以 x64 为目标时关于 GetOwnerModuleFromTcpEntry 的奇怪问题 [英] Weird issue regarding GetOwnerModuleFromTcpEntry when targeting x64

查看:19
本文介绍了以 x64 为目标时关于 GetOwnerModuleFromTcpEntry 的奇怪问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

由于我是第一次发帖,如果我无意中遗漏了任何关键信息,我深表歉意,但在这里.

Since I am a first time poster, I do apologize if I unintentionally left out any key piece of information, but here it goes.

背景:我正在做一些测试,以找出 MIB_TCPROW_OWNER_MODULE 是以及它如何帮助所述函数确定哪个进程拥有 TCP 端点.我得出的结论是数组中的第一项是正在运行的服务列表中服务的索引,这给我们带来了一个奇怪的问题.我在 Windows 7 上使用 Visual Studio 2012(更新 3).测试应用程序在 UAC = requireAdministrator 下运行(但是 asInvoker 产生相同的结果).

Background: I am doing some testing to find out what the undocumented member array ‘OwningModuleInfo’ in MIB_TCPROW_OWNER_MODULE is and how it aid said function in determining what process owns the TCP endpoint. I have reached the conclusion that the first item in the array is the index of the service in the list of running services, which brings us to the weird issue. I am using Visual Studio 2012 (update 3) on Windows 7. The test app is running under UAC = requireAdministrator (asInvoker produces the same result, however).

问题:当我以 x64 为目标时,对于 tcp 表中的某些条目,GetOwnerModuleFromTcpEntry 失败并返回126 - 找不到指定的模块.".当我以 Win32 为目标时,这个问题就消失了.因为我知道这只会在条目由服务拥有时发生,所以我在调用我的测试函数(现在针对 x64)之前尝试了以下虚拟调用:

Problem: When I target x64, then for some entries in the tcp table, GetOwnerModuleFromTcpEntry fails and returns "126 - The specified module could not be found.". When I target Win32, this problem disappears. Since I know that this only happens when the entry is owned by a service, I tried the following dummy call just before the call to my test function (now targeting x64):

SC_HANDLE serviceManager = OpenSCManager(
    NULL,
    NULL,
    SC_MANAGER_ENUMERATE_SERVICE);

CloseServiceHandle(serviceManager);

MyTestFunction(); // Prints the TCP table along with owner information

现在,它工作得很好.再次取消对 OpenSCManager 的调用,它失败了.告诉我这不是真的搞砸了吗?

Now, it works just fine. Take the call to OpenSCManager away again, and it fails. Tell me that this is not really messed up?

  • 我已经查看了我能找到的所有编译器和链接器设置.
  • 我已经仔细检查过,所以我正在链接到正确的库.
  • 我用相同的代码创建了一个 C++/CLI 版本,它适用于 Win32 和 x64.
    • 检查内存/对齐/指针问题.

    没有虚拟调用的测试运行的示例输出

    Pid:   2896
    Owner: Skype.exe
    
    Pid:   848
    Owner: Error 126 - The specified module could not be found.
    
    Pid:   2896
    Owner: Skype.exe
    
    Pid:   3756
    Owner: Error 126 - The specified module could not be found.
    

    使用虚拟调用

    Pid:   2896
    Owner: Skype.exe
    
    Pid:   848
    Owner: RpcSs
    
    Pid:   2896
    Owner: Skype.exe
    
    Pid:   3756
    Owner: WMPNetworkSvc
    

    这只是微软方面的一个错误,我显然遗漏了一些东西,我已经筋疲力尽了.因此,如果有人能就我可能遗漏的内容向我提出正确的方向,我将不胜感激.

    Short of this being a bug on Microsoft’ part, I am obviously missing something and I’m at the end of my rope. So if someone could nudge me in the right direction as to what I might be missing, it would be greatly appreciated.

    推荐答案

    问题好像是没有加载advapi32.dll.所述函数似乎假定在调用它时加载了 advapi32.dll,但显然情况并非总是如此.我仍然不知道为什么 advapi32.dll 没有自动加载,但我想这是另一个问题.

    The problem seems to be that advapi32.dll is not loaded. Said function seems to assume that advapi32.dll is loaded when calling it, which apparently is not always the case. I still do not know why advapi32.dll isn't loaded automatically, but I guess that is another question.

    请参阅 MSDN 论坛上的此主题.

    这篇关于以 x64 为目标时关于 GetOwnerModuleFromTcpEntry 的奇怪问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