Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WinRTAct.dll from Microsoft.WindowsPackageManager.ComInterop NuGet Package crashes with Access Violation when RegFreeWinRT is used #4377

Open
marticliment opened this issue Apr 13, 2024 · 0 comments
Open

WinRTAct.dll from Microsoft.WindowsPackageManager.ComInterop NuGet Package crashes with Access Violation when RegFreeWinRT is used #4377

marticliment opened this issue Apr 13, 2024 · 0 comments
Labels
Issue-Bug It either shouldn't be doing this or needs an investigation.

Comments

@marticliment
Copy link

Brief description of your issue

Using the module winrtact.dll to create WindowsPackageManager instances from an elevated process crashes if the executable uses RegFreeWinRT.

This makes it impossible to use the WinGet COM api from any elevated desktop (non-packaged) process that does use Register-Free WinRT (such as unpackaged self-contained app sdk projects and c++ Desktop Projects using WinRT APIs).

Event Viewer crash:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> 
  <EventID>1000</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>100</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2024-04-13T15:50:42.6827644Z" /> 
  <EventRecordID>287262</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="32324" ThreadID="30092" /> 
  <Channel>Application</Channel> 
  <Computer>pc-name</Computer> 
  <Security UserID="<user-id>" /> 
  </System>
  <EventData>
  <Data Name="AppName">WingetUI.exe</Data> 
  <Data Name="AppVersion">3.0.1.0</Data> 
  <Data Name="AppTimeStamp">65cd0000</Data> 
  <Data Name="ModuleName">winrtact.dll</Data> 
  <Data Name="ModuleVersion">1.22.2404.9003</Data> 
  <Data Name="ModuleTimeStamp">6615a9aa</Data> 
  <Data Name="ExceptionCode">c0000005</Data> 
  <Data Name="FaultingOffset">0000000000008aa3</Data> 
  <Data Name="ProcessId">0x8d9c</Data> 
  <Data Name="ProcessCreationTime">0x1da8dba54249668</Data> 
  <Data Name="AppPath">C:\SomePrograms\WingetUI-Store\src\UniGetUI\bin\x64\Release\net8.0-windows10.0.19041.0\win-x64\WingetUI.exe</Data> 
  <Data Name="ModulePath">C:\SomePrograms\WingetUI-Store\src\UniGetUI\bin\x64\Release\net8.0-windows10.0.19041.0\win-x64\winrtact.dll</Data> 
  <Data Name="IntegratorReportId">2c2a5dca-bcbd-4153-b3ac-a9975722ce1b</Data> 
  <Data Name="PackageFullName" /> 
  <Data Name="PackageRelativeAppId" /> 
  </EventData>
  </Event>

Steps to reproduce

Two possible options to reproduce the bug:

  1. Create a C#/WinUI3/AppSdk project and set the project to run unpackaged and AppSdk to be self-contained. Run the process elevated and attempt to create a WindowsPackageManager instance through winrtact.dll (WinGetServerManualActivation_CreateInstance). App will immediately hang and crash.
    Event viewer will report a crash on winrtact.dll 0xc0000005

  2. Create a C++ console app and enable WinRT APIs from project properties. Import winrtact.dll thorugh and attempt to create a WindowsPackageManager instance with WinGetServerManualActivation_CreateInstance. App will immediately crash and exit with exit code 0xc0000005. Example code below:

typedef HRESULT(WINAPI* PFN_WinGetServerManualActivation_CreateInstance)(
    const GUID& clsid,
    const GUID& iid,
    DWORD flags,
    void** instance);


static T* WinRTActCreateInstance(const GUID& clsid, const GUID& iid)
{
    void* pUnknown = nullptr;
    HRESULT hr = S_OK;

    HMODULE hModule = LoadLibrary("winrtact.dll");
    if (hModule)
    {
        PFN_WinGetServerManualActivation_CreateInstance WinRTAct_DllCreateInstance = (PFN_WinGetServerManualActivation_CreateInstance)GetProcAddress(hModule, "WinGetServerManualActivation_CreateInstance");
        try
        {
            hr = WinRTAct_DllCreateInstance(clsid, iid, CLSCTX_ALL, &pUnknown);
            if (FAILED(hr))
                throw hr;

            T* pInterface;
            hr = ((IUnknown*)pUnknown)->QueryInterface(iid, (void**)&pInterface);
            if (FAILED(hr))
                throw hr;

            return pInterface;
        }
        catch (HRESULT hrException)
        {
            throw hrException;
        }
        catch (...)
        {
            throw;
        }
    }
    else
    {
	throw HRESULT_FROM_WIN32(GetLastError());
    }
}

int main()
{
    PackageManager* pointer = WinRTActCreateInstance<PackageManager>(CLSID, IID);
    // Everything OK
    // Pointer is not nullptr

    PackageManager winget = *pointer;
    // Crash with 0xC0000005
}

Expected behavior

Instances get created and the api is usable

Actual behavior

Crashes with 0xC0000005

Environment

Windows 11 x64 10.0.22635.3430
Tested on Windows Sandbox and the issue still happens

WinGet versions tested:
 - 1.7.xxx
 - 1.8.xxx-preview
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Triage Issue need to be triaged label Apr 13, 2024
@denelon denelon added Issue-Bug It either shouldn't be doing this or needs an investigation. and removed Needs-Triage Issue need to be triaged labels Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Bug It either shouldn't be doing this or needs an investigation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marticliment @denelon