Search code examples
c#windowshandleminidumpdbghelp

Getting handles data with MiniDump (DbgHelp.h)

I am struggling with getting handles information via Minidump (DbgHelp.h).

I am getting a list of MINIDUMP_HANDLE_DESCRIPTOR_2 from mapped file stream.. Then I am getting for each descriptor a MINIDUMP_HANDLE_OBJECT_INFORMATION by using the ObjectInfoRva field.

However I cannot understand what information this MINIDUMP_HANDLE_OBJECT_INFORMATION structure gives me, I couldn't find any examples on the web for extracting a meaningful information from the MINIDUMP_HANDLE_OBJECT_INFORMATION, and the documentation is not very helpful.

How can I use MINIDUMP_HANDLE_OBJECT_INFORMATION structure data to get a a human readable data? I mean what do I need to do with it? I always get 0 at InfoType filed which means - MiniHandleObjectInformationNone.

MINIDUMP_HANDLE_OBJECT_INFORMATION struct:

public struct MINIDUMP_HANDLE_OBJECT_INFORMATION
{
    public uint NextInfoRva;
    public MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE InfoType;
    public UInt32 SizeOfInfo;
}

I've done some experiment with MINIDUMP_HANDLE_OBJECT_INFORMATION struct

When I am getting the struct, I am capable of reading a string from the RVA address with SizeOfInfo size. Here I am allays getting 'Directory' as a string on all the handles descriptors that I got...

link to doc:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680375(v=vs.85).aspx

Any help will be appreciated :)

My process, on which I am trying to apply it, uses WaitForMultipleObjects and WaitForSingleObject Kernel32 calls.

Link to my implementation:

https://github.com/Pavel-Durov/Multithreading-Debugging-Asignments/blob/master/Assignments/Assignments.Core/Handlers/MiniDumpHandler.cs

Link to WinDbg !handle command output which I execute on the same dump file: https://docs.google.com/document/d/1Hjid-2dcM0aZrg5A1p5VrCBSysU_VQhynXdBAvXV29Q/edit?usp=sharing

Maybe the issue is that I don't set a valid values for my MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE enumeration, does anyone familiar with a reliable source with this enum values declaration? I didn't found anything official.

Just to make it clear.

In WinDbj, I get the same information as I get from the MINIDUMP_HANDLE_DESCRIPTOR_2, For instance if WinDbg !handle command has this output:

Handle 00000004
  Type                   Directory
Handle 00000008
  Type                   Directory
Handle 0000000c
  Type                   Event
Handle 00000010
  Type                   Event
Handle 00000014
  Type                   File
…

I can getthe same data from the MINIDUMP_HANDLE_DESCRIPTOR_2 ObjectName and TypeName which are of MINIDUMP_STRING type.

The information that I cannot get is the one located in the MINIDUMP_HANDLE_OBJECT_INFORMATION struct. Which is not visible on the !hanlde command output.

What kind of information suppose to be located in MINIDUMP_HANDLE_OBJECT_INFORMATION ?

Solution

  • After a couple of rough hours - debugging my managed code and comparing it to C++ code examples - I found my bug with MINIDUMP_HANDLE_OBJECT_INFORMATION struct reading – I didn’t calculated the rva + baseMinidump address appropriately.

    Now it works, I am able of getting the additional information the handles :)

    Mu code can be found here: https://github.com/Pavel-Durov/Multithreading-Debugging-Asignments/blob/master/Assignments/Assignments.Core/Handlers/MiniDumpHandler.cs

    line 144, DealWithHandleInfo function