windbg分析C++ EH exception
来源:互联网 发布:商洛java培训班课程 编辑:程序博客网 时间:2024/04/27 21:00
工作时遇到的dump分析,记录下来以后给自己复习用
配置有冲突的策略后。运行一段时间后exe占用的内存不断上涨,之后崩溃
<span style="font-size:12px;">0:005> <span style="color:#ff6666;">!analyze -v</span>******************************************************************************** ** Exception Analysis ** ********************************************************************************FAULTING_IP: KERNELBASE!RaiseException+5876b9b727 c9 leaveEXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)ExceptionAddress: 76b9b727 (KERNELBASE!RaiseException+0x00000058) ExceptionCode: e06d7363 (C++ EH exception) ExceptionFlags: 00000001NumberParameters: 3 Parameter[0]: 19930520 Parameter[1]: 06c7dddc Parameter[2]: 73e1d5e4CONTEXT: 00000000 -- (.cxr 0x0;r)eax=00000000 ebx=06c7d790 ecx=00000000 edx=00000000 esi=770b030c edi=004603f0eip=777c0c32 esp=06c7cb7c ebp=06c7cb8c iopl=0 nv up ei pl zr na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246ntdll!ZwGetContextThread+0x12:777c0c32 83c404 add esp,4DEFAULT_BUCKET_ID: APPLICATION_FAULTPROCESS_NAME: ESCC.exeERROR_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>EXCEPTION_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>EXCEPTION_PARAMETER1: 19930520EXCEPTION_PARAMETER2: 06c7dddcEXCEPTION_PARAMETER3: 73e1d5e4NTGLOBALFLAG: 0APPLICATION_VERIFIER_FLAGS: 0APP: escc.exeANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86freFAULTING_THREAD: 00000f30PRIMARY_PROBLEM_CLASS: APPLICATION_FAULTBUGCHECK_STR: APPLICATION_FAULT_APPLICATION_FAULTLAST_CONTROL_TRANSFER: from 73dedf60 to 76b9b727STACK_TEXT: 06c7dd94 73dedf60 e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x5806c7ddcc 73df3efd 06c7dddc 73e1d5e4 73d92a10 msvcr90!_CxxThrowException+0x4806c7dde8 73d051dc 0931514c 00000003 00000000 <span style="color:#ff6666;">msvcr90!operator new+0x64</span>06c7de00 73d05938 0931514c 00000000 06c7e668 <span style="color:#ff6666;">msvcp90!std::_Allocate<char>+0x17</span>06c7de10 73d06081 0931514c 73dedfb7 06c7e65c <span style="color:#ff6666;">msvcp90!std::allocator<char>::allocate+0xf</span>06c7e668 73d0611b 0931514b 09315142 06c7e6e0 <span style="color:#ff6666;">msvcp90!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Copy+0x70</span>06c7e680 73d061b6 0931514b 00000000 00000000 msvcp90!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Grow+0x2606c7e69c 73d07317 0931514b 00000000 00000009 msvcp90!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::append+0x5a06c7e6b0 00448b32 06c7e6e0 8da46afb 464434e0 msvcp90!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::append+0x1106c7e70c 00449735 00000000 00000000 06c7f870 ESCC!TiXmlAttribute::Print+0xe206c7e734 00449056 0f838bc0 147817c0 0f838bc0 ESCC!TiXmlPrinter::VisitEnter+0x7506c7e74c 0044908c 06c7f864 116affa0 0f838bc0 ESCC!TiXmlElement::Accept+0x2606c7e760 00448c40 06c7f864 06c7ed24 116affa0 ESCC!TiXmlElement::Accept+0x5c06c7e774 00468efc 06c7f864 322e3031 322e3030 ESCC!TiXmlDocument::Accept+0x5006c7ff00 00469590 0d3d5358 06c7ff38 8da47297 ESCC!CDataMgr::GetPolicyData+0xe3c06c7ff60 004696a4 00000001 00495318 000000e0 ESCC!CDataMgr::GetPolicyData+0xd006c7ff80 0040e75b 06c7ff94 76fe33ca 00495318 ESCC!CDataMgr::ThreadProc+0x8406c7ff88 76fe33ca 00495318 06c7ffd4 777d9ed2 ESCC!CDataMgr::_ThreadProc+0xb06c7ff94 777d9ed2 00495318 71d77e1c 00000000 kernel32!BaseThreadInitThunk+0xe06c7ffd4 777d9ea5 0040e750 00495318 00000000 ntdll!