如何使用windbg确定崩溃原因(ntdll!KiFastSystemCallRet)?

时间:2013-10-14 11:58:37

标签: c++ .net exception windbg

当我将可执行文件附加到windbg时,崩溃时的最后一行输出如下所示。如何确定崩溃的实际原因?

ModLoad: 673f0000 6748d000   C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll
(ab0.6c4): C++ EH exception - code e06d7363 (first chance)
(ab0.6c4): C++ EH exception - code e06d7363 (first chance)
(ab0.6c4): C++ EH exception - code e06d7363 (first chance)
(ab0.6c4): C++ EH exception - code e06d7363 (first chance)
(ab0.6c4): C++ EH exception - code e06d7363 (first chance)
(ab0.6c4): CLR exception - code e0434f4d (first chance)
ModLoad: 5e3a0000 5e42d000   c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
eax=01bf1e08 ebx=0b716d48 ecx=01bf1e08 edx=00000001 esi=0fa3f580 edi=0fa3f90c
eip=7c90e514 esp=0fa3f52c ebp=0fa3f53c iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
ntdll!KiFastSystemCallRet:
7c90e514 c3              ret

k的输出是:

ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0fa3f53c 03659c32 ntdll!KiFastSystemCallRet
0fa3f568 7a9c6ba2 0x3659c32
0fa3f6b8 792d7026 System_ni+0x586ba2
0fa3f6c4 792e04af mscorlib_ni+0x217026
0fa3f6d8 792d6fa4 mscorlib_ni+0x2204af
0fa3f6f0 79e71b4c mscorlib_ni+0x216fa4
0fa3f700 79e88e15 mscorwks!CallDescrWorker+0x33
0fa3f780 79e96431 mscorwks!CallDescrWorkerWithHandler+0xa3
0fa3f8b8 79e96464 mscorwks!MethodDesc::CallDescr+0x19c
0fa3f8d4 79e96482 mscorwks!MethodDesc::CallTargetWorker+0x1f
0fa3f8ec 79f0f97f mscorwks!MethodDescCallSite::CallWithValueTypes_RetArgSlot+0x1a
0fa3fad4 79e9b04f mscorwks!ThreadNative::KickOffThread_Worker+0x192
0fa3fae8 79e9afeb mscorwks!Thread::DoADCallBack+0x32a
0fa3fb7c 79e9af11 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3
0fa3fbb8 79e9b09d mscorwks!Thread::ShouldChangeAbortToUnload+0x30a
0fa3fbe0 79f0f750 mscorwks!Thread::ShouldChangeAbortToUnload+0x33e
0fa3fbf8 79f0f82a mscorwks!ManagedThreadBase::KickOff+0x13
0fa3fc94 79fc44a1 mscorwks!ThreadNative::KickOffThread+0x269
0fa3ffb4 7c80b729 mscorwks!Thread::intermediateThreadProc+0x49
0fa3ffec 00000000 KERNEL32!BaseThreadStart+0x37

1 个答案:

答案 0 :(得分:0)

当您粘贴的前几行显示时,请运行

.loadby sos mscorwks

!pe

e0434f4d表示发生了.NET异常,!pe应该显示它是什么。

使用WinDbg捕获崩溃转储而不是实时调试更常见,因为您可能不熟悉WinDbg。