Troubleshooting Internal Error in the .NET Runtime

Question

Several weeks ago, my company laptop started having some strange problems. I could no longer launch the Microsoft Developer Web Server (via Visual Studio->Debug). I later figured out that I couldn't execute any .NET application.

In speaking with Microsoft CLR specialist after reviewing my dmp files, he said

1. When loaded into your process, 8 bytes at offset 0×168 into the .exe files are being set to 0. This is the issue that is causing the CLR to fail. These bits are set correctly in the file you provided to me.

2. C:\Windows\System32\Detoured.dll is loaded into the process. This means to me that the detours library is being used on your machine to modify the behavior of these processes.

I have also figured out that when I boot into Safe Mode, then everything works.

Also, I've figured out that if I right click on an .NET executable, and choose "Run As" and enter my currently logged in user's credentials, then the application works. It just doesn't work, if I just double click on the app.

There's lots of system event messages and Dr. Watson type errors. Here's a few that I get:

When launching MS Developer Web Server from withing Visual Studio, the Message box pop-up says:

WebDev.WebServer40.exe has encountered a problem and needs
to close. We are sorry for the inconvenience.

VSHost system event log entries:

Event 1:
Application: MyWebSite.vshost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error
in the .NET Runtime at IP 791A8BBD (79140000) with exit code 80131506.

Event 2:
Faulting application MyWebSite.vshost.exe, version 10.0.30319.1, 
stamp 4ba2084b, faulting module clr.dll, version 4.0.30319.1, 
stamp 4ba1d9ef, debug? 0, fault address 0x00068bbd.

System event log entries for running third-party apps:

Source: Application Popup
Description: Application popup: #APPNAME#.exe – Application Error : The 
application failed to initialize properly (0xc000007b). Click on OK to terminate 
the application.

Applications that I've built that uses .NET v4 Framework system event logs say:

Source: .NET Runtime
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the 
.NET Runtime at IP 791A8BBD (7914000) with exit code 80131506.

Applications that I've built that uses .NET v2 Framework system event logs say:

Source: .NET Runtime
Description: .NET Runtime version 2.0.50727.3053 – Fatal Execution 
Engine Error (7A097706) (80131506)

Here's more details on my blog.

How can I figure out which process is causing the problem and then fix the computer?

Answer 1

There's a DLL that is getting loaded into the process that is messing up the process state. Detours is a Microsoft library designed to patch a Windows API call and alter its behavior. Could be malicious but they wouldn't normally leave a trace like that behind. Using a restore point is an obvious way to get rid of it. Renaming the detoured.dll file ought to take the sting out of that DLL. And an unmanaged debugger like Windbug ought to show you what that DLL might be.

Ask more questions about this at superuser.com, this doesn't qualify as a programming question.

Answer 2

Moved to SuperUser

http://superuser.com/questions/194623/how-to-resolve-internal-errors-in-the-net-runtime