Skip to content

Instantly share code, notes, and snippets.

@deadlydog
Last active March 10, 2022 04:35
Show Gist options
  • Save deadlydog/5e80fb5ebfc1d26720274beb0ba3792b to your computer and use it in GitHub Desktop.
Save deadlydog/5e80fb5ebfc1d26720274beb0ba3792b to your computer and use it in GitHub Desktop.
Paste this into the PowerShell command line and you'll get an odd `An error occurred while creating the pipeline` error. Remove one "d" from the end and you'll get the expected `Get-Something is not recognized as a name of a cmdlet` error. This info is related to this tweet: https://twitter.com/deadlydog/status/1500295904615702531?s=20&t=7XvHRhT…
Get-Something dslkfjds lkjfdsl jflkdsfljdsalkf dslkf jlkdsjf lkdsj fljds lkf jdsalkf dslkfj dslfj lkdsjf ldskj flkds jflkjds lkf jdslfk jdsalkf jds jflkds jflkdsjflkds flkjdsflk jdslkf lkdsjflkdsj fljds lkf jdslfj sldjf kds flk jdsfl dsf dsljf ds jfhds lf jdsjf dsljflkds jfsjldsj fl jdsflkjdsflkjds dsfadsf dd
@deadlydog
Copy link
Author

Here's what Get-Error shows in PowerShell 7.2.1 after the error is encountered

PS>Get-Error

Type           : System.Management.Automation.RuntimeException
ErrorRecord    : 
    Exception             : 
        Type    : System.Management.Automation.ParentContainsErrorRecordException
        Message : An error occurred while creating the pipeline.
        HResult : -2146233087
    CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    FullyQualifiedErrorId : RuntimeException
TargetSite     : 
    Name          : Invoke
    DeclaringType : System.Management.Automation.Runspaces.PipelineBase, System.Management.Automation,
Version=7.2.1.500, Culture=neutral, PublicKeyToken=31bf3856ad364e35
    MemberType    : Method
    Module        : System.Management.Automation.dll
Message        : An error occurred while creating the pipeline.
InnerException : 
    Type       : System.Runtime.InteropServices.SEHException
    ErrorCode  : -2147467259
    TargetSite : 
        Name          : AmsiScanBuffer
        DeclaringType : System.Management.Automation.AmsiUtils+AmsiNativeMethods, System.Management.Automation,
Version=7.2.1.500, Culture=neutral, PublicKeyToken=31bf3856ad364e35
        MemberType    : Method
        Module        : System.Management.Automation.dll
    Message    : External component has thrown an exception.
    Source     : System.Management.Automation
    HResult    : -2147467259
    StackTrace : 
   at System.Management.Automation.AmsiUtils.AmsiNativeMethods.AmsiScanBuffer(IntPtr amsiContext, IntPtr buffer,
UInt32 length, String contentName, IntPtr amsiSession, AMSI_RESULT& result)
   at System.Management.Automation.AmsiUtils.WinScanContent(String content, String sourceMetadata, Boolean warmUp)
   at System.Management.Automation.CompiledScriptBlockData.PerformSecurityChecks()
   at System.Management.Automation.CompiledScriptBlockData.ReallyCompile(Boolean optimize)
   at System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()
   at System.Management.Automation.CompiledScriptBlockData.Compile(Boolean optimized)
   at System.Management.Automation.DlrScriptCommandProcessor.Init()
   at System.Management.Automation.DlrScriptCommandProcessor..ctor(ScriptBlock scriptBlock, ExecutionContext context,
Boolean useNewScope, CommandOrigin origin, SessionStateInternal sessionState, Object dollarUnderbar)
   at System.Management.Automation.Runspaces.Command.CreateCommandProcessor(ExecutionContext executionContext, Boolean
addToHistory, CommandOrigin origin)
   at System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
Source         : System.Management.Automation
HResult        : -2146233087
StackTrace     : 
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.Runspaces.Pipeline.Invoke()
   at Microsoft.PowerShell.Executor.ExecuteCommandHelper(Pipeline tempPipeline, Exception& exceptionThrown,
ExecutionOptions options)

@deadlydog
Copy link
Author

Following this guide I used WinDbg Preview to get the following stack info when the error is thrown:


Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
ModLoad: 00007ff7`a8ac0000 00007ff7`a8b0a000   C:\Program Files\PowerShell\7\pwsh.exe
ModLoad: 00007ffb`66150000 00007ffb`66345000   C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`65b40000 00007ffb`65bfe000   C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffb`63950000 00007ffb`63c18000   C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffb`65c10000 00007ffb`65db0000   C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ffb`64170000 00007ffb`64192000   C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ffb`65050000 00007ffb`6507b000   C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ffb`63cb0000 00007ffb`63dbd000   C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ffb`63dc0000 00007ffb`63e5d000   C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ffb`64070000 00007ffb`64170000   C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffb`641a0000 00007ffb`648e4000   C:\WINDOWS\System32\SHELL32.dll
ModLoad: 00007ffb`64fa0000 00007ffb`6504e000   C:\WINDOWS\System32\ADVAPI32.dll
ModLoad: 00007ffb`65290000 00007ffb`6532e000   C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ffb`648f0000 00007ffb`6498c000   C:\WINDOWS\System32\sechost.dll
ModLoad: 00007ffb`657b0000 00007ffb`658d5000   C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffb`65670000 00007ffb`656a0000   C:\WINDOWS\System32\IMM32.DLL
ModLoad: 00007ffb`16c70000 00007ffb`16ccf000   C:\Program Files\PowerShell\7\hostfxr.dll
ModLoad: 00007ffb`10f90000 00007ffb`10ff3000   C:\Program Files\PowerShell\7\hostpolicy.dll
ModLoad: 00007ffa`b7840000 00007ffa`b7d3c000   C:\Program Files\PowerShell\7\coreclr.dll
ModLoad: 00007ffb`658e0000 00007ffb`65a0a000   C:\WINDOWS\System32\ole32.dll
ModLoad: 00007ffb`65db0000 00007ffb`66105000   C:\WINDOWS\System32\combase.dll
ModLoad: 00007ffb`64e70000 00007ffb`64f3d000   C:\WINDOWS\System32\OLEAUT32.dll
ModLoad: 00007ffb`63c20000 00007ffb`63ca2000   C:\WINDOWS\System32\bcryptPrimitives.dll
ModLoad: 00007ffa`b6e20000 00007ffa`b7840000   C:\Program Files\PowerShell\7\System.Private.CoreLib.dll
ModLoad: 00007ffa`dc390000 00007ffa`dc4f2000   C:\Program Files\PowerShell\7\clrjit.dll
ModLoad: 00007ffb`620d0000 00007ffb`620e2000   C:\WINDOWS\SYSTEM32\kernel.appcore.dll
ModLoad: 00007ffb`2c960000 00007ffb`2c984000   C:\Program Files\PowerShell\7\pwsh.dll
ModLoad: 0000020e`c36f0000 0000020e`c36fe000   C:\Program Files\PowerShell\7\System.Runtime.dll
ModLoad: 00007ffa`e62d0000 00007ffa`e6362000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.ConsoleHost.dll
ModLoad: 00007ffa`a7790000 00007ffa`a8a94000   C:\Program Files\PowerShell\7\System.Management.Automation.dll
ModLoad: 0000020e`c3700000 0000020e`c3708000   C:\Program Files\PowerShell\7\System.Threading.Thread.dll
ModLoad: 00007ffb`63920000 00007ffb`63947000   C:\WINDOWS\System32\BCrypt.dll
ModLoad: 00007ffb`13ba0000 00007ffb`13dce000   C:\WINDOWS\SYSTEM32\icu.dll
ModLoad: 00007ffb`3c610000 00007ffb`3c61d000   C:\Program Files\PowerShell\7\System.Runtime.InteropServices.dll
ModLoad: 00007ffb`38480000 00007ffb`38493000   C:\Program Files\PowerShell\7\System.Threading.dll
ModLoad: 00007ffb`19c40000 00007ffb`19c87000   C:\Program Files\PowerShell\7\System.Diagnostics.Process.dll
ModLoad: 00007ffa`e6dc0000 00007ffa`e6e41000   C:\Program Files\PowerShell\7\System.Text.RegularExpressions.dll
