[SOLVED] Weird issue regarding GetOwnerModuleFromTcpEntry when targeting x64

Weird issue regarding GetOwnerModuleFromTcpEntry when targeting x64

Since I am a first time poster, I do apologize if I unintentionally left out any key piece of information, but here it goes.

Background: I am doing some testing to find out what the undocumented member array ‘OwningModuleInfo’ in MIB_TCPROW_OWNER_MODULE is and how it aid said function in determining what process owns the TCP endpoint. I have reached the conclusion that the first item in the array is the index of the service in the list of running services, which brings us to the weird issue. I am using Visual Studio 2012 (update 3) on Windows 7. The test app is running under UAC = requireAdministrator (asInvoker produces the same result, however).

Problem: When I target x64, then for some entries in the tcp table, GetOwnerModuleFromTcpEntry fails and returns “126 - The specified module could not be found.”. When I target Win32, this problem disappears. Since I know that this only happens when the entry is owned by a service, I tried the following dummy call just before the call to my test function (now targeting x64):

SC_HANDLE serviceManager = OpenSCManager(
    NULL,
    NULL,
    SC_MANAGER_ENUMERATE_SERVICE);

CloseServiceHandle(serviceManager);

MyTestFunction(); // Prints the TCP table along with owner information

Now, it works just fine. Take the call to OpenSCManager away again, and it fails. Tell me that this is not really messed up?

I have reviewed every compiler and linker setting I could find.
I have double checked so I am linking to the proper libraries.
I created a C++/CLI version with identical code, which works fine both for Win32 and x64.
- Checked for memory/alignment/pointer issues.

Sample output from test run without dummy call

Pid:   2896
Owner: Skype.exe

Pid:   848
Owner: Error 126 - The specified module could not be found.

Pid:   2896
Owner: Skype.exe

Pid:   3756
Owner: Error 126 - The specified module could not be found.

With dummy call

Pid:   2896
Owner: Skype.exe

Pid:   848
Owner: RpcSs

Pid:   2896
Owner: Skype.exe

Pid:   3756
Owner: WMPNetworkSvc

Short of this being a bug on Microsoft’ part, I am obviously missing something and I’m at the end of my rope. So if someone could nudge me in the right direction as to what I might be missing, it would be greatly appreciated.

Solution

The problem seems to be that advapi32.dll is not loaded. Said function seems to assume that advapi32.dll is loaded when calling it, which apparently is not always the case. I still do not know why advapi32.dll isn't loaded automatically, but I guess that is another question.

See this thread on the MSDN forum.