群晖做网站域名,网站开发参考文献格式,广西企业网站建设,域名net表示什么网站转载自#xff1a;http://91dengdeng.cn/2019/05/07/%E7%AE%80%E5%8D%95%E5%88%86%E6%9E%90minidump-1/ 简单分析minidump(1)
有了前几节的准备工作#xff0c;我们的程序已经可以自动捕获异常了#xff0c;那么我们开始通过windbg来分析dump解决实际问题。先从简单入手http://91dengdeng.cn/2019/05/07/%E7%AE%80%E5%8D%95%E5%88%86%E6%9E%90minidump-1/ 简单分析minidump(1)
有了前几节的准备工作我们的程序已经可以自动捕获异常了那么我们开始通过windbg来分析dump解决实际问题。先从简单入手一个index过大导致数组越界引发的崩溃。
1、使用windbg 打开dump设置pdb、系统pdb。
2、设置完成后执行命令”.ecxr”。 因为是程序自动截获异常所以dump中已保存了异常的上下文直接使用”.ecxr” 切换即可。 1
2
3
4
5
60:135 .ecxr
eax0dea0048 ebx0016ae18 ecx7ff22000 edx004b38e8 esi0aba40b8 edi0016ae10
eip004448cd esp0ba9ebfc ebp0ba9ec08 iopl0 nv up ei pl zr na pe nc
cs001b ss0023 ds0023 es0023 fs003b gs0000 efl00010246
CheckSvr!CalcKubIndexByGameID0x1d:
004448cd ?? ???3、“kv”。打印异常上下文的栈信息 1
2
3
4
5
6
7
8
9
100:135 kv*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
0ba9ec08 0040d9c4 0dea0048 af7220ac 0016ae10 CheckSvr!CalcKubIndexByGameID0x1d (FPO: [Non-Fpo]) (CONV: cdecl) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\main.cpp 1082]
0ba9fcd4 0040bcb4 0db37c10 0db41a88 0aae48c0 CheckSvr!CSockServer::OnRefreshResultExFromKub0x1ce4 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\cmpaqpro.cpp 1081]
0ba9feb4 0045ca88 0db37c10 0db41a88 0aae48c0 CheckSvr!CSockServer::OnRefreshResultEx0x134 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\cmpaqpro.cpp 419]
0ba9ff2c 00477674 0db37c10 0db41a88 0016ae18 CheckSvr!CSockServer::OnRequest0xd38 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\socksvr.cpp 1931]
0ba9ff54 0047e7db 00000000 0aae5e68 0a9c23a0 CheckSvr!CIocpWorker::DoWorkLoop0xa4
0ba9ff6c 0047e7ab 0ba9ffac 0050c01d 0016ae10 CheckSvr!CBaseWorker::WorkerThreadProc0x2b
0ba9ff74 0050c01d 0016ae10 876c3023 00000000 CheckSvr!CBaseWorker::WorkerThreadFunc0xb4、异常函数为CalcKubIndexByGameID 入参的值为0dea0048。 回到代码查看CalcKubIndexByGameID的实现 1
2
3
4int CalcKubIndexByGameID(int nGameID )
{ return g_kub[nGameID];
}明显nGameID 过大导致访问数组越界。 然后排查代码发现nGameID未使用默认值某些条件下使用了随机值导致。 简单分析minidump(2)
有了前几节的准备工作我们的程序已经可以自动捕获异常了那么我们开始通过windbg来分析dump解决实际问题。先从简单入手CString大小写转化导致的异常提取码ffk6。
步骤1
使用windbg打开minidump设置好应用程序的pdb 执行命令 “.ecxr” 、”kv” ,打印如下栈信息 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
300:121 .ecxr
eax0e16eea8 ebx00160768 ecx00000000 edx00000001 esi0e16ef38 edi0e16ef48
eip7c80bef7 esp0e16eea4 ebp0e16eef8 iopl0 nv up ei pl nz na pe nc
cs001b ss0023 ds0023 es0023 fs003b gs0000 efl00000206
Unable to load image C:\WINDOWS\system32\kernel32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
kernel320xbef7:
7c80bef7 ?? ???
