Windows error 0x0000002D, 45

Detailed Error Information

SCSI_DISK_DRIVER_INTERNAL[1]

This is a Blue Screen of Death stop code. More information is available in the Knowledge Base article Bug Check 0x2D: SCSI_DISK_DRIVER_INTERNAL.

HRESULT analysis[2]

This is probably not the correct interpretation of this error. The Win32 error above is more likely to indicate the actual problem.
FlagsSeveritySuccess

This code indicates success, rather than an error. This may not be the correct interpretation of this code, or possibly the program is handling errors incorrectly.

Reserved (R)false
OriginMicrosoft
NTSTATUSfalse
Reserved (X)false
FacilityCode0 (0x000)
NameFACILITY_NULL[2][3]
DescriptionThe default facility code.[2][3]
Error Code45 (0x002d)

Possible solutions

5

lldb finding exit point of app

c
assembly
lldb

For those interested, a different take on this answer can be found here.


What happens here?

Most likely you are dealing with an anti-debug technique like this one:

ptrace(PT_DENY_ATTACH, 0, NULL, 0);

The basic idea is that only one process can ptrace another at the same time, in particular the PT_DENY_ATTACH option makes sure that the tracee exits with the ENOTSUP (45) status. See man ptrace about PT_DENY_ATTACH:

This request is the other operation used by the traced process; it allows a process that is not currently being traced to deny future traces by its parent. All other arguments are ignored. If the process is currently being traced, it will exit with the exit status of ENOTSUP; otherwise, it sets a flag that denies future traces. An attempt by the parent to trace a process which has set this flag will result in a segmentation violation in the parent.

For what concerns the 45, take a look at /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/errno.h:

#define ENOTSUP     45      /* Operation not supported */

How to reproduce this?

It is trivial to write a program that exhibits the same behavior:

#include <stdio.h>
#include <sys/types.h>
#include <sys/ptrace.h>

int main() {
    printf("--- before ptrace()\n");
    ptrace(PT_DENY_ATTACH, 0, NULL, 0);
    perror("--- ptrace()");
    printf("--- after ptrace()\n");
    return 0;
}

Compile with:

clang -Wall -pedantic ptrace.c -o ptrace

Simply running it will exit successfully, but trying to debug it will yield the following result:

(lldb) r
Process 4188 launched: './ptrace' (x86_64)
--- before ptrace()
Process 4188 exited with status = 45 (0x0000002d)

Since this example is pretty small it is possible to step until the syscall instruction:

(lldb) disassemble
libsystem_kernel.dylib`__ptrace:
    0x7fff6ea1900c <+0>:  xorq   %rax, %rax
    0x7fff6ea1900f <+3>:  leaq   0x394f12f2(%rip), %r11    ; errno
    0x7fff6ea19016 <+10>: movl   %eax, (%r11)
    0x7fff6ea19019 <+13>: movl   $0x200001a, %eax          ; imm = 0x200001A
    0x7fff6ea1901e <+18>: movq   %rcx, %r10
->  0x7fff6ea19021 <+21>: syscall
    0x7fff6ea19023 <+23>: jae    0x7fff6ea1902d            ; <+33>
    0x7fff6ea19025 <+25>: movq   %rax, %rdi
    0x7fff6ea19028 <+28>: jmp    0x7fff6ea10791            ; cerror
    0x7fff6ea1902d <+33>: retq
    0x7fff6ea1902e <+34>: nop
    0x7fff6ea1902f <+35>: nop
(lldb) s
Process 3170 exited with status = 45 (0x0000002d)

So it is the kernel code that kills the process, but without a signal or a proper exit syscall. (TIL this and it still blows my mind.)

Which syscall is executed is determined by the value of the EAX register, in this case 0x200001A which it may seem strange because the ptrace syscall number is just 26 (0x1a), see syscalls.master:

26  AUE_PTRACE  ALL { int ptrace(int req, pid_t pid, caddr_t addr, int data); }

After some digging I come up with syscall_sw.h:

#define SYSCALL_CONSTRUCT_UNIX(syscall_number) \
            ((SYSCALL_CLASS_UNIX << SYSCALL_CLASS_SHIFT) | \
             (SYSCALL_NUMBER_MASK & (syscall_number)))

Doing the math the result is 0x200001A

Why does dtruss not trace the ptrace syscall?

