Discussion:
VB6 "Shell" exception with AppVerifier
(too old to reply)
Jianke
2007-03-21 06:31:00 UTC
Permalink
I often come accross weird problem recently. :)

I got an "Memory block address" exception when executing
Shell "c:\arj.exe", 1
with AppVerifier, actually this statement is all of my test VB6 application.
However, if I change it to Shell "notepad.exe", 1 there is no error.
Eventually I found out it will come to an exception if it's a dos command
while no problem with win32 application. Is it a bug of MSVBVM60.dll?

Thanks in advance.

The detailed exception information:
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arguments:
Arg1: 03770000, Memory block address
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used

FAULTING_IP:
ntdll!DbgBreakPoint+0
7c901230 cc int 3

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c901230 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 7c91eb05
Parameter[2]: 0012e5a9

FAULTING_THREAD: 00000328

BUGCHECK_STR: AVRF_60b

DEFAULT_BUCKET_ID: STATUS_BREAKPOINT

PROCESS_NAME: Project1.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.

LAST_CONTROL_TRANSFER: from 00363760 to 7c901230

STACK_TEXT:
0012e664 00363760 0012dede 0038a370 7c910976 ntdll!DbgBreakPoint
0012e868 003931b7 00397d20 0000060b 03770000
vrfcore!VerifierStopMessageEx+0x4b5
0012e88c 003880b2 0000060b 00382fbc 03770000
vfbasics!VfBasicsStopMessage+0x157
0012e8f4 00387d05 ffffffff 00000001 03770000
vfbasics!AVrfpFreeVirtualMemNotify+0xa2
0012e920 7c867b64 ffffffff 0012ec94 0012e940
vfbasics!AVrfpNtFreeVirtualMemory+0xf5
0012e938 7c843174 00000000 0012ec90 7c819f71
kernel32!BaseDestroyVDMEnvironment+0x36
0012e944 7c819f71 0012f428 00000000 0346efe4
kernel32!CreateProcessInternalW+0x2153
0012f370 7c80235e 00000000 00000000 0346efe4
kernel32!CreateProcessInternalW+0x1e1a
0012f3a8 660ccebf 00000000 0346efe4 00000000 kernel32!CreateProcessW+0x2c
0012f438 00401beb 0012f4d0 00000001 0012f514 MSVBVM60!rtcShell+0x102
0012f508 66051fb3 02940fb8 0012f524 004015d8
Project1!Form1::Command1_Click+0x8b [C:\ShellTest\Form1.frm @ 31]
0012f524 660522b4 004015d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 02940ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 02940fd4 66065391 03606efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03606efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240


FOLLOWUP_IP:
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: MSVBVM60!rtcShell+102

