我正在调试进程的内存转储,我假定其中的句柄数量太大。当我在Windbg中打开转储时,我看到以下错误/警告消息(我不知道这是否与我的问题有关):
Dir entry 8, HandleDataStream stream has too many elements (0xfefffd > 0x400000)
在启动Windbg !handle扩展命令时,我看到以下错误消息:
0:000> !handle
ERROR: !handle: extension exception 0x80004002.
"Unable to read handle information"
我已经在相同进程(可能是另一个版本)的其他内存转储上启动了相同的扩展命令。因此,我不理解大多数Google结果与该错误代码(与错误的界面有关)的相关性。
有人知道什么可能导致上述错误代码吗?为了查看应用程序转储中的句柄数量,我可以做什么?
为您提供信息,我对每个单独的句柄都不感兴趣,只是对它们的总数不感兴趣。
在第一个评论后编辑
.dumpdebug的结果如下:(仅与句柄相关)
0:000> .dumpdebug
----- User Mini Dump Analysis
MINIDUMP_HEADER:
Version A793 (62F0)
NumberOfStreams 13
Flags 61826
0002 MiniDumpWithFullMemory
0004 MiniDumpWithHandleData
...
Stream 8: type HandleDataStream (12), size 27D7FF98, RVA 101DEF6C
Dir entry 8, HandleDataStream stream has too many elements (0xfefffd > 0x400000)
Stream 9: type CommentStreamW (11), size 000001A0, RVA 000102E0
'
*** "C:\Internal\Tools\Procdump\procdump.exe" -ma -accepteula 18732 C:\Dumps\Own_Application_PID_18732_2019_02_07_11_38_02_777_NOW.dmp
*** Manual dump'
(。dumpdebug和Dumpchk.exe的结果非常相似,我决定也不要添加它们)
在chdump.py结果之后编辑
这里是chdump.py的结果(部分):
MINIDUMP_HEADER EXCLUDING SIGNATURE
version 0xa793
internal version 0x62f0
Number of Streams 0xd
Stream Directory RVA 0x20
CheckSum 0x0
u.TimeDateStamp 2019-02-07 11:45:24
Flags 0x61826
MINIDUMP_DIRECTORY
StreamType DataSize RVA
0x3 0x754 0x434
0x11 0x9cc 0xb88
0x4 0x1588 0x1554
0x13 0x290 0x2adc
0x9 0x12250 0x37fc9f84
0x10 0x6b080 0x37f5ef04
0x7 0x38 0xbc
0xf 0x340 0xf4
0xc 0x27d7ff98 0x101def6c
0xb 0x1a0 0x102e0
0x0 0x0 0x0
0x0 0x0 0x0
0x0 0x0 0x0
_MHDesc2
Handle TypeNameRva ObjectNameRva Attributes GrantedAccess HandleCount PointerCount ObjectInfoRva Reserved0
0x4 0x10490 0x104a8 0x10 0x3 0x7c 0x1ee0c0b 0x0 0x0
0x8 0x104c2 0x0 0x0 0x100020 0x2 0x80001 0x0 0x0
0xc 0x104d0 0x104dc 0x0 0x1 0x2 0x80001 0x0 0x0
0x10 0x1055e 0x1056a 0x0 0x20019 0x2 0x80000 0x0 0x0
0x14 0x105f6 0x0 0x0 0x1f0000 0x2 0x80002 0x0 0x0
0x18 0x1060e 0x0 0x0 0x1f0003 0x2 0x80001 0x0 0x0
0x28 0x1061e 0x1062a 0x0 0xf003f 0x2 0x7ffba 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x30 0x10652 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x34 0x10662 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x38 0x10672 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x3c 0x10682 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x40 0x10692 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x44 0x106a2 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x4c 0x106b2 0x106ca 0x10 0xf 0x44 0xfe9d9c 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x78 0x106f2 0x0 0x0 0x1f0003 0x2 0x7ffc7 0x0 0x0
0x7c 0x10702 0x1070e 0x0 0x20019 0x2 0x7fffe 0x0 0x0
0x80 0x1077a 0x0 0x0 0x100020 0x2 0x40002 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x88 0x10788 0x0 0x0 0x100003 0x2 0x40002 0x0 0x0
0x8c 0x107a0 0x0 0x0 0x100003 0x2 0x40002 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0xb0 0x107b8 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xb4 0x107c8 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xb8 0x107d8 0x0 0x0 0x1f0003 0x2 0x7fddf 0x0 0x0
