Friday, July 19, 2013

unexpected precompiled header, simply rerunning the compiler might fix this problem

This post is about Microsoft's answer to the IT Crowd and their "did you try turning it off and on" running gag.

For years, we (at work) have been plagued with this particular error that seemed to happen spontaneously, hang around for a while then disappear, and today (with the help of Google) I've been able to track down an actual answer.

Microsoft explains the embarrassing truth here.

In a nutshell, precompiled headers are implemented cheaply as a straight memory dump complete with physical memory addresses.  When the compiler subsequently tries to read them back, ASLR has potentially scrambled it's little brain.

There are lots of fixes mentioned around the net, of varying levels of quality and security.  Microsoft has a hotfix but it only solves the problem for Visual Studio installs - we build using the Platform SDK.

For me, the sanest approach was:
  • download and install EMET from here
  • use EMET to disable "MandatoryASLR" and "BottomUpASLR" on the C compiler (cl.exe)
This leaves you with ASLR enabled for everything but the C compiler which doesn't cope.

Note, this has no impact on the output of the compiler - your programs will still be ASLR-enabled or not, depending on what switches you pass on the command line.  All we are doing here is fixing the actual compiler itself...

I hoped I'd never have to revisit this post, but today I had to. Looks like EMET can cause quite a bit of damage when you run it.

I tried using EMET 5.2 and it did resolve my problems with the C compiler.  As collateral damage, however, it took out Microsoft Office, AutoCAD 2011-2016, and even Internet Explorer.  Every one of them reported a vanilla error message "Attempt to access invalid address".

This looked to me to be related to either Data Execution Protection or perhaps to ASLR.  However, even though I completely disabled both of those features (through EMET), it didnt' help.  I've restarted so many times today you would not believe it.  Uninstalling EMET changed nothing.  I sat and manually uninstalled every Windows Update that had been applied in the last 48 hours and still no joy.

Eventually this post on the Microsoft Forums pointed me at an obscure registry entry and lo, it fixed the problem.  It would appear that EMET automatically puts in registry entries when it is installed, and does not remove them when it is uninstalled (no surprise there).

So, the fix was to go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

and locate the application I was trying to use.  I removed the troublesome keys and voila, my apps work again.  (Actually, for many, I just removed the value for MitigationOptions which was 0x0000100)

Note: this is not something that you should attempt lightly.  No warranty implied or assumed.

Take Three.

It looks like the damage that EMET does is like herpes.  Every time I update Microsoft Office (ie, apply office updates), I need to go back in and patch up the registry settings again.  No idea why.  This must be that "my PC is so broken it needs to be reformatted and start again" that everyone talked about in the 80s.

No comments:

Post a Comment