EventCleaner icon indicating copy to clipboard operation
EventCleaner copied to clipboard
verified publisher icon QAX-A-Team

Operating Systems

Open manasmbellani opened this issue 7 years ago • 3 comments

Hi , Can I please confirm which operating systems is this tool applicable for?

I have tested on windows 7 SP1 - but I am unable to activate closehandle. The error I get is as follows:

screen shot 2018-08-01 at 4 25 49 pm

manasmbellani avatar Aug 01 '18 06:08 manasmbellani

this bug has been fixed.

liuxigu avatar Sep 07 '18 11:09 liuxigu

Hi, I am sorry - I am still getting the exact same error - same screenshot. =(

manasmbellani avatar Sep 07 '18 14:09 manasmbellani

I have tried to debug the code. It appears that function "fn_enum_process_thread" is not adding eventlog threads to manipulate in the threads vector when "closehandle" param which is why we get subscript out of range error.

The code to identify the services associated with a given thread and populate the threads vector when the servicename matches "eventlog" as performed by "fn_get_service_name" is always returning FALSE - the "tagQuery.pBuffer" in lstrcmpi on line 80 in function "fn_get_service_name" is always a comparison with an empty string - this means that no eventlog related threads running under the svchost.exe process are identified.

I am not sure why tagQuery.pbuffer is empty as the code to get service tags and get service name seems ok =( . I am using Windows 7 SP1 and debugging in Visual Studio 2017

@liuxigu Your assistance in fixing or guidance would be really appreciated! Thank you.

manasmbellani avatar Sep 07 '18 17:09 manasmbellani