__RtlUserThreadStart+0x7006c7ffec 00000000 0040e750 00495318 00000000 ntdll!_RtlUserThreadStart+0x1bSTACK_COMMAND: ~5s; .ecxr ; kbFOLLOWUP_IP: msvcr90!operator new+6473df3efd cc int 3SYMBOL_STACK_INDEX: 2SYMBOL_NAME: msvcr90!operator new+64FOLLOWUP_NAME: MachineOwnerMODULE_NAME: msvcr90IMAGE_NAME: msvcr90.dllDEBUG_FLR_IMAGE_TIMESTAMP: 4ca2ef57FAILURE_BUCKET_ID: APPLICATION_FAULT_e06d7363_msvcr90.dll!operator_newBUCKET_ID: APPLICATION_FAULT_APPLICATION_FAULT_msvcr90!operator_new+64ANALYSIS_SOURCE: UMFAILURE_ID_HASH_STRING: um:application_fault_e06d7363_msvcr90.dll!operator_newFAILURE_ID_HASH: {406053c9-e724-88de-5e03-de90c1528a0a}Followup: MachineOwner---------</span>由红色部分能看出,是因为new申请内存失败导致的崩溃。
—— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— —— ——
从网上学到的其他逐步分析方法,但因为经验不足,没能定位问题代码,下面进行概括
<span style="font-size:12px;">This dump file has an exception of interest stored in it.The stored exception information can be accessed via .ecxr.(f80.f30):<span style="color:#ff6666;"> C++ EH exception</span> - code e06d7363 (first/second chance not available)eax=00000000 ebx=06c7d790 ecx=00000000 edx=00000000 esi=770b030c edi=004603f0eip=777c0c32 esp=06c7cb7c ebp=06c7cb8c iopl=0 nv up ei pl zr na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246ntdll!ZwGetContextThread+0x12:777c0c32 83c404 add esp,40:005><span style="color:#ff6666;"> .exr -1</span>ExceptionAddress: 76b9b727 (KERNELBASE!RaiseException+0x00000058) ExceptionCode: e06d7363 (C++ EH exception) ExceptionFlags: 00000001NumberParameters: 3 Parameter[0]: 19930520 Parameter[1]: 06c7dddc Parameter[2]: <span style="color:#ff6666;">73e1d5e4</span>unable to find C-Runtime symbols, even with unqualified search</span>
<span style="font-size:12px;">0:005> <span style="color:#ff6666;">dd 73e1d5e4 l4</span>73e1d5e4 00000000 73df3e3b 00000000 73e1d5f40:005> <span style="color:#ff6666;">dd 73e1d5f4 l2</span>73e1d5f4 00000002 73e1d6000:005> <span style="color:#ff6666;">dd 73e1d600 l2</span>73e1d600 00000000 73e280ec0:005> <span style="color:#ff6666;">da 73e280ec+8</span>73e280f4 ".?AVbad_alloc@std@@"</span>通过这种分析方法,最后得出导致查询崩溃的原因是申请内存失败:
<span style="font-size:12px;">AVbad_alloc</span>关于.exr -1得到的信息:
Parameter 2指向的内容中描述了抛出异常的对象
EXCEPTION_RECORD+----------+| E06D7363 |+----------+| ~~~ |+----------+|* ~~~ |+----------+|* ~~~ |+----------+| 3 or 4 |+----------+|* ~~~ |+----------+|*Object |+----------+ +---+|* ------> |~~~|+----------+ +---+|*HINSTANCE| |~~~|+----------+ +---+ |~~~| +---+ +---+ | -----> |~~~| +---+ +---+ +---+ | -----> |~~~| +---+ +---+ +----------+ | -----> |* ~~~ | +---+ +----------+ |* ~~~ | +----------+ |Class name| +----------+根据上图,先将Parameter 2转存为4字节,再转存2字节,再次转存2字节后,得到抛出异常的类名。
参考链接:https://blogs.msdn.microsoft.com/oldnewthing/20100730-00/?p=13273/
1 0
- windbg分析C++ EH exception
- OllyDBG处理C++ EH exception异常
- 出现"eh.h is only for C++!"错误的解决方法
- 现"eh.h is only for C++!"错误的解决方法
- EH公式
- eh浏览器
- EH & RTTI
- 用windbg分析minidump
- windbg分析Load DLL
- windbg分析dump文件
- windbg dump分析
- Windbg 分析内存泄漏
- WINDBG分析DMP方法
- windbg 分析dmp 之一
- windbg dump 批量分析
- 使用 windbg 分析 minidump
- WINDBG分析DMP方法
- windbg分析dump
- 记录一些需要膜拜的前辈blog
- 2-CSS基本样式讲解
- xml解析
- C# JSONP 源代码
- 【C++简单写Word】(一)概念了解
- windbg分析C++ EH exception
- Python设计模式(五)【建造者模式】
- 如何使用TestFlight进行App构建版本测试
- rabbitmq 扩展的安装
- Spring JDBCTemplate学习笔记
- 互联网最简单的创业流程和方法
- android ndk 编译时指定ndk的版本进行编译
- (6)从零开始的操作系统开发日记
- 独立IP、特产浏览量(PV)、访问次数(VV)、独立访客(UV)有什么区别?