How to diagnose Windows CE application crash (continued)

In the article "how to diagnose Windows CE application crash", I introduced how to use the crack address function of Remote Process explorer to locate the program crash address. However, it seems that many people do not know how to use this tool. This article details it.

Make sure that dbghelp. dll is available on your PC. Microsoft has not published the PDB file format, but there is an API for parsing PDB files, which is provided in dbghelp. dll. The latest version can be downloaded on the Microsoft website. Before Microsoft launched the. NET Framework, com-based component programming was very popular. Therefore, Microsoft also provided another set of interfaces, called DIA (debug interface access), in the form of COM components ). Remote proecess Explorer uses dbghelp. DLL to parse the wince debugging symbol. Because the executable program module of Wince uses the PE format, the debugging symbol file uses the PDB format, which is the same as the Windows desktop platform. Therefore, it can also analyze the Windows desktop application address. Dbghelp. dll can be placed in the system directory (c: \ windows \ system32) or in the directory where remote process explorer is located.

Put EXE/DLL and PDB in a directory. If it is stored in different directories, dbghelp may not be able to find PDB.

There are several steps to use this tool. For example, to locate the following crash address Pc = 03f7e034:

Raiseexception: thread = 8d5rjb0 proc = 81a37040 'device.exe'
Aky = 00000205 Pc = 03f7e034 (coredll. dll + 0x0001e034) Ra = 80120ef4 (NK. EXE + 0x00020ef4) BVA = 00000001 FSR = 00000001

From the PC = 03f7e034 (coredll. dll + 0x0001e034) sentence we know three important information: crash module coredll. dll, crash address 0x03f7e034, module load base address ready = 0x03f60000. Earlier versions of ce5 are not displayed (coredll. dll + 0x0001e034), and the base address cannot be calculated directly. However, in general, if your system has not changed a lot, the base address to be loaded each time is the same, so you can run the system to view its loading base address.

Based on the three information, remote process Explorer can work:

1. Cracking address: 0x03f7e034

2. Base Address: 0x03f60000

3. Fill in the full path of coredll. dll in the module path column. You can click the button on the Right To locate the module.

 

Now you can try to press the search button in the third line (there is a magnifier icon ). If it succeeds, the source file path, function name, and code line will be prompted. After the debugging symbol search path and source file search path are set, the text box below can directly display the source code, and the lines that crash are marked in red. The search path is set in the "file --> file path..." dialog box (multiple paths are separated by semicolons ):

 

The source file path when PDB is generated is definitely different from the wince path when platform builder is installed. Therefore, the following "Source Path mapping" also requires path ing to facilitate remote process explorer to search source code.