DLL that was not present in memory despite not being formally unloaded

masfuerte 2 hours ago |

Part two:

https://devblogs.microsoft.com/oldnewthing/20260626-00/?p=11...

Someone1234 2 hours ago | |

Part 1 was interesting; it isn't clear why he split that into a Part 2 since it adds little to the story and is a paragraph long.

londons_explore 55 minutes ago | | |

I assume the fact it is a third party application means debugging gets harder, and the business case for doing so is weaker/none.

But I would hope that some kind of reverse debugger triggered on one of these crashes would make it pretty simple to say "who wrote this 01".

taneq 1 hour ago | | |

Might have been an “I need to look into this” segueing into “ never mind”?

zabzonk 2 hours ago |

> The good news for the shell32 team is that they are off the hook; they are the victim. The bad news is that we don’t know who the culprit is.

The story of software development through the ages.

brookst 1 hour ago | |

When you’ve eliminated all possible explanation, it’s time to pack it in.

taneq 1 hour ago | | |

Oh man, my journey from idealistic “there is always an explanation” youth to “some days it do be like that, and we may never know why” in a nutshell.

1970-01-01 29 minutes ago |

>I asked for the 100 most recent crashes in that third party program and put them into a pivot table so I could see the distribution.

Always wondered if crash reporting is some kind of shady business. It's good to know it does, at minimum, do what it promises and give valuable crash data to MS.

rwmj 1 hour ago |

What MSFT support policy do you need to have the legendary Raymond Chen take a look at it?

I say this because we've reported a bunch of Windows bugs (mainly running Windows under virtualization) and getting them to pay attention at all is an up-hill battle.

hackyhacky 1 hour ago | |

> What MSFT support policy do you need to have the legendary Raymond Chen take a look at it?

If you have to ask, you can't afford it.

IChooseY0u 6 minutes ago |

Windows COM is super weird and way over engineered.

kumarvvr 2 hours ago |

I see posts like this, this deep dive into the call stacks and am always humbled and reminded of the limits of my knowledge about computers and programs.

dist-epoch 1 hour ago | |

Goes both ways, author probably knows little about FPGA programming, React or PyTorch.

Panzer04 2 hours ago | |

Not a programmer?

kumarvvr 1 hour ago | | |

I am, for 20 years now. I do embedded stuff too. Still.

Panzer04 1 hour ago | | |

I'm a bit surprised you don't run into things like this then :). Do you use GDB and the like at all?

Or do you mean all the windows specific stuff etc, I guess I was more imaging the call stack etc.

No insult was intended XD

FartyMcFarter 1 hour ago | | |

As someone who has debugged his fair share of tricky low-level issues, the parts that I find impressive in his blog posts are things such as "then we look at the bytes in memory and oh yeah, this looks like an exception record". I would usually not think to do that (or be able to recognise it as easily as I presume he did).

kumarvvr 1 hour ago | | |

I have done everything from desktop apps to web apps and a bunch in between. Regular debugging is good enough for me. Never had the need to go down into call stack level.

Even with embedded programming, regular C debugger has always been enough.

hackrmn 7 minutes ago |

I find it hilarious and kind of tragic all at the same time that in 2026 these kind of "hard errors" are just likely handed to Raymond Chen to debug, a veteran of veterans at Microsoft -- because Microsoft likely has no other talent which can read x86 assembly or chase the rabbit like that. The whole crew is probably "bro, just prompt ChatGPT" and "`npm install` that sh*t", Raymond is probably one out of 100 VIPs left to support their legacy tech stack as they frantically try to pivot to something more easily digestible because there's no know-how being educated today that can replace people like Chen.

Then again, if the bros at Microsoft can prompt ChatGPT (I assume that's what the company forces them to, since it's their investment), then they should be able to do Raymond's work though, but perhaps that doesn't stretch quite that far, somehow?

defrost 2 hours ago |

That's some doggedly determined back tracing to uncover an unexpected heisenbug (loose meaning).

  So a total of 46% of the crashes were due to this rogue force-unload of a DLL. This is a case of bucket spray, where a single underlying cause generates a large number of different types of crashes.

chrisjj 2 hours ago | |

We've not yet seen sufficient evidence this is any type of heisenbug.

defrost 1 hour ago | | |

It's not, by the article, in a strict taxonomy.

In a wider sloppier sense some use the term for bugs that are hard to pin down and exhibit wide behaviours.

brookst 1 hour ago | | |

Looking more closely would resolve it one way or the other.

defrost 1 hour ago | | |

My hat.

nopurpose 53 minutes ago |

How big and important third-party vendor must be for Raymond Chen to dissect its coredumps?

FartyMcFarter 45 minutes ago | |

Given his seniority, it could also be that he picks whatever bugs he wants to work on. Whether that is from personal interest, frequency of crashes or any other criteria.

When you're at that level in a company, it's rare that someone would be micromanaging what you work on at all times.