I have a VerifierDlls installed against an 3rd-party application. It kept getting crash due to invalid handle error:
APPLICATION_VERIFIER_HANDLES_INVALID_HANDLE (300)
Invalid handle exception for current stack trace.
This stop is generated if the function on the top of the stack passed an
invalid handle to system routines. Usually a simple kb command will reveal
what is the value of the handle passed (must be one of the parameters -
usually the first one). If the value is null then this is clearly wrong.
If the value looks ok you need to use !htrace debugger extension to get a
history of operations pertaining to this handle value. In most cases it
must be that the handle value is used after being closed.
Arguments:
Arg1: 00000000c0000008, Exception code.
Arg2: 0000008397afefd0, Exception record. Use .exr to display it.
Arg3: 0000008397afe9a0, Context record. Use .cxr to display it.
Arg4: 0000000000000000, Not used.
I'm wondering if there's a way to avoid it? I tried to hook CloseHandle and I don't know how to tell if the handle is invalid.
From procdump I can tell CloseHandle was the cause
00 00007ffd`cc963851 : 00000000`00000000 00000000`00000000 0000ab17`238a5e24 00000000`00000002 : ntdll!NtWaitForMultipleObjects+0x14
01 00007ffd`cc962ae5 : 00000000`000016d8 00000000`00000000 00000000`000016d8 00000000`00001000 : ntdll!WerpWaitForCrashReporting+0x6d
02 00007ffd`cc961b97 : 00000000`00000000 00000099`fecfd5c0 00000000`00000020 00007ffd`cc98d68a : ntdll!RtlReportExceptionHelper+0x269
03 00007ffd`ad70ecc1 : 00000099`fecfce60 00000000`00000300 00000223`d06f4280 00000000`00000000 : ntdll!RtlReportException+0x77
04 00007ffd`cc9b5eb0 : 00000000`00000000 00007ffd`cca9b5e0 00000223`d06f4280 00000223`d06f4280 : verifier!AVrfpVectoredExceptionHandler+0x2b1
05 00007ffd`cc98fa3b : 00000099`fecfdab0 00000099`fecfd5c0 00000000`00000000 00000000`deff7850 : ntdll!RtlpCallVectoredHandlers+0x104
06 00007ffd`cc9f960a : 00000000`00000000 00000000`00000000 00007ffd`ad735ef0 00000000`00000000 : ntdll!RtlDispatchException+0x6b
07 00007ffd`ad7067ea : 00007ffd`ad735ef0 00000000`00000000 00007ffd`ad728744 00007ffd`ad73dd40 : ntdll!KiUserExceptionDispatch+0x3a
08 00007ffd`ad70ec59 : 00000099`fecfe130 00000000`00000000 00000223`d06f4280 00000099`fecffd20 : verifier!VerifierStopMessageEx+0x6e2
09 00007ffd`cc9b5eb0 : 00000000`00000000 00007ffd`cca9b5e0 00000223`d06f4280 00000223`d06f4280 : verifier!AVrfpVectoredExceptionHandler+0x249
0a 00007ffd`cc98fa3b : 00000099`fecff090 00000099`fecfea60 00000223`d06d0000 00000000`deff7850 : ntdll!RtlpCallVectoredHandlers+0x104
0b 00007ffd`cc991a59 : 00000099`fecfe9c0 00000000`00000024 00000099`fecfe900 00007ffd`ccaa7870 : ntdll!RtlDispatchException+0x6b
0c 00007ffd`cc9f967a : 00000000`00000000 00000000`000007ac 00007ff6`8b94d3f3 00007ffd`cc9f5bd0 : ntdll!RtlRaiseException+0x2d9
0d 00007ffd`ad71e0e1 : 00000223`d43b1660 00007ffd`cb024700 00007ff6`8b94d3f3 00000000`000007ac : ntdll!KiRaiseUserExceptionDispatcher+0x3a
0e 00007ffd`c94d6d82 : 00000000`000007ac 00000223`d43b1660 00000223`d028e040 00000223`d028e040 : verifier!AVrfpNtClose+0x51
0f 00007ffd`ad7201ad : 00000000`000007ac 00000099`fecff310 00000223`d028e038 00000000`000007ac : KERNELBASE!CloseHandle+0x62
10 00007ffd`ad720218 : 00000000`00000000 00000223`d028e038 00000000`00000000 00000000`00000000 : verifier!AVrfpCloseHandleCommon+0xa1
11 00007ff6`8b94d3f3 : 00000223`d0742fb0 00000099`fecff310 00000223`d028e038 00000000`00000000 : verifier!AVrfpKernel32CloseHandle+0x28
Any ideas?
You can disable single application verifier checks. Run
appverif(note there is a 64 and a 32 bit version) and locate the general type of error you have, likeNow comes the not very intuitive action: do a right click on that checkbox and choose "Verifier Stop Options"
You can then select stop option 300 (which is yours) and change the behavior. I don't know exactly what that does, since I never used it, but it sounds either "Ignore" or "Inactive" would be a good choice to get rid of them.
Don't forget to hit the "Save" button after closing the dialog.
The Settings will be stored in Registry somewhere below
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\(64 bit)