ModLoad: 00007ffb`19b80000 00007ffb`19bc0000   C:\Program Files\PowerShell\7\System.Collections.dll
ModLoad: 00007ffb`16b90000 00007ffb`16bcc000   C:\Program Files\PowerShell\7\System.Collections.Concurrent.dll
ModLoad: 0000020e`c3820000 0000020e`c382a000   C:\Program Files\PowerShell\7\System.Xml.ReaderWriter.dll
ModLoad: 00007ffa`a9040000 00007ffa`a9859000   C:\Program Files\PowerShell\7\System.Private.Xml.dll
ModLoad: 0000020e`c3830000 0000020e`c3838000   C:\Program Files\PowerShell\7\System.Text.Encoding.Extensions.dll
ModLoad: 00007ffa`ce4f0000 00007ffa`ce89e000   C:\Program Files\PowerShell\7\System.Linq.Expressions.dll
ModLoad: 00007ffb`2c860000 00007ffb`2c88a000   C:\Program Files\PowerShell\7\System.Memory.dll
ModLoad: 00007ffa`e2710000 00007ffa`e27dd000   C:\Program Files\PowerShell\7\System.Management.dll
ModLoad: 00007ffb`38440000 00007ffb`38452000   C:\Program Files\PowerShell\7\System.ComponentModel.Primitives.dll
ModLoad: 00007ffb`08ae0000 00007ffb`08b56000   C:\Program Files\PowerShell\7\System.Security.Cryptography.X509Certificates.dll
ModLoad: 00007ffb`35860000 00007ffb`35876000   C:\Program Files\PowerShell\7\Microsoft.Win32.Registry.dll
ModLoad: 00007ffb`348a0000 00007ffb`348b7000   C:\Program Files\PowerShell\7\System.Security.Cryptography.Encoding.dll
ModLoad: 00007ffb`25a20000 00007ffb`25a41000   C:\Program Files\PowerShell\7\System.Security.Cryptography.Primitives.dll
ModLoad: 00007ffb`16640000 00007ffb`16674000   C:\Program Files\PowerShell\7\System.Net.Primitives.dll
ModLoad: 00007ffb`11330000 00007ffb`11366000   C:\Program Files\PowerShell\7\System.Runtime.Numerics.dll
ModLoad: 00007ffa`dc250000 00007ffa`dc2d6000   C:\Program Files\PowerShell\7\System.Net.Mail.dll
ModLoad: 00007ffb`0de60000 00007ffb`0deaa000   C:\Program Files\PowerShell\7\Microsoft.Management.Infrastructure.dll
ModLoad: 00007ffa`cd920000 00007ffa`cdae5000   C:\Program Files\PowerShell\7\Newtonsoft.Json.dll
ModLoad: 0000020e`c3840000 0000020e`c385c000   C:\Program Files\PowerShell\7\netstandard.dll
ModLoad: 00007ffb`24c10000 00007ffb`24c34000   C:\Program Files\PowerShell\7\System.Net.NetworkInformation.dll
ModLoad: 00007ffb`3c470000 00007ffb`3c478000   C:\Program Files\PowerShell\7\System.Runtime.InteropServices.RuntimeInformation.dll
ModLoad: 00007ffa`cc030000 00007ffa`cc134000   C:\Program Files\PowerShell\7\System.DirectoryServices.dll
ModLoad: 00007ffa`cbdf0000 00007ffa`cbea5000   C:\Program Files\PowerShell\7\System.ComponentModel.TypeConverter.dll
ModLoad: 00007ffb`48150000 00007ffb`48169000   C:\WINDOWS\SYSTEM32\amsi.dll
ModLoad: 00007ffb`0ff30000 00007ffb`0ff64000   C:\Program Files\PowerShell\7\System.Security.AccessControl.dll
ModLoad: 00007ffb`63760000 00007ffb`6378e000   C:\WINDOWS\SYSTEM32\USERENV.dll
ModLoad: 00007ffb`317c0000 00007ffb`317d6000   C:\Program Files\PowerShell\7\System.ObjectModel.dll
ModLoad: 00007ffb`637a0000 00007ffb`637bf000   C:\WINDOWS\SYSTEM32\profapi.dll
ModLoad: 00007ffa`fe210000 00007ffa`fe24e000   C:\Program Files\PowerShell\7\System.Private.Uri.dll
ModLoad: 00007ffb`48070000 00007ffb`48146000   C:\Program Files\Cisco\AMP\scriptid\damsicom64.dll
ModLoad: 00007ffb`61630000 00007ffb`61dc4000   C:\WINDOWS\SYSTEM32\windows.storage.dll
ModLoad: 00007ffb`631d0000 00007ffb`631fe000   C:\WINDOWS\SYSTEM32\Wldp.dll
ModLoad: 00007ffb`65430000 00007ffb`654dd000   C:\WINDOWS\System32\SHCORE.dll
