分析WinDbg中的崩溃

时间:2012-08-28 17:00:21

标签: c++ .net windbg

我有一个.NET应用程序,有时会在退出时崩溃。引擎盖下面还有一堆COM和原生内容。它是在Windows 7 x64上运行的x86应用程序。

我已经浏览了一些WinDbg教程,我我正在执行合理的步骤来获取有用的信息,但堆栈跟踪本身并没有响起任何响铃。

其他一些花絮:

  • 我可以非常一致地重现这一点,比如75%的时间。
  • 如果我清理线程(很多Thread.Abort()),它可以重现20%的时间
  • 运行相同的程序,我看到的堆栈跟踪与下面的堆栈跟踪完全不同

我正在使用32位WinDbg。这是我一直在使用的一般过程:

  • 直接从WinDbg
    • 打开可执行文件
  • 将符号路径设置为:SRV*c:\sym*http://msdl.microsoft.com/download/symbols
  • 输入:.loadby sos clr
  • 使用该应用程序,并使其崩溃

崩溃后,我得到输出:

(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1fd0): Unknown exception - code c000000d (first chance)
(a38.1fd0): Unknown exception - code c000000d (!!! second chance !!!)
eax=00000000 ebx=004dea1c ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778715de esp=004dea08 ebp=004def50 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwRaiseException+0x12:
778715de 83c404          add     esp,4

如果我输入~,我只会获得一个帖子: . 0 Id: a38.1fd0 Suspend: 1 Teb: 7efdd000 Unfrozen

现在,如果我输入!analyze -v,我会得到一个很大的堆栈跟踪:

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************
[ a bunch of symbol stuff loading here ]

FAULTING_IP: 
ntdll!TpReleaseCleanupGroupMembers+276
778e4f52 a1b4009577      mov     eax,dword ptr [ntdll!TppLogpRoutine (779500b4)]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 778e4f52 (ntdll!TpReleaseCleanupGroupMembers+0x00000276)
   ExceptionCode: c000000d
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00001fd0

PROCESS_NAME:  XXXXX.exe

ERROR_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.

EXCEPTION_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  004dea6c -- (.cxr 0x4dea6c)
eax=004deee0 ebx=00000001 ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778e4f52 esp=004deed0 ebp=004def50 iopl=0         nv up ei ng nz ac pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000297
ntdll!TpReleaseCleanupGroupMembers+0x276:
778e4f52 a1b4009577      mov     eax,dword ptr [ntdll!TppLogpRoutine (779500b4)] ds:002b:779500b4=00000000
Resetting default scope

STACK_ADDR_RAW_STACK_SYMBOL: 4deb4c

ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[ffffffff]

LAST_CONTROL_TRANSFER:  from 00000000 to 77883c04

DEFAULT_BUCKET_ID:  STATUS_INVALID_PARAMETER

PRIMARY_PROBLEM_CLASS:  STATUS_INVALID_PARAMETER

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_INVALID_PARAMETER

STACK_TEXT:  
778e4f52 ntdll!TpReleaseCleanupGroupMembers+0x276
72630d69 AUDIOSES!DllCanUnloadNow+0x42
7565b5f4 ole32!CClassCache::CDllPathEntry::CanUnload_rl+0x3b
7565b771 ole32!CClassCache::FreeUnused+0x83
7565b68f ole32!CoFreeUnusedLibrariesEx+0x36
756a0ccb ole32!CoFreeUnusedLibraries+0x9
15e2f549 GxMetadata+0xf549
15e45e3d GxMetadata!DllCanUnloadNow+0x1686d
77889950 ntdll!LdrpCallInitRoutine+0x14
7789d6b2 ntdll!LdrShutdownProcess+0x1aa
7789d554 ntdll!RtlExitUserProcess+0x74
754279f4 KERNEL32!ExitProcessStub+0x12
720642f0 mscoreei!RuntimeDesc::ShutdownAllActiveRuntimes+0x29c
72064321 mscoreei!CLRRuntimeHostInternalImpl::ShutdownAllRuntimesThenExit+0x15
5ea18580 clr!EEPolicy::ExitProcessViaShim+0x66
5ea1862f clr!SafeExitProcess+0x122
5e9638a9 clr!DisableRuntime+0x120
5e963905 clr!EEPolicy::HandleExitProcess+0x5c
5e9b8af8 clr!_CorExeMainInternal+0xdd
5e9b3a30 clr!_CorExeMain+0x4e
720555ab mscoreei!_CorExeMain+0x38
72f67f16 MSCOREE!ShellShim__CorExeMain+0x99
72f64de3 MSCOREE!_CorExeMain_Exported+0x8
7542339a KERNEL32!BaseThreadInitThunk+0xe
77889ef2 ntdll!__RtlUserThreadStart+0x70
77889ec5 ntdll!_RtlUserThreadStart+0x1b


FOLLOWUP_IP: 
AUDIOSES!DllCanUnloadNow+42
72630d69 ff3514d06472    push    dword ptr [AUDIOSES!_AudioClientThreadpoolCleanupGroup (7264d014)]

编辑1 :(附加信息)

!clrstack 

OS Thread Id: 0x1fd0 (0)
Child SP IP       Call Site
GetFrameContext failed: 1

!线程

ThreadCount:      7
UnstartedThread:  0
BackgroundThread: 4
PendingThread:    0
DeadThread:       3
Hosted Runtime:   no
                                   PreEmptive   GC Alloc                Lock
       ID  OSID ThreadOBJ    State GC           Context       Domain   Count APT Exception
   0    1  1fd0 005afe88     16220 Enabled  03051294:03051e6c 00578550     0 STA
XXXX    2   e5c 005801d0      b220 Enabled  0305a22c:0305be6c 00578550     0 MTA (Finalizer)
XXXX    3       00641258     19820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    4       06e4b800    819820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    5  18a0 081be620   200b220 Enabled  00000000:00000000 00578550     1 MTA
XXXX    8       081d5e18    819820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    7   158 07ed78d8       220 Enabled  00000000:00000000 00578550     0 Ukn

1 个答案:

答案 0 :(得分:5)

看起来像ntdll!TpReleaseCleanupGroupMembers(与kernel32!CloseThreadpoolCleanupGroupMembers相同 - 你可以在msdn上查找)函数(从故障堆栈顶部)不喜欢在进程关闭时被调用down - 在这种情况下抛出你看到的异常(无效参数)。

由于堆栈中存在另外两个库( audioses gxmetadata ),我猜测某些对象被破坏/释放的方式为时已晚。 audioses.dll 似乎是Core Audio API库,不确定gxmetadata.dll - 你能解释一下这些吗?

相关问题
最新问题