How to find the source of the crash in VC

How to find the source of the crash in VC

I listed the source code of this test:

Const int x = 10000;

Int main (INT argc, char * argv [])

{

Int * Y = 0;

Y = (int *) & X;

* Y = 10;

Return 0;

}

 

 

Microsoft Visual C ++ 6.0 (SP5) is used to compile a debug exe. Double-click to run it. In Windows
2000 Server, you will get a dialog box like this:

Title:"Pointer.exe?
Application error";

Body:""0x00401279"Memory of the instruction reference "0x0043101c. The memory cannot be "written ".

To terminate the program, click OK ".

To debug the program, click Cancel "."

After knowing this information, how can I find the origin of the error?

Remember that the address "0x00401279" is the place where the crash occurred.

How to find the cause of the crash:

There are two scenarios:

μ 1: We have source code and can perform on-site debugging;

μ 2 is that VC cannot be installed on site and debugging is not possible, but we have its map file.

In the first case, there is source code, which is called "post-event debugging ":

First, we use VC ide to load this project, run it on F11, and switch to the Disassembly window ).

PressCTRL + GHotkey.

You will get a "go to" window. The default value is "Address ". In "enter ",
In the address expression editing box, enter the location where the crash occurred 0x00401279. Click Go. You are here:

00401279 mov dword ptr [eax], 0ah

Well, we can see that this line of disassembly code is executed in the event of a crash, but why does it crash?

We set a breakpoint here and press F5 to come here.

In the Watch window, type "@ eax" to check the eax register. The value obtained is "0xcccccccc ". Apparently, this is because a data is copied to the address pointed by a null pointer, resulting in a crash.

Now, you have successfully debugged the problem.

Another question is, can the release version of EXE be debugged like this?

Of course. In this example, run its release version and the resulting crash address is 0x0040108a.

We load the release version of this project in VC and press F11 to run it.

At 0x004018a of its disassembly code, we can see that:

0040108a mov dword ptr ds: [40b0d0h], 0ah

 

 

 

In the second case, there is a poining file pointer. MAP:

It is worth noting that it is not enough to open generate mapfile only in the VC project Setting dialog box. Because you must outputProgram Code address and source code line number!! This is very important!

To obtain this information, type "/MapInfo: lines/MapInfo: Exports" in the Project Options dialog box ".Please be sure to develop this habit!This is not the default setting.

The map file we get is roughly as follows. I have deleted most of the output:

Pointer

(Application name)

 

Timestamp is 3d3167a7 (Sun Jul 2823: 03: 032002)

(Timestamp)

 

Preferred load address is 00400000

(The best load base address. A very important piece of data. But this is generally the number .)

 

Address publics by value RVA + base Lib: Object

000:00000250 _ main 00401250 F pointer. OBJ

(_ Main's virtual address)

 

Line numbers for. \ debug \ pointer. OBJ (E: \ pointer. cpp) segment. Text

12 000:00000250 14 0001: 00000268 15 0001: 0000026f 16 0001: 00000276

18 0001: 0000027f 20 0001: 00000291 23 0001: 000002a4 24 0001: 000002a6

(This is the corresponding table of program code row numbers and relative virtual addresses corresponding to pointer. cpp)

 

We can see that the best load base address is 0x00400000, and the virtual address of _ main is 0x00401250. What does mean?

0x00000250 is the relative virtual address (RVA) of _ main ).

0x00010000 is the size of the PE header file.

Therefore, the virtual address is calculated as follows:

0x00401250 = 0x00400000 + 0x00010000 + 0x00000250

Virtual Address = best loading base address + PE header file size + relative virtual address (RVA)

Through the calculation of _ main RVA, we also know how to calculate the RVA of the crash address 0x00401279, Which is 0x00000279, right?

Then, in the map ing file "line numbers for. \ debug \ pointer. OBJ (E: \ pointer. cpp)
Find the address in the segment of the row number segment. Text. As you can see, there are only 16 rows corresponding to 00000276 and 18 rows corresponding to 0000027f, not 00000279?

There is no ing between 17 rows, indicating that 17 rows are empty rows.

So 00000279 must be 16 rows! In this way, you don't need to look at the programmer's code, so you can notify him that the crash occurred in the 16th line of your pointer. cpp!