Question

我正在为AppCrash_w3wp进行内存转储分析。当我做一个！analyze -v时，我得到以下结果。

我的符号设置有问题吗？或者这个分析指出了一些实际问题？有人可以指导我如何进一步分析这个吗？

====产品：＆gt;

*** WARNING: Unable to verify timestamp for webengine4.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\54c5d3ee1f311718f3a2feb337c5fa29\mscorlib.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\987d450520ea6e815c63db8aecba0761\System.Data.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Data.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mvc\9f9155f1c13562534f6cb370b0ad8381\System.Web.Mvc.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.Mvc.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for System.Web.Mvc.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\cb6d38da3ca9a62afed46123b693899e\System.Web.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System\4598449d72d7ebbd53952399ed5fc710\System.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify timestamp for alk_dalkutil64.dll
*** ERROR: Module load completed but symbols could not be loaded for alk_dalkutil64.dll

FAULTING_IP: 
KERNELBASE!RaiseException+39
000007fe`fda8940d 4881c4c8000000  add     rsp,0C8h

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fefda8940d (KERNELBASE!RaiseException+0x0000000000000039)
   ExceptionCode: e0434352 (CLR exception)
  ExceptionFlags: 00000001
NumberParameters: 5
   Parameter[0]: ffffffff80004003
   Parameter[1]: 0000000000000000
   Parameter[2]: 0000000000000000
   Parameter[3]: 0000000000000000
   Parameter[4]: 000007fefa140000

CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
rax=0000000001470000 rbx=000000001791d5d0 rcx=0000000001470000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077be186a rsp=000000001791d498 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000040 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=000000001791d540
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwWaitForMultipleObjects+0xa:
00000000`77be186a c3              ret

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PROCESS_NAME:  w3wp.exe

ERROR_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>

EXCEPTION_PARAMETER1:  ffffffff80004003

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_PARAMETER3:  0000000000000000

EXCEPTION_PARAMETER4: 0

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

APP:  w3wp.exe

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

MANAGED_STACK: 

EXCEPTION_OBJECT: !pe 103f98b08
Exception object: 0000000103f98b08
Exception type:   System.AccessViolationException
Message:          Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
InnerException:   <none>
StackTrace (generated):
<none>
StackTraceString: <none>
HResult: 80004003

MANAGED_OBJECT: !dumpobj ffb11420
Name:        System.String
MethodTable: 000007fef8886500
EEClass:     000007fef81a3750
Size:        26(0x1a) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
0000000000000000  40000aa        8         System.Int32  1 instance                0 m_stringLength
0000000000000000  40000ab        c          System.Char  1 instance                0 m_firstChar
000007fef8886500  40000ac       18        System.String  0   shared           static Empty
                                 >> Domain:Value  0000000002488520:NotInit  0000000002576750:NotInit  <<

EXCEPTION_MESSAGE:  Attempted to read or write protected memory. This is often an indication that other memory is corru

MANAGED_OBJECT_NAME:  SYSTEM.ACCESSVIOLATIONEXCEPTION

MANAGED_STACK_COMMAND:  ** Check field   _remoteStackTraceString **;!do 103f98b08;!do ffb11420

LAST_CONTROL_TRANSFER:  from 000007fefa35565b to 000007fefda8940d

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION

STACK_TEXT:  
00000000`00000000 00000000`00000000 w3wp!Unknown+0x0


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  w3wp!Unknown

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: w3wp

IMAGE_NAME:  w3wp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7afa2

STACK_COMMAND:  ** Check field   _remoteStackTraceString **;!do 103f98b08;!do ffb11420 ; ** Pseudo Context ** ; kb

FAILURE_BUCKET_ID:  WRONG_SYMBOLS_e0434352_w3wp.exe!Unknown

BUCKET_ID:  X64_APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION_w3wp!Unknown

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:wrong_symbols_e0434352_w3wp.exe!unknown

FAILURE_ID_HASH:  {419a5b7f-31d5-d77e-cd0e-fe26c9258bfb}

Followup: MachineOwner

=== 于9月25日编辑

我已经设置了一个环境变量 _NT_SYMBOL_PATH - symsrv * symsrv.dll * C：\ Windows \ symbols * http://msdl.microsoft.com/download/symbols

我想知道为什么不动态加载所有符号？

我做了一个.symfix; .reload 我有时会得到提示。然后我在屏幕上得到了很多....并且常规提示又回来了。

然后我做了一个“！sym noisy”并再次做了“.symfix; .reload”......

我收到以下消息

DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
..
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.dll\51FB164A1a9000\ntdll.dll - OK
DBGENG:  C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.dll\51FB164A1a9000\ntdll.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb already cached
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb already cached

DBGHELP: ntdll - public symbols  
        C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
..............................................................
................................................................
................................................................
................................................................
................................................................
.....
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernel32.dll\51FB167611f000\kernel32.dll - OK
DBGENG:  C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernel32.dll\51FB167611f000\kernel32.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\KERNELBASE.dll\51FB16776b000\KERNELBASE.dll - OK
DBGENG:  C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\KERNELBASE.dll\51FB16776b000\KERNELBASE.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb already cached
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb already cached

DBGHELP: KERNELBASE - public symbols  
        C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb

Answer 1

我的符号设置有问题吗？

是。使用命令

更正它

.symfix x:\symbols; * Wherever you want the symbols to be
.reload

或者，如果您已经设置了其他符号路径：

.symfix+ x:\symbols
.reload

或者这个分析指出了一些实际问题？

另外。您有一个.NET异常会导致程序崩溃。这是一个问题。

类型是AccessViolation，类似于NullReferenceException。希望修复符号不会在这里产生巨大的差异。

有人可以指导我如何进一步分析吗？

修复符号后，继续

.loadby sos clr
!pe
!clrstack

无法继续进行AppCrash_w3wp的Windbg分析

1 个答案: