• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 624
  • Last Modified:

Obtaining valid process handle for function

I have a small program I've written to demonstrate setting an exception filter. Problem is, in the call to SymGetSymFromAddr(), the HANDLE I pass to it must be bad, as this function fails, and then a call to GetLastError() returns '6', Invalid Handle. If I print out the handle beforehand, it is usually 88 (as in int).

Here is the primary code (I can submit more if required). These functions are called in the exception filter that gets called on an exception.

DWORD Id = GetCurrentProcessId();
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, TRUE, Id );

Then, I pass this hProcess to another function that contains

SymGetSymFromAddr( hProcess, ... )

This function calls as stated above.

Is the method I'm using to get my process handle invalid, or what?

Thanks
0
gunn
Asked:
gunn
  • 2
  • 2
1 Solution
 
jkrCommented:
You did call 'SymInitialize( hProcess, NULL, FALSE);', didn't you?
0
 
MadshiCommented:
The process handle should be okay...
0
 
gunnAuthor Commented:
I was not calling SymInitialize. I had glanced by it when trying to figure out what SymGetSymFromAddr() is and what it does, but after reading up on StackWalk(), I figured since it was passed in some of the Sym* functions and the process handle, that it must have done the initialization, and I didn't have to. Guess I should have tried it.

Ok, in any case, no more error 6. Now an error 126! "The specified module could not be found". I assume its looking for the symbol file(s)... I even tried using the 2nd parameter of SymInitialize() to add all the paths to all the modules that were loaded in my example (there were 5 of them; my program, ntdll.dll, kernel32.dll, psapi.dll, and imghelp.dll ). Didn't work.

Actually, this is a new question I guess ;)

0
 
jkrCommented:
You'll have to

SymLoadModule ( hProcess, NULL, "myexe.exe", NULL, NULL, NULL);

;-)
0
 
gunnAuthor Commented:
Ahhh, that seemed to work and returned non-zero address. But now (once again), it fails and this time the error is 487. "ERROR_INVALID_ADDRESS". I did some searching and found that this error 487 is common. But, I've loaded the symbol using the above function you gave me, so that gets around the common problem of not running the .exe from its directory.

What I did find in the MSDN database, ID: Q222103, is that using MSVC++6 .pdb files, the IMAGEHLP dll shipped with NT4 can't read them and generates this error!

Now I guess I need to find the updated imagehlp.dll file and ***hopefully*** that will be the last of this! Now where to find it....
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now