ModLoad: 00007ffb`64990000 00007ffb`649e5000   C:\WINDOWS\System32\shlwapi.dll
ModLoad: 00007ffa`fddf0000 00007ffa`fde3e000   C:\Program Files\PowerShell\7\System.Runtime.Serialization.Formatters.dll
ModLoad: 00007ffb`23e50000 00007ffb`23e71000   C:\Program Files\PowerShell\7\System.Diagnostics.TraceSource.dll
ModLoad: 00007ffa`d08c0000 00007ffa`d0942000   C:\Program Files\PowerShell\7\System.Linq.dll
ModLoad: 00007ffb`3c390000 00007ffb`3c397000   C:\Program Files\PowerShell\7\System.Runtime.Serialization.Primitives.dll
ModLoad: 00007ffa`b8720000 00007ffa`b89f8000   C:\Program Files\PowerShell\7\System.Data.Common.dll
ModLoad: 00007ffb`38350000 00007ffb`38355000   C:\Program Files\PowerShell\7\System.ComponentModel.dll
ModLoad: 0000020e`c3880000 0000020e`c3888000   C:\Program Files\PowerShell\7\System.Reflection.Emit.ILGeneration.dll
ModLoad: 0000020e`c3890000 0000020e`c3898000   C:\Program Files\PowerShell\7\System.Reflection.Emit.Lightweight.dll
ModLoad: 0000020e`c38a0000 0000020e`c38a8000   C:\Program Files\PowerShell\7\System.Reflection.Primitives.dll
ModLoad: 00007ffa`fcd80000 00007ffa`fcdb8000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.CoreCLR.Eventing.dll
ModLoad: 00007ffb`37250000 00007ffb`37257000   C:\Program Files\PowerShell\7\Microsoft.Win32.Primitives.dll
ModLoad: 00007ffb`63860000 00007ffb`638c9000   C:\WINDOWS\System32\WINTRUST.dll
ModLoad: 00007ffb`63f10000 00007ffb`64066000   C:\WINDOWS\System32\CRYPT32.dll
ModLoad: 00007ffb`63440000 00007ffb`63452000   C:\WINDOWS\SYSTEM32\MSASN1.dll
ModLoad: 00007ffb`63210000 00007ffb`63228000   C:\WINDOWS\SYSTEM32\CRYPTSP.dll
ModLoad: 00007ffb`628e0000 00007ffb`62914000   C:\WINDOWS\system32\rsaenh.dll
ModLoad: 00007ffb`63140000 00007ffb`6314c000   C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffb`62d80000 00007ffb`62d8c000   C:\WINDOWS\SYSTEM32\netutils.dll
ModLoad: 00007ffb`1bd30000 00007ffb`1bd56000   C:\Program Files\PowerShell\7\System.Console.dll
ModLoad: 00007ffb`1a240000 00007ffb`1a265000   C:\Program Files\PowerShell\7\System.Security.Principal.Windows.dll
ModLoad: 00007ffb`17500000 00007ffb`17517000   C:\Program Files\PowerShell\7\System.Security.Claims.dll
ModLoad: 00007ffb`5da20000 00007ffb`5dabe000   C:\WINDOWS\system32\uxtheme.dll
ModLoad: 00007ffa`b6d30000 00007ffa`b6e13000   C:\Program Files\PowerShell\7\Microsoft.ApplicationInsights.dll
ModLoad: 00007ffa`e55b0000 00007ffa`e560c000   C:\Program Files\PowerShell\7\System.Diagnostics.DiagnosticSource.dll
ModLoad: 0000020e`c38c0000 0000020e`c38c8000   C:\Program Files\PowerShell\7\System.Diagnostics.Tracing.dll
ModLoad: 00007ffb`17300000 00007ffb`17311000   C:\Program Files\PowerShell\7\System.IO.MemoryMappedFiles.dll
ModLoad: 00007ffa`cf570000 00007ffa`cf5d3000   C:\Program Files\PowerShell\7\System.Private.Xml.Linq.dll
ModLoad: 0000020e`c38d0000 0000020e`c38d8000   C:\Program Files\PowerShell\7\System.Xml.XDocument.dll
ModLoad: 00007ffb`16b70000 00007ffb`16b89000   C:\Program Files\PowerShell\7\System.Net.NameResolution.dll
ModLoad: 00007ffb`16840000 00007ffb`16862000   C:\Program Files\PowerShell\7\System.IO.Pipes.dll
ModLoad: 00007ffb`164e0000 00007ffb`164f8000   C:\Program Files\PowerShell\7\System.Collections.Specialized.dll
ModLoad: 00007ffb`62c70000 00007ffb`62cab000   C:\WINDOWS\SYSTEM32\iphlpapi.dll
ModLoad: 00007ffa`d7440000 00007ffa`d7494000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.Security.dll
