如何查找“访问冲突”的来源?

时间:2014-04-18 13:21:45

标签: windbg access-violation winmm mci windows-error-reporting

简而言之,我有一个C#应用程序执行大量mciSendString调用(通过dllimport)来控制wav文件播放(基本上是打开,播放,暂停,停止,状态,关闭)。运行一段时间后,应用程序会在没有通知的情况下崩溃并发生“访问冲突”。

即使我从我的vs2012运行应用程序,但Visual Studio却没有捕获到异常。即使在异常情况下强行中断也是如此。选项,我从vs2012调试它没有运气。所以我设置WER来生成崩溃转储,我使用windbg和psscor2.dll插件来调试它。

然后按顺序,使用以下命令,这是我得到的(为了可读性而缩短为必要的):

$> .ecxr 

eax=00000001 ebx=00000000 ecx=00000401 edx=00000000 esi=049725b8 edi=00000002
eip=4e88159e esp=0a4efa38 ebp=0a4efa54 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010216
<Unloaded_mciwave.dll>+0x159e:
4e88159e ??              ???

$&GT;〜* kb的 

#  19  Id: 105c.28cc Suspend: 1 Teb: 7ef06000 

Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageA+0xa1
winmm!mciwindow+0x102
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b

# 30  Id: 105c.15f8 Suspend: 0 Teb: 7ef1b000 Unfrozen
ntdll!ZwWaitForMultipleObjects+0x15
KERNELBASE!WaitForMultipleObjectsEx+0x100
kernel32!WaitForMultipleObjectsExImplementation+0xe0
kernel32!WaitForMultipleObjects+0x18
kernel32!WerpReportFaultInternal+0x186
kernel32!WerpReportFault+0x70
kernel32!BasepReportFault+0x20
kernel32!UnhandledExceptionFilter+0x1af
ntdll!__RtlUserThreadStart+0x62
ntdll!_EH4_CallFilterFunc+0x12
ntdll!_except_handler4+0x8e
ntdll!ExecuteHandler2+0x26
ntdll!ExecuteHandler+0x24
ntdll!RtlDispatchException+0x127
ntdll!KiUserExceptionDispatcher+0xf
WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e

#  31  Id: 105c.2310 Suspend: 1 Teb: 7ef00000 Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageW+0x33
mciwave!TaskBlock+0x1d
mciwave!PlayFile+0xcb
mciwave!mwTask+0x98
winmm!mmStartTask+0x22
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b:

$&gt;!analyze -v 

FAULTING_IP: 
mciwave_4e880000!TaskBlock+1d
4e88159e ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 4e88159e (mciwave_4e880000!TaskBlock+0x0000001d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000008
   Parameter[1]: 4e88159e
Attempt to execute non-executable address 4e88159e

PROCESS_NAME:  Titan.vshost.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000008

EXCEPTION_PARAMETER2:  4e88159e

WRITE_ADDRESS:  4e88159e 

FOLLOWUP_IP: 
mciwave_4e880000!TaskBlock+1d
4e88159e ??              ???

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x15f8 (30)
 ====> Exception cxr@a4ef750

FAULTING_THREAD:  000015f8

BUGCHECK_STR:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS

PRIMARY_PROBLEM_CLASS:  SOFTWARE_NX_FAULT_CODE

DEFAULT_BUCKET_ID:  SOFTWARE_NX_FAULT_CODE

LAST_CONTROL_TRANSFER:  from 4e881999 to 4e88159e

STACK_TEXT:  
0a4efa54 4e881999 0a4efa88 078db198 078db1a4 mciwave_4e880000!TaskBlock+0x1d
0a4efa68 74370ae5 00038edc 00000000 00000000 mciwave_4e880000!mwTask+0x45
0a4efa88 7670338a 078db198 0a4efad4 76f99f72 winmm!mmStartTask+0x22
0a4efa94 76f99f72 078db198 79f84a28 00000000 kernel32!BaseThreadInitThunk+0xe
0a4efad4 76f99f45 74370ac3 078db198 00000000 ntdll!__RtlUserThreadStart+0x70
0a4efaec 00000000 74370ac3 078db198 00000000 ntdll!_RtlUserThreadStart+0x1b


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  mciwave!TaskBlock+1d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mciwave_4e880000

IMAGE_NAME:  mciwave.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bcb4a

STACK_COMMAND:  ~30s; .ecxr ; kb

FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_CODE_c0000005_mciwave.dll!TaskBlock

BUCKET_ID:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS_mciwave!TaskBlock+1d

Followup: MachineOwner
---------

异常似乎发生在Unloaded_mciwave.dll的第30号线程中,但我不知道如何进一步调试..我怎样才能更好地了解它的内容?

我怎样才能了解这两行之间发生的事情?

ntdll!KiUserExceptionDispatcher+0xf
--> WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e

提前感谢您的帮助。

1 个答案:

答案 0 :(得分:5)

您应该通过在调试器中重新加载DLL来获取更多详细信息。

为此您需要:

lmvm mciwave.dll
start             end                 module name

Unloaded modules:
e6510000 e6548000   mciwave.dll
    Timestamp: Fri Oct 14 12:00:00 2011 (4E98E6E2)
    Checksum:  0003E937
    ImageSize:  00038000

您需要设置符号和执行路径,以便调试器可以找到DLL和PDB(如果您的机器中有它,则不应该出现问题)。然后就可以了

.reload mciwave.dll=e6510000,00038000
DBGHELP: <path>\mciwave.dll - OK

现在,如果你再次!analyze -v,它应该给你正确的调用堆栈。

相关问题
最新问题