Certified for Windows Vista logo: Test Case FAQ - Test Case 32 – On Service - Windows Vista : Application Certification and Compatibility - Site Home

Test Case 32: Verify that the application’s UI thread only handles exceptions that are known and expected (Req:3.2)

Question: Is service applicable for test case 32?

Answer: Yes, it is. However /ui option will not be applicable here if there is no UI thread there. So the thread hijacker command may look like Threadhijacker.exe /crash:av /process:<process name>. You can also use /tid to inject AV to the active thread of the service.

Question: How do I identify the tid# of an executable?

Answer: You can use Process Explorer for Windows v10.21 to perform this action. It can be downloaded here, http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

Start process explorer. Browse to the desired application. Right click on the exe and select properties. Select the threads tab. Select one of the entries under Start Address. The tid number is displayed under Thread ID.

Question: How do I inject a crash once I have the thread id?

Answer: Use the following command.

Threadhijacker.exe /tid:<Thread Id> /crash:av /process:<process name>

Question: Threadhijacker is failing to crash my application/service.

ERROR HijackThread; Could not Open Thread; hr=80070005; Error 0x80070005. What can I do?

Answer: You can use /debug option as threadhijacker.exe /debugpriv /tid:<your active thread's id>.

However, the thread cannot be in a WAIT state when you inject the crash. Therefore, you need to have threadhijacker inject the crash when the thread is ACTIVE.

So, you may need to use threadhijacker in a loop so that it can ultimately inject the crash when the thread becomes active. You can write a simple batch file for the purpose.

You can start the script and then perform an action to get the thread out of a wait state. Here’s the sample script. Put it in a .bat file called LoopTH.
$Text Box: :TH "C:\Program Files\Microsoft Corporation\Logo Testing Tools for Windows\ThreadHijacker\x86\threadhijacker.exe" /tid:%2 /crash:av /process:%1 PING 1.1.1.1 -n 1 -w 1000 > NUL goto TH$

Here’s the usage:
Usage: LoopTH <service process name> <Thread ID>
e.g.: LoopTH mobsync.exe 5630

Note: Make sure to run it from an elevated command prompt (Right click CMD and “Run as Administrator). Kill the script after the AV occurs.
The ping command is just a way to delay the loop for 1 second. It pings an invalid address with a wait of 1000 milliseconds. This can be adjusted as needed.

In another way, you can try to find the ACTIVE thread and crash the same instead of the service. To find the active thread, you can put debug output in your service to tell you the OS Thread ID of an ACTIVE thread in your app after it starts up (you can get this value using GetCurrentThreadID()). Then use threadhijacker as threadhijacker.exe /debugpriv /tid:<your active thread's id>, you should see the WER crash.

You’ll find similar discussion in MSDN forum at

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1597915&SiteID=1 and

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1804675&SiteID=1