I am trying to open process duplicate handles and query information from thread handles using GetThreadContext but i get error ERROR_INVALID_HANDLE or ERROR_GEN_FAILURE. Information about this seems very limited....
processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid)
DuplicateHandle(processHandle,handle.Handle,GetCurrentProcess(),&dupHandle,0,FALSE,DUPLICATE_SAME_ACCESS);
memset(&ctx,0x00,sizeof(ctx));
GetThreadContext(dupHandle,&ctx);
printf("Error:%x", GetLastError());
Anyone ?
First of all, as suggested above you should be passing thread handle as the argument, and not process handle.
Then, what part of CONTEXT structure you request to be filled by GetThreadContext API? You leave zero there and there should be 1+ flags to indicate data of interest:
CONTEXT ThreadContext = { CONTEXT_CONTROL };
if(GetThreadContext(ThreadHandle, &ThreadContext)) {
// ...
See also code snippet at https://stackoverflow.com/a/199809/868014
GetThreadContext takes a thread handle not a process handle.
Related
I need to retrieve the client process id in RPC callback which is using ncalrpc protocol. MSDN suggests to use RpcServerInqCallAttributes with RPC_CALL_ATTRIBUTES_V2 structure. The document says the process id is returned as a handle
https://msdn.microsoft.com/en-us/library/windows/desktop/aa378501(v=vs.85).aspx
I couldn't get that. Is it pointing to a DWORD which has the process id or Is it a process handle where I can get the PID using GetProcessId API?
Also in both cases, who closes the handle or delete the memory allocated for DWORD?
Given how MSDN goes out of its way several times to say that it's a PID and that the value can be re-used after the client process terminates I would say it being defined as a HANDLE is just wrong, that it is in fact a PID value. That being the case it doesn't need to be deallocated, just let the entire RPC_CALL_ATTRIBUTES_V2 structure go out of scope.
the ClientPID is process ID of the calling client as is.
Is it pointing to a DWORD ?
no
Is it a process handle ?
no
I can get the PID using GetProcessId API?
no. this is pid value itself. you can do type cast for use in OpenProcess call - (ULONG)(ULONG_PTR)RpcCallAttributes.ClientPID
who closes the handle or delete the memory allocated for DWORD?
it must not be closed (this handle never need be closed) or deallocated (this is not a pointer)
the process and thread id - is really handles in special handle table (PspCidTable.) it natively represent as handles. native (ntdll) api and kernel mode api always use process and thread id as handles. look for CLIENT_ID
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
this active used in different native api, for example ZwOpenProcess
all kernel mode api use it as handle, for example - PsLookupProcessByProcessId
simply win32 layer truncating HANDLE UniqueProcess; to DWORD UniqueProcess
so if you want use ClientPID from RPC_CALL_ATTRIBUTES_V2 structure in win32 call OpenProcess - you need simply cast it to DWORD. for example:
RPC_CALL_ATTRIBUTES_V2_W RpcCallAttributes = {
RPC_CALL_ATTRIBUTES_VERSION, RPC_QUERY_CLIENT_PID
};
if (RPC_S_OK == RpcServerInqCallAttributes(0, &RpcCallAttributes))
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,
(ULONG)(ULONG_PTR)RpcCallAttributes.ClientPID);
}
if use native api - type cast not need. for example
RPC_CALL_ATTRIBUTES_V2_W RpcCallAttributes = {
RPC_CALL_ATTRIBUTES_VERSION, RPC_QUERY_CLIENT_PID
};
if (RPC_S_OK == RpcServerInqCallAttributes(0, &RpcCallAttributes))
{
HANDLE hProcess;
static OBJECT_ATTRIBUTES zoa = { sizeof(zoa) };
CLIENT_ID cid = { RpcCallAttributes.ClientPID };
ZwOpenProcess(&hProcess, PROCESS_ALL_ACCESS, &zoa, &cid );
}
https://learn.microsoft.com/en-us/windows/desktop/api/rpcasync/ns-rpcasync-tagrpc_call_attributes_v2_a
ClientPID
Handle that contains the process ID of the calling client. This field
is only supported for the ncalrpc protocol sequence, and is populated
only when RPC_QUERY_CLIENT_PID is specified in the Flags parameter.
I found this working as PID, not HANDLE. That is:
HANDLE hproc = (HANDLE)ClientPID.ClientPID;
NtQueryProcessInformation ( hproc ...)
fails, but
cpid = (DWORD)(DWORD_PTR)ClientPID.ClientPID;
hcproc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ, FALSE, cpid);
succeeds.
