我在MMC代码中崩溃了。转储指向p->QueryInterface(GetIID(), reinterpret_cast<void**>(&pInterface));
反汇编显示如下,
//调用fill方法。
BSecRem!std::fill<int *,int>:
5d931510 8b442404 mov eax,[esp+0x4]
5d931514 8b4c2408 mov ecx,[esp+0x8]
5d931518 3bc1 cmp eax,ecx
5d93151a 7411 jz BSecRem!std::fill<int *,int>+0x1d (5d93152d)
5d93151c 8b54240c mov edx,[esp+0xc]
5d931520 56 push esi
5d931521 8b32 mov esi,[edx]
5d931523 8930 mov [eax],esi
5d931525 83c004 add eax,0x4
5d931528 3bc1 cmp eax,ecx
5d93152a 75f5 jnz BSecRem!std::fill<int *,int>+0x11 (5d931521)
5d93152c 5e pop esi
5d93152d c3 ret
5d93152e cc int 3
5d93152f cc int 3
BSecRem!stdext::_Unchecked_move_backward<int *,int *>:
5d931530 8b442408 mov eax,[esp+0x8]
5d931534 8b542404 mov edx,[esp+0x4]
5d931538 2bc2 sub eax,edx
5d93153a c1f802 sar eax,0x2
5d93153d 56 push esi
5d93153e 8b742410 mov esi,[esp+0x10]
5d931542 8d0c8500000000 lea ecx,[00000000+eax*4]
5d931549 2bf1 sub esi,ecx
5d93154b 85c0 test eax,eax
5d93154d 7e0d jle BSecRem!stdext::_Unchecked_move_backward<int *,int *>+0x2c (5d93155c)
5d93154f 51 push ecx
5d931550 52 push edx
5d931551 51 push ecx
5d931552 56 push esi
5d931553 ff15e034a65d call dword ptr [BSecRem!_imp__memmove_s (5da634e0)]
5d931559 83c410 add esp,0x10
5d93155c 8bc6 mov eax,esi
5d93155e 5e pop esi
5d93155f c3 ret
BSecRem!_com_ptr_t<_com_IIID<PATENTTEMPOCXLib::_DPatentTempOCX,&_GUID_6042985e_c7cc_4286_b5c4_48a347173739> >::_QueryInterface<IUnknown *>:
5d931560 8b442404 mov eax,[esp+0x4]
5d931564 56 push esi
5d931565 8bf1 mov esi,ecx
5d931567 85c0 test eax,eax
5d931569 7439 jz instant.dll!_com_ptr_t<_com_IIID<PATENTTEMPOCXLib::_DPatentTempOCX,&_GUID_7072787e_ddeb_1223_9aab4_9aab4d923e31> >::_QueryInterface<IUnknown *>+0x44 (5d9315a4)
5d93156b 8b08 mov ecx,[eax]
5d93156d 53 push ebx
5d93156e 57 push edi
5d93156f 8d542410 lea edx,[esp+0x10]
5d931573 52 push edx
5d931574 68cc54a65d push 0x5da654cc
5d931579 50 push eax
5d93157a 8b01 mov eax,[ecx] ds:002b:0000000c=???????
经常看到崩溃。特别是当我从一个界面导航到MMC的其他界面时。
提前致谢。