Convert negative signed in error number to standard error number

Question

I have a vague memory of reading about a way to convert error numbers from a format like this -1073740791 to something meaningful. I am pretty sure it involved converting from a signed Int to something else, and that there was a way to do it in Powershell. But I can't remember enough details to get any results from a search it seems. Am I just missing some detail, or am I misremembering completely?

Answer 1

To complement Theo's helpful answer (which deserves the accepted status, because it answers the question as asked):

• It looks like your error number (status number) is an HRESULT, as used by many Windows subsystems, notably COM.

• An HRESULT is formally a signed, 32-bit integer, whose bits are partitioned into multiple groups, containing information such as severity, facility (subsystem), and a facility-specific error code.

• Sine the hight bit is always set if the HRESULT represent an error condition (HRESULTs can also encode multiple success conditions, in which the high bit is not set), the resulting integer is technically a negative number, and represented as such in decimal format (e.g, -1073740791)

  • However, it is far more common to represent HRESULT values in hexadecimal notation (e.g., 0xC0000409), given that such values are ultimately just bit fields.

  • Theo's answer shows how to convert a given [int] value containing an HRESULT to its hex representation, which facilitates online searches (see below).

---

As for (automated) lookup of HRESULT values (and other errors):

Here are two ways of looking up a given HRESULT value, both of which accept decimal and hex representations interchangeably; additionally, they support lookup by an error's symbolic name (or part thereof).

• Option A: Via hresult.info

  • Note: While the lookup part can be automated, the results open in a web browser and are therefore meant for the human observer; while you could technically programmatically scrape the HTML text returned to extract the relevant information, you're better off with Option B, if that is the intent.
    Conversely, if you type / paste the number interactively into the site's search field, you'll get instant feedback and are taken directly to the relevant result page (there'll be no intermediate page with search result(s)).

    $errNo = -1073740791 # may also be (part of) an error's *name*
    Start-Process "https://www.hresult.info/Search?q=$errNo"
    

  • Note: hresult.info works best with HRESULT error values, whereas Err.exe (below) not only seems to know about additional errors, it also directly supports general Windows errors, such as 0x2 for ERROR_FILE_NOT_FOUND; hresult.info finds that error numerically only via its HRESULT equivalent for the Win32 facility, 0x80070002

• Option B: Via Err.exe

  • Err.exe is an optional Microsoft CLI (console application) that can be downloaded from here:

    • The download is single, stand-alone executable that has its version number encoded in the file name; e.g.: Err_6.4.5.exe

    • Simply rename the downloaded file to Err.exe and place it in one of the directories listed in $env:PATH, so you can invoke it by mere name.

    • Programmatically, do something like the following, assuming a bin folder in the $HOME directory as the target dir. (this command uses a direct download link that locks in the version that is current as of this writing):

       Invoke-WebRequest -OutFile $Home\bin\Err.exe https://download.microsoft.com/download/4/3/2/432140e8-fb6c-4145-8192-25242838c542/Err_6.4.5/Err_6.4.5.exe
      

  • For help, invoke Err.exe without arguments; additional features include:

    • Outputting to XML (/:xml)
    • Limiting lookup to specific header files (e.g., /nterror.h)
    • Searching by symbolic name, via a prefix: by substring (e.g., :BUFFER_OVER) or by full name (e.g., =STATUS_STACK_BUFFER_OVERRUN )

  • Sample invocation and result:

     PS> err -1073740791
    
     # for decimal -1073740791 / hex 0xc0000409
       STATUS_STACK_BUFFER_OVERRUN                                    ntstatus.h
     # The system detected an overrun of a stack-based buffer in
     # this application. This overrun could potentially allow a
     # malicious user to gain control of this application.
     # 1 matches found for "-1073740791"
    

---

Function Get-WinError

This Gist contains helper function Get-WinError, which wraps both lookup ways described above in PowerShell-idiomatic fashion:

• -Online performs an online lookup via hresult.info; on Unix-like platforms, this switch is implied, as only online lookups are supported there.

• By default, lookup is performed via Microsoft's Err.exe CLI, which is downloaded on demand, and the results are output as objects ([pscustomobject] instances).

You can install it directly from the Gist as follows, which defines it for the current session and provides instructions on how to make it available in future sessions (While I can personally assure you that doing so is safe, you should always check the source code first.)

irm https://gist.github.com/mklement0/0fc086da1af9a72a94cbdb4a59d55230/raw/Get-WinError.ps1 | iex

Sample code:

Note:

• The Get-WinErr function is assumed to be already defined.
• Unless Err.exe happens to be in your $env:PATH, you will be prompted to downloaded, as a one-time setup step (you can skip the confirmation prompt with -Force).

Get-WinError -1073740791, 0x80070006

Output:

HexNumber  Name                        Source             Message
---------  ----                        ------             -------
0xC0000409 STATUS_STACK_BUFFER_OVERRUN ntstatus.h         The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malici…
0x80070006 DRM_E_HANDLE                windowsplayready.h 
0x80070006 E_HANDLE                    winerror.h         Invalid handle

Note that the above shows that a given error number can be defined in multiple subsystems, although usually with analogous meanings.

Answer 2

You can do the following to convert those numbers to more Google-searchable message/exception hex numbers:

• '0x{0:X}' -f -2147219694 # --> 0x80040712 --> E_UPDDEPLOY_REBOOT_REQUIRED
  A system restart is required to complete the installation. Windows Update Agent

• '0x{0:X}' -f -1073740791 # --> 0xC0000409 --> STATUS_STACK_BUFFER_OVERRUN
  Very generic error.. Can be caused by corrupted system files.
  See also STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun