6

One colleague of mine has troubles during the DllMain Detach process. His bug seems not to appear in all cases, but fairly often.

While trying to help him, I kind of remembered of some usage limitations during the DllMain Attach and Detach process, but I am not sure I remember well since it was 2 year old technical discussions and it was not me working on thoses termination issues.

Namely I kind of remember that we should:

  • Avoid using new and delete operator and prefer HGLOBAL memory allocation
  • Avoid dealing with thread terminations here.

Could you correct me if I am wrong, explain me if ever, or point to a technical article that would deal with these issues.

Stephane Rolland
  • 38,876
  • 35
  • 121
  • 169
  • Summary: Do not put anything in DllMain that involves any DLLs including Windows DLLs. At first glance Kernel32.dll is safe, but upon deeper inspection, even it's calls are not guaranteed to be safe. – Mooing Duck Feb 25 '14 at 22:44
  • HGLOBAL/HLOCAL doesn't matter. Microsoft even says so (under remarks): https://msdn.microsoft.com/en-us/library/windows/desktop/aa366574(v=vs.85).aspx -- "Therefore, the GlobalAlloc and LocalAlloc functions are essentially the same." – Droopy Mar 01 '17 at 08:03

3 Answers3

8

Avoid calling LoadLibrary and related APIs.

In addition to Steve's link, here are some good relevant posts from Raymond Chen's The Old New Thing:

X. Liu
  • 1,070
  • 11
  • 30
sean e
  • 11,792
  • 3
  • 44
  • 56
  • While this links may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. p.s. And even some evil people downvote for links – Konstantin Burlachenko Feb 28 '17 at 20:01
3

Most problems arise due to conflicts over the loader lock. DllMain should not be long-running, or use locks if it's avoidable.

Good background here.

Steve Townsend
  • 53,498
  • 9
  • 91
  • 140
1

Find documents with topics

[1] "Dll Main Entry Point"

[2] "Constraints of Delay Loading DLLs"

[3] "Dynamic-Link Library Best Practices"

[4] Jefrey Richter, Windows via C++, chapter 20.

(Sorry, I can not give URL references due to stackoverflow policy)

Summary

  1. Maybe other DllMain have already been executed, maybe not. Don't call functions from other DLL's

  2. Don't call the following things: "FreeLibrary/LoadLibrary/CreateProcess/ExitThread/GetStringType"

  3. Don't call functions from User32.dll, Gdi32.dll

  4. If CRT is not initialized don't use memory management functions from it (my opinion that is restricted only for initialization phase)

  5. You should understand in which thread context you are from documentation.

  6. It is legal to do the following: Create and initialize synchronization objects. Open, read from, and write to files.

Konstantin Burlachenko
  • 5,233
  • 2
  • 41
  • 40
  • What do you mean you cannot give URL reference due to stackoverflow policy ? I don't think I have ever I read such a remark on the SO site ?! – Stephane Rolland Feb 28 '17 at 23:02
  • I have been banned 3 times due to it, people who downvote a lot said me about it. They didn't give any reference as I remember. – Konstantin Burlachenko Mar 01 '17 at 11:06
  • I also can't find any restrictions here (http://stackoverflow.com/help/answering), but somewhere it was a text which describes that over the time links tend to be broking. E.g. in this article: https://blogs.msdn.microsoft.com/oldnewthing/20040127-00/?p=40873 first two links are broken. – Konstantin Burlachenko Mar 01 '17 at 11:13
  • Okay I understand. In fact, we should avoid link only answers. Because over time links tend to be broken. But in this case you gave a little sum up of the content of the link, so it is ok. The longer the explanation, the better :-). In this case, though brief, there's a little sum up of the content of the link so it's ok for me, and I think it will be ok for other members of the site. Please, edit your answer and insert links: they DO add value. And when they get broken, your summary will still be here. You could also invert and put the summary first, then guide us to the relevant links. – Stephane Rolland Mar 01 '17 at 15:45