WinDbg重建堆栈
来源:互联网 发布:c语言100以内的素数for 编辑:程序博客网 时间:2024/05/21 20:50
某些情况下,抓取到dump分析到异常后,却发现堆栈并不对,不能有效的定位到程序崩溃的地方,这个时候就需要重建一下堆栈。
可以参考:HOW TO: Find the Problem Exception Stack When You Receive an UnhandledExceptionFilter Call in the Stack Trace
当然也可以试着用DebugDiag来分析,在“Recovered stack”中会显示重建后的堆栈。
下面是一个堆栈被破坏后的dump,分别用WinDbg重建和用DebugDiag分析后的结果:
0:003> kChildEBP RetAddr 0764f630 75119171 USER32!NtUserWaitForInputIdle+0x150764f660 75892ce5 USER32!WaitForInputIdle+0x5a0764f6fc 004e8b00 kernel32!WinExec+0xc40764f7d8 75850047 SDAMSDevMgmt!ExpFilter+0x152 [D:\WangWang\WIN2K\Common\..\include\StackWalker.h @ 339]0764f860 772321d7 kernel32!UnhandledExceptionFilter+0x1270764f868 772320b4 ntdll!__RtlUserThreadStart+0x620764f87c 77231f59 ntdll!_EH4_CallFilterFunc+0x120764f8a4 77206ab9 ntdll!_except_handler4+0x8e0764f8c8 77206a8b ntdll!ExecuteHandler2+0x260764f8ec 77206a2d ntdll!ExecuteHandler+0x240764f978 771d0143 ntdll!RtlDispatchException+0x1270764f978 00000000 ntdll!KiUserExceptionDispatcher+0xf0:003> kbChildEBP RetAddr Args to Child 0764f630 75119171 00000fa8 00007530 00000000 USER32!NtUserWaitForInputIdle+0x150764f660 75892ce5 000007bc 00007530 0764f7cc USER32!WaitForInputIdle+0x5a0764f6fc 004e8b00 0764f70c 00000000 6473746e kernel32!WinExec+0xc40764f7d8 75850047 0764f890 47ea2381 00000000 SDAMSDevMgmt!ExpFilter+0x152 [D:\WangWang\WIN2K\Common\..\include\StackWalker.h @ 339]0764f860 772321d7 0764f890 772320b4 00000000 kernel32!UnhandledExceptionFilter+0x1270764f868 772320b4 00000000 0764ffd4 771ec520 ntdll!__RtlUserThreadStart+0x620764f87c 77231f59 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x120764f8a4 77206ab9 fffffffe 0764ffc4 0764f9e0 ntdll!_except_handler4+0x8e0764f8c8 77206a8b 0764f990 0764ffc4 0764f9e0 ntdll!ExecuteHandler2+0x260764f8ec 77206a2d 0764f990 0764ffc4 0764f9e0 ntdll!ExecuteHandler+0x240764f978 771d0143 0164f990 0764f9e0 0764f990 ntdll!RtlDispatchException+0x1270764f978 00000000 0164f990 0764f9e0 0764f990 ntdll!KiUserExceptionDispatcher+0xf0:003> kPChildEBP RetAddr 0764f630 75119171 USER32!NtUserWaitForInputIdle+0x150764f660 75892ce5 USER32!WaitForInputIdle+0x5a0764f6fc 004e8b00 kernel32!WinExec+0xc40764f7d8 75850047 SDAMSDevMgmt!ExpFilter(struct _EXCEPTION_POINTERS * pExp = 0x0764f890)+0x152 [D:\WangWang\WIN2K\Common\..\include\StackWalker.h @ 339]0764f860 772321d7 kernel32!UnhandledExceptionFilter+0x1270764f868 772320b4 ntdll!__RtlUserThreadStart+0x620764f87c 77231f59 ntdll!_EH4_CallFilterFunc+0x120764f8a4 77206ab9 ntdll!