Exception thrown at 0x76f96a35 (ntdll.dll) in xxx.exe: 0xc0000005: access violation writing location

Question

3.00/5 (2 votes)

See more:

my application is crashing with the error
Exception thrown at 0x76F96A35 (ntdll.dll) in xxx.exe: 0xC0000005: Access violation writing location 0x00000014. at line

DWORD dwRetVal = GetTcpTable2(*table, ¤tTableSize, FALSE);

What I have tried:

here is my code

C++

DWORD GetPacketFromProcess(uint16_t localPort, uint32_t localV4Address, PMIB_TCPTABLE2* table, DWORD& currentTableSize)
                {
                    // We deliberately never permanently free the table on purpose. Eventually, this table will
                    // reach a size where reallocations don't happen anymore, and we can recycle it.
                    
                    if (currentTableSize == 0 )
                    {
                        currentTableSize = sizeof(MIB_TCPTABLE2);
                        *table = static_cast<PMIB_TCPTABLE2>(malloc(currentTableSize));
                    }

                    if (*table == nullptr)
                    {
                        currentTableSize = 0;
                        LogError(u8"GetPacketFromProcess(uint16_t, uint32_t, PMIB_TCPTABLE2, DWORD&) - Failed to initialize table.");
                        return 0;
                    }

                    // Exception here
                    //Exception thrown at 0x76F96A35 (ntdll.dll) in xxx.exe: 0xC0000005: Access violation writing location 0x00000014.
                    DWORD dwRetVal = GetTcpTable2(*table, ¤tTableSize, FALSE);
                    


                        if (dwRetVal  == ERROR_INSUFFICIENT_BUFFER)
                        {
                            free(*table);
                            *table = nullptr;

                            *table = static_cast<PMIB_TCPTABLE2>(malloc(currentTableSize));

                            if (*table == nullptr)
                            {
                                currentTableSize = 0;
                                LogError(u8"GetPacketFromProcess(uint16_t, uint32_t, PMIB_TCPTABLE2, DWORD&) - Failed to resize table.");
                                return 0;
                            }

                            dwRetVal = GetTcpTable2(*table, ¤tTableSize, FALSE);
                        }

                        if (dwRetVal == NO_ERROR)
                        {
                            // Table members, spare things like dwOwningPid, are in network order aka big endian.
                            for (DWORD i = 0; i < (*table)->dwNumEntries; ++i)
                            {
                                // The reason why we accept zero as the address is that it is equal to "0.0.0.0:PORT", so
                                // it counts.
                                if ((*table)->table[i].dwLocalAddr == localV4Address) // (*table)->table[i].dwLocalAddr == 0 && localV4Address == 0 || 
                                {
                                    // See https://msdn.microsoft.com/en-us/library/windows/desktop/aa366909(v=vs.85).aspx
                                    // Upper bits may contain junk data.
                                    if (((*table)->table[i].dwLocalPort & 0xFFFF) == localPort)
                                    {
                                        return (*table)->table[i].dwOwningPid;
                                    }
                                }
                            }
                            

                        }
                        else
                        {
                            LogError(u8"GetPacketFromProcess(uint16_t, uint32_t, PMIB_TCPTABLE2, DWORD&) - Failed to populate table.");

                            if (*table != nullptr)
                            {
                                free(*table);
                                *table = nullptr;
                            }

                            currentTableSize = 0;
                        }
                    
                                        
                    LogError("GetPacketFromProcess(uint16_t, uint32_t, PMIB_TCPTABLE2, DWORD&) - Default. Assuming SYSTEM process.");
                    return 4;
                }

iam calling this function in a loop it is reading data from network, plz help

Posted 9-Aug-19 0:55am

Member 14087451

Updated 9-Aug-19 6:34am

Add a Solution

Comments

jeron1 9-Aug-19 10:06am

Is ¤tTableSize correct? I don't see it initialized. What's that funky character (¤)?

Member 14087451 12-Aug-19 1:46am

Sir that is ampersand character, GetTcpTable2 return table and its size

jeron1 12-Aug-19 11:30am

This (&) is an ampersand, this (¤) is not.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Stefan_Lang · Answer 1 · 2019-08-09T04:47:00

The error message tells you that the program is trying to write to the address 0x14, which is obviously an invalid address to write to. Being so close to 0, the reason for this address is most likely that you passed an invalid pointer to GetTcpTable2 which is using it as a base address to some struct and then trying to write to some member of that struct which should be located at [base address + 20 bytes] (hex 0x14).

See GetTcpTable2 function (iphlpapi.h) | Microsoft Docs[^] : You need to pass two pointers: the first to a TCP Table struct that is supposed to hold the info that is retrieved, the second a pointer to a variable holding the size of the buffer you passed in the first parameter.

The parameters you are actually passing are *table and ¤tTableSize - the first is a dereference from a variable that may or may not be a pointer, but most probably it's not a pointer. The second is... well, no idea until you fix that obvious typo you have here. Check the example code on the site I linked above for reference, then it shouldn't be so hard to resolve this.

OriginalGriff · Answer 2 · 2019-08-09T01:14:00

UNfortunately, we can't help - this is going to depend on your data as well as your code and we don't have any access to that!

So, it's going to be up to you.
Fortunately, you have a tool available to you which will help you find out what is going on: the debugger. How you use it depends on your compiler system, but a quick Google for the name of your IDE and "debugger" should give you the info you need.

Put a breakpoint on the first line in the function, and run your code through the debugger. Then look at your code, and at your data and work out what should happen manually. Then single step each line checking that what you expected to happen is exactly what did. When it isn't, that's when you have a problem, and you can back-track (or run it again and look more closely) to find out why.

Sorry, but we can't do that for you - time for you to learn a new (and very, very useful) skill: debugging!

KarstenK · Answer 3 · 2019-08-09T06:34:00

It is showtime for the Debugger. Most common problem is a bug in your code. As stated before access to 0x14 is screaming for some pointer problem. Normally it means that the used pointer is zero (invalid) and the code is adding that offset for some memory access. Where that zero issue often happens when the data is not provided.

So had data arrived and copied to the target memory? Verify it in your code.

Exception thrown at 0x76f96a35 (ntdll.dll) in xxx.exe: 0xc0000005: access violation writing location

3 solutions

Solution 2

Solution 1

Solution 3

Add your solution here

Preview 0