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: MSVBVM60

IMAGE_NAME: MSVBVM60.DLL

DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec

STACK_COMMAND: ~0s ; kb

FAILURE_BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102

BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102

Followup: MachineOwner
---------
Prasad Kakulamarri [MSFT]
2007-03-21 16:19:10 UTC
Permalink
Hi Jianke,
From the callstack, this looks like an already reported issue in
MSVBVM60.dll.
Thanks,
Prasad
Post by Jianke
I often come accross weird problem recently. :)
I got an "Memory block address" exception when executing
Shell "c:\arj.exe", 1
with AppVerifier, actually this statement is all of my test VB6 application.
However, if I change it to Shell "notepad.exe", 1 there is no error.
Eventually I found out it will come to an exception if it's a dos command
while no problem with win32 application. Is it a bug of MSVBVM60.dll?
Thanks in advance.
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arg1: 03770000, Memory block address
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used
ntdll!DbgBreakPoint+0
7c901230 cc int 3
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c901230 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 7c91eb05
Parameter[2]: 0012e5a9
FAULTING_THREAD: 00000328
BUGCHECK_STR: AVRF_60b
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: Project1.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.
LAST_CONTROL_TRANSFER: from 00363760 to 7c901230
0012e664 00363760 0012dede 0038a370 7c910976 ntdll!DbgBreakPoint
0012e868 003931b7 00397d20 0000060b 03770000
vrfcore!VerifierStopMessageEx+0x4b5
0012e88c 003880b2 0000060b 00382fbc 03770000
vfbasics!VfBasicsStopMessage+0x157
0012e8f4 00387d05 ffffffff 00000001 03770000
vfbasics!AVrfpFreeVirtualMemNotify+0xa2
0012e920 7c867b64 ffffffff 0012ec94 0012e940
vfbasics!AVrfpNtFreeVirtualMemory+0xf5
0012e938 7c843174 00000000 0012ec90 7c819f71
kernel32!BaseDestroyVDMEnvironment+0x36
0012e944 7c819f71 0012f428 00000000 0346efe4
kernel32!CreateProcessInternalW+0x2153
0012f370 7c80235e 00000000 00000000 0346efe4
kernel32!CreateProcessInternalW+0x1e1a
0012f3a8 660ccebf 00000000 0346efe4 00000000 kernel32!CreateProcessW+0x2c
0012f438 00401beb 0012f4d0 00000001 0012f514 MSVBVM60!rtcShell+0x102
0012f508 66051fb3 02940fb8 0012f524 004015d8
0012f524 660522b4 004015d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 02940ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 02940fd4 66065391 03606efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03606efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: MSVBVM60!rtcShell+102
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MSVBVM60
IMAGE_NAME: MSVBVM60.DLL
DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
Followup: MachineOwner
---------
Jianke
2007-03-22 13:00:33 UTC
Permalink
Hi Prasad,

Thanks again for your help!
Is there any hotfix for this bug? Or I can still get another waiver from
Microsoft for platform test? :)
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
From the callstack, this looks like an already reported issue in
MSVBVM60.dll.
Thanks,
Prasad
Post by Jianke
I often come accross weird problem recently. :)
I got an "Memory block address" exception when executing
Shell "c:\arj.exe", 1
with AppVerifier, actually this statement is all of my test VB6 application.
However, if I change it to Shell "notepad.exe", 1 there is no error.
Eventually I found out it will come to an exception if it's a dos command
while no problem with win32 application. Is it a bug of MSVBVM60.dll?
Thanks in advance.
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arg1: 03770000, Memory block address
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used
ntdll!DbgBreakPoint+0
7c901230 cc int 3
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c901230 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 7c91eb05
Parameter[2]: 0012e5a9
FAULTING_THREAD: 00000328
BUGCHECK_STR: AVRF_60b
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: Project1.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.
LAST_CONTROL_TRANSFER: from 00363760 to 7c901230
0012e664 00363760 0012dede 0038a370 7c910976 ntdll!DbgBreakPoint
0012e868 003931b7 00397d20 0000060b 03770000
vrfcore!VerifierStopMessageEx+0x4b5
0012e88c 003880b2 0000060b 00382fbc 03770000
vfbasics!VfBasicsStopMessage+0x157
0012e8f4 00387d05 ffffffff 00000001 03770000
vfbasics!AVrfpFreeVirtualMemNotify+0xa2
0012e920 7c867b64 ffffffff 0012ec94 0012e940
vfbasics!AVrfpNtFreeVirtualMemory+0xf5
0012e938 7c843174 00000000 0012ec90 7c819f71
kernel32!BaseDestroyVDMEnvironment+0x36
0012e944 7c819f71 0012f428 00000000 0346efe4
kernel32!CreateProcessInternalW+0x2153
0012f370 7c80235e 00000000 00000000 0346efe4
kernel32!CreateProcessInternalW+0x1e1a
0012f3a8 660ccebf 00000000 0346efe4 00000000 kernel32!CreateProcessW+0x2c
0012f438 00401beb 0012f4d0 00000001 0012f514 MSVBVM60!rtcShell+0x102
0012f508 66051fb3 02940fb8 0012f524 004015d8
0012f524 660522b4 004015d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 02940ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 02940fd4 66065391 03606efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03606efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: MSVBVM60!rtcShell+102
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MSVBVM60
IMAGE_NAME: MSVBVM60.DLL
DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
Followup: MachineOwner
---------
Prasad Kakulamarri [MSFT]
2007-03-23 15:51:23 UTC
Permalink
Hi Jianke,
I was wrong, this may not be a bug in MSVBVM60. Can you give more
information on how to reproduce the problem? What platform and OS are you
testing this on?
Thanks,
Prasad
Post by Jianke
Hi Prasad,
Thanks again for your help!
Is there any hotfix for this bug? Or I can still get another waiver from
Microsoft for platform test? :)
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
From the callstack, this looks like an already reported issue in
MSVBVM60.dll.
Thanks,
Prasad
Post by Jianke
I often come accross weird problem recently. :)
I got an "Memory block address" exception when executing
Shell "c:\arj.exe", 1
with AppVerifier, actually this statement is all of my test VB6 application.
However, if I change it to Shell "notepad.exe", 1 there is no error.
Eventually I found out it will come to an exception if it's a dos command
while no problem with win32 application. Is it a bug of MSVBVM60.dll?
Thanks in advance.
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arg1: 03770000, Memory block address
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used
ntdll!DbgBreakPoint+0
7c901230 cc int 3
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c901230 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 7c91eb05
Parameter[2]: 0012e5a9
FAULTING_THREAD: 00000328
BUGCHECK_STR: AVRF_60b
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: Project1.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.
LAST_CONTROL_TRANSFER: from 00363760 to 7c901230
0012e664 00363760 0012dede 0038a370 7c910976 ntdll!DbgBreakPoint
0012e868 003931b7 00397d20 0000060b 03770000
vrfcore!VerifierStopMessageEx+0x4b5
0012e88c 003880b2 0000060b 00382fbc 03770000
vfbasics!VfBasicsStopMessage+0x157
0012e8f4 00387d05 ffffffff 00000001 03770000
vfbasics!AVrfpFreeVirtualMemNotify+0xa2
0012e920 7c867b64 ffffffff 0012ec94 0012e940
vfbasics!AVrfpNtFreeVirtualMemory+0xf5
0012e938 7c843174 00000000 0012ec90 7c819f71
kernel32!BaseDestroyVDMEnvironment+0x36
0012e944 7c819f71 0012f428 00000000 0346efe4
kernel32!CreateProcessInternalW+0x2153
0012f370 7c80235e 00000000 00000000 0346efe4
kernel32!CreateProcessInternalW+0x1e1a
0012f3a8 660ccebf 00000000 0346efe4 00000000 kernel32!CreateProcessW+0x2c
0012f438 00401beb 0012f4d0 00000001 0012f514 MSVBVM60!rtcShell+0x102
0012f508 66051fb3 02940fb8 0012f524 004015d8
0012f524 660522b4 004015d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 02940ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 02940fd4 66065391 03606efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03606efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: MSVBVM60!rtcShell+102
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MSVBVM60
IMAGE_NAME: MSVBVM60.DLL
DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
BUCKET_ID: AVRF_60b_MSVBVM60!rtcShell+102
Followup: MachineOwner
---------
Jianke
2007-03-24 18:15:10 UTC
Permalink
Okay, I make the VB6 application under Windows XP Pro SP2.
There is only one statement in the project:
Shell "c:\arj.exe", 1

"arj.exe" chould be anything related to DOS command. Windows application
won't cause any exception, such as Shell "notepad.exe", 1 works fine.
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I was wrong, this may not be a bug in MSVBVM60. Can you give more
information on how to reproduce the problem? What platform and OS are you
testing this on?
Thanks,
Prasad
Prasad Kakulamarri [MSFT]
2007-03-28 01:13:09 UTC
Permalink
Hi Jianke,
I am not able to repro the problem. I created a simple VB6 app with a form
and button in it. The click event for the button had the following code:
shell "cmd dir"
With this, I could not repro the problem.
What kind of app is arj.exe? How can I create an app that is similar to
arj.exe?
Thanks,
Prasad
Post by Jianke
Okay, I make the VB6 application under Windows XP Pro SP2.
Shell "c:\arj.exe", 1
"arj.exe" chould be anything related to DOS command. Windows application
won't cause any exception, such as Shell "notepad.exe", 1 works fine.
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I was wrong, this may not be a bug in MSVBVM60. Can you give more
information on how to reproduce the problem? What platform and OS are you
testing this on?
Thanks,
Prasad
Prasad Kakulamarri [MSFT]
2007-03-28 01:49:34 UTC
Permalink
Hi Jianke,
I am still not able to repro the problem. The issue that you ran into with
shell "cmd dir" is different from the one the you originally ran into with
shell "arj.exe" 1.

Can you run your VB6 app under a debugger and when you run into the verifier
stop 60B, can you run the following command in the debugger and send us the
output?

avrf -vs -a <memory_block_address>


where memory_block_address is the following in !analyze...

0:000> !analyze -
*******************************************************************************
*
*
* Exception Analysis
*
*

*******************************************************************************

APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arguments:
Arg1: 03770000, Memory block address >>>>>this is the address, so run !avrf
-vs -a 03770000

Thanks,
Prasad
Post by Jianke
Hi Prasad,
Thanks a lot for your taking time to test this for me.
I use the same as your "shell 'cmd dir'", and still got the exception.
(attached at the end)
arj.exe is an old freeware similar to rar.exe (you can download it from
internet easily.)
My MSVBVM60.DLL version: 6.0.97.82, probably you have a newer version?
Thanks again
//////////////////////////////////////////////////////////////////////////////////////////
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I am not able to repro the problem. I created a simple VB6 app with a form
shell "cmd dir"
With this, I could not repro the problem.
What kind of app is arj.exe? How can I create an app that is similar to
arj.exe?
Thanks,
Prasad
//////////////////////////////////////////////////////////////////////////////////////////
(418.15c): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c0000008 ebx=00000000 ecx=0012e97c edx=7c90eb3d esi=10000003 edi=00000003
eip=7c90eb74 esp=0012e928 ebp=0012e978 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
7c90eb74 8b0424 mov eax,dword ptr [esp]
ss:0023:0012e928=c0000008
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for
image00400000
APPLICATION_VERIFIER_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed.
Arg1: c0000008, Not used
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used
ntdll!KiRaiseUserExceptionDispatcher+37
7c90eb74 8b0424 mov eax,dword ptr [esp]
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c90eb74 (ntdll!KiRaiseUserExceptionDispatcher+0x00000037)
ExceptionCode: c0000008 (Invalid handle)
ExceptionFlags: 00000000
NumberParameters: 0
Thread tried to close a handle that was invalid or illegal to close
FAULTING_THREAD: 0000015c
BUGCHECK_STR: AVRF_300
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: image00400000
BAD_HANDLE: 00010001 (!htrace 00010001)
ERROR_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.
LAST_CONTROL_TRANSFER: from 7c90eb93 to 7c90eb74
0012e978 7c90eb93 7c90d919 7c841b0a ffffffff
ntdll!KiRaiseUserExceptionDispatcher+0x37
0012e9a8 7c82df43 0000037c 00000000 0002001c ntdll!KiFastSystemCallRet+0x4
0012f3e0 7c80235e 00000000 00000000 033c8fe4
kernel32!CreateProcessInternalW+0x1964
0012f418 660ccebf 00000000 033c8fe4 00000000 kernel32!CreateProcessW+0x2c
0012f4a8 00401a2d 0012f4e4 00000002 0012f514 MSVBVM60!rtcShell+0x102
WARNING: Stack unwind information not available. Following frames may be
wrong.
0012f508 66051fb3 01f24fb8 0012f524 004016d8 image00400000+0x1a2d
0012f524 660522b4 004016d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 01f24ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 01f24fd4 66065391 03546efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03546efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: MSVBVM60!rtcShell+102
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MSVBVM60
IMAGE_NAME: MSVBVM60.DLL
DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: AVRF_300_MSVBVM60!rtcShell+102
BUCKET_ID: AVRF_300_MSVBVM60!rtcShell+102
Followup: MachineOwner
---------
Jianke
2007-03-28 17:10:04 UTC
Permalink
Hi Prasad,

I am using WinDbg 6.6.7.5 and AppVerifier 3.3.0045 while I run across this
message.

0:000> !avrf -vs -a 037a0000
Verifier package version >= 3.00
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: vfbasics!_AVRF_EXCEPTION_LOG_ENTRY ***
*** ***
*************************************************************************
No type information found for `_AVRF_EXCEPTION_LOG_ENTRY'.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `[verifier core DLL]'.
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I am still not able to repro the problem. The issue that you ran into with
shell "cmd dir" is different from the one the you originally ran into with
shell "arj.exe" 1.
Can you run your VB6 app under a debugger and when you run into the verifier
stop 60B, can you run the following command in the debugger and send us the
output?
avrf -vs -a <memory_block_address>
where memory_block_address is the following in !analyze...
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arg1: 03770000, Memory block address >>>>>this is the address, so run !avrf
-vs -a 03770000
Thanks,
Prasad
Prasad Kakulamarri [MSFT]
2007-03-28 21:38:01 UTC
Permalink
Hi Jianke,
I was able to repro this trying to launch a 16 bit app with shell 'shell
"edit.com"' on XP sp2. This is an issue in kernel32.dll on XP. If you need a
fix for this issue, please work with Microsoft Product Support. Thank you for
reporting this issue.

Prasad
Post by Jianke
Hi Prasad,
I am using WinDbg 6.6.7.5 and AppVerifier 3.3.0045 while I run across this
message.
0:000> !avrf -vs -a 037a0000
Verifier package version >= 3.00
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: vfbasics!_AVRF_EXCEPTION_LOG_ENTRY ***
*** ***
*************************************************************************
No type information found for `_AVRF_EXCEPTION_LOG_ENTRY'.
This extension requires symbols with type information
for ntdll.dll and verifier.dll.
Please fix the symbols for `[verifier core DLL]'.
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I am still not able to repro the problem. The issue that you ran into with
shell "cmd dir" is different from the one the you originally ran into with
shell "arj.exe" 1.
Can you run your VB6 app under a debugger and when you run into the verifier
stop 60B, can you run the following command in the debugger and send us the
output?
avrf -vs -a <memory_block_address>
where memory_block_address is the following in !analyze...
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************
APPLICATION_VERIFIER_MEM_ALREADY_FREE (60b)
Trying to free virtual memory block that is already free.
This stop is generated if the app verifier detects a VirtualFree for an
address
that is already free. To debug this stop look at the current stack trace
(kb)
and try to determine why the memory is already free but the application is
trying to free it again. "!avrf -vs -a parameter1" will search for a log
of
stack traces of the code paths that allocated/freed that address and
display
these stack traces if they are available. This might show the stack
trace that
freed up this memory.
Arg1: 03770000, Memory block address >>>>>this is the address, so run !avrf
-vs -a 03770000
Thanks,
Prasad
Jianke
2007-03-29 17:34:02 UTC
Permalink
Thanks a lot, Prasad! I appreciate your help.
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I was able to repro this trying to launch a 16 bit app with shell 'shell
"edit.com"' on XP sp2. This is an issue in kernel32.dll on XP. If you need a
fix for this issue, please work with Microsoft Product Support. Thank you for
reporting this issue.
Prasad
Jianke
2007-03-28 02:07:22 UTC
Permalink
Hi Prasad,

Thanks a lot for your taking time to test this for me.
I use the same as your "shell 'cmd dir'", and still got the exception.
(attached at the end)
arj.exe is an old freeware similar to rar.exe (you can download it from
internet easily.)

My MSVBVM60.DLL version: 6.0.97.82, probably you have a newer version?

Thanks again

//////////////////////////////////////////////////////////////////////////////////////////
Post by Prasad Kakulamarri [MSFT]
Hi Jianke,
I am not able to repro the problem. I created a simple VB6 app with a form
shell "cmd dir"
With this, I could not repro the problem.
What kind of app is arj.exe? How can I create an app that is similar to
arj.exe?
Thanks,
Prasad
//////////////////////////////////////////////////////////////////////////////////////////
Exception information I reproduced:

(418.15c): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c0000008 ebx=00000000 ecx=0012e97c edx=7c90eb3d esi=10000003 edi=00000003
eip=7c90eb74 esp=0012e928 ebp=0012e978 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiRaiseUserExceptionDispatcher+0x37:
7c90eb74 8b0424 mov eax,dword ptr [esp]
ss:0023:0012e928=c0000008
0:000> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*** ERROR: Module load completed but symbols could not be loaded for
image00400000
APPLICATION_VERIFIER_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed.
Arguments:
Arg1: c0000008, Not used
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used

FAULTING_IP:
ntdll!KiRaiseUserExceptionDispatcher+37
7c90eb74 8b0424 mov eax,dword ptr [esp]

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 7c90eb74 (ntdll!KiRaiseUserExceptionDispatcher+0x00000037)
ExceptionCode: c0000008 (Invalid handle)
ExceptionFlags: 00000000
NumberParameters: 0
Thread tried to close a handle that was invalid or illegal to close

FAULTING_THREAD: 0000015c

BUGCHECK_STR: AVRF_300

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: image00400000

BAD_HANDLE: 00010001 (!htrace 00010001)

ERROR_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified.

LAST_CONTROL_TRANSFER: from 7c90eb93 to 7c90eb74

STACK_TEXT:
0012e978 7c90eb93 7c90d919 7c841b0a ffffffff
ntdll!KiRaiseUserExceptionDispatcher+0x37
0012e9a8 7c82df43 0000037c 00000000 0002001c ntdll!KiFastSystemCallRet+0x4
0012f3e0 7c80235e 00000000 00000000 033c8fe4
kernel32!CreateProcessInternalW+0x1964
0012f418 660ccebf 00000000 033c8fe4 00000000 kernel32!CreateProcessW+0x2c
0012f4a8 00401a2d 0012f4e4 00000002 0012f514 MSVBVM60!rtcShell+0x102
WARNING: Stack unwind information not available. Following frames may be
wrong.
0012f508 66051fb3 01f24fb8 0012f524 004016d8 image00400000+0x1a2d
0012f524 660522b4 004016d8 0012f5e0 00000002 MSVBVM60!CallProcWithArgs+0x1e
0012f53c 6605239a 01f24ff0 0012f620 0012f5e0 MSVBVM60!InvokeVtblEvent+0x32
0012f55c 66009da4 01f24fd4 66065391 03546efc MSVBVM60!InvokeEvent+0xaf
0012f564 66065391 03546efc 0012f644 6605271b MSVBVM60!DESK::AddRef+0x13
0012f570 6605271b 0012f620 0012f5e0 00000002 MSVBVM60!DESK::AddCtlRef+0x16
00000000 00000000 00000000 00000000 00000000 MSVBVM60!EvtErrFireWorker+0x240


FOLLOWUP_IP:
MSVBVM60!rtcShell+102
660ccebf 8bf8 mov edi,eax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: MSVBVM60!rtcShell+102

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: MSVBVM60

IMAGE_NAME: MSVBVM60.DLL

DEBUG_FLR_IMAGE_TIMESTAMP: 403acfec

STACK_COMMAND: ~0s ; kb

FAILURE_BUCKET_ID: AVRF_300_MSVBVM60!rtcShell+102

BUCKET_ID: AVRF_300_MSVBVM60!rtcShell+102

Followup: MachineOwner
---------
Loading...