ModLoad: 00007ffb`62cb0000 00007ffb`62d7b000   C:\WINDOWS\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffb`65a10000 00007ffb`65a18000   C:\WINDOWS\System32\NSI.dll
ModLoad: 00007ffb`13a20000 00007ffb`13a42000   C:\Program Files\PowerShell\7\System.Threading.Tasks.Parallel.dll
ModLoad: 00007ffb`34b20000 00007ffb`34b2a000   C:\Program Files\PowerShell\7\System.IO.FileSystem.DriveInfo.dll
ModLoad: 00007ffb`13af0000 00007ffb`13b09000   C:\Program Files\PowerShell\7\System.Collections.NonGeneric.dll
ModLoad: 00007ffb`125a0000 00007ffb`125b7000   C:\Program Files\PowerShell\7\System.IO.FileSystem.AccessControl.dll
ModLoad: 00007ffa`b6c50000 00007ffa`b6d25000   C:\Program Files\PowerShell\7\System.Text.Encoding.CodePages.dll
ModLoad: 00007ffb`5bdb0000 00007ffb`5bdc7000   C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
ModLoad: 00007ffb`0efd0000 00007ffb`0effa000   C:\Program Files\PowerShell\7\System.Security.Permissions.dll
ModLoad: 00007ffa`aba90000 00007ffa`abc47000   C:\Program Files\PowerShell\7\System.Net.Http.dll
ModLoad: 00007ffb`5bd90000 00007ffb`5bdad000   C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
ModLoad: 00007ffa`c9c90000 00007ffa`c9d36000   C:\Program Files\PowerShell\7\System.Net.Security.dll
ModLoad: 00007ffa`cbfb0000 00007ffa`cc02c000   C:\Program Files\PowerShell\7\System.Net.Sockets.dll
ModLoad: 00007ffb`5cdb0000 00007ffb`5cdbb000   C:\WINDOWS\SYSTEM32\WINNSI.DLL
ModLoad: 0000020e`c38e0000 0000020e`c38e8000   C:\Program Files\PowerShell\7\System.Threading.Overlapped.dll
ModLoad: 00007ffb`65330000 00007ffb`6539b000   C:\WINDOWS\System32\ws2_32.dll
ModLoad: 00007ffb`4a110000 00007ffb`4a127000   C:\WINDOWS\system32\napinsp.dll
ModLoad: 00007ffb`4a0f0000 00007ffb`4a10b000   C:\WINDOWS\system32\pnrpnsp.dll
ModLoad: 00007ffb`5c5a0000 00007ffb`5c5b5000   C:\WINDOWS\system32\wshbth.dll
ModLoad: 00007ffb`5d220000 00007ffb`5d23d000   C:\WINDOWS\system32\NLAapi.dll
ModLoad: 00007ffb`62fb0000 00007ffb`6301a000   C:\WINDOWS\System32\mswsock.dll
ModLoad: 00007ffb`45d20000 00007ffb`45d32000   C:\WINDOWS\System32\winrnr.dll
ModLoad: 0000020e`c3a60000 0000020e`c3a68000   C:\Program Files\PowerShell\7\System.Runtime.Loader.dll
ModLoad: 00007ffb`52d40000 00007ffb`52d4c000   C:\WINDOWS\SYSTEM32\secur32.dll
ModLoad: 00007ffb`63720000 00007ffb`63751000   C:\WINDOWS\SYSTEM32\SSPICLI.DLL
ModLoad: 00007ffb`44180000 00007ffb`4419d000   C:\WINDOWS\SYSTEM32\mpr.dll
ModLoad: 00007ffb`23e30000 00007ffb`23e4d000   C:\WINDOWS\System32\p9np.dll
ModLoad: 00007ffb`2b7f0000 00007ffb`2b7fb000   C:\WINDOWS\System32\drprov.dll
ModLoad: 00007ffb`62580000 00007ffb`625da000   C:\WINDOWS\System32\WINSTA.dll
ModLoad: 00007ffb`23e00000 00007ffb`23e21000   C:\WINDOWS\System32\ntlanman.dll
ModLoad: 00007ffb`23de0000 00007ffb`23dfe000   C:\WINDOWS\System32\davclnt.dll
ModLoad: 00007ffb`2b3f0000 00007ffb`2b3fd000   C:\WINDOWS\System32\DAVHLPR.dll
ModLoad: 00007ffb`62a00000 00007ffb`62a19000   C:\WINDOWS\System32\wkscli.dll
ModLoad: 00007ffb`429e0000 00007ffb`429f2000   C:\WINDOWS\SYSTEM32\cscapi.dll
ModLoad: 0000020e`c3a80000 0000020e`c3a88000   C:\Program Files\PowerShell\7\System.Threading.ThreadPool.dll
ModLoad: 00007ffb`620f0000 00007ffb`62113000   C:\WINDOWS\SYSTEM32\gpapi.dll
ModLoad: 00007ffb`656a0000 00007ffb`65719000   C:\WINDOWS\System32\coml2.dll
ModLoad: 00007ffb`55870000 00007ffb`558a1000   C:\WINDOWS\SYSTEM32\cryptnet.dll
ModLoad: 0000020e`e63c0000 0000020e`e6408000   C:\program files\powershell\7\Modules\PSReadLine\Microsoft.PowerShell.PSReadLine2.dll
ModLoad: 0000020e`e6410000 0000020e`e6422000   C:\Program Files\PowerShell\7\mscorlib.dll
ModLoad: 00007ffa`ab970000 00007ffa`aba85000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.Commands.Management.dll
ModLoad: 00007ffa`ab7e0000 00007ffa`ab96e000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.Commands.Utility.dll
ModLoad: 00007ffb`34220000 00007ffb`3422b000   C:\Program Files\PowerShell\7\Microsoft.PowerShell.MarkdownRender.dll
ModLoad: 00007ffa`aad80000 00007ffa`aae7f000   C:\Program Files\PowerShell\7\Microsoft.CSharp.dll
ModLoad: 0000020e`c3910000 0000020e`c3920000   C:\Program Files\PowerShell\7\System.dll
ModLoad: 0000020e`c3920000 0000020e`c392a000   C:\Program Files\PowerShell\7\System.Core.dll
ModLoad: 00007ffb`32450000 00007ffb`32459000   C:\Program Files\PowerShell\7\System.Diagnostics.StackTrace.dll
ModLoad: 00007ffa`e8f30000 00007ffa`e8f71000   C:\Program Files\PowerShell\7\System.IO.Compression.dll
ModLoad: 00007ffa`aacb0000 00007ffa`aad7c000   C:\Program Files\PowerShell\7\System.IO.Compression.Native.dll
ModLoad: 00007ffb`57e80000 00007ffb`57f8c000   C:\WINDOWS\SYSTEM32\winhttp.dll
ModLoad: 00007ffb`35610000 00007ffb`35617000   C:\WINDOWS\system32\wshunix.dll
ModLoad: 00007ffb`58800000 00007ffb`5880a000   C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffb`63600000 00007ffb`63634000   C:\WINDOWS\SYSTEM32\DEVOBJ.dll
ModLoad: 00007ffb`638d0000 00007ffb`6391e000   C:\WINDOWS\System32\cfgmgr32.dll
ModLoad: 00007ffb`5c910000 00007ffb`5c98f000   C:\WINDOWS\System32\fwpuclnt.dll
ModLoad: 00007ffb`62800000 00007ffb`62891000   C:\WINDOWS\system32\schannel.DLL
ModLoad: 00007ffb`3d810000 00007ffb`3d825000   C:\WINDOWS\SYSTEM32\mskeyprotect.dll
ModLoad: 00007ffb`632e0000 00007ffb`6331b000   C:\WINDOWS\SYSTEM32\NTASN1.dll
ModLoad: 00007ffb`63320000 00007ffb`63347000   C:\WINDOWS\SYSTEM32\ncrypt.dll
ModLoad: 00007ffb`3c1c0000 00007ffb`3c1e6000   C:\WINDOWS\system32\ncryptsslp.dll
(710c.327c): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffb`661f0860 cc              int     3
0:016> g
(710c.75d0): C++ EH exception - code e06d7363 (first chance)
(710c.75d0): C++ EH exception - code e06d7363 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.6cac): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.6570): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffb`661f0860 cc              int     3
0:015> sxe -c "!pe;!clrstack -p;g" e06d7363
0:015> g
(710c.75d0): C++ EH exception - code e06d7363 (first chance)
There is no current managed exception on this thread
OS Thread Id: 0x75d0 (12)
        Child SP               IP Call Site
0000005F3894F3C0 00007ffb63984f69 [InlinedCallFrame: 0000005f3894f3c0] System.Management.Automation.AmsiUtils+AmsiNativeMethods.AmsiScanBuffer(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
0000005F3894F3C0 00007ffa58607426 [InlinedCallFrame: 0000005f3894f3c0] System.Management.Automation.AmsiUtils+AmsiNativeMethods.AmsiScanBuffer(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
0000005F3894F380 00007ffa58607426 ILStubClass.IL_STUB_PInvoke(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
    PARAMETERS:
        <no data>
        <no data>
        <no data>
        <no data>
        <no data>
        <no data>

