Episode

Access Violation C0000005

An Access Violation is a type of Exception caused when an application Reads, Writes or Executes an invalid Memory Address.

The Exception Code is 0xC0000005

The first Exception Parameter (0) is the type of the violation; Read (0), Write (1) or Execute (8)

The second Exception Parameter (1) is the address of the violation.

Follow these steps when debugging these issues with the Debugging Tools for Windows:

  1. .exr -1
    • Exception Code
    • Parameter[0] - Read (0), Write (1), Execute (8)
    • Parameter[1] - Address
  2. .ecxr
    • Register values at the Access Violation
    • Assembler instruction
      • Read - look at the expression on the right of the comma
      • Write - look at the expression on the left of the comma
      • Execute - look at the address of expression
  3. k
    • View the Call Stack at the Access Violation

The memory address may be invalid because of one of these common scenarios:

  • NULL Pointer - addresses between 0x0 and 0x10000 (64K) - e.g. a function that usually returns a pointer returned NULL (0x0), and the pointer was accessed without verification
  • Memory Corruption - the address was mistakenly or maliciously overwritten - commonly via a buffer overrun (or underrun)
  • Use-After-Free - the address was valid, but is now being accessed after it is freed (data) or unloaded (code)
  • Bit-Flip - RAM (hardware) issue where one or more bits have flipped (rare)

For Read or Write issues, refer to the Read or Write episode.
For Execute issues, refer to the Execute episode.

Note that CLR applications with throw a System.NullReferenceException exception instead of an Access Violation exception when the address is between 0x0 and 0x10000 (64K).

Additional Resources: