Getting handle information with MiniDump causes ArgumentException

Question

I am trying to get minidump information about handles of some process. I am getting a List of handles of type MINIDUMP_HANDLE_DESCRIPTOR_2 and I am trying to read the info about the handle which I can access with ObjectInfoRva.

However, I always get this exception:

System.ArgumentException occurred HResult=-2147024809 Message=Not enough space available in the buffer. Source=mscorlib

That's my method

public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva)
{
    try
    {
        DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = default(DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION);
        byte* baseOfView = null;
        _safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);

        IntPtr position = new IntPtr(baseOfView + rva);

        result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>((ulong)position);
        return result;
    }
    finally
    {
        _safeMemoryMappedViewHandle.ReleasePointer();
    }
}

MINIDUMP_HANDLE_DESCRIPTOR_2 declaration:

 public struct MINIDUMP_HANDLE_DESCRIPTOR_2
{
    public UInt64 Handle;
    public uint TypeNameRva;
    public uint ObjectNameRva;
    public UInt32 Attributes;
    public UInt32 GrantedAccess;
    public UInt32 HandleCount;
    public UInt32 PointerCount;
    public uint ObjectInfoRva;
    public UInt32 Reserved0;
}

The _safeMemoryMappedViewHandle is initialized - that's how I've got the handles list in the first place.

What am I doing wrong?

Micro-optimizing this code does not help you get it right, very little reason to avoid just a plain FileStream. You are probably not walking the MINIDUMP_DIRECTORY correctly and got an invalid RVA. The difference between a 32-bit and a 64-bit minidump might be one reason. Or got a plain MINIDUMP_HANDLE_DESCRIPTOR, not the extended version, so bomb on the non-existing ObjectInfoRva. Impossible to tell from the snippet. Add more Debug.Assert() so you can catch a bad RVA before it turns into a hard-to-diagnose exception. — Hans Passant, Jan 30 '16 at 09:10
How can I know that the rva that I get is a bad one? Currently I am working on x86 only... — Pavel Durov, Jan 30 '16 at 12:08

score 0 · Accepted Answer · answered Jan 30 '16 at 13:52

The problem was with the baseOfView pointer - I didn't calculated it right. I needed the set the offset accordingly to the base stream address...

Here is a version of ReadInfo function which worked for me eventually:

public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva, IntPtr streamPtr)
{
    DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = new DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION();

    try
    {
        byte* baseOfView = null;
        _safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
        ulong offset = (ulong)streamPtr - (ulong)baseOfView;
        result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>(offset);
    }
    finally
    {
        _safeMemoryMappedViewHandle.ReleasePointer();
    }

    return result;
}

Getting handle information with MiniDump causes ArgumentException

1 Answers1