I met several friends in the Forum and said:ProgramCrash from time to time, What xxoo cannot read!
If this memory address is used, you may lose your mind ~~
So let's share some basic debugging skills. The tools that need to be prepared include windbg + vc6.0,
Below is a self-organized copy of the automatically generated dump fileSource code, You only need to add to the project, the sourceCodeAs follows:
Minidump. h
Minidump. cpp
<For details, refer to the attachment SRC. If it is too large, it will not be pasted.>
1. Add the following section to cxxdlg: oninitdialog:
-
- Bool ctestdlg: oninitdialog ()
-
- {
-
- Cdialog: oninitdialog ();
-
-
- //......
-
- Setunhandledexceptionfilter (crashreportex );
-
- Hmodule hkernel32;
-
- // Try to get minidumpwritedump () address.
-
- Hdbghelp = loadlibrary ("dbghelp. dll ");
-
- Minidumpwritedump _ = (minidump_write_dump) getprocaddress (hdbghelp, "minidumpwritedump ");
-
- // D ("hdbghelp = % x, minidumpwritedump _ = % x", hdbghelp, minidumpwritedump _);
-
-
- // Try to get tool help library functions.
-
- Hkernel32 = getmodulehandle ("Kernel32 ");
- Createconlhelp32snapshot _ = (create_tool_help32_snapshot) getprocaddress (hkernel32, "createconlhelp32snapshot ");
-
- Module32first _ = (module32_first) getprocaddress (hkernel32, "module32first ");
-
- Module32next _ = (module32_nest) getprocaddress (hkernel32, "module32next ");
-
- }
Copy code
The following is the test code in the project:
- Class ctestdlg: Public cdialog
- {
- // Construction
- Public:
- Ctestdlg (cwnd * pparent = NULL); // standard Constructor
- Void fun1 (char * pszbuffer );
- Void fun2 (char * pszbuffer );
- Void fun3 (char * pszbuffer );
- };
Copy code
- Void ctestdlg: fun1 (char * pszbuffer)
- {
- Fun2 (pszbuffer );
- }
- Void ctestdlg: fun2 (char * pszbuffer)
- {
- Fun3 (pszbuffer );
- }
- Void ctestdlg: fun3 (char * pszbuffer)
- {
- Pszbuffer [1] = 0x00;
- }
Copy code
The response code when double-clicking the OK button is as follows:
- Void ctestdlg: onok ()
- {
- // Todo: add extra validation here
- Fun1 (null );
- }
Copy code
2. Set the VC compilation option and check generate map, debug info, and progma datebase:
Upload
Download Attachment (55.12 KB)
Upload
Download Attachment (82.96 KB)
3. Save the PDB and map files in the release directory generated by compilation, which will be used for future debugging:
Upload
Download Attachment (9.85 KB)
4. Run the program and click OK to restart automatically after an exception occurs. Create a log folder to generate a dump file:
Upload
Download Attachment (8.92 KB)
5. Open windbg and set the relevant path.
A. Set the PDB path (file \ symbol file path)
Upload
Download Attachment (12.4 KB)
B. Set the source code path (file \ source file path)
Upload
Download Attachment (11.05 KB)
C. Set the EXE path (file \ image file path)
Upload
Download Attachment (12.84 KB)
6. Use wiindbg to open the dump file (file \ open crash dump)
Upload
Download Attachment (112.02 KB)
7. Enter the command! Analyze-V. After several seconds, the error message will be printed. The function call stack is shown as follows:
-
-
- Microsoft (r) Windows debugger version 6.11.0001.404 x86
-
- Copyright (c) Microsoft Corporation. All rights reserved.
-
-
- Loading dump file [c: \ test \ release \ log \ 2012-05-29 160059.dmp]
-
- User mini dump file: only registers, stack and portions of memory are available
-
-
- Symbol search path is: C: \ test \ release
-
- Executable search path is: C: \ test \ release
-
- Windows XP version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
-
- Product: WINNT, Suite: singleuserts
-
- Machine Name:
-
- Debug session time: Tue May 29 16:00:59. 0002012 (GMT + 8)
-
- System uptime: not available
-
- Process uptime: 0 days 0:00:01. 000
-
- ...................................
