhi.exe  SysInit              1535 +11 @InitExe
026f025f +0b WinArhi.exe  WinArhi               277  +0 initialization
75f7fa27 +17 KERNEL32.DLL                               BaseThreadInitThunk

 

Share this post


Link to post
Guest

There is not enough info to deduce something accurate from that, but the address 0400000 is most likely where your EXE image loaded and it is 32bit.

 

Anyway, my guess is the stack is corrupt which can lead to such unexplainable AV (similar to that), so if it is possible you have to use the debugger and walk both the working code and not working code, to find and isolate this, (as suggestion also ) if there is assembly code then double check it, i mean only the parts that had been executed,

But from what i can read form the stack that the AV is happening right before the dpr code being executed, meaning in general with a high chance it could be a code reside in initialization section in some unit, and you have to find the culprit by putting breaking points on each and everyone and see which one cause the AV.

Share this post


Link to post

In line TImageCollectionSourceItem.Create there is just a call to TWICImage.Create, which initiates a COM call CoCreateInstance. Perhaps there is something wrong with the specific combase.dll on that machine (faulty version, corrupted, infected).

  • Like 1
  • Thanks 1

Share this post


Link to post

Solved.

The issue was caused by Sentinel envelope that is applied to the executable. The envelope decrypts and decompress the EXE in memory and is doing a lot of other stuff. The envelope permitted to start the executable but because some incomplete installed drivers I suppose it does not do all the job to restore all what is needed to run properly.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×