我有一个简单的测试程序,在AppVerifier
下运行时失败,异常。该程序重复STD_INPUT_HANDLE
,然后尝试使用CloseHandle()
关闭它。该程序正常运行,AppVerifier
不会TRUE
返回CloseHandle
。但是如果在AppVerifier
下运行Lock
,Heaps
和Handles
启用它会引发异常。详情如下。任何人都可以评论为什么会这样吗?它是AppVerifier
错误吗?
*/
// stdintst.cpp : Defines the entry point for the console application.
//
//
// This code fails if run under AppVerifier x64 4.0.0665
// Test is compiled under VS 2005
//
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
static int duplicate(HANDLE h)
{
HANDLE ph = GetCurrentProcess();
HANDLE tmph = INVALID_HANDLE_VALUE;
if (!DuplicateHandle(GetCurrentProcess(), h, GetCurrentProcess(), &tmph, 0, TRUE, DUPLICATE_SAME_ACCESS))
return 0;
else {
DWORD dw = CloseHandle(tmph); // fails here with exception if run under AppVerifier
printf ("CloseHandle %d %x\n", dw, GetLastError());
}
return 1;
}
int wmain(int argc, _TCHAR* argv[])
{
HANDLE h = INVALID_HANDLE_VALUE;
h = GetStdHandle(STD_INPUT_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);
printf("STD_INPUT_HANDLE: %d\n", duplicate(h));
h = GetStdHandle(STD_OUTPUT_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);
printf("STD_INPUT_HANDLE: %d\n", duplicate(h));
h = GetStdHandle(STD_ERROR_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);
printf("STD_INPUT_HANDLE: %d\n", duplicate(h));
return 0;
}
Windbg:
_______________________________________________________________
// before CloseHandle()
0018fe2c dw = 0xcccccccc
0018fe54 h = 0x00000003
0018fe44 ph = 0xffffffff
0018fe38 tmph = 0x0000000f
0:000:x86> p // CloseHandle()
(870.1644): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll!KiRaiseUserExceptionDispatcher+0x3a:
00000000`77b012f7 8b8424c0000000 mov eax,dword ptr [rsp+0C0h] ss:00000000`0008e2e0=c0000008
0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
APPLICATION_VERIFIER_HANDLES_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed.
Arguments:
Arg1: ffffffffc0000008, Exception code.
Arg2: 0000000000000000, Exception record. Use .exr to display it.
Arg3: 0000000000000000, Context record. Use .cxr to display it.
Arg4: 0000000000000000, Not used.
FAULTING_IP:
ntdll!KiRaiseUserExceptionDispatcher+3a
00000000`77b012f7 8b8424c0000000 mov eax,dword ptr [rsp+0C0h]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077b012f7 (ntdll!KiRaiseUserExceptionDispatcher+0x000000000000003a)
ExceptionCode: c0000008 (Invalid handle)
ExceptionFlags: 00000000
NumberParameters: 0
Thread tried to close a handle that was invalid or illegal to close
FAULTING_THREAD: 0000000000001644
DEFAULT_BUCKET_ID: STATUS_INVALID_HANDLE
PROCESS_NAME: stdintst.exe
BAD_HANDLE: 000000000000000e (!htrace 000000000000000e)
ERROR_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.
EXCEPTION_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 80040007
PRIMARY_PROBLEM_CLASS: STATUS_INVALID_HANDLE
BUGCHECK_STR: APPLICATION_FAULT_STATUS_INVALID_HANDLE
LAST_CONTROL_TRANSFER: from 00000000001e2386 to 0000000077b012f7
STACK_TEXT:
00000000`0008e220 00000000`001e2386 : 00000000`0000000e 00000000`7efdb000 00000000`0008e318 00000000`0008e320 : ntdll!KiRaiseUserExceptionDispatcher+0x3a
00000000`0008e2f0 00000000`7531f2cd : 00000000`0018fd20 00000000`0018fd2c 00000000`7efdb000 00000000`0008fd20 : verifier!AVrfpNtClose+0xbe
00000000`0008e320 00000000`7531cf87 : 00000000`00000000 00000000`0018fc08 00000000`7efdb000 00000000`7efdd000 : wow64!whNtClose+0x11
00000000`0008e350 00000000`75262776 : 00000000`77ca01b4 00000000`75310023 00000000`00000246 00000000`0018fff0 : wow64!Wow64SystemServiceEx+0xd7
00000000`0008ec10 00000000`7531d07e : 00000000`0008fd20 00000000`75261920 00000000`00000000 00000000`0008ed40 : wow64cpu!TurboDispatchJumpAddressEnd+0x2d
00000000`0008ecd0 00000000`7531c549 : 00000000`00000000 00000000`00000000 00000000`75314ac8 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
00000000`0008ed20 00000000`77af4956 : 00000000`01d32f00 00000000`00000000 00000000`77be2670 00000000`77bb5978 : wow64!Wow64LdrpInitialize+0x429
00000000`0008f270 00000000`77af1a17 : 00000000`00000000 00000000`77af4061 00000000`0008f820 00000000`00000000 : ntdll!LdrpInitializeProcess+0x17e4
00000000`0008f760 00000000`77adc32e : 00000000`0008f820 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x29220
00000000`0008f7d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
wow64!whNtClose+11
00000000`7531f2cd 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: wow64!whNtClose+11
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: wow64
IMAGE_NAME: wow64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4e212272
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: STATUS_INVALID_HANDLE_c0000008_wow64.dll!whNtClose
BUCKET_ID: X64_APPLICATION_FAULT_STATUS_INVALID_HANDLE_wow64!whNtClose+11
Followup: MachineOwner
---------
0:000> !htrace 000000000000000e
--------------------------------------
Handle = 0x000000000000000e - *** BAD REFERENCE ***
Thread ID = 0x0000000000001644, Process ID = 0x0000000000000870
0x0000000077b0140a: ntdll!NtClose+0x000000000000000a
0x00000000001e2386: verifier!AVrfpNtClose+0x00000000000000be
0x000000007531f2cd: wow64!whNtClose+0x0000000000000011
0x000000007531cf87: wow64!Wow64SystemServiceEx+0x00000000000000d7
0x0000000075262776: wow64cpu!TurboDispatchJumpAddressEnd+0x000000000000002d
0x000000007531d07e: wow64!RunCpuSimulation+0x000000000000000a
0x000000007531c549: wow64!Wow64LdrpInitialize+0x0000000000000429
0x0000000077af4956: ntdll!LdrpInitializeProcess+0x00000000000017e4
0x0000000077af1a17: ntdll! ?? ::FNODOBFM::`string'+0x0000000000029220
0x0000000077adc32e: ntdll!LdrInitializeThunk+0x000000000000000e
0x0000000077caf9d2: ntdll32!NtClose+0x0000000000000012
0x000000006f2f2f52: vfbasics!AVrfpNtClose+0x0000000000000030
0x00000000770ab9f2: KERNELBASE!CloseHandle+0x000000000000002d
0x000000006f2f3e86: vfbasics!AVrfpCloseHandle+0x0000000000000074
0x000000000041157a: stdintst!duplicate+0x000000000000008a
--------------------------------------
Parsed 0x3A stack traces.
Dumped 0x1 stack traces.
Output Without Appverifier:
-------------------------------
CloseHandle 1 0
STD_INPUT_HANDLE: 1
CloseHandle 1 0
STD_INPUT_HANDLE: 1
CloseHandle 1 0
STD_INPUT_HANDLE: 1