以 x64 为目标时关于 GetOwnerModuleFromTcpEntry 的奇怪问题 [英] Weird issue regarding GetOwnerModuleFromTcpEntry when targeting x64
问题描述
由于我是第一次发帖,如果我无意中遗漏了任何关键信息,我深表歉意,但在这里.
Since I am a first time poster, I do apologize if I unintentionally left out any key piece of information, but here it goes.
背景:我正在做一些测试,以找出 MIB_TCPROW_OWNER_MODULE 是以及它如何帮助所述函数确定哪个进程拥有 TCP 端点.我得出的结论是数组中的第一项是正在运行的服务列表中服务的索引,这给我们带来了一个奇怪的问题.我在 Windows 7 上使用 Visual Studio 2012(更新 3).测试应用程序在 UAC = requireAdministrator 下运行(但是 asInvoker 产生相同的结果).
Background: I am doing some testing to find out what the undocumented member array ‘OwningModuleInfo’ in MIB_TCPROW_OWNER_MODULE is and how it aid said function in determining what process owns the TCP endpoint. I have reached the conclusion that the first item in the array is the index of the service in the list of running services, which brings us to the weird issue. I am using Visual Studio 2012 (update 3) on Windows 7. The test app is running under UAC = requireAdministrator (asInvoker produces the same result, however).
问题:当我以 x64 为目标时,对于 tcp 表中的某些条目,GetOwnerModuleFromTcpEntry 失败并返回126 - 找不到指定的模块.".当我以 Win32 为目标时,这个问题就消失了.因为我知道这只会在条目由服务拥有时发生,所以我在调用我的测试函数(现在针对 x64)之前尝试了以下虚拟调用:
Problem: When I target x64, then for some entries in the tcp table, GetOwnerModuleFromTcpEntry fails and returns "126 - The specified module could not be found.". When I target Win32, this problem disappears. Since I know that this only happens when the entry is owned by a service, I tried the following dummy call just before the call to my test function (now targeting x64):
SC_HANDLE serviceManager = OpenSCManager(
NULL,
NULL,
SC_MANAGER_ENUMERATE_SERVICE);
CloseServiceHandle(serviceManager);
MyTestFunction(); // Prints the TCP table along with owner information
现在,它工作得很好.再次取消对 OpenSCManager 的调用,它失败了.告诉我这不是真的搞砸了吗?
Now, it works just fine. Take the call to OpenSCManager away again, and it fails. Tell me that this is not really messed up?
- 我已经查看了我能找到的所有编译器和链接器设置.
- 我已经仔细检查过,所以我正在链接到正确的库.
- 我用相同的代码创建了一个 C++/CLI 版本,它适用于 Win32 和 x64.
- 检查内存/对齐/指针问题.
没有虚拟调用的测试运行的示例输出
Pid: 2896 Owner: Skype.exe Pid: 848 Owner: Error 126 - The specified module could not be found. Pid: 2896 Owner: Skype.exe Pid: 3756 Owner: Error 126 - The specified module could not be found.
使用虚拟调用
Pid: 2896 Owner: Skype.exe Pid: 848 Owner: RpcSs Pid: 2896 Owner: Skype.exe Pid: 3756 Owner: WMPNetworkSvc
这只是微软方面的一个错误,我显然遗漏了一些东西,我已经筋疲力尽了.因此,如果有人能就我可能遗漏的内容向我提出正确的方向,我将不胜感激.
Short of this being a bug on Microsoft’ part, I am obviously missing something and I’m at the end of my rope. So if someone could nudge me in the right direction as to what I might be missing, it would be greatly appreciated.
推荐答案
问题好像是没有加载advapi32.dll.所述函数似乎假定在调用它时加载了 advapi32.dll,但显然情况并非总是如此.我仍然不知道为什么 advapi32.dll 没有自动加载,但我想这是另一个问题.
The problem seems to be that advapi32.dll is not loaded. Said function seems to assume that advapi32.dll is loaded when calling it, which apparently is not always the case. I still do not know why advapi32.dll isn't loaded automatically, but I guess that is another question.
这篇关于以 x64 为目标时关于 GetOwnerModuleFromTcpEntry 的奇怪问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!