Debug the crash error of the release program (win7)

Today, the software suddenly went down. Only the event log can be referenced. After studying for a long time, I also found a lot of information on the Internet. There are a lot of good information, but it seems that there is no win7 version, it is XP. The event log of win7 is a little different from that of XP. After studying it for a long time, I will summarize it and write it down for your reference:

Configuration: win7 + vs2010

 

Configure vs2010:

• Open Map: Linker --> debugging --> Generate Map File

• Open cod: C/C ++ --> output files --> assembler output

• I wrote a piece of code with a null pointer:

• Run the program and program crash. View Event Viewer: the error offset address is: fault offset:
  Zero X 00002752

• Open the map file of the corresponding program: this is a problem. This error offset address fault offset: 0x00002752. How can we calculate the corresponding code? The formulas provided in some articles are as follows:

Crash line offset = crash address-absolute address of the crash Function + relative offset of the Function

But it seems that I cannot calculate it for a long time. After thinking for a long time, I finally understood that the absolute address of the crash should be calculated first:

 Absolute crash address = fault offset + 0x0040 0000

The fault offset: 0x00002752 value is given in the Event Viewer. The absolute crash address is 0x0040 2752.

• Find the map file based on the absolute crash address. The address of the corresponding function is:

Absolute address of the collapsed function <absolute address of the crashed function <absolute address of the next Function

Find the corresponding map file and find the absolute address of ontimer <absolute address of crash <onsize absolute address

Therefore, we can determine that the crash occurs within the ontimer function.

• After finding the function where the crash is located, you need to find the code of the specific crash line. First, calculate the offset between the code of the crash row and the function:

Crash line offset = absolute address of the crash-absolute address of the crash Function

Bring the corresponding value:

Crash row offset = 0x0040 2752-0x0040 2700 --> Get the crash row offset 0x52.

• After finding the offset between the crash function and the crash line, if you need to locate the code, you need the cod file:

.... For example, find the ontimer function first, and then determine the problematic code in this function based on the offset address 0x52: (2) Move dword ptr [eax], eax, null pointer exception. In addition, the number 343 marked by the Red Circle (1) indicates the code line.
Some people may wonder why the test_crash01 and test_crash functions are not available because they are optimized by the compiler ....

I think we can identify the problematic code at this time. Of course, sometimes we need to make judgments based on the context ....