从不同操作系统检索到的故障转储指向消息循环。如何从那里到达故障位置？ （TeamViewer 使我的进程崩溃。）

我们软件的一位客户抱怨说，该软件在他的 Windows XP 计算机上崩溃了。我让他下载ProcDump https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx并按如下方式运行我们的流程：

procdump -e -ma -w myproc.exe

用户通过电子邮件向我发送了收集的故障转储.dmp file.

然后我把它放在.dmp文件放入与原始文件相同的文件夹中.exe该过程的图像文件，以及.pdb文件，并运行.dmp通过 Visual Studio 2010 文件：

然后，当我单击“仅使用本机调试”时，VS 显示了MFC的消息循环函数，其指针位置位于DispatchMessage调用（见绿色箭头）：

调用堆栈也没有多大帮助：

当我跳转到报告的故障地址时，我什么也没得到：

该应用程序编译于VS 2008作为基于对话框的 C++/MFC 应用程序。

所以我正在检查尺寸.dmp文件大小为 26.6 MB。里面有数据。我的问题是如何从中获取更多有用的信息以帮助查明源代码中的错误位置？

附言。事后看来，当我运行此故障转储时，我发现崩溃发生在 Windows XP 上.dmpWindows 8.1 上的文件。这就是我在堆栈跟踪中收到垃圾的原因吗？

EDIT:如果我尝试查看参数，这就是反汇编程序中得到的结果MSG https://msdn.microsoft.com/en-us/library/windows/desktop/ms644958(v=vs.85).aspx构造那个DispatchMessage被调用：

另外，当我尝试观察值时pState I get symbol not found.

EDIT 2:关于模块和加载到故障的模块EIP地址。内存插槽用于0x1963AB50似乎没有被任何模块占用：

EDIT 3:抱歉，时间太长了。我最终打开了故障转储WinDbg并做了!analyze -v对它发出命令。这是输出。看起来丢失/卸载的 DLL 是tv_w32.dll:

Microsoft (R) Windows Debugger Version 10.0.10586.567 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\User\Desktop\Myproc\Release\Myproc.exe_160708_141237.dmp]
User Mini Dump File with Full Memory: Only application data is available

Comment: '
*** procdump -e -ma -w Myproc.exe
*** Unhandled exception: C0000005.ACCESS_VIOLATION'

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Fri Jul  8 05:12:39.000 2016 (UTC - 7:00)
System Uptime: 9 days 6:05:50.960
Process Uptime: 3 days 5:08:52.000
.....................................
Loading unloaded module list
..
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(ba4.4a4): Access violation - code c0000005 (first/second chance not available)
eax=00000001 ebx=00000002 ecx=7c92741c edx=7c98e174 esi=1963ab50 edi=1963ab50
eip=19608536 esp=0012ee3c ebp=0012ee5c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
<Unloaded_tv_w32.dll>+0x8536:
19608536 ??              ???
0:000> .bugcheck
               ^ Syntax error in '.bugcheck'
0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
eax=00000001 ebx=00000002 ecx=7c92741c edx=7c98e174 esi=1963ab50 edi=1963ab50
eip=19608536 esp=0012ee3c ebp=0012ee5c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
<Unloaded_tv_w32.dll>+0x8536:
19608536 ??              ???
Resetting default scope

FAULTING_IP: 
tv_w32!unloaded+8536
19608536 ??              ???

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 19608536 (<Unloaded_tv_w32.dll>+0x00008536)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 19608536
Attempt to read from address 19608536

DEFAULT_BUCKET_ID:  BAD_INSTRUCTION_PTR

PROCESS_NAME:  Myproc.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  19608536

READ_ADDRESS:  19608536 

FOLLOWUP_IP: 
tv_w32!unloaded+8536
19608536 ??              ???

FAILED_INSTRUCTION_ADDRESS: 
tv_w32!unloaded+8536
19608536 ??              ???

WATSON_BKT_PROCSTAMP:  576c0d97

WATSON_BKT_PROCVER:  1.5.16.0

PROCESS_VER_PRODUCT:  Myproc Name

WATSON_BKT_MODULE:  unknown

WATSON_BKT_MODVER:  0.0.0.0

WATSON_BKT_MODOFFSET:  19608536

MODLIST_WITH_TSCHKSUM_HASH:  8b7920bcb3af2eb1b97366fd0663a3798ab285ea

MODLIST_SHA1_HASH:  b5acbaed45de37ad3c73ee4478c8f6678e94eaa6

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  1

SUITE_MASK:  272

DUMP_FLAGS:  3

DUMP_TYPE:  0

APP:  Myproc.exe

ANALYSIS_SESSION_HOST:  DESKTOP-ABC

ANALYSIS_SESSION_TIME:  07-08-2016 22:18:58.0444

ANALYSIS_VERSION: 10.0.10586.567 x86fre

IP_MODULE_UNLOADED: 
tv_w32!unloaded+8536
19608536 ??              ???

