关闭有效句柄时,AppVerifier报告“无效句柄 - 代码c0000008”

时间:2012-03-24 18:16:53

标签: windows handle

我有一个简单的测试程序,在AppVerifier下运行时失败,异常。该程序重复STD_INPUT_HANDLE,然后尝试使用CloseHandle()关闭它。该程序正常运行,AppVerifier不会TRUE返回CloseHandle。但是如果在AppVerifier下运行LockHeapsHandles启用它会引发异常。详情如下。任何人都可以评论为什么会这样吗?它是AppVerifier错误吗?

*/

// stdintst.cpp : Defines the entry point for the console application.
//


//
// This code fails if run under AppVerifier x64 4.0.0665
// Test is compiled under VS 2005
//


#include "stdafx.h"


#include <windows.h>
#include <stdio.h>
static int duplicate(HANDLE h)
{
HANDLE ph = GetCurrentProcess();
HANDLE tmph = INVALID_HANDLE_VALUE;


if (!DuplicateHandle(GetCurrentProcess(), h, GetCurrentProcess(), &tmph, 0, TRUE, DUPLICATE_SAME_ACCESS))
return 0;
else {
DWORD dw = CloseHandle(tmph);             // fails here with exception if run under AppVerifier
printf ("CloseHandle %d %x\n", dw, GetLastError());
}


return 1;
}




int wmain(int argc, _TCHAR* argv[])
{


HANDLE h = INVALID_HANDLE_VALUE;
h = GetStdHandle(STD_INPUT_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);


printf("STD_INPUT_HANDLE: %d\n", duplicate(h));


h = GetStdHandle(STD_OUTPUT_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);


printf("STD_INPUT_HANDLE: %d\n", duplicate(h));


h = GetStdHandle(STD_ERROR_HANDLE);
if (h == INVALID_HANDLE_VALUE)
exit(-1);


printf("STD_INPUT_HANDLE: %d\n", duplicate(h));


return 0;
}
Windbg:
_______________________________________________________________


// before CloseHandle()


0018fe2c dw = 0xcccccccc
0018fe54 h = 0x00000003
0018fe44 ph = 0xffffffff
0018fe38 tmph = 0x0000000f
0:000:x86> p  // CloseHandle()
(870.1644): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll!KiRaiseUserExceptionDispatcher+0x3a:
00000000`77b012f7 8b8424c0000000  mov     eax,dword ptr [rsp+0C0h] ss:00000000`0008e2e0=c0000008
0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


APPLICATION_VERIFIER_HANDLES_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed. 
Arguments:
Arg1: ffffffffc0000008, Exception code. 
Arg2: 0000000000000000, Exception record. Use .exr to display it. 
Arg3: 0000000000000000, Context record. Use .cxr to display it. 
Arg4: 0000000000000000, Not used. 


FAULTING_IP: 
ntdll!KiRaiseUserExceptionDispatcher+3a
00000000`77b012f7 8b8424c0000000  mov     eax,dword ptr [rsp+0C0h]


EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077b012f7 (ntdll!KiRaiseUserExceptionDispatcher+0x000000000000003a)
   ExceptionCode: c0000008 (Invalid handle)
  ExceptionFlags: 00000000
NumberParameters: 0
Thread tried to close a handle that was invalid or illegal to close


FAULTING_THREAD:  0000000000001644


DEFAULT_BUCKET_ID:  STATUS_INVALID_HANDLE


PROCESS_NAME:  stdintst.exe


BAD_HANDLE: 000000000000000e (!htrace 000000000000000e)


ERROR_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.


EXCEPTION_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.


