最新消息:想得多,做的少。一天到晚瞎鸡巴搞。

WinDBG分析程序崩溃的Dump文件

套路与反套路 阿虚 767浏览 0评论

.      在程序Release发行后运气不好可能在某些情况下莫名其妙的崩溃,这个时候如果没有崩溃前的Dump文件是很头痛的。这时有两种方法处理。

.      1. 在程序崩溃时没有退出进程前打开任务管理器,选择崩溃进程右键->创建转存文件即可提取出dump文件。这种方法需要用户手动操作。不太靠谱。

.      2. 自己添加代码在程序崩溃时创建Dump文件《程序崩溃创建dump文件》

.      拿到了dump文件后我们就可以开始沐浴、更衣、烧香、拜佛、静坐以及开始找bug。

接下来:

1. 将dump文件和崩溃的程序放到同一个目录

2. 点击菜单file->open crash dump,打开dmp文件(或者直接将dump文件拖入到windbg中)

3. 点击菜单file->symbol file path,填入符号文件路径:D:\XXXXX\你的Release编译目录(或者存放pdb文件目录)

4. 点击reload,然后点击ok

5. windbg的命令行输入~*kb,回车

6. 上面的指令执行完之后输入!analyze -v,回车

7. 分析崩溃报告文件

下面是dump报告文件

*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/EmailSend_exe/1_0_0_1/56cd5b5e/EmailSend_exe/1_0_0_1/56cd5b5e/c0000005/0001b3ce.htm?Retriage=1

FAULTING_IP:
EmailSend!CEmailSendDlg::ShowImage+8e [d:\ÏîÄ¿\¿ª·¢ÈÎÎñ\mfc\2016-01-25 — emailȺ·¢\ÓʼþȺ·¢\emailsend\emailsend\emailsenddlg.cpp @ 1253]
00fbb3ce ff7004 push dword ptr [eax+4]

EXCEPTION_RECORD: ffffffff — (.exr 0xffffffffffffffff)
ExceptionAddress: 00fbb3ce (EmailSend!CEmailSendDlg::ShowImage+0x0000008e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000004
Attempt to read from address 00000004

PROCESS_NAME: EmailSend.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 – 0x%08lx (错误代码:访问空地址崩了)

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 – 0x%08lx

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 00000004

READ_ADDRESS: 00000004

FOLLOWUP_IP:
EmailSend!CEmailSendDlg::ShowImage+8e [d:\ÏîÄ¿\¿ª·¢ÈÎÎñ\mfc\2016-01-25 — emailȺ·¢\ÓʼþȺ·¢\emailsend\emailsend\emailsenddlg.cpp @ 1253]
00fbb3ce ff7004 push dword ptr [eax+4](当前崩溃EIP位置)

MOD_LIST: <ANALYSIS/>

FAULTING_THREAD: 000021a4

BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_NULL_POINTER_READ_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE (崩溃原因:空类指针引用)

LAST_CONTROL_TRANSFER: from 00fbb1d5 to 00fbb3ce

STACK_TEXT:  (当前崩溃栈)
0020a220 00fbb1d5 943675c4 00fbb110 00000000 EmailSend!CEmailSendDlg::ShowImage+0x8e [d:\ÏîÄ¿\¿ª·¢ÈÎÎñ\mfc\2016-01-25 — emailȺ·¢\ÓʼþȺ·¢\emailsend\emailsend\emailsenddlg.cpp @ 1253]
0020a2fc 00fc7986 0000f120 00000000 9436748c EmailSend!CEmailSendDlg::OnSysCommand+0xc5 [d:\ÏîÄ¿\¿ª·¢ÈÎÎñ\mfc\2016-01-25 — emailȺ·¢\ÓʼþȺ·¢\emailsend\emailsend\emailsenddlg.cpp @ 1192]
0020a3b4 00fc8dd3 011503c8 0000f120 00000000 EmailSend!CWnd::OnWndMsg+0x347 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 2305]
0020a3d4 00fc4811 00000112 0000f120 00000000 EmailSend!CWnd::WindowProc+0x22 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 2094]
0020a444 00fc4fc6 0020a860 0043035e 00000112 EmailSend!AfxCallWndProc+0xb0 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 285]
0020a464 75ac62fa 0043035e 00000112 0000f120 EmailSend!AfxWndProc+0x34 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 434]
0020a490 75ac731e 00fc4f92 0043035e 00000112 user32!InternalCallWinProc+0x23
0020a508 75ac77d3 00000000 00fc4f92 0043035e user32!UserCallWinProcCheckWow+0xd8
0020a56c 75ac789a 00fc4f92 00000000 0020a5ac user32!DispatchMessageWorker+0x3cb
0020a57c 00fcf12f 004883e0 00000000 0020a860 user32!DispatchMessageW+0xf
0020a58c 00fc8652 00000004 0020a860 00000001 EmailSend!AfxInternalPumpMessage+0x3e [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 183]
0020a5ac 00fd35bd 00000004 00000000 0020a860 EmailSend!CWnd::RunModalLoop+0xc3 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 4644]
0020a5c4 00fd36e8 011a4978 00000000 00fa0000 EmailSend!CWnd::CreateRunDlgIndirect+0x3e [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp @ 470]
0020a61c 00fb525b 94367110 ffffffff 0117f668 EmailSend!CDialog::DoModal+0x10a [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp @ 633]
0020fe64 00fd4cad 0020fe80 01104f24 00000000 EmailSend!CEmailSendApp::InitInstance+0x20b [d:\ÏîÄ¿\¿ª·¢ÈÎÎñ\mfc\2016-01-25 — emailȺ·¢\ÓʼþȺ·¢\emailsend\emailsend\emailsend.cpp @ 101]
0020fe6c 01104f24 00000000 00000001 00000000 EmailSend!CWinApp::InitApplication+0x3b [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp @ 390]
0020fecc 7726338a 7efde000 0020ff18 77d79a02 EmailSend!AfxWinMain+0x46 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp @ 37]
0020fed8 77d79a02 7efde000 74bbb59a 00000000 kernel32!BaseThreadInitThunk+0xe
0020ff18 77d799d5 010ea85e 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
0020ff30 00000000 010ea85e 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb

FAULTING_SOURCE_CODE: (当前崩溃所对应的源码位置!下面红色箭头就是崩溃的那一行代码)
1249: CRect rect;
1250:
1251: GetDlgItem(IDC_BTN_OPENIMAGE2)->GetWindowRect(&rect);
1252:
> 1253: Graphics graphics(GetDlgItem(IDC_BTN_OPENIMAGE2)->GetDC()->m_hDC); // Create a GDI+ graphics object
1254:
1255: Image image(m_ImagePath); // Construct an image
1256:
1257: graphics.DrawImage(&image, 0, 0, rect.Width(), rect.Height());
1258:
SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: emailsend!CEmailSendDlg::ShowImage+8e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EmailSend

IMAGE_NAME: EmailSend.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 56cd5b5e

FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_c0000005_EmailSend.exe!CEmailSendDlg::ShowImage

BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_NULL_POINTER_READ_INVALID_POINTER_READ_emailsend!CEmailSendDlg::ShowImage+8e

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/EmailSend_exe/1_0_0_1/56cd5b5e/EmailSend_exe/1_0_0_1/56cd5b5e/c0000005/0001b3ce.htm?Retriage=1

Followup: MachineOwner
———

运气好,找到BUG就能愉快的开始修改了。。。

 

转载请注明:虚无 » WinDBG分析程序崩溃的Dump文件

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址