Why does this code crash on startup as a limited user, but not on startup as a machine administrator?
extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance,
DWORD dwReason,
LPVOID lpReserved)
{
hInstance;
m_hInstance=hInstance;
return _AtlModule.DllMain(dwReason, lpReserved);
}
The code failed to return ... and I don't know why.
I get:
The instruction at "0x7c90100b" referenced memory at "0x00000034".
The memory could not be "read".
In addition, _AtlModule.DLLMain is as follows:
inline BOOL WINAPI CAtlDllModuleT<T>::DllMain(DWORD dwReason, LPVOID lpReserved) throw()
{
#if !defined(_ATL_NATIVE_INITIALIZATION)
dwReason; lpReserved;
#pragma warning(push)
#pragma warning(disable:4483)
using namespace __identifier("<AtlImplementationDetails>");
#pragma warning(pop)
if (dwReason == DLL_PROCESS_ATTACH)
{
ATLASSERT(DllModuleInitialized == false);
}
return TRUE;
#else
return _DllMain(dwReason, lpReserved);
#endif
}
We import the ATL library and try to statically set the link as well ... no luck.
UPDATE
Using ProcMon, I get a buffer overflow here:
RegQueryValue HKU \ S-1-5-21-448539723-854245398-1957994488-1005 \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Folders Folders \ Cache BUFFER OVERFLOW Length: 144
What does it mean?
Jason source
share