Discussion:
AppVerifier stops with Invalid Handle but the call stack looks mas
(too old to reply)
Friar Chen
2007-10-19 09:12:10 UTC
Permalink
I'm about to use AppVerifier to validate a GUI executable, and at first the
debug stops with following messages:
ModLoad: 746f0000 7471a000 C:\WINDOWS\System32\Msimtf.dll
ModLoad: 74720000 7476b000 C:\WINDOWS\System32\MSCTF.dll
ModLoad: 75c50000 75cbe000 C:\WINDOWS\system32\jscript.dll
ModLoad: 74980000 74a93000 C:\WINDOWS\System32\msxml3.dll
ModLoad: 38a70000 38a7c000
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
(630.6d0): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c0000008 ebx=022f6250 ecx=0012bfe0 edx=7c90eb3d esi=022f6490 edi=00000000
eip=7c90eb74 esp=0012bf8c ebp=0012bfdc iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiRaiseUserExceptionDispatcher+0x37:
7c90eb74 8b0424 mov eax,dword ptr [esp]
ss:0023:0012bf8c=c0000008
<------------------------>

It says that there has an invalid handle detected, and then I try to dump
the call stack by "kb" command, the output likes:
0:000> kb
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be
wrong.
0012bfdc 7c90eb94 7c90d592 0149a380 00000000
ntdll!KiRaiseUserExceptionDispatcher+0x37
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
0012bff4 7c809b8b 00000000 0012c010 01494d29 ntdll!KiFastSystemCallRet
0012c000 01494d29 00000000 7c809b47 0012c020 kernel32!CloseHandle+0x44
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -
0012c010 38a75837 00000000 022f6490 0012c034 vfbasics!AVrfpCloseHandle+0x89
[d:\avrf\source\base\avrf\avrf30\providers\basics\verifier.c @ 1118]
0012c020 38a7676a 022f6490 0012c080 022f6210 MSOXMLMF!DllGetClassObject+0x12f9
0012c034 38a767ad 022f621c 0012c04c 022f6250 MSOXMLMF!DllGetClassObject+0x222c
0012c054 38a75366 022f621c 022f6250 0012c080 MSOXMLMF!DllGetClassObject+0x226f
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\urlmon.dll -
0012c298 7e1f215b 022f6210 074a95e8 00002000 MSOXMLMF!DllGetClassObject+0xe28
0012c2c4 7e1f2e76 00000000 074a95e8 00002000 urlmon!CopyStgMedium+0x189e
0012c2e8 7e1f2952 00000000 0000000d 000092bb urlmon!FindMediaType+0x373
0012c314 7e1f27f1 000092bb 0000000d 000092bb urlmon!CopyStgMedium+0x2095
0012c334 38a751a6 022c40d4 0000000d 000092bb urlmon!CopyStgMedium+0x1f34
0012c34c 7e1ee323 022f6214 0000000d 000092bb MSOXMLMF!DllGetClassObject+0xc68
0012c374 7e1ee199 022c3f18 00000006 0000000d urlmon!ReleaseBindInfo+0xb5c
0012c3a0 7e1ee480 022c3f18 0128eb08 00000006 urlmon!ReleaseBindInfo+0x9d2
0012c3c0 7e1f2386 022c3f18 00000000 00000000 urlmon!ReleaseBindInfo+0xcb9
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\Mshtml.dll -
0012c3e4 7dcea47a 022c3f18 0000000d 000092bb urlmon!CopyStgMedium+0x1ac9
0012c3fc 7dec11ab 000092bb 00000000 0704b340 Mshtml+0xba47a
0012c440 7dec1272 0704b3d4 00000100 0704b470
Mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xde9b4
0012e488 7e1eef25 0704b340 022f7038 022c3f18
Mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xdea7b
<--------------------------->

Although there are lots of call stacks dumped, but none of them is related
to my executable binary, HOW can I get help from above information? I want
to know where uses the invalid handle from my binary, couldn't I?

And then, I use "g" to continue execution, the output likes:
0:000> g


=======================================
VERIFIER STOP 00000300 : pid 0x630: Invalid handle exception for current
stack trace.

C0000008 : Exception code.
0012BCAC : Exception record. Use .exr to display it.
0012BCC0 : Context record. Use .cxr to display it.
00000000 : Not used.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

(630.6d0): Break instruction exception - code 80000003 (first chance)
eax=000001ff ebx=014a8cf8 ecx=7c91eb05 edx=0012b915 esi=00000000 edi=000001ff
eip=7c901230 esp=0012b9a4 ebp=0012bba4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!DbgBreakPoint:
7c901230 cc int 3
<----------------->

Would you please kindly tell me how can I find out the root reason of this
problem?