0xbc 0x107f0 0x0 0x0 0x1f0003 0x2 0x7fea0 0x0 0x0
0xc0 0x10808 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xc4 0x10820 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xc8 0x10838 0x0 0x0 0x1f0003 0x2 0x7fff6 0x0 0x0
0xcc 0x10850 0x0 0x0 0x1f0003 0x2 0x7fd62 0x0 0x0
0xd0 0x10868 0x0 0x0 0x1f0003 0x2 0x6f1cc 0x0 0x0
0xd4 0x10878 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xd8 0x10888 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xdc 0x108a0 0x108ac 0x0 0xf003f 0x2 0x80000 0x0 0x0
0xe0 0x108f6 0x10902 0x0 0x20019 0x2 0x80000 0x0 0x0
0xe4 0x10958 0x10964 0x0 0x20019 0x2 0x80001 0x0 0x0
0xe8 0x10a08 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xec 0x10a18 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0xf0 0x10a28 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x100 0x10a38 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x104 0x10a48 0x0 0x0 0x1fffff 0x4 0xff501 0x10a5a 0x0
0x108 0x10a96 0x0 0x0 0x1f0000 0x2 0x7fff8 0x0 0x0
0x10c 0x10aae 0x0 0x0 0x1f0003 0x2 0x7fffe 0x0 0x0
0x110 0x10abe 0x0 0x0 0x1f0003 0x2 0x5ebe2 0x0 0x0
0x114 0x10adc 0x0 0x0 0xf00ff 0x2 0x73b3f 0x0 0x0
0x118 0x10b00 0x0 0x0 0x100002 0x2 0x80002 0x0 0x0
0x11c 0x10b10 0x0 0x0 0x1 0x2 0x80002 0x0 0x0
0x120 0x10b3e 0x0 0x0 0x100002 0x2 0x7d72d 0x0 0x0
0x124 0x10b4e 0x0 0x0 0x1 0x2 0x5ebe2 0x0 0x0
0x128 0x10b7c 0x0 0x0 0x1f0003 0x2 0x80000 0x0 0x0
0x12c 0x10b8c 0x0 0x0 0x1f0003 0x2 0x80000 0x0 0x0
0x130 0x10b9c 0x0 0x0 0x1f0003 0x2 0x5671f 0x0 0x0
0x134 0x10bac 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x138 0x10bbc 0x0 0x0 0x1fffff 0x4 0xbf505 0x10bce 0x0
0x13c 0x10c0a 0x0 0x0 0x1f0003 0x2 0x40002 0x0 0x0
0x140 0x10c1a 0x0 0x0 0x1f0003 0x2 0x74432 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x148 0x10c2a 0x0 0x0 0x1f0003 0x2 0x80001 0x0 0x0
0x14c 0x10c3a 0x0 0x0 0x100001 0x2 0x7feb3 0x0 0x0
0x150 0x10c48 0x0 0x0 0x1f0003 0x2 0x80001 0x0 0x0
0x154 0x10c58 0x0 0x0 0x1f0000 0x2 0x4d899 0x0 0x0
0x158 0x10c70 0x0 0x0 0x1f0003 0x2 0x7ffdc 0x0 0x0
0x15c 0x10c80 0x0 0x0 0x1f0003 0x2 0x80000 0x0 0x0
0x160 0x10c90 0x10c9c 0x0 0xf003f 0x2 0x7ffd6 0x0 0x0
0x164 0x10ce6 0x0 0x0 0x1f0003 0x2 0x80000 0x0 0x0
0x168 0x10cf6 0x10d0a 0x0 0x4 0xa3 0x28c0002 0x0 0x0
0x16c 0x10d5a 0x10d66 0x0 0xf003f 0x2 0x7ffc4 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x174 0x10db0 0x10dc0 0x10 0x100001 0x53 0x18003f 0x0 0x0
0x178 0x10e10 0x10e1c 0x0 0x20019 0x2 0x7fff4 0x0 0x0
0x17c 0x10e94 0x10ea0 0x0 0x20019 0x2 0x7fff4 0x0 0x0
0x180 0x10f1c 0x10f30 0x0 0x4 0xa3 0x28c0002 0x0 0x0
0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
0x188 0x10f80 0x0 0x0 0x120089 0x2 0x7fffc 0x0 0x0
0x18c 0x10f8e 0x0 0x0 0xf0005 0x2 0x80001 0x0 0x0
它做得很远:Python脚本甚至在生成±1300万(!)行结果后,由于内存错误而停止了运行。
预先感谢
答案 0 :(得分:0)
Minidump文件的格式几乎已记录在案您可以自己解析文件,而不必依赖windbg
用python
错误似乎是明确的,_MINIDUMP_DIRECTORY->DataSize
每个进程iirc的最大句柄数限制为10000个句柄
(雷蒙德·陈(Raymond Chens)博客的新旧内容浏览)
因此流大小必须有一些硬编码的限制,
导致该错误
下面是一个快速搅拌的python脚本,该脚本进行转储并转储原始数据 在hexeditor中打开转储,然后四处查看或打补丁以恢复零件处理信息