0000005F3894F460 00007ffaa7d90684 System.Management.Automation.AmsiUtils.WinScanContent(System.String, System.String, Boolean)
    PARAMETERS:
        content = <no data>
        sourceMetadata = <no data>
        warmUp = <no data>

0000005F3894F4F0 00007ffaa7d1a53f System.Management.Automation.CompiledScriptBlockData.PerformSecurityChecks()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e428

0000005F3894F550 00007ffaa7d1a434 System.Management.Automation.CompiledScriptBlockData.ReallyCompile(Boolean)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e428
        optimize (<CLR reg>) = 0x0000000000000000

0000005F3894F5B0 00007ffaa7d1a2b7 System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()
    PARAMETERS:
        this (0x0000005F3894F5F0) = 0x0000020ec536e428

0000005F3894F5F0 00007ffaa7d1a055 System.Management.Automation.CompiledScriptBlockData.Compile(Boolean)
    PARAMETERS:
        this = <no data>
        optimized = <no data>

0000005F3894F630 00007ffaa7d2e26a System.Management.Automation.DlrScriptCommandProcessor.Init()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e500

0000005F3894F670 00007ffaa7d2df5e System.Management.Automation.DlrScriptCommandProcessor..ctor(System.Management.Automation.ScriptBlock, System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin, System.Management.Automation.SessionStateInternal, System.Object)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e500
        scriptBlock = <no data>
        context = <no data>
        useNewScope = <no data>
        origin = <no data>
        sessionState = <no data>
        dollarUnderbar (0x0002C8D89E6C0890) = <unable to retrieve data>

0000005F3894F6D0 00007ffaa7e268d5 System.Management.Automation.Runspaces.Command.CreateCommandProcessor(System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52ebbd0
        executionContext (<CLR reg>) = 0x0000020ec3bfa378
        addToHistory = <no data>
        origin = <no data>

0000005F3894F780 00007ffaa7e311f7 System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
    PARAMETERS:
        this (0x0000005F3894F7F0) = 0x0000020ec52eba70

0000005F3894F7F0 00007ffaa7e300b3 System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52eba70

0000005F3894F8B0 00007ffaa7e30b0c System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52eba70

0000005F3894F910 00007ffaa7e309df System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProcImpersonate()
    PARAMETERS:
        this = <no data>

0000005F3894F950 00007ffaa7e31d82 System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec3d1ed50

0000005F3894F980 00007ffab70e2fc9 System.Threading.Thread+StartHelper.Callback(System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/Thread.cs @ 42]
    PARAMETERS:
        state = <no data>

0000005F3894F9C0 00007ffab70ecb59 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ExecutionContext.cs @ 183]
    PARAMETERS:
        executionContext = <no data>
        callback = <no data>
        state = <no data>

0000005F3894FA30 00007ffab70e1cba System.Threading.Thread.StartCallback() [/_/src/coreclr/System.Private.CoreLib/src/System/Threading/Thread.CoreCLR.cs @ 105]
    PARAMETERS:
        this = <no data>

0000005F3894FCC0 00007ffab799a243 [DebuggerU2MCatchHandlerFrame: 0000005f3894fcc0] 
(710c.75d0): C++ EH exception - code e06d7363 (first chance)
Exception object: 0000020ec536e958
Exception type:   System.Runtime.InteropServices.SEHException
Message:          External component has thrown an exception.
InnerException:   <none>
StackTrace (generated):
    SP               IP               Function
    0000005F3894F380 0000000000000000 System_Management_Automation!System.Management.Automation.AmsiUtils+AmsiNativeMethods.AmsiScanBuffer(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)+0x1
    0000005F3894F460 00007FFAA7D90684 System_Management_Automation!System.Management.Automation.AmsiUtils.WinScanContent(System.String, System.String, Boolean)+0x1a4
    0000005F3894F4F0 00007FFAA7D1A53F System_Management_Automation!System.Management.Automation.CompiledScriptBlockData.PerformSecurityChecks()+0xbf
    0000005F3894F550 00007FFAA7D1A434 System_Management_Automation!System.Management.Automation.CompiledScriptBlockData.ReallyCompile(Boolean)+0xa4
    0000005F3894F5B0 00007FFAA7D1A2B7 System_Management_Automation!System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()+0x37
    0000005F3894F5F0 00007FFAA7D1A055 System_Management_Automation!System.Management.Automation.CompiledScriptBlockData.Compile(Boolean)+0x65
    0000005F3894F630 00007FFAA7D2E26A System_Management_Automation!System.Management.Automation.DlrScriptCommandProcessor.Init()+0x6a
    0000005F3894F670 00007FFAA7D2DF5E System_Management_Automation!System.Management.Automation.DlrScriptCommandProcessor..ctor(System.Management.Automation.ScriptBlock, System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin, System.Management.Automation.SessionStateInternal, System.Object)+0xbe
    0000005F3894F6D0 00007FFAA7E268D5 System_Management_Automation!System.Management.Automation.Runspaces.Command.CreateCommandProcessor(System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin)+0x1a5
    0000005F3894F780 00007FFAA7E311F7 System_Management_Automation!System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()+0x187

StackTraceString: <none>
HResult: 80004005
OS Thread Id: 0x75d0 (12)
        Child SP               IP Call Site
0000005F3894B2E8 00007ffb63984f69 [HelperMethodFrame: 0000005f3894b2e8] 
0000005F3894B3E0 00007ffaa7e3141b System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
    PARAMETERS:
        this (0x0000005F3894F7F0) = 0x0000020ec52eba70

0000005F3894F3C0 00007ffab793124c [InlinedCallFrame: 0000005f3894f3c0] System.Management.Automation.AmsiUtils+AmsiNativeMethods.AmsiScanBuffer(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
0000005F3894F3C0 00007ffa58607426 [InlinedCallFrame: 0000005f3894f3c0] System.Management.Automation.AmsiUtils+AmsiNativeMethods.AmsiScanBuffer(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
0000005F3894F380 00007ffa58607426 ILStubClass.IL_STUB_PInvoke(IntPtr, IntPtr, UInt32, System.String, IntPtr, AMSI_RESULT ByRef)
    PARAMETERS:
        <no data>
        <no data>
        <no data>
        <no data>
        <no data>
        <no data>

0000005F3894F460 00007ffaa7d90684 System.Management.Automation.AmsiUtils.WinScanContent(System.String, System.String, Boolean)
    PARAMETERS:
        content = <no data>
        sourceMetadata = <no data>
        warmUp = <no data>

0000005F3894F4F0 00007ffaa7d1a53f System.Management.Automation.CompiledScriptBlockData.PerformSecurityChecks()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e428

0000005F3894F550 00007ffaa7d1a434 System.Management.Automation.CompiledScriptBlockData.ReallyCompile(Boolean)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e428
        optimize (<CLR reg>) = 0x0000000000000000

0000005F3894F5B0 00007ffaa7d1a2b7 System.Management.Automation.CompiledScriptBlockData.CompileUnoptimized()
    PARAMETERS:
        this (0x0000005F3894F5F0) = 0x0000020ec536e428

0000005F3894F5F0 00007ffaa7d1a055 System.Management.Automation.CompiledScriptBlockData.Compile(Boolean)
    PARAMETERS:
        this = <no data>
        optimized = <no data>

0000005F3894F630 00007ffaa7d2e26a System.Management.Automation.DlrScriptCommandProcessor.Init()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e500

0000005F3894F670 00007ffaa7d2df5e System.Management.Automation.DlrScriptCommandProcessor..ctor(System.Management.Automation.ScriptBlock, System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin, System.Management.Automation.SessionStateInternal, System.Object)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec536e500
        scriptBlock = <no data>
        context = <no data>
        useNewScope = <no data>
        origin = <no data>
        sessionState = <no data>
        dollarUnderbar (0x0002C8D89E6C0890) = <unable to retrieve data>

0000005F3894F6D0 00007ffaa7e268d5 System.Management.Automation.Runspaces.Command.CreateCommandProcessor(System.Management.Automation.ExecutionContext, Boolean, System.Management.Automation.CommandOrigin)
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52ebbd0
        executionContext (<CLR reg>) = 0x0000020ec3bfa378
        addToHistory = <no data>
        origin = <no data>

0000005F3894F780 00007ffaa7e311f7 System.Management.Automation.Runspaces.LocalPipeline.CreatePipelineProcessor()
    PARAMETERS:
        this (0x0000005F3894F7F0) = 0x0000020ec52eba70

0000005F3894F7F0 00007ffaa7e300b3 System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52eba70

0000005F3894F8B0 00007ffaa7e30b0c System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec52eba70

0000005F3894F910 00007ffaa7e309df System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProcImpersonate()
    PARAMETERS:
        this = <no data>

0000005F3894F950 00007ffaa7e31d82 System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
    PARAMETERS:
        this (<CLR reg>) = 0x0000020ec3d1ed50

0000005F3894F980 00007ffab70e2fc9 System.Threading.Thread+StartHelper.Callback(System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/Thread.cs @ 42]
    PARAMETERS:
        state = <no data>

0000005F3894F9C0 00007ffab70ecb59 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ExecutionContext.cs @ 183]
    PARAMETERS:
        executionContext = <no data>
        callback = <no data>
        state = <no data>

0000005F3894FA30 00007ffab70e1cba System.Threading.Thread.StartCallback() [/_/src/coreclr/System.Private.CoreLib/src/System/Threading/Thread.CoreCLR.cs @ 105]
    PARAMETERS:
        this = <no data>

0000005F3894FCC0 00007ffab799a243 [DebuggerU2MCatchHandlerFrame: 0000005f3894fcc0] 
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.6cac): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)
(710c.75d0): CLR exception - code e0434352 (first chance)

I reproduced the error with the CLR stack trace enabled at the line (710c.75d0): C++ EH exception - code e06d7363 (first chance).

@deadlydog
Copy link
Author

Just to close the loop on this, it looks like the problem is being caused by the antimalware software on my machine (distributed by our organization) thinking the long command may be a malicious attack. This explains why my coworkers could reproduce the issue, but not other people.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment