June 28, 2026

Crash blame game goes full whodunit

Article URL →HN comments →

DLL that was not present in memory despite not being formally unloaded

A mystery crash blamed the wrong team, and the comments turned it into a detective drama

TLDR: A wave of crashes looked like Windows’ fault, but the investigation found the blamed team was actually the victim of a hidden unload bug elsewhere. Commenters turned it into a full detective saga, praising the sleuthing, joking about software chaos, and wondering how anyone gets support deep enough to solve this stuff.

This bug report came in looking like a classic corporate finger-pointing mess: a flood of app crashes seemed to point straight at Windows’ shell team. But after a forensic-level deep dive through an absurdly long crash trail, the plot twisted hard. The team realized they were being framed by a ghostly software failure: the program was acting like a file from Windows was still around, even though something had secretly yanked it out from under the system. Result: the app spiraled into a repeated self-destruct loop until it finally crashed.

And honestly? The comment section loved the chaos. One of the strongest reactions came from readers marveling at the sheer detective work it took to uncover what one commenter called a near-heisenbug—the kind of glitch that seems to change shape when you look at it. Another commenter dropped the bleakest, funniest summary imaginable: the innocent team is cleared, but nobody knows who actually did it. According to the crowd, that’s not a twist; that’s basically the entire history of software development.

There was also a lot of awe. Some readers admitted posts like this are a humbling reminder of how deep and weird computers really are. Others jokingly asked what kind of mythical Microsoft support package you’d need to get a legend like Raymond Chen on your case. In other words: half the crowd was eating popcorn for the mystery, and the other half was having an existential crisis about debugging.

Key Points

  • Crash dumps showed a repeating sequence of `RtlLookupFunctionEntry`, `RtlDispatchException`, and `KiUserExceptionDispatch`, indicating recursive exception handling.
  • The recursion occurred because an exception was reflected to user mode and another exception happened while the runtime was determining which handler to invoke.
  • The repeated exception loop eventually exhausted the stack and terminated the process with a stack overflow exception.
  • Although the bug was assigned to shell32.dll, the deeper stack trace showed shell32 was executing `dllmain` process-detach code during shutdown.
  • The shutdown stack included ntdll loader routines, `ExitProcessImplementation`, and CLR shutdown functions, indicating shell32 was not necessarily the root cause.

Hottest takes

"The story of software development through the ages." — zabzonk
"some doggedly determined back tracing to uncover an unexpected heisenbug" — defrost
"What MSFT support policy do you need to have the legendary Raymond Chen take a look at it?" — rwmj

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.
DLL that was not present in memory despite not being formally unloaded - Weaving News | Weaving News