I’m trying to create a process with DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS flags.
For some reason when I try to use method such as “GetModuleFileNameExA” I get the “ERROR_INVALID_HANDLE” error.
I know my process handle is correct, but it happens even if I call the method like so:
GetModuleFileNameExA(processHandle, NULL ,moduleFileName, sizeof(moduleFileName));
which is supposed to give the name of the main module of the process.
I read in MSDN that the flags: PROCESS_VM_READ and PROCESS_QUERY_INFORMATION are required on that process creation but I tried it together with DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS and it didn’t help.
When I attach my program to a running process it works fine.
what am I doing wrong?
If successful, the handle returned by CreateProcess has
PROCESS_ALL_ACCESS, so that’s not the problem.What is a problem is that right after CreateProcess Windows hasn’t performed initialization yet, and thus not set up the module list. Trying to query the debuggee’s modules (even the main module) will fail at that point, no matter what interface you use (Toolhelp, psapi, kernel32).
Your best bet is to wait for
CREATE_PROCESS_DEBUG_EVENTand query then.If you need names of loaded DLLs, you will have to wait for them to load and receive
LOAD_DLL_DEBUG_EVENT. Last time I checked on XP, they cant be queried here either, you will have to wait for the next debug event for that information to be available.Maybe resorting to native NT API might help, or it might be fixed on Vista and up.
Out of curiosity, why do you need the module file name when you clearly have it when calling CreateProcess?