gpt4 book ai didi

windbg - 如何找到 'Access Violation' 的来源

转载 作者:行者123 更新时间:2023-12-04 15:11:28 26 4
gpt4 key购买 nike

简而言之,我有一个 C# 应用程序执行大量 mciSendString 调用(通过 dllimport)来控制 wav 文件播放(本质上是打开、播放、暂停、停止、状态、关闭)。运行一段时间后,应用程序会在没有通知的情况下崩溃,并显示“访问冲突”。

即使我从 vs2012 运行该应用程序,Visual Studio 也不会捕获异常。即使使用“强制中断异常”选项,我也没有运气从 vs2012 调试它。所以相反,我已经设置了 WER 来生成我的崩溃转储,并且我正在使用带有 psscor2.dll 插件的 windbg 来调试它。

然后依次使用以下命令,这就是我得到的(出于可读性目的缩短为必不可少的):

$>.ecxr

eax=00000001 ebx=00000000 ecx=00000401 edx=00000000 esi=049725b8 edi=00000002
eip=4e88159e esp=0a4efa38 ebp=0a4efa54 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
<Unloaded_mciwave.dll>+0x159e:
4e88159e ?? ???

$>~*kb
#  19  Id: 105c.28cc Suspend: 1 Teb: 7ef06000 

Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageA+0xa1
winmm!mciwindow+0x102
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b

# 30 Id: 105c.15f8 Suspend: 0 Teb: 7ef1b000 Unfrozen
ntdll!ZwWaitForMultipleObjects+0x15
KERNELBASE!WaitForMultipleObjectsEx+0x100
kernel32!WaitForMultipleObjectsExImplementation+0xe0
kernel32!WaitForMultipleObjects+0x18
kernel32!WerpReportFaultInternal+0x186
kernel32!WerpReportFault+0x70
kernel32!BasepReportFault+0x20
kernel32!UnhandledExceptionFilter+0x1af
ntdll!__RtlUserThreadStart+0x62
ntdll!_EH4_CallFilterFunc+0x12
ntdll!_except_handler4+0x8e
ntdll!ExecuteHandler2+0x26
ntdll!ExecuteHandler+0x24
ntdll!RtlDispatchException+0x127
ntdll!KiUserExceptionDispatcher+0xf
WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e

# 31 Id: 105c.2310 Suspend: 1 Teb: 7ef00000 Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageW+0x33
mciwave!TaskBlock+0x1d
mciwave!PlayFile+0xcb
mciwave!mwTask+0x98
winmm!mmStartTask+0x22
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b:

$>!analyze -v
FAULTING_IP: 
mciwave_4e880000!TaskBlock+1d
4e88159e ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 4e88159e (mciwave_4e880000!TaskBlock+0x0000001d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 4e88159e
Attempt to execute non-executable address 4e88159e

PROCESS_NAME: Titan.vshost.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 00000008

EXCEPTION_PARAMETER2: 4e88159e

WRITE_ADDRESS: 4e88159e

FOLLOWUP_IP:
mciwave_4e880000!TaskBlock+1d
4e88159e ?? ???

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x15f8 (30)
====> Exception cxr@a4ef750

FAULTING_THREAD: 000015f8

BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS

PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_CODE

DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_CODE

LAST_CONTROL_TRANSFER: from 4e881999 to 4e88159e

STACK_TEXT:
0a4efa54 4e881999 0a4efa88 078db198 078db1a4 mciwave_4e880000!TaskBlock+0x1d
0a4efa68 74370ae5 00038edc 00000000 00000000 mciwave_4e880000!mwTask+0x45
0a4efa88 7670338a 078db198 0a4efad4 76f99f72 winmm!mmStartTask+0x22
0a4efa94 76f99f72 078db198 79f84a28 00000000 kernel32!BaseThreadInitThunk+0xe
0a4efad4 76f99f45 74370ac3 078db198 00000000 ntdll!__RtlUserThreadStart+0x70
0a4efaec 00000000 74370ac3 078db198 00000000 ntdll!_RtlUserThreadStart+0x1b


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mciwave!TaskBlock+1d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mciwave_4e880000

IMAGE_NAME: mciwave.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcb4a

STACK_COMMAND: ~30s; .ecxr ; kb

FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_CODE_c0000005_mciwave.dll!TaskBlock

BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS_mciwave!TaskBlock+1d

Followup: MachineOwner
---------

Unloaded_mciwave.dll 中的线程 #30 中似乎发生了异常,但我不知道如何进一步推进调试.. 我怎样才能更好地了解发生了什么?

我怎样才能知道这两行之间发生了什么?
ntdll!KiUserExceptionDispatcher+0xf
--> WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e

提前谢谢你的帮助。

最佳答案

您应该通过在调试器中重新加载 DLL 来获得更多详细信息。

为此,您需要执行以下操作:

lmvm mciwave.dll
start end module name

Unloaded modules:
e6510000 e6548000 mciwave.dll
Timestamp: Fri Oct 14 12:00:00 2011 (4E98E6E2)
Checksum: 0003E937
ImageSize: 00038000

您需要设置 Symbol 和 Exe-Path,以便调试器可以找到 DLL 和 PDB(如果您的机器中有它,这应该不是问题)。然后你可以做
.reload mciwave.dll=e6510000,00038000
DBGHELP: <path>\mciwave.dll - OK

现在如果你这样做 !analyze -v再次,它应该给你正确的调用堆栈。

关于windbg - 如何找到 'Access Violation' 的来源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23155063/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com