Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
VirtualBox 5.1.38.
Description
Tested with ReactOS 0.4.14-dev-844-gea35843.
To reproduce the problem, do the following:
- Download ProcDump v9.0 here: https://download.sysinternals.com/files/Procdump.zip.
- Extract it from zip archive to any directory.
- Right click on the folder where it has been extracted -> "Command Prompt Here".
- In opened cmd, type "procdump -mm processname.exe". Alternatively, you can specify PID or any other information of the process which is visisble in taskmgr. This will (try to) generate a minidump file(s) from the specified process. For example, I tried kbswitch.exe, but you can use for the test any other running process which you want.
- After typing the command, press Enter. After pressing, the tool will crash due to unimplemented RtlGetUnloadEventTrace() (in ntdll.dll) and VerifierEnumerateResource() (in verifier.dll):
WARNING: calling stub RtlGetUnloadEventTrace()
|
WARNING: calling stub VerifierEnumerateResource()
|
Unhandled exception
|
ExceptionCode: 80000100 |
CS:EIP 1b:721e1521
|
DS 23 ES 23 FS 3b GS 0 |
EAX: 007ffb80 EBX: 00049925 ECX: 00000000 |
EDX: 00000000 EBP: 007ffbd8 ESI: 00000001 ESP: 007ffb7c |
EDI: 007ffbd0 EFLAGS: 00000212 |
Address:
|
<verifier.dll:1521> (C:\WINDOWS\System32\verifier.dll@721e0000) |
Frames:
|
<dbghelp.dll:67194> (C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll@3000000) |
<dbghelp.dll:64948> (C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll@3000000) |
<dbghelp.dll:5d629> (C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll@3000000) |
<dbghelp.dll:5e65a> (C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll@3000000) |
<dbghelp.dll:5e9cb> (C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll@3000000) |
<procdump.exe:11a8d> (C:\Documents and Settings\Administrator\Мои документы\RAPPS Downloads\Procdump\procdump.exe@400000) |
<procdump.exe:116a6> (C:\Documents and Settings\Administrator\Мои документы\RAPPS Downloads\Procdump\procdump.exe@400000) |
<procdump.exe:11610> (C:\Documents and Settings\Administrator\Мои документы\RAPPS Downloads\Procdump\procdump.exe@400000) |
<procdump.exe:1130a> (C:\Documents and Settings\Administrator\Мои документы\RAPPS Downloads\Procdump\procdump.exe@400000) |
<kernel32.dll:1c5e1> (C:\WINDOWS\system32\kernel32.dll@7c5b0000) |
err:(dll/win32/advapi32/service/eventlog.c:144) RpcBindingFree returned 0x6a6 |
err:(win32ss/user/user32/windows/messagebox.c:1048) MessageBox: L"The exception unknown software exception (0x80000100) occurred in the application at location 0x721e1521.\r\n\nClick on OK to terminate the program.\nClick on CANCEL to debug the program." |
To fix it, I implemented RtlGetUnloadEventTrace() according to https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlgetunloadeventtrace, and after my changes, it crashes only due to VerifierEnumerateResource(). Since this function is implemented in verifier.dll, after replacing this dll onto version from Win2k3, ProcDump does no longer crash and generates the minidump file(s) successfully. So I think my RtlGetUnloadEventTrace implementation is correct.
Although there also exists RtlGetUnloadEventTraceEx function, it can't be implemented in ReactOS for now and returned in RtlGetUnloadEventTrace at least due to the two following reasons:
- This function is Vista+, while non-Ex function appeared since Windows XP SP2, see https://www.geoffchappell.com/studies/windows/win32/ntdll/api/index.htm.
- It has a different parameters and implementation unlike non-Ex function, according to MSDN: https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlgetunloadeventtraceex, so can't be used in pair with RtlGetUnloadEventTrace().