Ignore INVALID HANDLE error in AppVerifier?

338 views Asked by At

I have a VerifierDlls installed against an 3rd-party application. It kept getting crash due to invalid handle error:

APPLICATION_VERIFIER_HANDLES_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed. 
Arguments:
Arg1: 00000000c0000008, Exception code. 
Arg2: 0000008397afefd0, Exception record. Use .exr to display it. 
Arg3: 0000008397afe9a0, Context record. Use .cxr to display it. 
Arg4: 0000000000000000, Not used. 

I'm wondering if there's a way to avoid it? I tried to hook CloseHandle and I don't know how to tell if the handle is invalid.

From procdump I can tell CloseHandle was the cause

00 00007ffd`cc963851 : 00000000`00000000 00000000`00000000 0000ab17`238a5e24 00000000`00000002 : ntdll!NtWaitForMultipleObjects+0x14
01 00007ffd`cc962ae5 : 00000000`000016d8 00000000`00000000 00000000`000016d8 00000000`00001000 : ntdll!WerpWaitForCrashReporting+0x6d
02 00007ffd`cc961b97 : 00000000`00000000 00000099`fecfd5c0 00000000`00000020 00007ffd`cc98d68a : ntdll!RtlReportExceptionHelper+0x269
03 00007ffd`ad70ecc1 : 00000099`fecfce60 00000000`00000300 00000223`d06f4280 00000000`00000000 : ntdll!RtlReportException+0x77
04 00007ffd`cc9b5eb0 : 00000000`00000000 00007ffd`cca9b5e0 00000223`d06f4280 00000223`d06f4280 : verifier!AVrfpVectoredExceptionHandler+0x2b1
05 00007ffd`cc98fa3b : 00000099`fecfdab0 00000099`fecfd5c0 00000000`00000000 00000000`deff7850 : ntdll!RtlpCallVectoredHandlers+0x104
06 00007ffd`cc9f960a : 00000000`00000000 00000000`00000000 00007ffd`ad735ef0 00000000`00000000 : ntdll!RtlDispatchException+0x6b
07 00007ffd`ad7067ea : 00007ffd`ad735ef0 00000000`00000000 00007ffd`ad728744 00007ffd`ad73dd40 : ntdll!KiUserExceptionDispatch+0x3a
08 00007ffd`ad70ec59 : 00000099`fecfe130 00000000`00000000 00000223`d06f4280 00000099`fecffd20 : verifier!VerifierStopMessageEx+0x6e2
09 00007ffd`cc9b5eb0 : 00000000`00000000 00007ffd`cca9b5e0 00000223`d06f4280 00000223`d06f4280 : verifier!AVrfpVectoredExceptionHandler+0x249
0a 00007ffd`cc98fa3b : 00000099`fecff090 00000099`fecfea60 00000223`d06d0000 00000000`deff7850 : ntdll!RtlpCallVectoredHandlers+0x104
0b 00007ffd`cc991a59 : 00000099`fecfe9c0 00000000`00000024 00000099`fecfe900 00007ffd`ccaa7870 : ntdll!RtlDispatchException+0x6b
0c 00007ffd`cc9f967a : 00000000`00000000 00000000`000007ac 00007ff6`8b94d3f3 00007ffd`cc9f5bd0 : ntdll!RtlRaiseException+0x2d9
0d 00007ffd`ad71e0e1 : 00000223`d43b1660 00007ffd`cb024700 00007ff6`8b94d3f3 00000000`000007ac : ntdll!KiRaiseUserExceptionDispatcher+0x3a
0e 00007ffd`c94d6d82 : 00000000`000007ac 00000223`d43b1660 00000223`d028e040 00000223`d028e040 : verifier!AVrfpNtClose+0x51
0f 00007ffd`ad7201ad : 00000000`000007ac 00000099`fecff310 00000223`d028e038 00000000`000007ac : KERNELBASE!CloseHandle+0x62
10 00007ffd`ad720218 : 00000000`00000000 00000223`d028e038 00000000`00000000 00000000`00000000 : verifier!AVrfpCloseHandleCommon+0xa1
11 00007ff6`8b94d3f3 : 00000223`d0742fb0 00000099`fecff310 00000223`d028e038 00000000`00000000 : verifier!AVrfpKernel32CloseHandle+0x28

Any ideas?

1

There are 1 answers

0
Thomas Weller On

You can disable single application verifier checks. Run appverif (note there is a 64 and a 32 bit version) and locate the general type of error you have, like

Handles

Now comes the not very intuitive action: do a right click on that checkbox and choose "Verifier Stop Options"

Verifier Stop Options

You can then select stop option 300 (which is yours) and change the behavior. I don't know exactly what that does, since I never used it, but it sounds either "Ignore" or "Inactive" would be a good choice to get rid of them.

Inactive or Ignore

Don't forget to hit the "Save" button after closing the dialog.

The Settings will be stored in Registry somewhere below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ (64 bit)

Application verifier 300 settings in Registry