思享工具箱

利用WinDbg找出程序崩溃的代码行号

摘要:
我之前在论坛上见过几个朋友,说程序不时崩溃,xxoo看不懂!分析-v。几秒钟后,将打印一条错误消息。函数调用堆栈如下:MicrosoftWindowsDebuggerVersion6.11.0001.404X86版权所有Microsoft Corporation。保留所有权利。LoadingDumpFile[C:Test Release Log 2012-05-29160059.dmp]UserMiniDumpFile:仅寄存器、堆栈和部分内存可用Symbolsearchpath:C:\Test\ReleaseExecutable搜索路径:C:\Test\ ReleaseWindowsXPVersion2600MPFreex86compatible产品:WinNt,suite:SingleUserTSMachineName:Debugssessiontime:TueMay2916:00:59.0002012系统正常运行时间:notavailableProcessUptime:0days0:00:01.000访问冲突-codec0000005eax=00a80000ebx=00157ea8ecx=0000000 7edx=7c92e514esi=00157e80edi=00157ed8eip=7c91e514ESp=0012e830ebp=0010e840iopl=0nvupeipzrnapenccs=001bss=0023ds=0023es=0023fs=003bgs=0000efl=00000246***错误:无法找到符号。默认情况下,导出符号forntdll.dll-ntdll!
之前碰到论坛里有几个好友,说程序不时的崩溃,什么xxoo不能read的!
如果光要是这个内存地址,估计你会疯掉~~
所以分享一下基本的调试技巧,需要准备的工具有WinDbg + VC6.0,
下面是自己整理的一份自动生成DUMP文件的源代码,只需要添加到工程即可,源代码如下:
MiniDump.h
MiniDump.cpp
<具体请参考附件SRC中,太大就不贴了>
1、在CXXDlg::OnInitDialog()中添加这样一段:
  1. BOOL CTestDlg::OnInitDialog()
  2. {
  3. CDialog::OnInitDialog();

  5. // ......
  6. SetUnhandledExceptionFilter(CrashReportEx);
  7. HMODULE hKernel32;

  9. // Try to get MiniDumpWriteDump() address.
  10. hDbgHelp = LoadLibrary("DBGHELP.DLL");
  11. MiniDumpWriteDump_ = (MINIDUMP_WRITE_DUMP)GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
  12. // d("hDbgHelp=%X, MiniDumpWriteDump_=%X", hDbgHelp, MiniDumpWriteDump_);

  14. // Try to get Tool Help library functions.
  15. hKernel32 = GetModuleHandle("KERNEL32");
  16. CreateToolhelp32Snapshot_ = (CREATE_TOOL_HELP32_SNAPSHOT)GetProcAddress(hKernel32, "CreateToolhelp32Snapshot");
  17. Module32First_ = (MODULE32_FIRST)GetProcAddress(hKernel32, "Module32First");
  18. Module32Next_ = (MODULE32_NEST)GetProcAddress(hKernel32, "Module32Next");
  19. }
复制代码
下面是工程中的测试代码:
  1. class CTestDlg : public CDialog
  2. {
  3. // Construction
  4. public:
  5. CTestDlg(CWnd* pParent = NULL); // standard constructor

  7. void Fun1(char *pszBuffer);
  8. void Fun2(char *pszBuffer);
  9. void Fun3(char *pszBuffer);
  10. };
复制代码
  1. void CTestDlg::Fun1(char *pszBuffer)
  2. {
  3. Fun2(pszBuffer);
  4. }

  6. void CTestDlg::Fun2(char *pszBuffer)
  7. {
  8. Fun3(pszBuffer);
  9. }

  11. void CTestDlg::Fun3(char *pszBuffer)
  12. {
  13. pszBuffer[1] = 0x00;
  14. }
复制代码
我们在双击确定按钮时的响应代码如下:
  1. void CTestDlg::OnOK()
  2. {
  3. // TODO: Add extra validation here
  4. Fun1(NULL);
  5. }
复制代码

2、设置VC编译选项,勾选生成MAP和Debug Info、Progma Datebase:
1.jpg
2011-9-5 09:19 上传
下载附件(55.12 KB)

1.JPG
2012-5-29 16:03 上传
下载附件(82.96 KB)

3、将编译生成的Release目录中的pdb、map文件保存起来,以后调试会用到:
2.jpg
2011-9-5 09:19 上传
下载附件(9.85 KB)

4、运行程序,单击确定按钮出现异常后自动重启,并创建一个Log文件夹,里面生成dump文件:
3.jpg
2011-9-5 09:19 上传
下载附件(8.92 KB)

5、我们打开WinDbg,设置一下相关路径
A、设置pdb路径(File \ Symbol File Path)
PDBPath.jpg
2012-5-29 16:06 上传
下载附件(12.4 KB)

B、设置源代码路径( File \ Source File Path )
SourcePath.jpg
2012-5-29 16:06 上传
下载附件(11.05 KB)

 C、设置Exe路径( File \ Image File Path )
ExePath.jpg
2012-5-29 16:06 上传
下载附件(12.84 KB)


6、用WiinDbg打开dump文件(File \ Open Crash Dump)
5.jpg
2011-9-5 09:19 上传
下载附件(112.02 KB)

7、输入命令!analyze -v,等待几秒后会打印出错误信息,函数调用栈如下图:

  2. Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
  3. Copyright (c) Microsoft Corporation. All rights reserved.


  6. Loading Dump File [C:\Test\Release\Log\2012-05-29 160059.dmp]
  7. User Mini Dump File: Only registers, stack and portions of memory are available

  9. Symbol search path is: C:\Test\Release
  10. Executable search path is: C:\Test\Release
  11. Windows XP Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
  12. Product: WinNt, suite: SingleUserTS
  13. Machine Name:
  14. Debug session time: Tue May 29 16:00:59.000 2012 (GMT+8)
  15. System Uptime: not available
  16. Process Uptime: 0 days 0:00:01.000
  17. ...................................
  18. This dump file has an exception of interest stored in it.
  19. The stored exception information can be accessed via .ecxr.
  20. (1710.1450): Access violation - code c0000005 (first/second chance not available)
  21. eax=00a80000 ebx=00157ea8 ecx=00000007 edx=7c92e514 esi=00157e80 edi=00157ed8
  22. eip=7c92e514 esp=0012e830 ebp=0012e840 iopl=0 nv up ei pl zr na pe nc
  23. cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
  24. *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
  25. ntdll!KiFastSystemCallRet:
  26. 7c92e514 c3 ret
  27. 0:000> !analyze -v
  28. *******************************************************************************
  29. * *
  30. * Exception Analysis *
  31. * *
  32. *******************************************************************************

  34. *** ERROR: Symbol file could not be found. Defaulted to export symbols for mfc42.dll -
  35. *** ERROR: Symbol file could not be found. Defaulted to export symbols for user32.dll -
  36. ***** OS symbols are WRONG. Please fix symbols to do analysis.

  38. *** ERROR: Symbol file could not be found. Defaulted to export symbols for kernel32.dll -
  39. *************************************************************************
  40. *** ***
  41. *** ***
  42. *** Your debugger is not using the correct symbols ***
  43. *** ***
  44. *** In order for this command to work properly, your symbol path ***
  45. *** must point to .pdb files that have full type information. ***
  46. *** ***
  47. *** Certain .pdb files (such as the public OS symbols) do not ***
  48. *** contain the required information. Contact the group that ***
  49. *** provided you with these symbols if you need this command to ***
  50. *** work. ***
  51. *** ***
  52. *** Type referenced: IMAGE_NT_HEADERS32 ***
  53. *** ***
  54. *************************************************************************
  55. *** ERROR: Symbol file could not be found. Defaulted to export symbols for ole32.dll -
  56. *** ERROR: Symbol file could not be found. Defaulted to export symbols for advapi32.dll -
  57. *************************************************************************
  58. *** ***
  59. *** ***
  60. *** Your debugger is not using the correct symbols ***
  61. *** ***
  62. *** In order for this command to work properly, your symbol path ***
  63. *** must point to .pdb files that have full type information. ***
  64. *** ***
  65. *** Certain .pdb files (such as the public OS symbols) do not ***
  66. *** contain the required information. Contact the group that ***
  67. *** provided you with these symbols if you need this command to ***
  68. *** work. ***
  69. *** ***
  70. *** Type referenced: kernel32!pNlsUserInfo ***
  71. *** ***
  72. *************************************************************************
  73. *************************************************************************
  74. *** ***
  75. *** ***
  76. *** Your debugger is not using the correct symbols ***
  77. *** ***
  78. *** In order for this command to work properly, your symbol path ***
  79. *** must point to .pdb files that have full type information. ***
  80. *** ***
  81. *** Certain .pdb files (such as the public OS symbols) do not ***
  82. *** contain the required information. Contact the group that ***
  83. *** provided you with these symbols if you need this command to ***
  84. *** work. ***
  85. *** ***
  86. *** Type referenced: kernel32!pNlsUserInfo ***
  87. *** ***
  88. *************************************************************************

