Supplement and improvement of the article "Find the source code error line only by crash address"

Read Old Luo's "Only through the crash address to find the source code error Line" (hereinafter referred to as "Luo Wen") after a article, feel that the text can still learn a lot of things. However, there are some improper statements, and some of the operation is too cumbersome place. To this end, I learned this article, in many experiments on the basis of the text of some of the contents of the supplement and improvement, I hope to debug the program, especially release version of the program is helpful. You are welcome to criticize your friends.

I. Scope of application of the method

There are many reasons why a program crashes in a Windows program, and the method described in this article only applies to a program crash that is immediately caused by a single statement. As in the original text of the divisor of zero collapse example. And the author in the actual work encountered more situation is: the pointer to an illegal address, and then the contents of the pointer, read or write the operation. For example:

void Crash1()
{
char * p =(char*)100;
*p=100;
}

These causes a crash, whether it's a debug version or a release version of a program that uses this method to find the line of statements in the function or subroutine that is causing the crash, as well as the details below. In addition, another common cause of program crashes in practice is the fact that the array of local variables in a function or subroutine is paid out of bounds, causing the return address of a function or subroutine to be overwritten, causing a function or subroutine to crash when returned. For example:

#include
void Crash2();
int main(int argc,char* argv[])
{
　　Crash2();
　　return 0;
}
void Crash2()
{
　　char p[1];
　　strcpy(p,"0123456789");
}

Compiling the release version of this program in VC will jump out of the following error box.

Figure One example above running results

The crash address shown here is: 0x34333231. The source of the crash caused by the preceding statement, which is apparent in the subsequent procedure, is clearly powerless in the way described in the article. However, in this case, there are some clues to find the cause of the crash: The local array p in the function Crash2 has only one byte size, and obviously the copy "0123456789" will copy the string beyond the length to the back of the array p, i.e. * (p+1) = ' 1 ', * (p+2) = ' 2 ', * (p+3) = ' 3 ', * (p+4) = 4 ... The value of the ASC code for the character ' 1 ' is 0x31, ' 2 ' for 0x32, ' 3 ' for 0x33, ' 4 ' for 0x34 ... , because the INT data in Intel's CPU is stored in a low address, saving the string ' 1234 ' memory as a 4-byte int is 0x34333231. Obviously, when the "0123456789" string is copied, the "1234" characters overwrite the return address of the function CRASH2, causing the program to crash. For a similar error that causes the program to crash, there are other ways to make mistakes, and you are welcome to share the discussion.