无法使用windbg或Visual Studio 2012/13查看堆栈跟踪

时间:2014-09-11 20:46:49

标签: windows visual-studio-2012 windbg visual-studio-debugging debug-symbols

即使给出了正确的PDB符号,我也看不到堆栈跟踪,它可以告诉我函数调用。堆栈文本仅显示msvcr120。此崩溃也仅发生在客户机器上。我想知道是否缺少我们需要安装的msvcr120。这是我在windbg中可以看到的:

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007fffc113dd27 (msvcr120+0x000000000006dd27)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000005

CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
rax=aaaaaaaaaaaaaaaa rbx=0000000000000000 rcx=aaaaaaaaaaaaaaaa
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007fffc113dd27 rsp=000000e40cd261c0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=aaaaaaaaaaaaaaaa r12=000000e40c3076b0 r13=0000000000000000
r14=000000000000005c r15=000000e40c3051d0
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
msvcr120+0x6dd27:
00007fff`c113dd27 cd29            int     29h

PROCESS_NAME:  <removed>

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1:  0000000000000005

NTGLOBALFLAG:  0

APP:  <removed>

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

FAULTING_THREAD:  0000000000005188

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP

PRIMARY_PROBLEM_CLASS:  INVALID_ARG_FAILURE_SEHOP

DEFAULT_BUCKET_ID:  INVALID_ARG_FAILURE_SEHOP

LAST_CONTROL_TRANSFER:  from 0000000000000000 to 00007fffc113dd27

STACK_TEXT:  
000000e4`0cd261c0 00000000`00000000 : 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa 00000000`00000000 : msvcr120+0x6dd27


STACK_COMMAND:  ~5s; .ecxr ; kb

FOLLOWUP_IP: 
msvcr120+6dd27
00007fff`c113dd27 cd29            int     29h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  msvcr120+6dd27

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcr120

IMAGE_NAME:  msvcr120.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  524f83ff

FAILURE_BUCKET_ID:  INVALID_ARG_FAILURE_SEHOP_c0000409_msvcr120.dll!Unknown

BUCKET_ID:  APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP_msvcr120+6dd27

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_arg_failure_sehop_c0000409_msvcr120.dll!unknown

FAILURE_ID_HASH:  {6c95a838-d91e-9c26-c623-f4edddde2886}

Followup: MachineOwner
---------

0:005> k
Child-SP          RetAddr           Call Site
000000e4`0cd261c0 00000000`00000000 msvcr120+0x6dd27

(顺便说一句,我已经尝试了所有可能的建议,我发现在提问之前在stackoverflow和其他地方获得堆栈跟踪)

1 个答案:

答案 0 :(得分:0)

根据上面的输出,您没有msvcr120的有效符号。第一步是尝试获得这些。如果您无法获取符号,或者您确实获得了符号,但仍然无法获得良好的堆栈跟踪,那么您应该使用dqs并尝试手动遍历堆栈。