当closures有效句柄时,AppVerifier报告“无效句柄 – 代码c0000008”

我有一个简单的testing程序,在AppVerifier下运行时会失败并失败。 该程序复制STD_INPUT_HANDLE ,然后尝试使用CloseHandle()closures它。 该程序工作正常,没有AppVerifier返回TRUECloseHandle 。 但是,如果在AppVerifier下运行LockHeapsHandles则会引发exception。 详情如下。 任何人都可以评论为什么发生? 这是一个AppVerifier错误?

 */ // stdintst.cpp : Defines the entry point for the console application. // // // This code fails if run under AppVerifier x64 4.0.0665 // Test is compiled under VS 2005 // #include "stdafx.h" #include <windows.h> #include <stdio.h> static int duplicate(HANDLE h) { HANDLE ph = GetCurrentProcess(); HANDLE tmph = INVALID_HANDLE_VALUE; if (!DuplicateHandle(GetCurrentProcess(), h, GetCurrentProcess(), &tmph, 0, TRUE, DUPLICATE_SAME_ACCESS)) return 0; else { DWORD dw = CloseHandle(tmph); // fails here with exception if run under AppVerifier printf ("CloseHandle %d %x\n", dw, GetLastError()); } return 1; } int wmain(int argc, _TCHAR* argv[]) { HANDLE h = INVALID_HANDLE_VALUE; h = GetStdHandle(STD_INPUT_HANDLE); if (h == INVALID_HANDLE_VALUE) exit(-1); printf("STD_INPUT_HANDLE: %d\n", duplicate(h)); h = GetStdHandle(STD_OUTPUT_HANDLE); if (h == INVALID_HANDLE_VALUE) exit(-1); printf("STD_INPUT_HANDLE: %d\n", duplicate(h)); h = GetStdHandle(STD_ERROR_HANDLE); if (h == INVALID_HANDLE_VALUE) exit(-1); printf("STD_INPUT_HANDLE: %d\n", duplicate(h)); return 0; } Windbg: _______________________________________________________________ // before CloseHandle() 0018fe2c dw = 0xcccccccc 0018fe54 h = 0x00000003 0018fe44 ph = 0xffffffff 0018fe38 tmph = 0x0000000f 0:000:x86> p // CloseHandle() (870.1644): Invalid handle - code c0000008 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll!KiRaiseUserExceptionDispatcher+0x3a: 00000000`77b012f7 8b8424c0000000 mov eax,dword ptr [rsp+0C0h] ss:00000000`0008e2e0=c0000008 0:000> !analyze -v ERROR: FindPlugIns 8007007b ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* APPLICATION_VERIFIER_HANDLES_INVALID_HANDLE (300) Invalid handle exception for current stack trace. This stop is generated if the function on the top of the stack passed an invalid handle to system routines. Usually a simple kb command will reveal what is the value of the handle passed (must be one of the parameters - usually the first one). If the value is null then this is clearly wrong. If the value looks ok you need to use !htrace debugger extension to get a history of operations pertaining to this handle value. In most cases it must be that the handle value is used after being closed. Arguments: Arg1: ffffffffc0000008, Exception code. Arg2: 0000000000000000, Exception record. Use .exr to display it. Arg3: 0000000000000000, Context record. Use .cxr to display it. Arg4: 0000000000000000, Not used. FAULTING_IP: ntdll!KiRaiseUserExceptionDispatcher+3a 00000000`77b012f7 8b8424c0000000 mov eax,dword ptr [rsp+0C0h] EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0000000077b012f7 (ntdll!KiRaiseUserExceptionDispatcher+0x000000000000003a) ExceptionCode: c0000008 (Invalid handle) ExceptionFlags: 00000000 NumberParameters: 0 Thread tried to close a handle that was invalid or illegal to close FAULTING_THREAD: 0000000000001644 DEFAULT_BUCKET_ID: STATUS_INVALID_HANDLE PROCESS_NAME: stdintst.exe BAD_HANDLE: 000000000000000e (!htrace 000000000000000e) ERROR_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified. EXCEPTION_CODE: (NTSTATUS) 0xc0000008 - An invalid HANDLE was specified. MOD_LIST: <ANALYSIS/> NTGLOBALFLAG: 2000100 APPLICATION_VERIFIER_FLAGS: 80040007 PRIMARY_PROBLEM_CLASS: STATUS_INVALID_HANDLE BUGCHECK_STR: APPLICATION_FAULT_STATUS_INVALID_HANDLE LAST_CONTROL_TRANSFER: from 00000000001e2386 to 0000000077b012f7 STACK_TEXT: 00000000`0008e220 00000000`001e2386 : 00000000`0000000e 00000000`7efdb000 00000000`0008e318 00000000`0008e320 : ntdll!KiRaiseUserExceptionDispatcher+0x3a 00000000`0008e2f0 00000000`7531f2cd : 00000000`0018fd20 00000000`0018fd2c 00000000`7efdb000 00000000`0008fd20 : verifier!AVrfpNtClose+0xbe 00000000`0008e320 00000000`7531cf87 : 00000000`00000000 00000000`0018fc08 00000000`7efdb000 00000000`7efdd000 : wow64!whNtClose+0x11 00000000`0008e350 00000000`75262776 : 00000000`77ca01b4 00000000`75310023 00000000`00000246 00000000`0018fff0 : wow64!Wow64SystemServiceEx+0xd7 00000000`0008ec10 00000000`7531d07e : 00000000`0008fd20 00000000`75261920 00000000`00000000 00000000`0008ed40 : wow64cpu!TurboDispatchJumpAddressEnd+0x2d 00000000`0008ecd0 00000000`7531c549 : 00000000`00000000 00000000`00000000 00000000`75314ac8 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa 00000000`0008ed20 00000000`77af4956 : 00000000`01d32f00 00000000`00000000 00000000`77be2670 00000000`77bb5978 : wow64!Wow64LdrpInitialize+0x429 00000000`0008f270 00000000`77af1a17 : 00000000`00000000 00000000`77af4061 00000000`0008f820 00000000`00000000 : ntdll!LdrpInitializeProcess+0x17e4 00000000`0008f760 00000000`77adc32e : 00000000`0008f820 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x29220 00000000`0008f7d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe FOLLOWUP_IP: wow64!whNtClose+11 00000000`7531f2cd 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: wow64!whNtClose+11 FOLLOWUP_NAME: MachineOwner MODULE_NAME: wow64 IMAGE_NAME: wow64.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4e212272 STACK_COMMAND: ~0s ; kb FAILURE_BUCKET_ID: STATUS_INVALID_HANDLE_c0000008_wow64.dll!whNtClose BUCKET_ID: X64_APPLICATION_FAULT_STATUS_INVALID_HANDLE_wow64!whNtClose+11 Followup: MachineOwner --------- 0:000> !htrace 000000000000000e -------------------------------------- Handle = 0x000000000000000e - *** BAD REFERENCE *** Thread ID = 0x0000000000001644, Process ID = 0x0000000000000870 0x0000000077b0140a: ntdll!NtClose+0x000000000000000a 0x00000000001e2386: verifier!AVrfpNtClose+0x00000000000000be 0x000000007531f2cd: wow64!whNtClose+0x0000000000000011 0x000000007531cf87: wow64!Wow64SystemServiceEx+0x00000000000000d7 0x0000000075262776: wow64cpu!TurboDispatchJumpAddressEnd+0x000000000000002d 0x000000007531d07e: wow64!RunCpuSimulation+0x000000000000000a 0x000000007531c549: wow64!Wow64LdrpInitialize+0x0000000000000429 0x0000000077af4956: ntdll!LdrpInitializeProcess+0x00000000000017e4 0x0000000077af1a17: ntdll! ?? ::FNODOBFM::`string'+0x0000000000029220 0x0000000077adc32e: ntdll!LdrInitializeThunk+0x000000000000000e 0x0000000077caf9d2: ntdll32!NtClose+0x0000000000000012 0x000000006f2f2f52: vfbasics!AVrfpNtClose+0x0000000000000030 0x00000000770ab9f2: KERNELBASE!CloseHandle+0x000000000000002d 0x000000006f2f3e86: vfbasics!AVrfpCloseHandle+0x0000000000000074 0x000000000041157a: stdintst!duplicate+0x000000000000008a -------------------------------------- Parsed 0x3A stack traces. Dumped 0x1 stack traces. Output Without Appverifier: ------------------------------- CloseHandle 1 0 STD_INPUT_HANDLE: 1 CloseHandle 1 0 STD_INPUT_HANDLE: 1 CloseHandle 1 0 STD_INPUT_HANDLE: 1