  90. FAULTING_IP:
  91. Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
  92. 00401ca6 c6400100 mov byte ptr [eax+1],0

  94. EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
  95. ExceptionAddress: 00401ca6 (Test!CTestDlg::Fun3+0x00000006)
  96. ExceptionCode: c0000005 (Access violation)
  97. ExceptionFlags: 00000000
  98. NumberParameters: 2
  99. Parameter[0]: 00000001
  100. Parameter[1]: 00000001
  101. Attempt to write to address 00000001

  103. PROCESS_NAME: Test.exe

  105. ADDITIONAL_DEBUG_TEXT:
  106. Use '!findthebuild' command to search for the target build information.
  107. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

  109. MODULE_NAME: Test

  111. FAULTING_MODULE: 7c920000 ntdll

  113. DEBUG_FLR_IMAGE_TIMESTAMP: 4fc48236

  115. ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

  117. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

  119. EXCEPTION_PARAMETER1: 00000001

  121. EXCEPTION_PARAMETER2: 00000001

  123. WRITE_ADDRESS: 00000001

  125. FOLLOWUP_IP:
  126. Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
  127. 00401ca6 c6400100 mov byte ptr [eax+1],0

  129. FAULTING_THREAD: 00001450

  131. BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_WRONG_SYMBOLS

  133. PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE

  135. DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

  137. LAST_CONTROL_TRANSFER: from 00401c9c to 00401ca6

  139. STACK_TEXT:
  140. 0012f89c 00401c9c 00000000 0012f8b4 00401c8c Test!CTestDlg::Fun3+0x6 [C:\Test\TestDlg.cpp @ 141]
  141. 0012f8a8 00401c8c 00000000 0012f8cc 00401f27 Test!CTestDlg::Fun2+0xc [C:\Test\TestDlg.cpp @ 137]
  142. 0012f8b4 00401f27 00000000 73d323eb 73dcf07c Test!CTestDlg::Fun1+0xc [C:\Test\TestDlg.cpp @ 132]
  143. 0012f8bc 73d323eb 73dcf07c 00000111 0012f8fc Test!CTestDlg::OnOK+0x7 [C:\Test\TestDlg.cpp @ 242]
  144. WARNING: Stack unwind information not available. Following frames may be wrong.
  145. 0012f8cc 73d322fd 0012fe94 00000001 00000000 mfc42!Ordinal567+0xa2
  146. 0012f8fc 73d976e5 00000001 00000000 00000000 mfc42!Ordinal4424+0x108
  147. 0012f920 73d33094 00000001 00000000 00000000 mfc42!Ordinal4431+0x1b
  148. 0012f970 73d31b58 00000000 0014120e 0012fe94 mfc42!Ordinal4441+0x51
  149. 0012f9f0 73d31b07 00000111 00000001 0014120e mfc42!Ordinal5163+0x2f
  150. 0012fa10 73d31a78 00000111 00000001 0014120e mfc42!Ordinal6374+0x22
  151. 0012fa70 73d319d0 0012fe94 00000000 00000111 mfc42!Ordinal1109+0x91
  152. 0012fa90 73dbe47c 0018124c 00000111 00000001 mfc42!Ordinal1578+0x34
  153. 0012fabc 77d18734 0018124c 00000111 00000001 mfc42!Ordinal1579+0x39
  154. 0012fae8 77d18816 73dbe443 0018124c 00000111 user32!GetDC+0x6d
  155. 0012fb50 77d2927b 00000000 73dbe443 0018124c user32!GetDC+0x14f
  156. 0012fb8c 77d292e3 006d5120 007101c8 00000001 user32!GetParent+0x16c
