Crash when injecting into 32 bit cmd

[rwarren]

I have a python script that launches a Clink subshell by executing cmd.exe again, and it crashes. Reproducible output below It results in the crash below:

C:\code>which python
C:\Program Files (x86)\Python38-32\python.EXE

C:\code>python --version
Python 3.8.7

C:\code>cat ./hmm.py
import subprocess
subprocess.call("cmd.exe")

C:\code>python ./hmm.py
Microsoft Windows [Version 10.0.19042.746]
(c) 2020 Microsoft Corporation. All rights reserved.
Clink v1.1.23.6bad3d
Copyright (c) 2012-2018 Martin Ridgers
Portions Copyright (c) 2020-2021 Christopher Antos
http://github.com/chrisant996/clink



!!! CLINK'S CRASHED!
!!!
!!! Writing core dump
!!! C:\Users\russ\AppData\Local\clink\clink.dmp
!!! ...ok
!!!
!!! Clink: 0x78AC0000
!!! Host: 0x00BE0000
!!! Guru: 0xc0000005 addr=0x00C0E590 (8)
!!!
!!! Backtrace:

Press Enter to exit...

This same subprocess launch worked perfectly fine in a relatively recent Clink version (past few months?), but I'm unfortunately not sure which version since I've just installed a new clink (via scoop) since my old SSD died and this is a new environment.

Simply running cmd.exe in the shell itself works fine:

C:\code>cmd.exe
Microsoft Windows [Version 10.0.19042.746]
(c) 2020 Microsoft Corporation. All rights reserved.
Clink v1.1.23.6bad3d
Copyright (c) 2012-2018 Martin Ridgers
Portions Copyright (c) 2020-2021 Christopher Antos
http://github.com/chrisant996/clink


C:\code>exit

C:\code>

[rwarren]

python's subprocess.call() uses Windows' CreateProcess internally to create the subprocess.

[chrisant996]

I'll take a look. To help me out, can you also share the output from clink autorun show?

(I assume you must have AutoRun set up to inject clink into all cmd processes, yes?)

[chrisant996]

I can't reproduce the crash.

Some questions:

• Can you please upload the clink.log file? (Use clink info to find it, if necessary.)
• What version of Windows is being used?
• Does the crash occur in a fresh installation of Clink, without any local lua scripts?
• Could you narrow down a particular set of lua scripts that have to exist in order for the crash to occur, and/or upload a .zip file containing your local lua scripts and/or configuration?
• If you would prefer not upload files, could you send them to my email at sparrowhawk996 at gmail dot com? (Sorry for spelling it out; just trying to impede mining bots.)

What I did:

• Used clink autorun install to set up AutoRun to inject Clink.
• Created a hmm.py file containing the cited two lines.
• Ran python ./hmm.py; it worked fine with no crash.
• I also tried changing the script to invoke cmd.exe clink.bat inject, and that also worked fine with no crash.
• Obviously, I believe it's crashing -- I just need some additional information to be able to track down why it's crashing.

Thank you for reporting the crash, and for working with me to help resolve it!

[rwarren]

can you also share the output from clink autorun show?

C:\code>clink autorun show
Current AutoRun values

  Current user:

    native : "C:\Users\russ\scoop\apps\clink\current\clink.bat" inject --autorun
     wow64 : "C:\Users\russ\scoop\apps\clink\current\clink.bat" inject --autorun

  All users:

    native : <unset>
     wow64 : <unset>

Can you please upload the clink.log file?

It is suprisingly short:

C:\code>cat C:\Users\russ\AppData\Local\clink\clink.log
4abc initialise_clink          100 Host process is 'cmd.exe'
4abc initialise_clink          125 Host validation failed.
4eac history_db::compact      1190 History:  122 active, 59 deleted
4eac history_db::compact      1190 History:  122 active, 59 deleted
4eac history_db::compact      1190 History:  122 active, 59 deleted

What version of Windows is being used?

Win10 20H2. Specific build:

C:\code>ver

Microsoft Windows [Version 10.0.19042.746]

Does the crash occur in a fresh installation of Clink, without any local lua scripts?

Yes.

Just to be sure here... it is a fresh install via scoop install clink. I don't do any lua scripting (didn't know you could!) and it doesn't appear that the scoop installer does, either. It just installs from a clink zip file:

https://github.com/ScoopInstaller/Main/blob/master/bucket/clink.json#L10

Could you narrow down a particular set of lua scripts that have to exist in order for the crash to occur

Not applicable.

If you would prefer not upload files <...>

No problem uploading whatever... but no Lua. :)

Ran python ./hmm.py; it worked fine with no crash.

Strange. Was it 32-bit python?

FWIW, my system should be mostly pristine since I'm building up from scratch with a new pc build. i.e. Should be no (or at least minimal) weird system/environment issues.

Would the dump file help? I assumed not so didn't include it.

Thanks for looking into it! I'll try a few more things here (like looking into cmd.exe clink.bat inject).

[chrisant996]

Yes the dump file would help tremendously; I was just about to ask for it. :)

The dump file contains the call stack, among other things, which most of the time can pinpoint what's going wrong.

[rwarren]

Here's the dump:
dump.zip

[chrisant996]

Good news; I can reproduce the crash now. It happens for 32 bit cmd 100% of the time. Don't know why yet. The dump showed it crashed before it could run any actual Clink code, so deeper debugging will be needed.

The reason it isn't happening when you run cmd.exe directly from the shell is because the shell is 64 bit and you're running 64 bit cmd. Running 32 bit cmd.exe directly from the shell encounters the problem.

Will look into it further as soon as I get a chance.

[rwarren]

Awesome!

I'm pretty sure that my previous case where it worked with an earlier version was with 64-bit python, so I think can disregard any commentary about it working before.

[chrisant996]

The crash was introduced in v1.1.21 by turning on support for C++ exceptions, as part of adding support for regular expressions in console.findprevline() and console.findnextline().

The problem is that the remote thread injection code must have support for C++ exceptions turned off, otherwise it will crash because the remote thread will try to call code that doesn't exist yet in the cmd.exe process.

I had a bad feeling about enabling C++ exceptions for the whole project, and I should have listened to my intuition.

[rwarren]

This innocent line?

https://github.com/chrisant996/clink/blob/master/premake5.lua#L93

[chrisant996]

That's the one, yup.

[chrisant996]

1.1.24 includes the fix. Thanks again for reporting this!

[windedge]

still crash when run "clink inject" with the latest version(v1.1.34)

[chrisant996]

still crash when run "clink inject" with the latest version(v1.1.34)

More info, please.

32 bit? 64 bit?
Output from clink info.
Attach the clink_log file after crashing (which will tell me the OS version and other things).

[windedge]

clink info:
version : 1.1.34.d161e9
session : 20808
binaries : C:\Users<user>\scoop\apps\clink\current
state : C:\Users<user>\AppData\Local\clink
log : C:\Users<user>\AppData\Local\clink\clink.log
settings : C:\Users<user>\AppData\Local\clink\clink_settings
history : C:\Users<user>\AppData\Local\clink\clink_history
scripts : C:\Users<user>\scoop\apps\clink\current ; C:\Users<user>\AppData\Local\clink
inputrc : %clink_inputrc%
(unset)
: %userprofile%
C:\Users<user>.inputrc
C:\Users<user>_inputrc
: %localappdata%
C:\Users<user>\AppData\Local.inputrc
C:\Users<user>\AppData\Local_inputrc
: %appdata%
C:\Users<user>\AppData\Roaming.inputrc
C:\Users<user>\AppData\Roaming_inputrc
: %home%
C:\Users<user>.inputrc
C:\Users<user>_inputrc

clink log and dump:
clink.zip

[chrisant996]

This new crash is not about injecting, and is unrelated to the crash that was tracked by this issue (#66).

I'll open a separate new issue for this new crash, later this evening.

[windedge]

great, thanks.