So MSDN is right: it is represented as a HANDLE, but it needs to be casted to a DWORD PID to be used in subsequent calls.
I am using CreateMutex to stop multiple application to run certain functions at the same time. These functions are in dll so can be called over by same application or separate applictions. This dll talks to hardware so I want to return 'busy' if another function is already running rather than have to wait on it. I thought best approach is to use CreateMutex instead combination of OpenMutex.
int FunctionExposedByDll()
{
hMutexAPI = CreateMutex(0, 0, API_RUNNING_MUTEXT );
if (!hMutexAPI )
{
DWORD dwErr = GetLastError();
if (dwErr == ERROR_ALREADY_EXISTS )
return MY_ERROR_BUSY;
}
// actual function here
CloseHandle( hMutexAPI );
}
So if the mutex is already created, I should get ERROR_ALREADY_EXISTS which tells me system is executing an api and I should return. However the above code always return a valid mutex even if the prior function has not returned and mutex handle is not closed.
I also tried CreateMutexEx function and in that case when I try it the 2nd time it returns ERROR_ACCESS_DENIED when I am expecting ERROR_ALREADY_EXISTS. So my question is what do I need to do to get correct status that mutex already exist when it exist?
I am using windows 7
**Update**
Based on Rob K answer, I have changed the code to following:
int FunctionExposedByDll()
{
hMutexAPI = CreateMutex(0, 0, API_RUNNING_MUTEXT );
DWORD dwErr = GetLastError();
if (dwErr == ERROR_ALREADY_EXISTS )
{
CloseHandle( hMutexAPI); // i have to call this but it contributes to first chance exception too!
return MY_ERROR_BUSY;
}
// actual function here
CloseHandle( hMutexAPI );
}
Now I am getting/reading the correct status of semaphore but releasing is an issue. If I don't release it when its in 'busy state', than I always get the ERROR_ALREADY_EXISTS even when the other API has finished. So CloseHandle() fixes that but creates another issue. When I return and close CloseHandle()from busy state and the first API completes later and want to close the handle, I get first chance exception. I don't see how can I avoid that!?
That's not the correct way to use CreateMutex(). CreateMutex() (almost) always succeeds in returning a valid handle to a mutex. From the MSDN doc which you linked: "If the mutex is a named mutex and the object existed before this function call, the return value is a handle to the existing object, GetLastError returns ERROR_ALREADY_EXISTS..."
Quoting again: "Two or more processes can call CreateMutex to create the same named mutex. The first process actually creates the mutex, and subsequent processes with sufficient access rights simply open a handle to the existing mutex. This enables multiple processes to get handles of the same mutex, while relieving the user of the responsibility of ensuring that the creating process is started first."
What you want to do is use CreateMutex() to open a handle to the mutex, and then use WaitForSingleObject() with a timeout value of 0 to try to take it. If the WaitForSingleObject() fails to take the mutex, then you return MY_ERROR_BUSY. If it does succeed to take the mutex, call ReleaseMutex() when you are done using it to unlock it.
ETA:
If WaitForSingleObject returns WAIT_OBJECT_0 or WAIT_ABANDONED, then you own the mutex (e.g. it becomes signalled) and you must call ReleaseMutex to give-up ownership (e.g. unsignal it) before calling CloseHandle.
If it returns WAIT_TIMEOUT, you do not own the mutex, and you can just call CloseHandle.
int FunctionExposedByDll()
{
HANDLE hMutexAPI = CreateMutex(0, 0, API_RUNNING_MUTEXT );
int rval = MY_ERROR_BUSY;
if ( hMutexAPI )
{
DWORD wait_success = WaitForSingleObject( hMutexAPI, 0 );
if ( wait_success == WAIT_OBJECT_0 || wait_success == WAIT_ABANDONED )
{
// actual function here
ReleaseMutex( hMutexAPI );
rval = SUCCESS_VALUE;
}
CloseHandle( hMutexAPI );
}
return rval;
}
You should take some time to get more familiar with the basic interprocess communication primitives, starting here: http://en.wikipedia.org/wiki/Mutex
ETA once more
I figured C++ 11 may have added the IPC primitives to the standard library, and it appears they have:
http://en.cppreference.com/w/cpp/thread/mutex,
http://en.cppreference.com/w/cpp/thread/lock_guard
If you're using a C++11 capable compiler (e.g. Visual Studio 2013), please use these instead of the system primitives.
And one more edit...
As pointed out in a comment, the C++ standard library primitives are not usable for interprocess communication, only for synchronizing threads in the same process. (This is a great disappointment.)
Instead, use Boost.Interprocess if you can.
CreateMutex returns a valid handle anyway. That is, a test for !hMutexAPI fails and you never enter the clause.
I'm trying to pass a handle from process1 to process2 using the DuplicateHandle function. I obtain the handle using the CreateFile function:
HANDLE COMportHandle;
COMportHandle = CreateFile(TEXT("COM5"),
GENERIC_ALL | PROCESS_DUP_HANDLE,
0,
0,
OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,
0);
In the second process, I first obtain the process ID from process1 through shared memory, and then try to duplicate the handle:
HANDLE pr1handle, CPH, COMportHandle;
pr1handle = OpenProcess(PROCESS_DUP_HANDLE,FALSE,process_id);
if(!DuplicateHandle(pr1handle,COMportHandle,GetCurrentProcess(),&CPH,PROCESS_DUP_HANDLE,FALSE,0))
printf("Error: %d\n",GetLastError());
Then I get the ERROR_INVALID_HANDLE.
The processes are not related, I run the first to open the COM port, and then want to be able to read from it with the second process.
Can somebody tell me where the catch is?
In this code here:
HANDLE pr1handle, CPH, COMportHandle;
pr1handle = OpenProcess(PROCESS_DUP_HANDLE,FALSE,process_id);
if(!DuplicateHandle(pr1handle,COMportHandle,GetCurrentProcess(),&CPH,PROCESS_DUP_HANDLE,FALSE,0))
printf("Error: %d\n",GetLastError());
you introduce a new, uninitialized COMportHandle. So, assuming this is the actual code, I'm not at all surprised COMportHandle is invalid". You will somehow need to get the actual value of COMportHandle from your first process.
In C++, I have opened a serial port that has a HANDLE. Since the port may close by an external application, how can I verify that the HANDLE is still valid before reading data?
I think it can be done by checking the HANDLE against a suitable API function, but which?
Thank you.
Checking to see whether a handle is "valid" is a mistake. You need to have a better way of dealing with this.
The problem is that once a handle has been closed, the same handle value can be generated by a new open of something different, and your test might say the handle is valid, but you are not operating on the file you think you are.
For example, consider this sequence:
Handle is opened, actual value is 0x1234
Handle is used and the value is passed around
Handle is closed.
Some other part of the program opens a file, gets handle value 0x1234
The original handle value is "checked for validity", and passes.
The handle is used, operating on the wrong file.
So, if it is your process, you need to keep track of which handles are valid and which ones are not. If you got the handle from some other process, it will have been put into your process using DuplicateHandle(). In that case, you should manage the lifetime of the handle and the source process shouldn't do that for you. If your handles are being closed from another process, I assume that you are the one doing that, and you need to deal with the book keeping.
Some WinAPI functions return meaningless ERROR_INVALID_PARAMETER even if valid handles are passed to them, so there is a real use case to check handles for validity.
GetHandleInformation function does the job:
http://msdn.microsoft.com/en-us/library/ms724329%28v=vs.85%29.aspx
as the port may close by a external application
This is not possible, an external application cannot obtain the proper handle value to pass to CloseHandle(). Once you have the port opened, any other process trying to get a handle to the port will get AccessDenied.
That said, there's crapware out there that hacks around this restriction by having secret knowledge of the undocumented kernel structures that stores handles for a process. You are powerless against them, don't make the mistake of taking on this battle by doing the same. You will lose. If a customer complains about this then give them my doctor's advice: "if it hurts then don't do it".
If you are given a HANDLE and simply want to find out whether it is indeed an open file handle, there is the Windows API function GetFileInformationByHandle for that.
Depending on the permissions your handle grants you for the file, you can also try to move the file pointer using SetFilePointer, read some data from it using ReadFile, or perform a null write operation using WriteFile with nNumberOfBytesToWrite set to 0.
Probably you are under windows and using ReadFile to read the data. The only way to check it is trying to read. If the HANDLE is invalid it'll return an error code (use GetLastEror() to see which one it is) which will probably be ERROR_HANDLE_INVALID.
I know that it's a little bit late but I had a similar question to you, how to check if a pipe (a pipe I created using CreateFile) is still open (maybe the other end shut down the connection) and can read, and if it is not, to open it again. I did what #Felix Dombek suggested, and I used the WriteFile to check the connection. If it returned 1 it means the pipe is open, else I opened it using the CreateFile again. This implies that your pipe is duplex. Here's the CreateFile:
hPipe2 = CreateFile(lpszPipename2, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_FLAG_WRITE_THROUGH, NULL);
and here is how I checked for the connection:
while(1)
{
bool MessageSent = WriteFile(hPipe2, "Test", 0, &cbWritten, NULL);
if (!(MessageSent))
{
LogsOut("Read pipe has been disconnected");
//Call method to start the pipe again
break;
}
Sleep(200); // I need this because it is a thread
}
This is working just fine for me :)
You can use DuplicateHandle to test handle validity.
First method: You can try to duplicate the handle you want to check on validity. Basically, invalid handles can not be duplicated.
Second method: The DuplicateHandle function does search the Win32 handle descriptor table from beginning for an empty record to reuse it and so assign into it a duplicated handle. You can just test the duplicated handle address value on value greater than yours handle address and if it is greater, then the handle is not treated as invalid and so is not reused. But this method is very specific and limited, and it does only work, when there is no more empty or invalid handle records above the handle value address you want to test.
But all this just said above is valid only if you track all handles creation and duplication on your side.
Examples for Windows 7:
Method #1
// check stdin on validity
HANDLE stdin_handle_dup = INVALID_HANDLE_VALUE;
const bool is_stdin_handle_dup = !!DuplicateHandle(GetCurrentProcess(), GetStdHandle(STD_INPUT_HANDLE), GetCurrentProcess(), &stdin_handle_dup, 0, FALSE, DUPLICATE_SAME_ACCESS);
if (is_stdin_handle_dup && stdin_handle_dup != INVALID_HANDLE_VALUE) {
CloseHandle(stdin_handle_dup);
stdin_handle_dup = INVALID_HANDLE_VALUE;
}
Method #2
// Assume `0x03` address has a valid stdin handle, then the `0x07` address can be tested on validity (in Windows 7 basically stdin=0x03, stdout=0x07, stderr=0x0b).
// So you can duplicate `0x03` to test `0x07`.
bool is_stdout_handle_default_address_valid = false;
HANDLE stdin_handle_dup = INVALID_HANDLE_VALUE;
const bool is_stdin_handle_dup = !!DuplicateHandle(GetCurrentProcess(), (HANDLE)0x03, GetCurrentProcess(), &stdin_handle_dup, 0, FALSE, DUPLICATE_SAME_ACCESS);
if (is_stdin_handle_dup && stdin_handle_dup != INVALID_HANDLE_VALUE) {
if (stdin_handle_dup > (HANDLE)0x07) {
is_stdout_handle_default_address_valid = true; // duplicated into address higher than 0x07, so 0x07 contains a valid handle
}
CloseHandle(stdin_handle_dup);
stdin_handle_dup = INVALID_HANDLE_VALUE;
}
In order to check the handle , first we need to know what is our HANDLE for, (for a File/Port/Window, ...), Then find an appropriate function to check it (thanks #janm for help). Note that the function's duty may be specially for this destination or not. In my case that iv'e opened a Serial port by CreateFile() , i can check the COM status by GetCommState() API function that fills our COM info struct. If the port is not open anymore or inaccessible the function returns 0 and if you call GetLastError() immediately, you`ll get the ERROR_INVALID_HANDLE value. Thanks everyone for helps.
I have a variable of HANDLE type.
First HANDLE variable is a process HANDLE (with name hProcess) that does not have PROCESS_QUERY_INFORMATION access right.
Second variable is a process HANDLE (with name hwndProcess) too that I have opened via OpenProcess function and have PROCESS_QUERY_INFORMATION access right. I am sure both processes should have same handle.
But when i compare them as below, it returns false;
if (hProcess==hwndProcess) {do something}
How shall I do it?
There is not an explicit way to check whether two handles refer to the same process. The only way would be to query the process information and check that, e.g. using GetProcessId on each handle to check the process IDs.
If you don't have the necessary access rights to call the desired query functions then you can try calling DuplicateHandle to get a new handle with more access rights. However, if this fails then you have no way of telling whether the handles are to the same process or not.
hProcess must not hold the ProcessHandle of the Process that will be closed. It can and will most times be NULL. I'm doing something similar to get the PIDs of terminated processes.
if((hProcess == NULL) || (hProcess == GetCurrentProcess())){
pid = GetCurrentProcessId();
} else {
pid = ProcessHandleToId(hProcess);
}
Are your sure, that it's an access rights problem and your function doesn't fail, because the handle is NULL?
The Windows 10 SDK has CompareObjectHandles(HANDLE, HANDLE) which returns TRUE if the handles refer to the same underlying kernel object.
And you don't have to worry about access rights.