Using dtruss seems like a good idea, unfortunately it does not report the ptrace syscall (my understanding is that it fails to do that since the ptrace syscall does not returns in this case).

Fortunately you can write a DTrace script to log a syscall once it is entered (i.e., not after it returns). To trigger the behavior, the program must be started from lldb:

$ lldb ./ptrace
(ldlb) process launch --stop-at-entry

Note the PID then:

sudo dtrace -q -n 'syscall:::entry /pid == $target/ { printf("syscall> %s\n", probefunc); }' -p $PID

Finally continue in lldb, the result should be:

[...]
syscall> sysctl
syscall> csops
syscall> getrlimit
syscall> fstat64
syscall> ioctl
syscall> write_nocancel
syscall> ptrace

Possible solutions

Now it would be nice to break just before the ptrace syscall and find the program code that calls it or just skip it for the current debugging session (LLDB: thread jump -a ADDRESS).

Of course one could attempt to break on the ptrace library call, but if this is really and anti-debug attempt chances are that the actual call is performed in an asm block, thus the above breakpoint would never trigger.

A possible solution could be to use DTrace to place a breakpoint before the syscall but this requires to have the System Integrity Protection disabled so I didn't try.

Alternatively one could print the userland stacktrace with the ustack() function:

sudo dtrace -q -n 'syscall:::entry /pid == $target && probefunc == "ptrace"/ { ustack(); }' -p $PID
answered on Stack Overflow Dec 11, 2017 by cYrus • edited Feb 25, 2018 by cYrus
4

How can I use a DLL from Python

python
dllimport
ctypes

To make things easier, more Pythonic, you might want to look into ctypesgen:

http://code.google.com/p/ctypesgen/

It will generate proper wrapper functions, data types and such for you. If you just want to know how to use ctypes, might as well start with the tutorial:

http://docs.python.org/library/ctypes.html

Anything more specific and I'll have to read the API for the DLL you're attempting to use.

answered on Stack Overflow Feb 23, 2011 by Jeremy Whitlock
1

datatable not accepting the value of varbinary

c#
asp.net
sql-server
database
datatable

The equivalent type for varbinary in C# is byte[], not string. Also, as Hogan said, AddWithValue tries to assume a data type. Instead, you can make it explicit:

sqlCmd.Parameters.Add("buF", SqlDbType.VarBinary, -1).Value = yourByteArray;

The -1 for length corresponds to varbinary(max).

answered on Stack Overflow Nov 24, 2009 by RickNZ
1

datatable not accepting the value of varbinary

c#
asp.net
sql-server
database
datatable

It would be better to work with the binary data as byte[] and not use strings and string conversions if you don't have to. Here is a complete example that should work to demonstrate how to read and query varbinary(max) types.

static void Test(SqlConnection openConnection)
{
    using(SqlCommand cmd = openConnection.CreateCommand())
    {
        cmd.CommandText =
            @"create table #Test 
            (bin varbinary(max), num int);
            insert into #Test (bin, num) 
            values (0x0000002D, 1);";
        cmd.ExecuteNonQuery();

        cmd.CommandText = "SELECT TOP 1 bin FROM #Test;";
        byte[] binValue = (byte[])cmd.ExecuteScalar();

        cmd.CommandText = "SELECT * FROM #Test WHERE bin = @bin;";
        var parameter = new SqlParameter("@bin", SqlDbType.VarBinary, -1);
        cmd.Parameters.Add(parameter);
        parameter.Value = binValue;

        DataTable table = new DataTable();
        using (var reader = cmd.ExecuteReader())
        {
            table.Load(reader);
        }

        Debug.Assert(table.Rows.Count == 1);
    }
}
answered on Stack Overflow Feb 26, 2010 by Ross Bradbury
1

How can I use a DLL from Python

python
dllimport
ctypes

The function being exported is a class member function of the class EClientSocket. You're attempting to call that function from Python without passing in an EClientSocket pointer as the this parameter; furthermore, ctypes doesn't know anything about the __thiscall calling convention, so even if you did pass in an EClientSocket instance, it would be on the stack instead of in the ECX register.

The only real solution to this would be to export a C wrapper from your DLL that forwards the call to eConnect. For example:

extern "C" DLLEXPORT
bool EClientSocket_eConnect(EClientSocket *This, const char *host, UINT port, int clientId)
{
    return This->eConnect(host, port, clientId);
}

However, even in that case, you have to be extra-careful on the Python side to construct an appropriate EClientSocket instance. I'd strongly recommend reconsidering your approach here.

answered on Stack Overflow Feb 23, 2011 by Adam Rosenfield
0

lldb application on mac os

macos
lldb

Looks like your process exited (with status 45) without putting up any GUI. Try setting a breakpoint on exit:

(lldb) break set -n exit

before you run, then run and you should hit the breakpoint. Looking at the backtrace at that point might show you why it was exiting prematurely.

BTW, if you are familiar with gdb, this page might be helpful:

http://lldb.llvm.org/lldb-gdb.html

answered on Stack Overflow Jan 9, 2015 by Jim Ingham
0

C++ WriteProcessMemory makes MessageBox crash the programm

c++
memory
crash
release
messagebox

It is very simple...

Whoever calls LoadLibrary, will crash. Why MessageBox causes loading a DLL? No idea... maybe it wants to load some resource DLL for the icon.

(by Pavel A)


I'll try to replace the LdrLoadDll function with a function, which checks every loaded dll with GetModuleHandle. (I dont know if this is possible!)

Edit: For those, who wants to know: The MessageBox(...); loads

"C:\WINDOWS\system32\uxtheme.dll"

!

answered on Stack Overflow Jan 26, 2015 by lolxdfly • edited Jan 28, 2015 by lolxdfly
0

Strange stack trace in Windows Phone 8

windows-phone-8
crash-dumps

In your case finding the Solution would be needed lots of surfing through sites and Search for the Description of Error codes and find solution for it or You can simply Analyze crash reports. you’ll receive a certification report that contains additional files that you can use to identify what happened. Depending on the type of error that occurred, you’ll receive either A crash dump file or An ErrorInfo file. To examine these files, Dev centre recommend that you use either Microsoft Visual Studio or the Windows Debugger Tools. Have Look over here Analyzing crash reports and Improving apps with Quality reports. Hope this help you out.

answered on Stack Overflow Jun 24, 2014 by A B
0

How can I use a DLL from Python

python
dllimport
ctypes

Consider looking into IronPython. It makes it easier to call on DLL files.

answered on Stack Overflow Feb 23, 2011 by inspectorG4dget
0

How can I use a DLL from Python

python
dllimport
ctypes

There is also Boost::Python

answered on Stack Overflow Feb 23, 2011 by Fábio Diniz
0

How can I use a DLL from Python

python
dllimport
ctypes

Thanks for your answers everyone. I took Adam's advise and reconsidered my approached. As I do not know know c++, it was a bad idea from the start.

There is an alternative API in R (not official) which is built on top of the official Java API. It is then quite easy to link R and Python using rPy2.

answered on Stack Overflow Feb 24, 2011 by Sam
0

Adding a property on Aspose.Email and reading it on Interop.Outlook.MailItem

c#
outlook
aspose

If a property is set on an item on the MAPI level (where all the properties are stored in Outlook), it can be accessed using MailItem.PropertyAccessor.GetProperty. To figure out the DASL property name (to be used in GetProperty) and to check if the property is really there, take a look at the message with OutlookSpy (click IMessage button).

0

Application Verifier reports access violation in call to ShellExecuteEx

winapi
windows-shell
application-verifier

As @RaymondChen said, it's a bug in Windows 10.

Raymond's too modest to accept reputation; so i use his answer as my own.

answered on Stack Overflow Jun 28, 2018 by Ian Boyd
0

Hunting memory leaks

com
memory-leaks

There is a nice guide about this in MSDN: Memory Leak Detection Enabling

answered on Stack Overflow Nov 16, 2009 by icefex
0

datatable not accepting the value of varbinary

c#
asp.net
sql-server
database
datatable

AddWithValue makes a parameter of the type it sees. When you pass a long it uses a number, when a string it uses the ascii. Try this: sqlCmd.Parameters.AddWithValue("buF",long.Parse(buF));

answered on Stack Overflow Nov 24, 2009 by Hogan

Comments

Leave a comment

(plain text only)

Sources

  1. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-code-reference2
  2. https://msdn.microsoft.com/en-us/library/cc231198.aspx
  3. winerror.h from Windows SDK 10.0.14393.0

User contributions licensed under CC BY-SA 3.0