CopyMemory API Call

[BrianLW]

I have written a terminal services monitor program used to moniter certain users and the tasks that are running. The program seems to 'fall out' at random times. I think I have pinpointed the problem down to the CopyMemory (rtlMoveMemory) API. I hope somebody can help.

Public Function GetWTSQueryName(ByVal SessionID As Long) As String

    gstrModuleName = "GetWTSQueryName"
    WriteLog gstrModuleName
    
    Dim lngReturn As Long
    Dim p_lngBuffer As Long
    Dim lngCount As Long
    Dim lngPointer As Long
    Dim lngSize As Long
    
    Dim WTSQueryName As WTS_CLIENT_NAME
    
    Dim strMsg As String
    
    ' **** Setup Error Handling ****
    On Error GoTo errHandler
    
    ' **** API Call ****
    lngReturn = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SessionID, WTSUserName, p_lngBuffer, lngCount)
    
    If lngReturn Then
    
        ' **** WTSEnumerateProcesses was successful ****
        lngPointer = p_lngBuffer
        
        lngSize = LenB(WTSQueryName)
        
        If lngSize > 0 Then
        
            WriteLog gstrModuleName & " CopyMemory"
            CopyMemory WTSQueryName, ByVal lngPointer, lngSize
            
        End If
        
        ' **** Free the memory buffer ****
        WriteLog gstrModuleName & " FreeMemory"
        WTSFreeMemory p_lngBuffer
        
     Else
        ' **** Error Message ****
        strMsg = "An error occurred in GetWTSQueryName." & vbCrLf & "Error Number: " & Err.LastDllError
        
        ' **** Write to the log ****
        WriteLog strMsg
        
        ' **** Let the user know ****
        MsgBox strMsg, vbCritical + vbOKOnly, "CareMedic Systems, Inc."
    End If
    
    GetWTSQueryName = Trim(WTSQueryName.TNAME)
    
    Exit Function

errHandler:
    Select Case Err.Number
        Case 0
            Exit Function
        Case Else
            ' **** Error Message ****
            strMsg = "An error occurred in GetWTSQueryName." & vbCrLf & "Error Number: " & Err.Number
            
            ' **** Write to the log ****
            WriteLog strMsg
            
            ' **** Let the user know ****
            MsgBox strMsg, vbCritical + vbOKOnly
            Exit Function
    End Select
    
End Function

WriteLog is a sub that just writes to a text file.

Thanks for any and all help.
-B

 

[rsinj]

what caught my attention is this section:

    lngReturn = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SessionID, WTSUserName, p_lngBuffer, lngCount)
    
    If lngReturn Then
    
        ' **** WTSEnumerateProcesses was successful ****
        lngPointer = p_lngBuffer
        
        lngSize = LenB(WTSQueryName)
        
        If lngSize > 0 Then
        
            WriteLog gstrModuleName & " CopyMemory"
            CopyMemory WTSQueryName, ByVal lngPointer, lngSize

p_lngBuffer is the memory location where the API call put your results, and that result is of length lngCount. Now, for your CopyMemory, you have set the number of bytes you are going to copy to lngSize which you have as LenB(WTSQueryName). If you are going to do a CopyMemory from lngPointer, I think you should only be using lngCount, as that is the size that the API is telling you for the data it put there. To highlight the point - what if LenB(WTSQueryName) is greater than lngCount? You are going to be reading from some unsafe memory which is beyond the bounds of the memory block set up by your WTSQuerySessionInformation API call - easily triggering the 'fall out' you mention. Can you say "Access Violation"?