In my application I introduced AV thru code and getting a proper report. But, when I introduce AV using ThreadHijacker, GetModuleHandleExW() is unable to find the module handle. Report looks like as shown below.

Problem Event Name: APPCRASH

Application Name: Appln.exe

Application Version:

Application Timestamp: 46b0270c

Fault Module Name: unknown

Fault Module Version:

Fault Module Timestamp: 0

Exception Code: c0000005

Exception Offset: 284D0005

OS Version: 6.0.6000.

Locale ID: 1033

As you can see Fault module name is unknown. Following function call has to return me proper module handle; but unable to do that.



hModule returned is null and error code returned is 126, which means unable to find the module.

Same API call returns me proper fault module handle, if AV introduced thru change in code.

Did anyone of you face similar scenario If so how did you overcome this Please, suggest.



Re: ThreadHijacker and WER report


Hi Dhon,

Threadhijacker can inject crashes at random IP addresses and it is possible that there are no modules loaded at that address where the crash was injected. It is not guranteed that Threadhijacker will always introduce a crash so that there is a valid module at that address.


Re: ThreadHijacker and WER report


Thanks Kinshu, for the explaination.

In the mean time, I introduced AV to Microsoft Word and observed the same in WER report. So, nothing wrong in my code, atleast.