简单分析minidump

转载自:http://91dengdeng.cn/2019/05/07/%E7%AE%80%E5%8D%95%E5%88%86%E6%9E%90minidump-1/

 

简单分析minidump(1)

有了前几节的准备工作,我们的程序已经可以自动捕获异常了,那么我们开始通过windbg来分析dump解决实际问题。先从简单入手,一个index过大导致数组越界引发的崩溃。

1、使用windbg 打开dump,设置pdb、系统pdb。

2、设置完成后,执行命令”.ecxr”。 因为是程序自动截获异常,所以dump中已保存了异常的上下文,直接使用”.ecxr” 切换即可。

1
2
3
4
5
6
0:135> .ecxr
eax=0dea0048 ebx=0016ae18 ecx=7ff22000 edx=004b38e8 esi=0aba40b8 edi=0016ae10
eip=004448cd esp=0ba9ebfc ebp=0ba9ec08 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
CheckSvr!CalcKubIndexByGameID+0x1d:
004448cd ?? ???

 

3、“kv”。打印异常上下文的栈信息

1
2
3
4
5
6
7
8
9
10
0:135> kv
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child              
0ba9ec08 0040d9c4 0dea0048 af7220ac 0016ae10 CheckSvr!CalcKubIndexByGameID+0x1d (FPO: [Non-Fpo]) (CONV: cdecl) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\main.cpp @ 1082]
0ba9fcd4 0040bcb4 0db37c10 0db41a88 0aae48c0 CheckSvr!CSockServer::OnRefreshResultExFromKub+0x1ce4 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\cmpaqpro.cpp @ 1081]
0ba9feb4 0045ca88 0db37c10 0db41a88 0aae48c0 CheckSvr!CSockServer::OnRefreshResultEx+0x134 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\cmpaqpro.cpp @ 419]
0ba9ff2c 00477674 0db37c10 0db41a88 0016ae18 CheckSvr!CSockServer::OnRequest+0xd38 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\checksvr\socksvr.cpp @ 1931]
0ba9ff54 0047e7db 00000000 0aae5e68 0a9c23a0 CheckSvr!CIocpWorker::DoWorkLoop+0xa4
0ba9ff6c 0047e7ab 0ba9ffac 0050c01d 0016ae10 CheckSvr!CBaseWorker::WorkerThreadProc+0x2b
0ba9ff74 0050c01d 0016ae10 876c3023 00000000 CheckSvr!CBaseWorker::WorkerThreadFunc+0xb

 

4、异常函数为CalcKubIndexByGameID, 入参的值为0dea0048。 回到代码查看CalcKubIndexByGameID的实现,

1
2
3
4
int CalcKubIndexByGameID(int nGameID )
{ 
       return g_kub[nGameID];
}

明显nGameID 过大导致访问数组越界。 然后排查代码,发现nGameID未使用默认值,某些条件下使用了随机值导致。

 

简单分析minidump(2)

有了前几节的准备工作,我们的程序已经可以自动捕获异常了,那么我们开始通过windbg来分析dump解决实际问题。先从简单入手,CString大小写转化导致的异常(提取码ffk6)。