  157. 0012fbac 77d4ff7d 0018124c 00000111 00000001 user32!SendMessageW+0x49
  158. 0012fbc4 77d465d2 007156c0 00000000 007156c0 user32!CreateMDIWindowA+0x1bd
  159. 0012fbe0 77d25e94 001530ec 00000001 00000000 user32!DeregisterShellHookWindow+0x6312
  160. 0012fc64 77d3b082 007156c0 00000202 00000000 user32!IsDlgButtonChecked+0x109a
  161. 0012fc84 77d18734 0014120e 00000202 00000000 user32!SoftModalMessageBox+0xda3
  162. 0012fcb0 77d18816 77d3b036 0014120e 00000202 user32!GetDC+0x6d
  163. 0012fd18 77d189cd 00000000 77d3b036 0014120e user32!GetDC+0x14f
  164. 0012fd78 77d18a10 00404314 00000000 0012fdac user32!GetWindowLongW+0x127
  165. 0012fd88 77d274ff 00404314 00404314 0040431c user32!DispatchMessageW+0xf
  166. 0012fdac 77d3c6d3 0018124c 007156c0 00404314 user32!IsDialogMessageW+0xdb
  167. 0012fdcc 73d45202 0018124c 00404314 0012fe94 user32!IsDialogMessage+0x4a
  168. 0012fddc 73d39be0 00404314 73d451ce 00404314 mfc42!Ordinal4047+0x2f
  169. 0012ff00 73d3c1cf 006f0072 00142373 00000000 mfc42!Ordinal5278+0x29
  170. 004034c0 00401c20 004019f0 00401a00 00401a10 mfc42!Ordinal1576+0x47
  171. 004034c4 004019ef 00401a00 00401a10 00402130 Test!CTestDlg::`scalar deleting destructor'
  172. 004034c8 004019ff 00401a10 00402130 0040212a Test!CTestDlg::~CTestDlg+0xf
  173. 004034cc 00401a0f 00402130 0040212a 0040203a Test!CObject::Serialize+0xf
  174. 004034d0 00402130 0040212a 0040203a 00402034 Test!CObject::AssertValid+0xf
  175. 004034d4 0040212a 0040203a 00402034 0040202e Test!CDialog::OnCmdMsg
  176. 004034d8 0040203a 00402034 0040202e 00402028 Test!CWnd::OnFinalRelease
  177. 004034dc 00402034 0040202e 00402028 00402022 Test!CCmdTarget::IsInvokeAllowed
  178. 004034e0 0040202e 00402028 00402022 00401c70 Test!CCmdTarget::GetDispatchIID
  179. 004034e4 00402028 00402022 00401c70 0040201c Test!CCmdTarget::GetTypeInfoCount
  180. 004034e8 00402022 00401c70 0040201c 00402016 Test!CCmdTarget::GetTypeLibCache
  181. 004034ec 00401c6f 0040201c 00402016 00402010 Test!CCmdTarget::GetTypeLib
  182. 004034f0 0040201c 00402016 00402010 0040200a Test!CTestDlg::_GetBaseMessageMap+0xf
  183. 004034f4 00402016 00402010 0040200a 00402004 Test!CCmdTarget::GetCommandMap
  184. 004034f8 00402010 0040200a 00402004 00401ffe Test!CCmdTarget::GetDispatchMap
  185. 004034fc 0040200a 00402004 00401ffe 00401ff8 Test!CCmdTarget::GetConnectionMap
  186. 00403500 00402004 00401ffe 00401ff8 00401ff2 Test!CCmdTarget::GetInterfaceMap
  187. 00403504 00401ffe 00401ff8 00401ff2 00401fec Test!CCmdTarget::GetEventSinkMap
  188. 00403508 00401ff8 00401ff2 00401fec 00402124 Test!CCmdTarget::OnCreateAggregates
  189. 00403608 004022fc 00402310 00000000 19930520 Test!CCmdTarget::GetInterfaceHook
  190. 0040360c 00402310 00000000 19930520 00000008 Test!WinMainCRTStartup+0x13e
  191. 00403610 00000000 19930520 00000008 00403638 Test!WinMainCRTStartup+0x152


