CreateProcess on notepad.exe fails due to a crash in ApiSetHost.AppExecutionAlias.dll
Hi guys,
First time I do a question here so hope it is in the right format. We have encountered a problem in which when calling CreateProcess() on notepad.exe fails due to a crash in ApiSetHost.AppExecutionAlias.dll.
While have a couple of settings in the STARTUPINFO, it also fails randomly with the most basic of examples like the example underneath. Note that both the PROCESS_INTOFMATION and STARTUPINFO are nicely Zero'ed as per Microsoft doc. (The program has been in production for a very long time.)
CreateProcessA(NULL, "notepad.exe",
NULL, NULL, // process security
FALSE, // inherit file handles
NORMAL_PRIORITY_CLASS|CREATE_SUSPENDED, // process priority
NULL, // environment (inherits)
NULL, // current directory
&sStartupInfo,
&sProcessInfo);
So the issue that we are having is that 4 out of 10 times or so CreateProcess will fail and GetLastError will be set to either INVALID_PARAMETER or ERROR_SXS_CANT_GEN_ACTCTX. This seems to occur at random as far as I can see.
Running it with the debugger we can also see the crash in the log:
'OrderMobile64.exe' (Win32): Loaded 'C:\Windows\System32\ApiSetHost.AppExecutionAlias.dll'.
onecore\base\appmodel\appexecutionalias\lib\reparsepoints.cpp(352)\apisethost.appexecutionalias.dll!00007FFFEBFD20A6: (caller: 00007FFFEBFCFB6C) Exception(1) tid(4cc4) 80070002 The system cannot find the file specified.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: wil::ResultException at memory location 0x0000000000148CE0.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
onecore\base\appmodel\appexecutionalias\lib\appexecutionaliasapis.cpp(158)\apisethost.appexecutionalias.dll!00007FFFEBFD7E14: (caller: 00007FFFEBFD009F) ReturnHr(1) tid(4cc4) 80070002 The system cannot find the file specified.
Msg:[onecore\base\appmodel\appexecutionalias\lib\reparsepoints.cpp(352)\apisethost.appexecutionalias.dll!00007FFFEBFD20A6: (caller: 00007FFFEBFCFB6C) Exception(1) tid(4cc4) 80070002 The system cannot find the file specified.
]
onecore\base\appmodel\appexecutionalias\lib\appexecutionaliasdata.cpp(103)\apisethost.appexecutionalias.dll!00007FFFEBFD0501: (caller: 00007FFFEBFC5E0C) Exception(2) tid(4cc4) 80070002 The system cannot find the file specified.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: wil::ResultException at memory location 0x00000000001490B0.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
While I off course expect other programs will have this as well, running a program like ProcessMonitor or others seems to work fine as far as I could test. But notepad.exe specifically seems to have this issue fairly persistent.
We have switched out Windows SDKs, switched in between V141-V143 to see whether that might make a change but it does not. Anybody who might be able to help?
Sincerely,
System Information report written at: 10/22/24 12:02:32
[System Summary]
Item Value
OS Name Microsoft Windows 11 Pro
Version 10.0.22631 Build 22631
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model Latitude 5521
System Type x64-based PC
System SKU 0A67
Processor 11th Gen Intel(R) Core(TM) i7-11850H @ 2.50GHz, 2496 Mhz, 8 Core(s), 16 Logical Processor(s)
BIOS Version/Date Dell Inc. 1.32.0, 05/08/2024
SMBIOS Version 3.2
Embedded Controller Version 255.255
BIOS Mode UEFI
BaseBoard Manufacturer Dell Inc.
BaseBoard Product 0CWP5J
BaseBoard Version A00
Platform Role Mobile
Secure Boot State On
PCR7 Configuration Elevation Required to View
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "10.0.22621.2506"
Username Not Available
Time Zone W. Europe Summer Time
Installed Physical Memory (RAM) 48,0 GB
Total Physical Memory 47,7 GB
Available Physical Memory 29,3 GB
Total Virtual Memory 50,7 GB
Available Virtual Memory 32,0 GB
Page File Space 3,00 GB
Page File C:\pagefile.sys
Kernel DMA Protection On
Virtualisation-based security Running
Virtualisation-based security required security properties
Virtualisation-based security available security properties Base Virtualisation Support, Secure Boot, DMA Protection, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control, APIC Virtualisation
Virtualisation-based security services configured
Virtualisation-based security services running
Windows Defender Application Control policy Enforced
Windows Defender Application Control user mode policy Off
Device Encryption Support Elevation Required to View
A hypervisor has been detected. Features required for Hyper-V will not be displayed.