*** ERROR: Module load completed but symbols could not be loaded for mfc120.dll
0:121 kv*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0e16eea0 1028bc8c e06d7363 00000001 00000000 kernel320xbef7
*** WARNING: Unable to verify timestamp for msvcr120.dll
*** ERROR: Module load completed but symbols could not be loaded for msvcr120.dll
0e16eef8 005a9339 e06d7363 00000001 00000003 mfc1200x28bc8c
0e16ef38 101eee11 0e16ef48 1028bc8c 1029b540 msvcr1200x19339
0e16ef4c 100566d4 00160760 0b139848 004a67d2 mfc1200x1eee11
*** WARNING: Unable to verify timestamp for BlockSvr.exe
0e16ef8c 004dc703 0b224248 ec476e15 00000002 mfc1200x566d4
0e16fea0 004c2bcf 0b139e10 0b167c20 001dfe60 BlockSvr!CSockServer::OnLogonUserV20x723 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\user.cpp 11713]
0e16ff2c 005041e4 0b139e10 0b167c20 00160768 BlockSvr!CSockServer::OnRequest0x90f (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\socksvr.cpp 424]
0e16ff54 0050c04b 00000000 0b088970 0b2ec408 BlockSvr!CIocpWorker::DoWorkLoop0xa4
0e16ff6c 0050c01b 0e16ffac 005bc01d 00160760 BlockSvr!CBaseWorker::WorkerThreadProc0x2b
0e16ff74 005bc01d 00160760 9835355e 00000000 BlockSvr!CBaseWorker::WorkerThreadFunc0xb
0e16ffac 005bc001 00000000 0e16ffec 7c82482f msvcr1200x2c01d
0e16ffb8 7c82482f 0b2ec408 00000000 00000000 msvcr1200x2c001
0e16ffec 00000000 005bbfb4 0b2ec408 00000000 kernel320x2482f步骤2
显示了应用程序的代码行号但我们希望看到更仔细点就需要加载windows的系统符号文件 1e:\mylocalsymbols;SRV*e:\mylocalsymbols*http://msdl.microsoft.com/download/symbols步骤3
设置后重新“kv” 查看堆栈信息显示如下 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
170:121 kv*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
0e16eef8 005a9339 e06d7363 00000001 00000003 kernel32!RaiseException0x53 (FPO: [Non-Fpo])
0e16ef38 101eee11 0e16ef48 1028bc8c 1029b540 msvcr120!_CxxThrowException0x5b (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\eh\throw.cpp 152]
0e16ef4c 100566d4 00160760 0b139848 004a67d2 mfc120!AfxThrowInvalidArgException0x19 (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp 228]
*** WARNING: Unable to verify timestamp for BlockSvr.exe
0e16ef58 004a67d2 ec477f39 00000000 49bf1ce1 mfc120!ATL::CStringTchar,StrTraitMFC_DLLchar,ATL::ChTraitsCRTchar ::MakeLower0x23 (FPO: [0,0,0]) (CONV: thiscall) [f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h 1796]
0e16ef8c 004dc703 0b224248 ec476e15 00000002 BlockSvr!IsTempLogonToken0x52 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\main.cpp 2277]
0e16fea0 004c2bcf 0b139e10 0b167c20 001dfe60 BlockSvr!CSockServer::OnLogonUserV20x723 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\user.cpp 11713]
0e16ff2c 005041e4 0b139e10 0b167c20 00160768 BlockSvr!CSockServer::OnRequest0x90f (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\socksvr.cpp 424]
0e16ff54 0050c04b 00000000 0b088970 0b2ec408 BlockSvr!CIocpWorker::DoWorkLoop0xa4
0e16ff6c 0050c01b 0e16ffac 005bc01d 00160760 BlockSvr!CBaseWorker::WorkerThreadProc0x2b
0e16ff74 005bc01d 00160760 9835355e 00000000 BlockSvr!CBaseWorker::WorkerThreadFunc0xb
0e16ffac 005bc001 00000000 0e16ffec 7c82482f msvcr120!_callthreadstartex0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\startup\threadex.c 376]
0e16ffb8 7c82482f 0b2ec408 00000000 00000000 msvcr120!_threadstartex0x7c (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\startup\threadex.c 354]
0e16ffec 00000000 005bbfb4 0b2ec408 00000000 kernel32!BaseThreadStart0x34 (FPO: [Non-Fpo])结论
可以看到是由于CString 触发了_CxxThrowException。 服务从VC6版本切换到VS2013CString 的MakeLower 函数检查变的更加严格部分特殊用户名在VC6中正确转化但是在vs2013中会抛出异常将大小写转化函数替换为CharLower 问题解决