THREAD_ATTRIBUTES: 
OS_LOCALE:  DEU

PROBLEM_CLASSES: 



BAD_INSTRUCTION_PTR
    Tid    [0x4a4]
    Frame  [0x00]: tv_w32!unloaded



INVALID_POINTER_READ
    Tid    [0x4a4]
    Frame  [0x00]: tv_w32!unloaded


BUGCHECK_STR:  BAD_INSTRUCTION_PTR_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 00000000 to 19608536

STACK_TEXT:  
0012ee38 00000000 19608648 ffff071b 00000000 <Unloaded_tv_w32.dll>+0x8536


THREAD_SHA1_HASH_MOD_FUNC:  0959aaead905d5402017a9de12facac3929f71c3

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  52f8c4ddebdd2e855f90e79f96f6fc29a470ad1d

THREAD_SHA1_HASH_MOD:  2e69fc2d39893b6d7d9991dcc4967479dbafb5c5

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  tv_w32!unloaded+8536

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tv_w32

IMAGE_NAME:  tv_w32.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  573435d6

STACK_COMMAND:  .ecxr ; kb

FAILURE_BUCKET_ID:  BAD_INSTRUCTION_PTR_c0000005_tv_w32.dll!unloaded

BUCKET_ID:  BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_tv_w32!unloaded+8536

PRIMARY_PROBLEM_CLASS:  BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_tv_w32!unloaded+8536

BUCKET_ID_OFFSET:  8536

BUCKET_ID_MODULE_STR:  tv_w32

BUCKET_ID_MODTIMEDATESTAMP:  573435d6

BUCKET_ID_MODCHECKSUM:  45ff9

BUCKET_ID_MODVER_STR:  0.0.0.0

BUCKET_ID_PREFIX_STR:  BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_UNLOADED_IP_

FAILURE_PROBLEM_CLASS:  BAD_INSTRUCTION_PTR

FAILURE_EXCEPTION_CODE:  c0000005

FAILURE_IMAGE_NAME:  tv_w32.dll

FAILURE_FUNCTION_NAME:  unloaded

BUCKET_ID_FUNCTION_STR:  unloaded

FAILURE_SYMBOL_NAME:  tv_w32.dll!unloaded

TARGET_TIME:  2016-07-08T12:12:39.000Z

OSBUILD:  2600

OSSERVICEPACK:  6532

SERVICEPACK_NUMBER: 6

OS_REVISION: 0

OSPLATFORM_TYPE:  x86

OSNAME:  Windows XP

OSEDITION:  Windows XP WinNt (Service Pack 3) SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  2014-03-12 03:48:40

ANALYSIS_SESSION_ELAPSED_TIME: e0a

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:bad_instruction_ptr_c0000005_tv_w32.dll!unloaded

FAILURE_ID_HASH:  {7c7c5a5b-462a-0301-1674-660f1336c576}

Followup:     MachineOwner
---------

只是想将其发布在这里供其他遇到此问题的人使用。经过几个小时的崩溃转储文件挖掘后，最终WinDbg https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit能够查明罪魁祸首（阅读我在问题本身中的帖子。）

最重要的是，我们的客户将 TeamViewer 与他们的快速连接 https://www.teamviewer.com/images/press/quickconnect_en.jpg选项基本上注入 https://stackoverflow.com/questions/11996801/how-is-teamviewers-quickconnect-button-accomplished将第三方 UI 元素添加到正在运行的程序中。这与明显的内存泄漏相结合（参见我上面的OP和使用讨论 https://support.microsoft.com/en-us/kb/894472 of the xpsp2res.dll模块）导致崩溃。

实际事故发生在tv_w32.dll在生成转储之前已卸载。由于我没有 TeamViewer 的源文件，也没有与我们的软件有任何关系，所以这就是我此时能做的一切。

PS. 总而言之，在分析了转储之后，我强烈建议人们不要使用 TeamViewer 作为首选远程桌面解决方案。它似乎有很多错误并导致内存泄漏。