Posted on 2009-04-04 22:55
S.l.e!ep.¢% 阅读(1696)
评论(0) 编辑 收藏 引用 所属分类:
WinDbg
一开始就把标题加上 1,因为没把握现在就把它定位原因,看来又要跟踪上几天
程序运行到一段时间后,异常结束,把调试器设置为 windbg 也同样看不出什么
最后用 adplus.vbs 抓 dump file
adplus.vbs 抓了很多dumpfile, 首先看第一个
(cd8.c44): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000005 ecx=00000000 edx=001804f8 esi=00000000 edi=01e72d1c
eip=73ed2659 esp=0162ee34 ebp=0162ee3c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mfc42.dll -
mfc42!Ordinal3848+0x9:
73ed2659 8b7e04 mov edi,dword ptr [esi+4] ds:0023:00000004=????????
又见 c0000005 ,最近总遇到 c0000005 !!!!
加上 symbols, 重新 open dump file
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(cd8.c44): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000005 ecx=00000000 edx=001804f8 esi=00000000 edi=01e72d1c
eip=73ed2659 esp=0162ee34 ebp=0162ee3c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
mfc42!CMapPtrToPtr::GetValueAt+0x9:
73ed2659 8b7e04 mov edi,dword ptr [esi+4] ds:0023:00000004=????????
执行这条指令时出错了 73ed2659 8b7e04 mov edi,dword ptr [esi+4] ds:0023:00000004=????????
是 mfc42!CMapPtrToPtr::GetValueAt+0x9: 这个函数里面的
0:005> !address edi
01e70000 : 01e70000 - 00062000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageHeap
Handle 003a0000
0:005> !address [esi+4]
00000000 : 00000000 - 00010000
Type 00000000
Protect 00000001 PAGE_NOACCESS
State 00010000 MEM_FREE
Usage RegionUsageFree
那么是 [esi+4] 这个地址不可用
习惯性地 kb
0:005> kb
ChildEBP RetAddr Args to Child
0162ee3c 73ed9114 0c5404ce 01e72d1c 00000005 mfc42!CMapPtrToPtr::GetValueAt+0x9
0162ee50 73ef398a 01e72bf8 01e72bf8 0162ee7c mfc42!CWnd::DestroyWindow+0x24
*** WARNING: Unable to verify checksum for xxxx.exe
0162ee6c 0042a258 01e72bf8 01e72bf8 0162ee9c mfc42!CDialog::~CDialog+0x3a
0162ee84 004253f3 01e700ac 01e72bf8 01e72bf8 xx.exe!CxxxtDlg::~CxxxtDlg+0x88
0162eea4 00424818 003afffc 004235c0 00000001 xx.exe!CxxxDlg::~CxxxDlg+0x93
0162eeac 004235c0 00000001 0041c9f7 00000001 xx.exe!CxxxDlg::`scalar deleting destructor'+0x8
0162eeb4 0041c9f7 00000001 00000028 01e70048 xx.exe!xxxx::decCount+0x20
0162eeec 0041cc72 01e700a8 73fad5c4 01e7008c xx.exe!xxxx::handlexxx+0x257
0162eefc 004291fc 01e702e0 00000028 0044c488 xx.exe!xxxx::handlePacket+0x82
0162ff18 00426a0d 01e74508 00000028 00000000 xx.exe!Socket::handleData+0xbc
0162ff54 00433e71 00000000 003acd40 003aca48 xx.exe!Service::run+0x12d
0162ff84 77bcb530 003ac6c8 00000000 00000000 xx.exe!ThreadFunction+0x31
0162ffb8 77e64829 003aca48 00000000 00000000 msvcrt!_endthreadex+0xa3
0162ffec 00000000 77bcb4bc 003aca48 00000000 kernel32!BaseThreadStart+0x34
初步看来,是在一个线程里面 把一个Dlg delete 了........