我们软件的一位客户抱怨说,该软件在他的 Windows XP 计算机上崩溃了。我让他下载ProcDump https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx并按如下方式运行我们的流程:
procdump -e -ma -w myproc.exe
用户通过电子邮件向我发送了收集的故障转储.dmp
file.
然后我把它放在.dmp
文件放入与原始文件相同的文件夹中.exe
该过程的图像文件,以及.pdb
文件,并运行.dmp
通过 Visual Studio 2010 文件:
然后,当我单击“仅使用本机调试”时,VS 显示了MFC
的消息循环函数,其指针位置位于DispatchMessage
调用(见绿色箭头):
调用堆栈也没有多大帮助:
当我跳转到报告的故障地址时,我什么也没得到:
该应用程序编译于VS 2008
作为基于对话框的 C++/MFC 应用程序。
所以我正在检查尺寸.dmp
文件大小为 26.6 MB。里面有数据。我的问题是如何从中获取更多有用的信息以帮助查明源代码中的错误位置?
附言。事后看来,当我运行此故障转储时,我发现崩溃发生在 Windows XP 上.dmp
Windows 8.1 上的文件。这就是我在堆栈跟踪中收到垃圾的原因吗?
EDIT:如果我尝试查看参数,这就是反汇编程序中得到的结果MSG https://msdn.microsoft.com/en-us/library/windows/desktop/ms644958(v=vs.85).aspx构造那个DispatchMessage
被调用:
另外,当我尝试观察值时pState
I get symbol not found
.
EDIT 2:关于模块和加载到故障的模块EIP
地址。内存插槽用于0x1963AB50
似乎没有被任何模块占用:
EDIT 3:抱歉,时间太长了。我最终打开了故障转储WinDbg
并做了!analyze -v
对它发出命令。这是输出。看起来丢失/卸载的 DLL 是tv_w32.dll
:
Microsoft (R) Windows Debugger Version 10.0.10586.567 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\User\Desktop\Myproc\Release\Myproc.exe_160708_141237.dmp]
User Mini Dump File with Full Memory: Only application data is available
Comment: '
*** procdump -e -ma -w Myproc.exe
*** Unhandled exception: C0000005.ACCESS_VIOLATION'
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Fri Jul 8 05:12:39.000 2016 (UTC - 7:00)
System Uptime: 9 days 6:05:50.960
Process Uptime: 3 days 5:08:52.000
.....................................
Loading unloaded module list
..
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(ba4.4a4): Access violation - code c0000005 (first/second chance not available)
eax=00000001 ebx=00000002 ecx=7c92741c edx=7c98e174 esi=1963ab50 edi=1963ab50
eip=19608536 esp=0012ee3c ebp=0012ee5c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
<Unloaded_tv_w32.dll>+0x8536:
19608536 ?? ???
0:000> .bugcheck
^ Syntax error in '.bugcheck'
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=00000001 ebx=00000002 ecx=7c92741c edx=7c98e174 esi=1963ab50 edi=1963ab50
eip=19608536 esp=0012ee3c ebp=0012ee5c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
<Unloaded_tv_w32.dll>+0x8536:
19608536 ?? ???
Resetting default scope
FAULTING_IP:
tv_w32!unloaded+8536
19608536 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 19608536 (<Unloaded_tv_w32.dll>+0x00008536)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 19608536
Attempt to read from address 19608536
DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR
PROCESS_NAME: Myproc.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 19608536
READ_ADDRESS: 19608536
FOLLOWUP_IP:
tv_w32!unloaded+8536
19608536 ?? ???
FAILED_INSTRUCTION_ADDRESS:
tv_w32!unloaded+8536
19608536 ?? ???
WATSON_BKT_PROCSTAMP: 576c0d97
WATSON_BKT_PROCVER: 1.5.16.0
PROCESS_VER_PRODUCT: Myproc Name
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 19608536
MODLIST_WITH_TSCHKSUM_HASH: 8b7920bcb3af2eb1b97366fd0663a3798ab285ea
MODLIST_SHA1_HASH: b5acbaed45de37ad3c73ee4478c8f6678e94eaa6
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: 3
DUMP_TYPE: 0
APP: Myproc.exe
ANALYSIS_SESSION_HOST: DESKTOP-ABC
ANALYSIS_SESSION_TIME: 07-08-2016 22:18:58.0444
ANALYSIS_VERSION: 10.0.10586.567 x86fre
IP_MODULE_UNLOADED:
tv_w32!unloaded+8536
19608536 ?? ???
THREAD_ATTRIBUTES:
OS_LOCALE: DEU
PROBLEM_CLASSES:
BAD_INSTRUCTION_PTR
Tid [0x4a4]
Frame [0x00]: tv_w32!unloaded
INVALID_POINTER_READ
Tid [0x4a4]
Frame [0x00]: tv_w32!unloaded
BUGCHECK_STR: BAD_INSTRUCTION_PTR_INVALID_POINTER_READ
LAST_CONTROL_TRANSFER: from 00000000 to 19608536
STACK_TEXT:
0012ee38 00000000 19608648 ffff071b 00000000 <Unloaded_tv_w32.dll>+0x8536
THREAD_SHA1_HASH_MOD_FUNC: 0959aaead905d5402017a9de12facac3929f71c3
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 52f8c4ddebdd2e855f90e79f96f6fc29a470ad1d
THREAD_SHA1_HASH_MOD: 2e69fc2d39893b6d7d9991dcc4967479dbafb5c5
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: tv_w32!unloaded+8536
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tv_w32
IMAGE_NAME: tv_w32.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 573435d6
STACK_COMMAND: .ecxr ; kb
FAILURE_BUCKET_ID: BAD_INSTRUCTION_PTR_c0000005_tv_w32.dll!unloaded
BUCKET_ID: BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_tv_w32!unloaded+8536
PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_tv_w32!unloaded+8536
BUCKET_ID_OFFSET: 8536
BUCKET_ID_MODULE_STR: tv_w32
BUCKET_ID_MODTIMEDATESTAMP: 573435d6
BUCKET_ID_MODCHECKSUM: 45ff9
BUCKET_ID_MODVER_STR: 0.0.0.0
BUCKET_ID_PREFIX_STR: BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_
FAILURE_PROBLEM_CLASS: BAD_INSTRUCTION_PTR
FAILURE_EXCEPTION_CODE: c0000005
FAILURE_IMAGE_NAME: tv_w32.dll
FAILURE_FUNCTION_NAME: unloaded
BUCKET_ID_FUNCTION_STR: unloaded
FAILURE_SYMBOL_NAME: tv_w32.dll!unloaded
TARGET_TIME: 2016-07-08T12:12:39.000Z
OSBUILD: 2600
OSSERVICEPACK: 6532
SERVICEPACK_NUMBER: 6
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows XP
OSEDITION: Windows XP WinNt (Service Pack 3) SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-03-12 03:48:40
ANALYSIS_SESSION_ELAPSED_TIME: e0a
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:bad_instruction_ptr_c0000005_tv_w32.dll!unloaded
FAILURE_ID_HASH: {7c7c5a5b-462a-0301-1674-660f1336c576}
Followup: MachineOwner
---------