#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    2
    Rep Power
    0

    Leaking Handles in Custom Debugger


    Hi, I am trying to code a custom debugger. So after CreateProcess(), I use WaitForDebugEvent(). I observed that in every LOAD_DLL_DEBUG_EVENT, a new file handle is created (u.LoadDll.hFile). After the process is terminated, the numerous file handles still remains. Over time, wouldn't this cause a low virtual memory?

    The code is straightforward, pasted here.

    Thanks for any help.


    Code:
    bool continueDebugging = true;
    
    if ( CreateProcess( NULL, szProcCmd, NULL, NULL, FALSE, CREATE_NEW_CONSOLE|DEBUG_PROCESS, NULL,	NULL, &si, &pi) ) 
    {
    	while (continueDebugging )
    	{
    		memset (&DebugEvent, 0, sizeof(DEBUG_EVENT));
    		if(WaitForDebugEvent(&DebugEvent, 1000)) 
    		{
    
    			if (DebugEvent.dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT)
    			{
    				continueDebugging = false;
    			}
    			else if (DebugEvent.dwDebugEventCode == CREATE_THREAD_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == LOAD_DLL_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == UNLOAD_DLL_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == RIP_EVENT)
    			{
    				//do something
    			}
    			else if (DebugEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
    			{
    				//do something
    			}
    			else 
    			{
    				//"Undefined Event!!
    			}
    				
    			ContinueDebugEvent( DebugEvent.dwProcessId, DebugEvent.dwThreadId, DBG_CONTINUE);
    		}
    	}
    
    	DebugActiveProcessStop(pi.dwProcessId);
    	TerminateProcess(pi.hProcess, );
    		
    	CloseHandle(pi.hThread);
    	CloseHandle(pi.hProcess);
    }
  2. #2
  3. No Profile Picture
    I haz teh codez!
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2003
    Posts
    2,555
    Rep Power
    2338
    Well, reading the docs:

    The DEBUG_EVENT structure contains a LOAD_DLL_DEBUG_INFO structure. This structure includes a handle to the newly loaded DLL, the base address of the DLL, and other information that describes the DLL. The debugger should close the handle to the DLL handle while processing LOAD_DLL_DEBUG_EVENT.
    Emphasis mine
    I ♥ ManiacDan & requinix

    This is a sig, and not necessarily a comment on the OP:
    Please don't be a help vampire!
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    2
    Rep Power
    0
    Thank you very much for your reply. I missed that somehow. :)
    Last edited by $angela; September 1st, 2012 at 10:47 AM. Reason: Marked as closed

IMN logo majestic logo threadwatch logo seochat tools logo