I am debugging a larger issue but I have narrowed down to a specific scenario.
Firstly:
XamlRuntimeInitialize();
IXRApplication* pApp;
res=GetXRApplicationInstance(&pApp);
This works fine, Then:
IUnknown* pUnk;
res=pApp->QueryInterface(IID_IUnknown, (void**)&pUnk);
This executes and even returns S_OK however the address returned in pUnk is not the same as pApp(exactly 4bytes less), unexpected but technically not an issue
After That:
UINT cnt=pUnk->AddRef();
This executes and returns 0 but from this point on if I try to call pUnk->Release or pUnk->QueryInterface it crashes. If I call pUnk->Release before pUnk-AddRef it runs but again after pUnk->AddRef any call crashes. It seems as though the AddRef is actually destroying the object. The crash appears to be a null reference exception.
EDIT:
So after learning how to debug on a WEC7 Emulator I have found what looks like the issue. The assembly for AddRef() on the IUnknown looks like this
xor eax, eax
retn 0x0C
Thats all, so every call into AddRef() corrupts the stack. Its interesting because sometimes it would work, and other times not but it turns out it had more to do with the stack i.e. Stack allocated variables.
I have no idea how to work this now. I am trying to avoid a native wrapper because of portability issues, but I dont think there is any way get around this with managed code alone.
On another note what the heck was Microsoft thinking. Doesn't this violate there own rules of COM. I am having a hard time understanding how they could release code that corrupts the stack like that.