ntdll

Using the topic Overview - Handle Enumeration , number 5, the attempt Close mutex of another process and and information from Mutex analysis, the canary in the coal mine and discovering new families of malware/ , I have came up with: Attempt 1: http://pastebin.com/QU0WBgE5 You must open Notepad first. Needless to say, this is not working for me. I need better error checking to figure out what's going on. I don't know how to get mutex pointers in the format I see them in Process Explorer . My goal is to be able to delete/kill of the mutex handles created by a process so more than one instance

I have an application that I've written that crashes intermittently, but I'm unable to capture an exception at the application layer. I always get an entry in the event log but doesn't give me much info: Faulting application name: BCS-UI.exe, version: 1.0.11.0, time stamp: 0x5c0edcbd Faulting module name: ntdll.dll, version: 10.0.17134.376, time stamp: 0x4358e406 Exception code: 0xc0000374 Fault offset: 0x000d8829 Faulting process id: 0x39b0 Faulting application start time: 0x01d49161c80079a0 Faulting application path: C:\Gogs Local\SMR_Windows_UI\BCS-UI\BCS-UI\bin\Release\BCS-UI.exe Faulting

I am having trouble to get a Visual C++ executable to work, the app crashes , here is what I have seen in the event viewer. Faulting application name: submit.exe, version: 0.0.0.0, time stamp: 0x50a3cce7 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id: 0x8fc Faulting application start time: 0x01cdc2a3da4f2997 Faulting application path: c:\submit.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 1813823a-2e97-11e2-8675-000c29229191 The executable compiled in old versions of

What's the difference between the two? i.e. for finding functions such as Nt___ or Zw___ In MS Windos, there is a difference between implicit linking and explicit linking . Implicit Linking The executable is linked against the accompanying library ( .lib file) which provides the symbols exported from DLL. (The functions for import are remarked with __declspec(dllimport) .) Implicit linked DLLs are loaded with executable. Explicit Linking The program loads a DLL explicitly calling LoadLibrary() . To call functions of the DLL their address has to be determined using GetProcAddress() . However,