Native objects for RCW was destroyed. How to find its type?

Imagine situation that .NET attempts to release last reference to COM object but due to mismanage on native side, object already destroyed. In our application when native object is destroyed, we fill object with hexadecimal 80. In this case any attempt to release will immediately crash and you will see something like this:

00 000000c6`b97fa430 00007ffa`a13283bd : 00000000`00000000 000001df`76eee2d0 000001df`453f6fd0 00007ffa`a11aee14 : clr!SafeReleasePreemp+0x75
01 000000c6`b97fa4a0 00007ffa`a1328296 : 00000000`05213028 000001df`453f6fd0 000001df`4543af68 00000000`00000000 : clr!RCW::ReleaseAllInterfaces+0xed
02 000000c6`b97fa4f0 00007ffa`a13281ab : 00000000`05213028 000001df`453f6fd0 000000c6`b97fa5c0 00007ffa`41dd4e90 : clr!RCW::ReleaseAllInterfacesCallBack+0x53
03 000000c6`b97fa580 00007ffa`a1391c5e : 000001df`7a47d7b0 000000c6`babffaa8 00007ffa`41cecfa8 00007ffa`d7571a9a : clr!RCW::Cleanup+0x64

Second parameter in SafeReleasePreemp is RCW and you can use !DumpRCW and you will see something like that:

!DumpRCW 000001df`76eee2d0

Managed object:             00000001627b2130
Creating thread:            0000000111368900
IUnknown pointer:           0000000175c99b30
COM Context:                000000000091e9d8
Managed ref count:          2
IUnknown V-table pointer :  000000013a4d2f88 (captured at RCW creation time)
Flags:                     

COM interface pointers:
              IP          Context               MT Type
0000000175c99ba0 000000000091e9d8 00007ff869dd43a8 SomeLib.IAsyncSimpleResult

As you can see it is possible to see that object that was destroyed was used as IAsyncSimpleResult.  In many cases it could be helpful if interface is relatively unique. But if that interface is really common, it could be really hard to find which object is destroyed. In this case you can use following command:

dsp 000000013a4d2f88

00000000`05213028  00000000`05213009 Module1!file2.object3.Method1+0x1
00000000`05213030  00000000`05213012 Module1!file2.object3.Method2+0xa
00000000`05213038  00000000`0521301b Module1!file2.object3.Method3+0x13

…

And in many cases, it could be quite helpful. Sometimes you will just see just generic object that implemented IUnknown methods, but you can go to addresses above or below and sometimes VMT for other interfaces are around and could provide some help. Anyway, in my case it was helpful and I was able to identify source object.

I hope it helpful