_except_handler4+0x8e0764f8c8 77206a8b ntdll!ExecuteHandler2+0x260764f8ec 77206a2d ntdll!ExecuteHandler+0x240764f978 771d0143 ntdll!RtlDispatchException+0x1270764f978 00000000 ntdll!KiUserExceptionDispatcher+0xf0:003> dd 0764f8900764f890 0764f990 0764f9e0 771ec530 000000010764f8a0 007cdea8 0764f8c8 77206ab9 fffffffe0764f8b0 0764ffc4 0764f9e0 0764f964 0764fedc0764f8c0 77206acd 0764ffc4 0764f978 77206a8b0764f8d0 0764f990 0764ffc4 0764f9e0 0764f9640764f8e0 77231ecd 00000000 0764f990 0764ffc40764f8f0 77206a2d 0764f990 0764ffc4 0764f9e00764f900 0764f964 77231ecd 09023a40 0764f9900:003> .cxr 0764f9e0eax=09023a40 ebx=08540020 ecx=0000000c edx=00000000 esi=08540020 edi=09023a40eip=755aa048 esp=0764fe44 ebp=0764fe4c iopl=0 nv up ei pl nz na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206msvcrt!__ascii_strnicmp+0x86:755aa048 660f6f06 movdqa xmm0,xmmword ptr [esi] ds:002b:08540020=????????????????????????????????0:003> k *** Stack trace for last set context - .thread/.cxr resets itChildEBP RetAddr 0764fe4c 755aa00b msvcrt!__ascii_strnicmp+0x860764fe5c 72a83ae4 msvcrt!_VEC_memcpy+0x520764fe7c 0048f8cd MFC42u!CFixedAlloc::Free+0x2a0764fe98 004c3659 SDAMSDevMgmt!CBufferListItem::AddData+0x6e [D:\WangWang\WIN2K\Common\RingStream.cpp @ 876]0764feb4 004dae64 SDAMSDevMgmt!CSDAMSMsgConvertor::PushBuffer+0x58 [D:\WangWang\WIN2K\COMMON\SDAMSMsgConvertor.cpp @ 116]0764fee8 004f210d SDAMSDevMgmt!SDAMTransferThread::OnReceive+0x119 [D:\WangWang\WIN2K\SDAMSDevMgmt\SDAMTransferThread.cpp @ 111]0764ff18 004f2063 SDAMSDevMgmt!CTCPServerThread::ProcessMsg+0x5f [D:\WangWang\WIN2K\Common\TCPServerThread.cpp @ 482]0764ff48 755b1287 SDAMSDevMgmt!CTCPServerThread::_ServerWorkThread+0xec [D:\WangWang\WIN2K\Common\TCPServerThread.cpp @ 452]0764ff80 755b1328 msvcrt!_endthreadex+0x440764ff88 758133ca msvcrt!_endthreadex+0xce0764ff94 771f9ed2 kernel32!BaseThreadInitThunk+0xe0764ffd4 771f9ea5 ntdll!__RtlUserThreadStart+0x700764ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
附上_EXCEPTION_POINTERS的定义,结合上面WinDbg分析过程来看。注意kb和kP的区别,kb中kernel32!UnhandledExceptionFilter第一个Args to Child为0764f890,就是SDAMSDevMgmt!ExpFilter第一个参数的地址(kP中struct _EXCEPTION_POINTERS * pExp = 0x0764f890),为一个_EXCEPTION_POINTERS结构,然后就可以用.cxr查看此结构中PCONTEXT的值。
typedef struct _EXCEPTION_POINTERS { PEXCEPTION_RECORD ExceptionRecord; PCONTEXT ContextRecord;} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
0 0
- WinDbg重建堆栈
- WinDbg 学习之堆栈相关
- Windbg查看调用堆栈(k*)
- Windbg Step 2 分析程序堆栈实战
- windbg设置调用堆栈显示深度
- WinDbg 查找问题异常堆栈,堆栈跟踪UnhandledExceptionFilter
- WinDbg 查找问题异常堆栈,堆栈跟踪UnhandledExceptionFilter
- x86ManualBacktrace(GDB手动重建调用堆栈)
- WinDbg+Rotor解析WinForm调用堆栈及实现
- windbg查看函数参数,调用堆栈,及返回值.
- 编写脚本增强windbg堆栈、内存窗口【有码有真相啊】
- 当出现UnhandledExceptionFilter时,如何用windbg 定位正确堆栈
- WinDbg查看没有正常显示的函数堆栈信息
- 怎样重建一个损坏的调用堆栈(callstack)
- 怎样重建一个损坏的调用堆栈(callstack)
- 怎样重建一个损坏的调用堆栈(callstack)
- WinDBG
- windbg
- 思考随笔(2014-12-30)
- 关于indexOf
- Openwrt make出现的错误
- BIOS 的 recovery 机制
- Alpha、Beta、RC、GA版本的区别
- WinDbg重建堆栈
- 以Jar形式为Web项目提供资源文件(JS、CSS与图片)
- Zend API 二(重要) (自用备注)
- 实例构造器是不是静态方法?
- Linux磁盘检测工具smartctl的使用和分析
- COPY NAV导航网格寻路(1)
- vmstat命令详解
- C++基础知识--static成员和const成员函数
- Java类加载原理解析