Crash when connecting to Bluetooth device via WinAPI Socket (Access violation reading location 0x00000004)

I think you are my last hope. I have got here a Bluetooth device (it is a sensor to be more precisely) which I want to connect to and read data from. The device offers SPP (Serial Port Profile). To avoid the problem of reliable mapping from Bluetooth addresses and virtual serial ports (COM Ports), I am going to use sockets.

Unfortunately the application always crashes before returning from WinAPI function connect(...) with: 0xC0000005: Access violation reading location 0x00000004, so I get no error code.

BUT, and that is weird, when I right-click on the Bluetooth System Tray Icon to to show available devices, my device shows up being authenticated and connected. This list was empty before, of course.

My OS is Windows 7 64 Bit, the IDE is Visual Studio 2010, Microsoft Bluetooth Stack. Code to find and connect to my only device:

#include <iostream>
#include <string>
#include <algorithm>
#include <cassert>

#define WIN32_LEAN_AND_MEAN

#include <Windows.h>
#include <BluetoothAPIs.h>
#include <Winsock2.h>
#include <Ws2bth.h>



BOOL auth_callback_ex(LPVOID pvParam, PBLUETOOTH_AUTHENTICATION_CALLBACK_PARAMS authParams)
{
    BLUETOOTH_AUTHENTICATE_RESPONSE response;
    response.bthAddressRemote = authParams->deviceInfo.Address;
    response.authMethod = authParams->authenticationMethod; // == BLUETOOTH_AUTHENTICATION_METHOD_LEGACY

    UCHAR pin[] = "1234";
    std::copy(pin, pin+sizeof(pin), response.pinInfo.pin);
    response.pinInfo.pinLength = sizeof(pin)-1; //excluding '\0'

    response.negativeResponse = false;


    HRESULT err = BluetoothSendAuthenticationResponseEx(NULL, &response);
    if (err)
    {
        std::cout << "BluetoothSendAuthenticationResponseEx error = " << err << std::endl;
    }

    return true;
}


int main()
{
    BLUETOOTH_DEVICE_SEARCH_PARAMS btSearchParams;

    btSearchParams.dwSize = sizeof(BLUETOOTH_DEVICE_SEARCH_PARAMS);
    btSearchParams.cTimeoutMultiplier = 5;  //5*1.28s search timeout
    btSearchParams.fIssueInquiry = true;    //new inquiry

    //return all known and unknown devices
    btSearchParams.fReturnAuthenticated = true;
    btSearchParams.fReturnConnected = true;
    btSearchParams.fReturnRemembered = true;
    btSearchParams.fReturnUnkno开发者_Python百科wn = true;

    btSearchParams.hRadio = NULL;   //search on all local radios



    BLUETOOTH_DEVICE_INFO btDeviceInfo;
    ZeroMemory(&btDeviceInfo, sizeof(BLUETOOTH_DEVICE_INFO));   //"initialize"

    btDeviceInfo.dwSize = sizeof(BLUETOOTH_DEVICE_INFO);

    HBLUETOOTH_DEVICE_FIND btDeviceFindHandle = NULL;

    btDeviceFindHandle = BluetoothFindFirstDevice(&btSearchParams, &btDeviceInfo);
    if(btDeviceFindHandle)
    {

        HBLUETOOTH_AUTHENTICATION_REGISTRATION authCallbackHandle = NULL;

        DWORD err = BluetoothRegisterForAuthenticationEx(&btDeviceInfo, &authCallbackHandle, &auth_callback_ex, NULL);


        if (err != ERROR_SUCCESS)
        {
            DWORD err = GetLastError();
            std::cout << "BluetoothRegisterForAuthentication Error" << err << std::endl; 
        }

        /////////////// Socket
        WSADATA wsaData;
        err = WSAStartup(MAKEWORD(2,2), &wsaData);
        if (err)
        {
            std::cout << "WSAStartup error = " << err << std::endl;
        }


        // create BT socket
        SOCKET s = socket (AF_BTH, SOCK_STREAM, BTHPROTO_RFCOMM);
        assert(s != INVALID_SOCKET);    //WSAGetLastError //throw // runtime check release?

        SOCKADDR_BTH btSockAddr;
        btSockAddr.addressFamily = AF_BTH;
        btSockAddr.btAddr = btDeviceInfo.Address.ullLong;
        btSockAddr.serviceClassId = RFCOMM_PROTOCOL_UUID; //SerialPortServiceClass_UUID (no difference)
        btSockAddr.port = BT_PORT_ANY;


        err = connect(s, reinterpret_cast<SOCKADDR*>(&btSockAddr), sizeof(SOCKADDR_BTH));

        /* <--- never got so far --> */

        if (err)
        {
            DWORD wsaErr = WSAGetLastError();
            std::cout << "connect error = " << wsaErr << std::endl;

        }
        else
        {
            //err = shutdown(s, SD_BOTH);

            err = closesocket(s);
            if (err)
            {
                std::cout << "closesocket error = " << err << std::endl;
            }
        }

        WSACleanup();
        ///////////////Socket


        BOOL ok = BluetoothUnregisterAuthentication(authCallbackHandle);
        if (!ok)
        {
            DWORD err = GetLastError();
            std::cout << "BluetoothUnregisterAuthentication Error" << err << std::endl; 
        }



        ok = BluetoothFindDeviceClose(btDeviceFindHandle);
        if (!ok)
        {
            DWORD err = GetLastError();
            std::cout << "BluetoothDeviceClose Error" << err << std::endl; 
        }
    }
    else
    {
        DWORD err = GetLastError();
        std::cout << "BluetoothFindFirstDevice Error" << err << std::endl; 
    }


    std::cin.get();
}

I have made some few more observations:

• The authentication callback and the BluetoothSendAuthenticationResponseEx function are working fine, there is no error given back.
• If I do not install the authentication callback (BluetoothRegisterForAuthenticationEx) and therefore have to manually enter the PIN (the UI shows up automatically while trying to connect), connect function returns properly and everything works fine, too. I even got data (the recv part is omitted in this snippet).
• If I search and pair completely manually (Bluetooth Tray Icon -> Add Device), everything is fine, too. A service and a virtual serial port is installed. Data come via putty.

So somewhere between calling the authentication callback and end of the connect function something is going wrong. Maybe when trying to get a certain structure data via a pointer, which should not be NULL, plus offset.

Or am I doing something wrong? Is there something missing? Thanks...

---

The problem is that your function is using the wrong calling convention. According to MSDN, you need to use the CALLBACK macro, as in:

BOOL CALLBACK auth_callback_ex(LPVOID pvParam, PBLUETOOTH_AUTHENTICATION_CALLBACK_PARAMS authParams)

Having the wrong calling convention will result in a stack mismatch on return, which could cause an access violation inside the MS Bluetooth code when it can't find its local variables.

Or it could result in the parameters to your function being all jumbled. If authParams and pvParam are swapped, because the cdecl calling convention expects args pushed from right to left and stdcall pushes them left to right, you'd get NULL in authParams, and then authParams->deviceInfo.Address will try to read address 0x04.

The compiler should have caught this. Compile with maximum warnings turned on (/W4). You'll have to ignore the warnings about unknown pragma, this is a bug in the header which I'm reporting to Microsoft (misspelled #pragma deprecated).

Unfortunately there's a second bug in the header, much more serious, of not specifying the calling convention explicitly, with the result that it will only work correctly on x86 (32-bit code) if /Gz is used. Yuck!

---

Followup: In the SDK headers shipped with VS2013, both issues are fixed.

---

You have a null-pointer access somewhere. "Access violation reading location 0x00000004" indicates that, as it is only 4 bytes away from zero.

---

I have a couple of thoughts to share with you, but be advised that these are hunches. I haven't compiled and debugged your code, although I commend you for posting a complete sample.

I think the crash may be within your authentication callback function, due to a '''NULL''' pointer dereference.

These lines:

response.bthAddressRemote = authParams->deviceInfo.Address;
response.authMethod = authParams->authenticationMethod; // == BLUETOOTH_AUTHENTICATION_METHOD_LEGACY

will cause the message you describe, if you are running on 32-bit Windows, and '''authParams''' may be '''NULL''' -- in that case, '''deviceInfo''' contributes a zero offset (it is at the beginning of the '''BLUETOOTH_AUTHENTICATION_CALLBACK_PARAMS'''), and '''.Address''' does contribute an offset of 4 ('''NULL + 4 == 0x00000004'''), because it follows a '''DWORD''' and nothing else within the '''BLUETOOTH_DEVICE_INFO''' layout.

Is it possible that '''authParams''' is NULL when your callback is called?

As another poster has already mentioned, this could be due to incorrect calling convention (lack of '''CALLBACK''' macro) -- causing otherwise correct parameters to mis-align with the positions the compiled code is reading.

The second thought was:

BLUETOOTH_DEVICE_INFO btDeviceInfo;
ZeroMemory(&btDeviceInfo, sizeof(BLUETOOTH_DEVICE_INFO));   //"initialize"

btDeviceInfo.dwSize = sizeof(BLUETOOTH_DEVICE_INFO);

Can be represented by:

BLUETOOTH_DEVICE_INFO btDeviceInfo = {sizeof(BLUETOOTH_DEVICE_INFO)};

According to the standard, this will zero the other fields of '''btDeviceInfo'''.

---

Or write managed code and use my Bluetooth library 32feet.NET Super simple. http://32feet.codeplex.com/

Will it crash then -- if so there's something wrong on your PC...