  194. STACK_COMMAND: ~0s; .ecxr ; kb

  196. FAULTING_SOURCE_CODE:
  197. 137: }
  198. 138:
  199. 139: void CTestDlg::Fun3(char *pszBuffer)
  200. 140: {
  201. > 141: pszBuffer[1] = 0x00;
  202. 142: }
  203. 143:
  204. 144: BOOL CTestDlg::OnInitDialog()
  205. 145: {
  206. 146: CDialog::OnInitDialog();


  209. SYMBOL_STACK_INDEX: 0

  211. SYMBOL_NAME: Test!CTestDlg::Fun3+6

  213. FOLLOWUP_NAME: MachineOwner

  215. IMAGE_NAME: Test.exe

  217. BUCKET_ID: WRONG_SYMBOLS

  219. FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_c0000005_Test.exe!CTestDlg::Fun3

  221. WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Test_exe/1_0_0_1/4fc48236/Test_exe/1_0_0_1/4fc48236/c0000005/00001ca6.htm?Retriage=1

  223. Followup: MachineOwner
  224. ---------
复制代码
OK ,这样我们就能在发布版本的程序中,准确的定位到哪个函数出了问题,所以发布程序时,一定要记得生成pdb、map文件,不然客户运行出错的话,你不死也残!
测试工程下载地址:

利用WinDbg找出程序崩溃的代码行号第9张DumpTest.rar
原文链接:
http://blog.csdn.net/wangningyu/article/details/6748138

标签:#test#windbg | 浏览:303 | 发布日期:

免责声明:文章转载自《利用WinDbg找出程序崩溃的代码行号》仅用于学习参考。如对内容有疑问,请及时联系本站处理。

上篇Sql Server查询性能优化之走出索引的误区SQL Server 2016 CTP2.2 的关键特性下篇

宿迁高防,2C2G15M,22元/月;香港BGP,2C5G5M,25元/月 雨云优惠码:MjYwNzM=

相关文章

shell脚本编写

一、shell script概念 可以将shell终端解释器作为人与计算机硬件之间的“翻译官”,作为用户与Linux系统内部的通信媒介。 shell脚本命令的工作方式: 1.交互式(Interactive):用户每输入一条命令就立刻执行。 2.批处理(Batch):由用户事先编写好一个完整的shell脚本,脚本会一次性执行完所有的命令。 在shell sc...

Python-单元测试 unittest &amp;amp; HTMLTestRunner模块产生的测试报告

 1、单元测试: ——开发程序的人测已经已经写好的代码。 unittest框架,执行的顺序是按照方法名的字母来排序的 setUpClass方法是最开始执行的,只会执行一次 tearDownClass是最后执行的,只会执行一次 setUp方法是在每个测试用例执行前会执行 tearDown方法是在每个用例执行后会执行 import unittest de...

Visual Studio 2008 中程序路径配置 .

Visual Studio 2008 环境变量的配置(改为:Visual Studio 2008 中程序路径配置 更合理) 在调试 Visual Studio 2008 程序时,经常有一些动态链接库(即 dll 文件)需要加载到工程里,这样才能依赖第三方库进行程序调试。 这些动态链接库,往往都是测试版本或是开发中的版本,或者会有若干个版本;这个时候,...

Pytest自动化测试

Allure除了具有Pytest基本状态外,其他几乎所有功能也都支持。 1、严重性 如果你想对测试用例进行严重等级划分,可以使用 @allure.severity 装饰器,它可以应用于函数,方法或整个类。 它以 allure.severity_level 枚举值作为参数,分别为:BLOCKER(中断),CRITICAL(严重),NORMAL(常规),...

Linux命令集合

批量改名文件 for var in `ls *.bak`;do mv -f "$var" `echo "$var"|sed 's/....$//'`;done //将去除文件名字后面的 .bak for var in `ls *.bak`;do mv -f "$var" `echo "$var"|sed 's/...$/xxx/'`;done /...

sysbench对自装MySQL数据库进行基准测试

一、 安装sysbench wget https://packagecloud.io/install/repositories/akopytov/sysbench/script.rpm.sh chmod +x script.rpm.sh ./script.rpm.sh yum install -y sysbench 二、准备测试表 sysbench //...

最新文章

随机推荐

思享工具箱导航