MOD_LIST: <ANALYSIS/>


NTGLOBALFLAG:  2000100


APPLICATION_VERIFIER_FLAGS:  80040007


PRIMARY_PROBLEM_CLASS:  STATUS_INVALID_HANDLE


BUGCHECK_STR:  APPLICATION_FAULT_STATUS_INVALID_HANDLE


LAST_CONTROL_TRANSFER:  from 00000000001e2386 to 0000000077b012f7


STACK_TEXT:  
00000000`0008e220 00000000`001e2386 : 00000000`0000000e 00000000`7efdb000 00000000`0008e318 00000000`0008e320 : ntdll!KiRaiseUserExceptionDispatcher+0x3a
00000000`0008e2f0 00000000`7531f2cd : 00000000`0018fd20 00000000`0018fd2c 00000000`7efdb000 00000000`0008fd20 : verifier!AVrfpNtClose+0xbe
00000000`0008e320 00000000`7531cf87 : 00000000`00000000 00000000`0018fc08 00000000`7efdb000 00000000`7efdd000 : wow64!whNtClose+0x11
00000000`0008e350 00000000`75262776 : 00000000`77ca01b4 00000000`75310023 00000000`00000246 00000000`0018fff0 : wow64!Wow64SystemServiceEx+0xd7
00000000`0008ec10 00000000`7531d07e : 00000000`0008fd20 00000000`75261920 00000000`00000000 00000000`0008ed40 : wow64cpu!TurboDispatchJumpAddressEnd+0x2d
00000000`0008ecd0 00000000`7531c549 : 00000000`00000000 00000000`00000000 00000000`75314ac8 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
00000000`0008ed20 00000000`77af4956 : 00000000`01d32f00 00000000`00000000 00000000`77be2670 00000000`77bb5978 : wow64!Wow64LdrpInitialize+0x429
00000000`0008f270 00000000`77af1a17 : 00000000`00000000 00000000`77af4061 00000000`0008f820 00000000`00000000 : ntdll!LdrpInitializeProcess+0x17e4
00000000`0008f760 00000000`77adc32e : 00000000`0008f820 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x29220
00000000`0008f7d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe




FOLLOWUP_IP: 
wow64!whNtClose+11
00000000`7531f2cd 90              nop


SYMBOL_STACK_INDEX:  2


SYMBOL_NAME:  wow64!whNtClose+11


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: wow64


IMAGE_NAME:  wow64.dll


DEBUG_FLR_IMAGE_TIMESTAMP:  4e212272


STACK_COMMAND:  ~0s ; kb


FAILURE_BUCKET_ID:  STATUS_INVALID_HANDLE_c0000008_wow64.dll!whNtClose


BUCKET_ID:  X64_APPLICATION_FAULT_STATUS_INVALID_HANDLE_wow64!whNtClose+11


Followup: MachineOwner
---------


0:000> !htrace 000000000000000e
--------------------------------------
Handle = 0x000000000000000e - *** BAD REFERENCE ***
Thread ID = 0x0000000000001644, Process ID = 0x0000000000000870


0x0000000077b0140a: ntdll!NtClose+0x000000000000000a
0x00000000001e2386: verifier!AVrfpNtClose+0x00000000000000be
0x000000007531f2cd: wow64!whNtClose+0x0000000000000011
0x000000007531cf87: wow64!Wow64SystemServiceEx+0x00000000000000d7
0x0000000075262776: wow64cpu!TurboDispatchJumpAddressEnd+0x000000000000002d
0x000000007531d07e: wow64!RunCpuSimulation+0x000000000000000a
0x000000007531c549: wow64!Wow64LdrpInitialize+0x0000000000000429
0x0000000077af4956: ntdll!LdrpInitializeProcess+0x00000000000017e4
0x0000000077af1a17: ntdll! ?? ::FNODOBFM::`string'+0x0000000000029220
0x0000000077adc32e: ntdll!LdrInitializeThunk+0x000000000000000e
0x0000000077caf9d2: ntdll32!NtClose+0x0000000000000012
0x000000006f2f2f52: vfbasics!AVrfpNtClose+0x0000000000000030
0x00000000770ab9f2: KERNELBASE!CloseHandle+0x000000000000002d
0x000000006f2f3e86: vfbasics!AVrfpCloseHandle+0x0000000000000074
0x000000000041157a: stdintst!duplicate+0x000000000000008a


--------------------------------------
Parsed 0x3A stack traces.
Dumped 0x1 stack traces.








Output Without Appverifier:
-------------------------------


CloseHandle 1 0
STD_INPUT_HANDLE: 1
CloseHandle 1 0
STD_INPUT_HANDLE: 1
CloseHandle 1 0
STD_INPUT_HANDLE: 1

0 个答案:

没有答案