All geek questions in one place

CreateProcess STATUS_DLL_NOT_FOUND - which DLL?

I have a process that calls CreateProcess . It appears that CreateProcess returns a nonzero success metric. However, the HANDLE for the process is then immediately installed, indicating that the process has exited. When I call GetExitCodeProcess , STATUS_DLL_NOT_FOUND returned.

I understand that the dll is missing. I even know exactly which one. However, I do not understand how to understand this programmatically.

I noticed that Windows will present a dialog saying that the process did not start because it could not find the specified DLL (screenshot: http://www.mediafire.com/view/?kd9ddq0e2dlvlb9 ). In the dialog box, Windows indicates which DLL is missing. However, I find no way to get this information myself.

If the process does not start and returns STATUS_DLL_NOT_FOUND , how do I programmatically get the name of the library with which the target process was associated that could not be found? Thus, I can automatically write in the error message that the DLL seems to be missing or damaged in this installation.

+8
source share
5 answers

CreateProcess returns 0, indicating success.

CreateProcess() returns a BOOL , where 0 is FALSE , and also failure.

If the process does not start and returns STATUS_DLL_NOT_FOUND, how do I programmatically get the name of the library with which the target process was associated that could not be found?

Unfortunately, there is no API for this. The only option would be to manually access and enumerate the IMPORTS executable table to find out which DLLs they use, and then recursively access and list their IMPORTS tables by manually checking each found DLL link to see if that DLL exists in the search path OS or not.

+4
source

If the dll is statically linked, you can go through iat and see if the dll exists. If the dll dynamically loads, then the start of the process is suspended and the interception of the LoadLibrary (or instead of intercepting the emulation of the debugger) is the only way I can see.

+2
source

Very complicated way: Parsing .EXE and .DLL files and creating a dependency tree of .DLL files.

I don’t think there is a way to get a list of DLL files that are missing: When Windows detects one missing DLL file, it stops loading, so if one DLL file is missing, you won’t know that there are no more DLL files.

Another problem that may arise is that older versions of the DLL may not have an “export” (function). This is even harder to detect than a dependency tree.

+1
source

Found the answer to another post: fooobar.com/questions/34651 / ...

He says to use the Visual Studio command line (in Tools) and the command:

 dumpbin /dependents my-app.exe
+1
source

The best way is to use the bootloader snap-in. Basically you use gflags.exe (which is included with windbg) to enable bootloader bindings; then start the process with the debugger connected. Loader bindings will allow the loader to print process dbg messages and print failures.

 gflags.exe -i yourcode.exe +sls windbg yourcode.exe

I know that this is not a “software” way to find out the problem, but what the bootloader does is difficult, and you really do not want to redo its logic to find the error. This is why the bootloader snap-in was invented.

0
source

Source: https://habr.com/ru/post/952242/

More articles:


All Articles