步骤1

使用windbg打开minidump,设置好应用程序的pdb, 执行命令 “.ecxr” 、”kv” ,打印如下栈信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
0:121> .ecxr
eax=0e16eea8 ebx=00160768 ecx=00000000 edx=00000001 esi=0e16ef38 edi=0e16ef48
eip=7c80bef7 esp=0e16eea4 ebp=0e16eef8 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
Unable to load image C:\WINDOWS\system32\kernel32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
kernel32+0xbef7:
7c80bef7 ??              ???
*** ERROR: Module load completed but symbols could not be loaded for mfc120.dll
0:121> kv
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
0e16eea0 1028bc8c e06d7363 00000001 00000000 kernel32+0xbef7
*** WARNING: Unable to verify timestamp for msvcr120.dll
*** ERROR: Module load completed but symbols could not be loaded for msvcr120.dll
0e16eef8 005a9339 e06d7363 00000001 00000003 mfc120+0x28bc8c
0e16ef38 101eee11 0e16ef48 1028bc8c 1029b540 msvcr120+0x19339
0e16ef4c 100566d4 00160760 0b139848 004a67d2 mfc120+0x1eee11
*** WARNING: Unable to verify timestamp for BlockSvr.exe
0e16ef8c 004dc703 0b224248 ec476e15 00000002 mfc120+0x566d4
0e16fea0 004c2bcf 0b139e10 0b167c20 001dfe60 BlockSvr!CSockServer::OnLogonUserV2+0x723 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\user.cpp @ 11713]
0e16ff2c 005041e4 0b139e10 0b167c20 00160768 BlockSvr!CSockServer::OnRequest+0x90f (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\socksvr.cpp @ 424]
0e16ff54 0050c04b 00000000 0b088970 0b2ec408 BlockSvr!CIocpWorker::DoWorkLoop+0xa4
0e16ff6c 0050c01b 0e16ffac 005bc01d 00160760 BlockSvr!CBaseWorker::WorkerThreadProc+0x2b
0e16ff74 005bc01d 00160760 9835355e 00000000 BlockSvr!CBaseWorker::WorkerThreadFunc+0xb
0e16ffac 005bc001 00000000 0e16ffec 7c82482f msvcr120+0x2c01d
0e16ffb8 7c82482f 0b2ec408 00000000 00000000 msvcr120+0x2c001
0e16ffec 00000000 005bbfb4 0b2ec408 00000000 kernel32+0x2482f

步骤2

显示了应用程序的代码行号,但我们希望看到更仔细点,就需要加载windows的系统符号文件

1
e:\mylocalsymbols;SRV*e:\mylocalsymbols*http://msdl.microsoft.com/download/symbols

步骤3

设置后,重新“kv” 查看堆栈信息,显示如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
0:121> kv
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child              
0e16eef8 005a9339 e06d7363 00000001 00000003 kernel32!RaiseException+0x53 (FPO: [Non-Fpo])
0e16ef38 101eee11 0e16ef48 1028bc8c 1029b540 msvcr120!_CxxThrowException+0x5b (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
0e16ef4c 100566d4 00160760 0b139848 004a67d2 mfc120!AfxThrowInvalidArgException+0x19 (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\except.cpp @ 228]
*** WARNING: Unable to verify timestamp for BlockSvr.exe
0e16ef58 004a67d2 ec477f39 00000000 49bf1ce1 mfc120!ATL::CStringT > >::MakeLower+0x23 (FPO: [0,0,0]) (CONV: thiscall) [f:\dd\vctools\vc7libs\ship\atlmfc\include\cstringt.h @ 1796]
0e16ef8c 004dc703 0b224248 ec476e15 00000002 BlockSvr!IsTempLogonToken+0x52 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\main.cpp @ 2277]
0e16fea0 004c2bcf 0b139e10 0b167c20 001dfe60 BlockSvr!CSockServer::OnLogonUserV2+0x723 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\user.cpp @ 11713]
0e16ff2c 005041e4 0b139e10 0b167c20 00160768 BlockSvr!CSockServer::OnRequest+0x90f (FPO: [Non-Fpo]) (CONV: thiscall) [d:\program files (x86)\jenkins\workspace\publish_gamechannel\blocksvr\socksvr.cpp @ 424]
0e16ff54 0050c04b 00000000 0b088970 0b2ec408 BlockSvr!CIocpWorker::DoWorkLoop+0xa4
0e16ff6c 0050c01b 0e16ffac 005bc01d 00160760 BlockSvr!CBaseWorker::WorkerThreadProc+0x2b
0e16ff74 005bc01d 00160760 9835355e 00000000 BlockSvr!CBaseWorker::WorkerThreadFunc+0xb
0e16ffac 005bc001 00000000 0e16ffec 7c82482f msvcr120!_callthreadstartex+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 376]
0e16ffb8 7c82482f 0b2ec408 00000000 00000000 msvcr120!_threadstartex+0x7c (FPO: [Non-Fpo]) (CONV: stdcall) [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 354]
0e16ffec 00000000 005bbfb4 0b2ec408 00000000 kernel32!BaseThreadStart+0x34 (FPO: [Non-Fpo])

结论

可以看到是由于CString 触发了_CxxThrowException。 服务从VC6版本切换到VS2013,CString 的MakeLower 函数检查变的更加严格,部分特殊用户名在VC6中正确转化,但是在vs2013中会抛出异常,将大小写转化函数替换为CharLower ,问题解决

你可能感兴趣的:(程序崩溃专题,C/C++)