Share via

CreateProcess on notepad.exe fails due to a crash in ApiSetHost.AppExecutionAlias.dll

Bram Nijenkamp 0 Reputation points
2024-10-22T10:03:03.6033333+00:00

Hi guys,

First time I do a question here so hope it is in the right format. We have encountered a problem in which when calling CreateProcess() on notepad.exe fails due to a crash in ApiSetHost.AppExecutionAlias.dll.

While have a couple of settings in the STARTUPINFO, it also fails randomly with the most basic of examples like the example underneath. Note that both the PROCESS_INTOFMATION and STARTUPINFO are nicely Zero'ed as per Microsoft doc. (The program has been in production for a very long time.)

    CreateProcessA(NULL, "notepad.exe",
        NULL, NULL,               // process security
        FALSE,                     // inherit file handles
        NORMAL_PRIORITY_CLASS|CREATE_SUSPENDED,    // process priority
        NULL,                     // environment (inherits)
        NULL,                     // current directory
        &sStartupInfo,
        &sProcessInfo);

So the issue that we are having is that 4 out of 10 times or so CreateProcess will fail and GetLastError will be set to either INVALID_PARAMETER or ERROR_SXS_CANT_GEN_ACTCTX. This seems to occur at random as far as I can see.

Running it with the debugger we can also see the crash in the log:

'OrderMobile64.exe' (Win32): Loaded 'C:\Windows\System32\ApiSetHost.AppExecutionAlias.dll'.
onecore\base\appmodel\appexecutionalias\lib\reparsepoints.cpp(352)\apisethost.appexecutionalias.dll!00007FFFEBFD20A6: (caller: 00007FFFEBFCFB6C) Exception(1) tid(4cc4) 80070002 The system cannot find the file specified.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: wil::ResultException at memory location 0x0000000000148CE0.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
onecore\base\appmodel\appexecutionalias\lib\appexecutionaliasapis.cpp(158)\apisethost.appexecutionalias.dll!00007FFFEBFD7E14: (caller: 00007FFFEBFD009F) ReturnHr(1) tid(4cc4) 80070002 The system cannot find the file specified.
    Msg:[onecore\base\appmodel\appexecutionalias\lib\reparsepoints.cpp(352)\apisethost.appexecutionalias.dll!00007FFFEBFD20A6: (caller: 00007FFFEBFCFB6C) Exception(1) tid(4cc4) 80070002 The system cannot find the file specified.
] 
onecore\base\appmodel\appexecutionalias\lib\appexecutionaliasdata.cpp(103)\apisethost.appexecutionalias.dll!00007FFFEBFD0501: (caller: 00007FFFEBFC5E0C) Exception(2) tid(4cc4) 80070002 The system cannot find the file specified.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: wil::ResultException at memory location 0x00000000001490B0.
Exception thrown at 0x00007FF8042FFE4C in OrderMobile64.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.

While I off course expect other programs will have this as well, running a program like ProcessMonitor or others seems to work fine as far as I could test. But notepad.exe specifically seems to have this issue fairly persistent.

We have switched out Windows SDKs, switched in between V141-V143 to see whether that might make a change but it does not. Anybody who might be able to help?

Sincerely,

System Information report written at: 10/22/24 12:02:32
[System Summary]

Item	Value	
OS Name	Microsoft Windows 11 Pro	
Version	10.0.22631 Build 22631	
Other OS Description 	Not Available	
OS Manufacturer	Microsoft Corporation	
System Manufacturer	Dell Inc.	
System Model	Latitude 5521	
System Type	x64-based PC	
System SKU	0A67	
Processor	11th Gen Intel(R) Core(TM) i7-11850H @ 2.50GHz, 2496 Mhz, 8 Core(s), 16 Logical Processor(s)	
BIOS Version/Date	Dell Inc. 1.32.0, 05/08/2024	
SMBIOS Version	3.2	
Embedded Controller Version	255.255	
BIOS Mode	UEFI	
BaseBoard Manufacturer	Dell Inc.	
BaseBoard Product	0CWP5J	
BaseBoard Version	A00	
Platform Role	Mobile	
Secure Boot State	On	
PCR7 Configuration	Elevation Required to View	
Windows Directory	C:\WINDOWS	
System Directory	C:\WINDOWS\system32	
Boot Device	\Device\HarddiskVolume1	
Locale	United States	
Hardware Abstraction Layer	Version = "10.0.22621.2506"	
Username	Not Available	
Time Zone	W. Europe Summer Time	
Installed Physical Memory (RAM)	48,0 GB	
Total Physical Memory	47,7 GB	
Available Physical Memory	29,3 GB	
Total Virtual Memory	50,7 GB	
Available Virtual Memory	32,0 GB	
Page File Space	3,00 GB	
Page File	C:\pagefile.sys	
Kernel DMA Protection	On	
Virtualisation-based security	Running	
Virtualisation-based security required security properties		
Virtualisation-based security available security properties	Base Virtualisation Support, Secure Boot, DMA Protection, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control, APIC Virtualisation	
Virtualisation-based security services configured		
Virtualisation-based security services running		
Windows Defender Application Control policy	Enforced	
Windows Defender Application Control user mode policy	Off	
Device Encryption Support	Elevation Required to View	
A hypervisor has been detected. Features required for Hyper-V will not be displayed.
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,659 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,636 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,743 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,745 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.