WinDbg没有显示有用的信息

时间:2009-07-31 17:46:55

标签: debugging windbg

首先让我说我是一个完整的WinDbg菜鸟,所以这可能是一个简单的问题......

我有一个应用程序(“MyApp” - 名称已更改,以保护无辜者!)我正在尝试调试,因为它正在抛出异常。这只发生在用户机器上 - 我无法在我的开发机器上重现它。所以我在用户机器上设置了DebugDiag并捕获了一个完整的转储。然后我在WinDbg中加载转储并执行analyze -vkp以试图弄清楚发生了什么......但这些似乎都没有给我提供我正在寻找的信息 - 导致问题的行的函数(希望是行号)...我想通过在符号文件路径中指定'MyApp.pdb'的路径来加载符号文件:

srv*c:\symcache*http://msdl.microsoft.com/download/symbols;srv*c:\symcache*C:\dev\Customer\MyAppSln\MyApp\Debug

首先,这是kp的输出:

0:004> kp
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0502f474 7c347966 MyApp!DllMain+0x3e8a6
0502f4bc 7c3a2448 msvcr71!_nh_malloc(unsigned int size = <Memory access error>, int nhFlag = <Memory access error>)+0x24 [f:\vs70builds\3052\vc\crtbld\crt\src\malloc.c @ 117]
0502f57c 7c3416b3 msvcp71!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Tidy(bool _Built = <Memory access error>, unsigned int _Newsize = <Memory access error>)+0x45 [f:\vs70builds\3077\vc\crtbld\crt\src\xstring @ 1520]
0502f610 7c3a32de msvcr71!_heap_alloc(unsigned int size = <Memory access error>)+0xe0 [f:\vs70builds\3052\vc\crtbld\crt\src\malloc.c @ 212]
0502f620 7c3b3f63 msvcp71!wmemcpy(wchar_t * _S1 = 0x04e463b9 "Ҹ???", wchar_t * _S2 = 0xffffffff "--- memory read error at address 0xffffffff ---", unsigned int _N = 0x4e25212)+0x14 [f:\vs70builds\3077\vc\crtbld\crt\src\wchar.h @ 843]
0502f640 04e463b9 msvcp71!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign(class std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > * _Right = 0xffffffff, unsigned int _Roff = 0x4e25212, unsigned int _Count = 2)+0x7c [f:\vs70builds\3077\vc\crtbld\crt\src\xstring @ 601]
0502f770 04df1077 MyApp!DllMain+0x65329
0502f824 04e01b35 MyApp!DllMain+0xffe7
0502ff08 04dfe034 MyApp!DllMain+0x20aa5
0502ff48 04dfde4f MyApp!DllMain+0x1cfa4
0502ff88 7648d0e9 MyApp!DllMain+0x1cdbf
0502ffc4 773499f9 kernel32!BaseThreadInitThunk+0xe
0502ffd4 7738198e ntdll!RtlQueryInformationAcl+0x8b
0502ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

我专门尝试解码的行是'MyApp!DllMain + 0x65329',因为这是似乎正在执行的最后一行,并且错误发生在malloc调用中,这显然是异常的地方被抛出。我做错了什么使它只显示模块和偏移而不是源文件和行号?

我也不确定为什么malloc调用上方的行再次回到MyApp中 - 也许有人可以解释一下。

以防万一,这是'analyze -v'的输出:

0:004> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for MyApp.exe
*** ERROR: Module load completed but symbols could not be loaded for MyApp.exe
*** WARNING: Unable to verify checksum for ThirdPartyDll.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ThirdPartyDll.dll - 
*** WARNING: Unable to verify checksum for mdnsNSP.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for mdnsNSP.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for SLC.dll - 

FAULTING_IP: 
MyApp!DllMain+3e8a6
04e1f936 8b16            mov     edx,dword ptr [esi]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 04e1f936 (MyApp!DllMain+0x0003e8a6)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

PROCESS_NAME:  MyApp.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

READ_ADDRESS:  00000000 

FOLLOWUP_IP: 
msvcr71!_heap_alloc+e0 [f:\vs70builds\3052\vc\crtbld\crt\src\malloc.c @ 212]
7c3416b3 e88e0c0000      call    msvcr71!__SEH_epilog (7c342346)

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

LAST_CONTROL_TRANSFER:  from 00000000 to 773bbb33

FAULTING_THREAD:  ffffffff

BUGCHECK_STR:  APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_freelists_corruption_NULL_POINTER_READ_SHUTDOWN

PRIMARY_PROBLEM_CLASS:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_freelists_corruption_SHUTDOWN

DEFAULT_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_freelists_corruption_SHUTDOWN

STACK_TEXT:  
773bbb33 ntdll!RtlpAllocateHeap+0x7ad
773a6e0c ntdll!RtlAllocateHeap+0x1e3
7c3416b3 msvcr71!_heap_alloc+0xe0


FAULTING_SOURCE_CODE:  
No source found for 'f:\vs70builds\3052\vc\crtbld\crt\src\malloc.c'


SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  msvcr71!_heap_alloc+e0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcr71

IMAGE_NAME:  msvcr71.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  3e561eac

STACK_COMMAND:  dds 7740c078 ; kb

FAILURE_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_freelists_corruption_SHUTDOWN_c0000005_msvcr71.dll!_heap_alloc

BUCKET_ID:  APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_freelists_corruption_NULL_POINTER_READ_SHUTDOWN_msvcr71!_heap_alloc+e0

2 个答案:

答案 0 :(得分:7)

如果你认为PDB应该在你的符号路径中,你应该运行这样的东西:

!sym noisy
.reload MyApp.dll
kp

!sym noisy导致调试器提供更详细的信息,说明为什么它无法加载符号 - 没有找到MyApp.pdb,找不到匹配等等。这将帮助您找出它没有加载符号的原因。 !sym noisy再次关闭详细符号输出。

答案 1 :(得分:5)

设置符号的路径时,是否重新加载了它们?

.reload

我不确定你的添加

srv*c:\symcache*C:\dev\Customer\MyAppSln\MyApp\Debug

到符号路径具有所需的效果。 我通常首先列出.sympath中的所有本地路径,作为最后一步,我使用.symfix +来使用微软符号服务器配置公共符号:

.sympath C:\dev\Customer\MyAppSln\MyApp\Debug
.symfix+ c:\symcache

列出本地路径背后的基本原理首先是调试器不必检查远程服务器上的pdbs(反正不存在),而不是简单地在本地检索它们。

无论如何,你的问题是没有加载MyApp的符号,因此堆栈行走不是很有效。 调试器从顶部开始向后移动堆栈,这就是您看到MyApp的原因 - 这是发生访问冲突的地方。 现在,由于调试器此时没有符号,因此它只能猜测哪个调用链已导致该函数位于顶部。 并且通过误导路径猜测它是错误的。

相关问题
最新问题