%%writefile chkdump.py
import sys
import os
import struct
import datetime
scriptname = os.path.split(sys.argv[0])[1]
if (len(sys.argv) != 2 ):
sys.exit("usage python %s path_to_dump" % scriptname)
fin = open(sys.argv[1],'rb')
if( fin.read(4) != 'MDMP' ):
fin.close()
sys.exit("not a windbg dump file no MDMP signature")
print ( "MINIDUMP_HEADER EXCLUDING SIGNATURE")
dmphdr = struct.unpack("<HHiiiiQ",fin.read(28))
print ( "%-20s\t0x%x") % ( "version", dmphdr[0] )
print ( "%-20s\t0x%x") % ( "internal version", dmphdr[1] )
print ( "%-20s\t0x%x") % ( "Number of Streams", dmphdr[2] )
print ( "%-20s\t0x%x") % ( "Stream Directory RVA", dmphdr[3] )
print ( "%-20s\t0x%x") % ( "CheckSum", dmphdr[4] )
print ( "%-20s\t") % ( "u.TimeDateStamp" ),
print ( datetime.datetime.fromtimestamp(dmphdr[5]))
print ( "%-20s\t0x%x") % ( "Flags", dmphdr[6] )
print ("\nMINIDUMP_DIRECTORY ")
print ("%-24s%-24s%-24s") % ("StreamType" , "DataSize","RVA")
streamdata = []
for i in range(0,dmphdr[2],1):
streamdata.insert(i,struct.unpack("<iii",fin.read(12)))
print ("%-24s%-24s%-24s") % ( hex(streamdata[i][0]),
hex(streamdata[i][1]),hex(streamdata[i][2]))
HStreamLoc, = [z for (x,y,z) in streamdata if x == 0xc]
HStreamDSize, = [y for (x,y,z) in streamdata if x == 0xc]
fin.seek(HStreamLoc)
sizeof_HDStream = 16
HDStream = struct.unpack("<iiii",fin.read(sizeof_HDStream))
assert (HDStream[1] * HDStream[2] + sizeof_HDStream ) == HStreamDSize
print ("_MHDesc2")
sizeof_MHDesc2 = 40
HDesc = []
print ("%-14s%-14s%-14s%-14s%-14s%-14s%-14s%-14s%-14s") % ("Handle" ,"TypeNameRva",
"ObjectNameRva","Attributes","GrantedAccess","HandleCount","PointerCount",
"ObjectInfoRva","Reserved0")
for i in range(0,HDStream[2],1):
HDesc.insert(i,struct.unpack("<Qiiiiiiii",fin.read(sizeof_MHDesc2)))
print ("%-14s%-14s%-14s%-14s%-14s%-14s%-14s%-14s%-14s") % ( hex(HDesc[i][0]),
hex(HDesc[i][1]), hex(HDesc[i][2]), hex(HDesc[i][3]),hex(HDesc[i][4]),
hex(HDesc[i][5]), hex(HDesc[i][6]),hex(HDesc[i][7]), hex(HDesc[i][8]))
执行时,它将为句柄流返回这样的数据
MINIDUMP_HEADER EXCLUDING SIGNATURE
version 0xa793
internal version 0x61b1
Number of Streams 0xd
Stream Directory RVA 0x20
CheckSum 0x0
u.TimeDateStamp 2019-02-14 02:38:24
Flags 0x61826
MINIDUMP_DIRECTORY
StreamType DataSize RVA
0x3 0x94 0x1dc
0x11 0xcc 0x270
0x4 0xc40 0x33c
0x13 0x388 0xf7c
0x9 0x1100 0x91f0
0x10 0x4f30 0x42c0
0x7 0x38 0xbc
0xf 0xe8 0xf4
0xc 0xb28 0x3798
0xb 0x58 0x294c
0x0 0x0 0x0
0x0 0x0 0x0
0x0 0x0 0x0
_MHDesc2
Handle TypeNameRva ObjectNameRva Attributes GrantedAccess HandleCount PointerCount ObjectInfoRva Reserved0
0x4 0x29b4 0x29cc 0x10 0x3 0x2d 0x54 0x0 0x0
0x8 0x29e6 0x0 0x0 0x100020 0x2 0x3 0x0 0x0
0xc 0x29f4 0x0 0x0 0x100020 0x2 0x3 0x0 0x0
0x10 0x2a02 0x0 0x0 0x100020 0x2 0x3 0x0 0x0
0x14 0x2a10 0x0 0x0 0x1f0000 0x2 0x5 0x0 0x0
编辑
我已编辑代码以打印句柄,类型名称,对象名称 并将其放在here
结果将类似于
Handle TypeName ObjectName
0x4 Directory \KnownDlls
0x8 File No ObjName
0xc File No ObjName
0x10 File No ObjName
0x14 ALPC Port No ObjName
0x18 Key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
它应该打印转储中的所有1670万个句柄(如果存在)