I am trying to understand the ways in which an unmanaged user-mode Windows process can "crash" (which is really too much of a catch-all term).

Here are the ways I know of so far:

• Unhandled Structured Exception
  • Default UnhandledExceptionFilter: postmortem debugger in pre-Vista; WerFault in Vista+
  • Custom UnhandledExceptionFilter: may do whatever it likes, including exiting quietly?
• "Hard" crash (not sure if there's a technical term for this)
  • E.g. hitting the stack overflow guard page while handling a stack overflow: the OS simply makes the process disappear without a trace?
• "Normal" exit:
  • E.g. where the language provides its own error handling mechanism that makes a fatal crash look to the OS like the application has shut down normally.

Is this roughly right? Are there any other ways for a user-mode Windows process to die?

• Unhandled exception - this is usually what people would call "crash"
• Exception with corrupted stack - if the stack is corrupted and the exception chain cannot be walked, the process is silently killed.
• Explicit termination
  • From another process (e.g. TaskManager, kill.exe) calling TerminateProcess,
  • C/C++ runtime fatal error, /GS stack cookie corruption, etc.
• Attaching a debugger and quiting the debugger without detaching
• Console application will terminate if you kill the corresponding conhost.exe process