Thanks very much in advance.
Prasad Kakulamarri [MSFT]
2007-10-19 19:46:02 UTC
Permalink
Hi Friar,
From the call stack, it looks like MSOXMLMF.DLL is using an invalid handle
(0) here. If this is not in your code, you can continue by using 'g" in the
debugger. If you need a fix for this, please contact Microsoft Office product
support.

For invalid handle issues, you can use !htrace debugger extension and look
for BAD_REFERENCE in the dumped call stacks.

Thanks,
Prasad
Post by Friar Chen
I'm about to use AppVerifier to validate a GUI executable, and at first the
ModLoad: 746f0000 7471a000 C:\WINDOWS\System32\Msimtf.dll
ModLoad: 74720000 7476b000 C:\WINDOWS\System32\MSCTF.dll
ModLoad: 75c50000 75cbe000 C:\WINDOWS\system32\jscript.dll
ModLoad: 74980000 74a93000 C:\WINDOWS\System32\msxml3.dll
ModLoad: 38a70000 38a7c000
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
(630.6d0): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c0000008 ebx=022f6250 ecx=0012bfe0 edx=7c90eb3d esi=022f6490 edi=00000000
eip=7c90eb74 esp=0012bf8c ebp=0012bfdc iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
7c90eb74 8b0424 mov eax,dword ptr [esp]
ss:0023:0012bf8c=c0000008
<------------------------>
It says that there has an invalid handle detected, and then I try to dump
0:000> kb
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be
wrong.
0012bfdc 7c90eb94 7c90d592 0149a380 00000000
ntdll!KiRaiseUserExceptionDispatcher+0x37
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
0012bff4 7c809b8b 00000000 0012c010 01494d29 ntdll!KiFastSystemCallRet
0012c000 01494d29 00000000 7c809b47 0012c020 kernel32!CloseHandle+0x44
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -
0012c010 38a75837 00000000 022f6490 0012c034 vfbasics!AVrfpCloseHandle+0x89
0012c020 38a7676a 022f6490 0012c080 022f6210 MSOXMLMF!DllGetClassObject+0x12f9
0012c034 38a767ad 022f621c 0012c04c 022f6250 MSOXMLMF!DllGetClassObject+0x222c
0012c054 38a75366 022f621c 022f6250 0012c080 MSOXMLMF!DllGetClassObject+0x226f
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\urlmon.dll -
0012c298 7e1f215b 022f6210 074a95e8 00002000 MSOXMLMF!DllGetClassObject+0xe28
0012c2c4 7e1f2e76 00000000 074a95e8 00002000 urlmon!CopyStgMedium+0x189e
0012c2e8 7e1f2952 00000000 0000000d 000092bb urlmon!FindMediaType+0x373
0012c314 7e1f27f1 000092bb 0000000d 000092bb urlmon!CopyStgMedium+0x2095
0012c334 38a751a6 022c40d4 0000000d 000092bb urlmon!CopyStgMedium+0x1f34
0012c34c 7e1ee323 022f6214 0000000d 000092bb MSOXMLMF!DllGetClassObject+0xc68
0012c374 7e1ee199 022c3f18 00000006 0000000d urlmon!ReleaseBindInfo+0xb5c
0012c3a0 7e1ee480 022c3f18 0128eb08 00000006 urlmon!ReleaseBindInfo+0x9d2
0012c3c0 7e1f2386 022c3f18 00000000 00000000 urlmon!ReleaseBindInfo+0xcb9
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\Mshtml.dll -
0012c3e4 7dcea47a 022c3f18 0000000d 000092bb urlmon!CopyStgMedium+0x1ac9
0012c3fc 7dec11ab 000092bb 00000000 0704b340 Mshtml+0xba47a
0012c440 7dec1272 0704b3d4 00000100 0704b470
Mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xde9b4
0012e488 7e1eef25 0704b340 022f7038 022c3f18
Mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xdea7b
<--------------------------->
Although there are lots of call stacks dumped, but none of them is related
to my executable binary, HOW can I get help from above information? I want
to know where uses the invalid handle from my binary, couldn't I?
0:000> g
=======================================
VERIFIER STOP 00000300 : pid 0x630: Invalid handle exception for current
stack trace.
C0000008 : Exception code.
0012BCAC : Exception record. Use .exr to display it.
0012BCC0 : Context record. Use .cxr to display it.
00000000 : Not used.
=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.
=======================================
(630.6d0): Break instruction exception - code 80000003 (first chance)
eax=000001ff ebx=014a8cf8 ecx=7c91eb05 edx=0012b915 esi=00000000 edi=000001ff
eip=7c901230 esp=0012b9a4 ebp=0012bba4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
7c901230 cc int 3
<----------------->
Would you please kindly tell me how can I find out the root reason of this
problem?
Thanks very much in advance.
Loading...