System: Windows XP SP3
Exe:insight3_en.exe of the crash
Version: 3.50.0064
Information at the time of crash:
The stored exception information can be accessed via. ECXR. (5404.5050): Access violation-code c0000005 (First/second chance not available) eax=00000000 ebx=00000000 ecx=7c930323 Ed x=00000100 esi=00440b6b edi=0006f324eip=004eb2a8 esp=0006f0f4 ebp=0006f0f4 iopl=0 nv up ei pl nz na pe nccs=001b s s=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206*** error:module load completed but symbols Could not being loaded for insight3_en.exeinsight3_en+0xeb2a8:004eb2a8 8b00 mov eax,dword ptr [eax] ds:0 023:00000000=????????
Stack:
0:000> KBCHILDEBP retaddr Args to child warning:stack unwind information not available. Following frames be wrong.0006f0f4 0044497a 00000000 0000000c 0006f17c insight3_en+0xeb2a80006f104 004438c0 77d4f980 0 00f084a 000A0ACC insight3_en+0x4497a0006f17c 00441160 000f084a 00000116 772011ff insight3_en+0x438c0*** error:symbol File could not being found. defaulted to export symbols for USER32.DLL-0006F2BC 77d18734 000f084a 00000116 00010bcd insight3_en+0x411600006f2e8 77d1 8816 00440b6b 000f084a 00000116 user32! getdc+0x6d0006f350 77d28ea0 00000000 00440b6b 000f084a user32! GETDC+0X14F0006F3A4 77D28EEC 0185a660 00000116 00010bcd user32! defwindowprocw+0x1800006f3cc 7c92e473 0006f3dc 00000018 0185a660 user32! defwindowprocw+0x1cc0006f444 77d2c228 000f084a 00000313 00000000 ntdll! kiusercallbackdispatcher+0x130006f460 77d2c1d5 000f084a 00000313 00000000 user32! Defwindowproca+0xaa0006f4a8 77d3e56d 000f084a 00000313 00000000 user32! DEFWINDOWPROCA+0X570006F4C0 77d308e6 0185a660 00000313 00000000 user32! enumclipboardformats+0x300006f528 77d4f980 000f084a 000A0ACC 00000313 user32! defframeprocw+0xb30006f548 0042e3dc 000f084a 000A0ACC 00000313 user32! defframeproca+0x1b0006f574 0044135d 000f084a 000a0acc 00000313 insight3_en+0x2e3dc0006f6c4 77d18734 000f084a 00000313 00000000 insight3_en+0x4135d0006f6f0 77d18816 00440b6b 000f084a 00000313 user32! getdc+0x6d0006f758 77d28ea0 00000000 00440b6b 000f084a user32! Getdc+0x14f0006f7ac 77D28EEC 0185a660 00000313 00000000 user32! Defwindowprocw+0x1800006f7d4 7c92e473 0006f7e4 00000018 0185a660 user32! defwindowprocw+0x1cc
Take a look at the 004EB2A8 assembly:
.text:0 04eb29b sub_4eb29b proc near; CODE xref:sub_44485a+11bp.text:004eb29b; SUB_4E7724+1DP. text:004eb29b.text:004eb29b Arg_0 = dword ptr 8.text:004eb29b.text:004eb29b Push ebp.text:004eb29c mov ebp, esp.text:004eb29e mov eax, [ebp+arg_0].text:004 EB2A1 mov eax, dword_5c6b80[eax*4].text:004eb2a8 mov eax, [EAX].TEXT:004EB2AA mov eax, [eax+1ch].text:004eb2ad shr eax, 1.text:004eb2af and EAX, 1.TEXT:004EB2B2 neg eax.text:004eb2b4 sbb eax, Eax.text:004eb2b6 Inc eax.text:004eb2b7 Pop ebp.text:004eb2b8 retn 4.text:004eb2b8 sub_4eb29b ENDP
See DWORD_5C6B80 This global variable is very familiar, and
SOURCE Insight Coredump Analysis
In the same way.
And the contents of this global variable and index (that is, arg_0) are as follows:
0:000> DD 5c6b80 l 1005c6b80 000000000:000> dd ebp+8 L 10006f0fc 00000000
So the positioning process is
SOURCE Insight Coredump Analysis
Exactly the same.
SOURCE Insight another Coredump