May 15th, 2026
mind blownlike2 reactions

The case of the Create­File­Mapping that always reported ERROR_ALREADY_EXISTS

Raymond Chen

A customer reported that whenever their program called Create­File­Mapping to create a named file mapping, the call succeeded, but the resulting mapping was not the size they wanted. They requested a 1 megabyte mapping, but the mapping they got back was only 4KB, which they noticed because the program crashed once it accessed the 4097th byte. As an additional data point, if they call Get­Last­Error() after creating the file mapping, they get ERROR_ALREADY_EXISTS, suggesting that the file mapping already created. But this happens even the first time their program was run, and it even happens immediately after a reboot so there shouldn’t be any leftover mappings.

HANDLE h = CreateFileMappingW(INVALID_FILE_HANDLE, nullptr, PAGE_READWRITE,
            0, 1024 * 1024, L"MyFileMapping");

My guess is that they are getting ERROR_ALREADY_EXISTS because the mapping already exists. (Quelle surprise !)

After a fresh reboot, the customer used Process Explorer to search all processes to see if any of them already had a handle to their file mapping, and lo and behold, they found one: It was some companion software for their webcam, and it chose the exact same uncreative file mapping name.

The customer appended a GUID to their file mapping name, thereby removing the possibility of an accidental name collision. (Of course, there is still the possibility of an intentional name collision. Not much you can do to protect yourself against an attacker at the same or higher privilege.)

Related reading: You can name your car, and you can name your kernel objects, but there is a qualitative difference between the two.

Category

Topics

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

2 comments

Discussion is closed. Login to edit/delete existing comments.

Sort by :
  • LB

    Another victory for the UWP sandbox.

    • Me Gusta 2 weeks ago · Edited

      The issue here is that the name for this type of object is optional. This means that you only really name the object to share it. This means that the UWP BNO isolation has as much of a chance of interfering here.

      What’s more, avoiding accidental collisions ends up being a matter of how much effort that you are willing to put into it. If you really want to increase the odds of not running into this kind of issue, then private namespaces are available to desktop applications.

Read next