-
- This dump file has an exception of interest stored in it.
-
- The stored exception information can be accessed via. ecxr.
- (1710.1450): access violation-code c0000005 (first/second chance not available)
-
- Eax = 00a80000 EBX = 00157ea8 ECx = 00000007 edX = 7c92e514 ESI = 00157e80 EDI = 00157ed8
-
- EIP = 7c92e514 ESP = 0012e830 EBP = 0012e840 iopl = 0 NV up ei pl Zr na PE NC
-
- Cs = 001b Ss = 0023 DS = 0023 es = 0023 FS = 003b GS = 0000 EFL = 00000246
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for NTDLL. dll-
-
- Ntdll! Kifastsystemcallret:
-
- 7c92e514 C3 RET
-
- 0: 000>! Analyze-V
-
- **************************************** ***************************************
- **
-
- * Exception analysis *
- **
-
- **************************************** ***************************************
-
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for mfc42.dll-
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for user32.dll-
-
- * *** OS symbols are wrong. Please fix symbols to do analysis.
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for kernel32.dll-
-
- **************************************** *********************************
-
- ******
- ******
-
- * ** Your debugger is not using the correct symbols ***
- ******
-
- * ** In order for this command to work properly, your symbol path ***
-
- * ** Must point to. PDB files that have full type information .***
- ******
-
- *** Certain. PDB files (such as the Public OS symbols) do not ***
-
- * ** Contain the required information. Contact the group that ***
-
- *** Provided you with these symbols if you need this command ***
- * ** Work .***
-
- ******
- * ** Type referenced: image_nt_headers32 ***
-
- ******
-
- **************************************** *********************************
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for ole32.dll-
-
- * ** Error: Symbol file cocould not be found. defaulted to export symbols for advapi32.dll-
- **************************************** *********************************
-
- ******
-
- ******
- * ** Your debugger is not using the correct symbols ***
-
- ******
-
- * ** In order for this command to work properly, your symbol path ***
-
- * ** Must point to. PDB files that have full type information .***
- ******
-
- *** Certain. PDB files (such as the Public OS symbols) do not ***
-
- * ** Contain the required information. Contact the group that ***
-
- *** Provided you with these symbols if you need this command ***
- * ** Work .***
-
- ******
- * ** Type referenced: Kernel32! Pnlsuserinfo ***
-
- ******
-
- **************************************** *********************************
-
- **************************************** *********************************
- ******
-
- ******
- * ** Your debugger is not using the correct symbols ***
-
- ******
-
- * ** In order for this command to work properly, your symbol path ***
-
- * ** Must point to. PDB files that have full type information .***
- ******
-
- *** Certain. PDB files (such as the Public OS symbols) do not ***
-
- * ** Contain the required information. Contact the group that ***
-
- *** Provided you with these symbols if you need this command ***
- * ** Work .***
-
- ******
- * ** Type referenced: Kernel32! Pnlsuserinfo ***
-
- ******
-
- **************************************** *********************************
-
-
- Faulting_ip:
-
- Test! Ctestdlg: fun3 + 6 [c: \ test \ testdlg. cpp @ 141]
- 00401ca6 c6400100 mov byte PTR [eax + 1], 0
-
-
- Prediction_record: ffffffff -- (. EXR 0 xffffffffffffffff)
-
- Predictionaddress: 00401ca6 (test! Ctestdlg: fun3 + 0x00000006)
-
- Exceptioncode: c0000005 (access violation)
-
- Predictionflags: 00000000
-
- Numberparameters: 2
-
- Parameter [0]: 00000001
-
- Parameter [1]: 00000001
-
- Attempt to write to address 00000001
-
-
- Process_name: test.exe
-
-
- Additional_debug_text:
-
- Use '! Findthebuild 'COMMAND to search for the target build information.
- If the build information is available, run '! Findthebuild-S;. Reload 'to set symbol path and load symbols.
-
-
- Module_name: Test
-
-
- Faulting_module: 7c920000 NTDLL
-
-
- Debug_flr_image_timestamp: 4fc48236
-
-
- Error_code: (ntstatus) 0xc0000005-"0x % 08lx"
-
-
- Prediction_code: (ntstatus) 0xc0000005-"0x % 08lx"
-
-
- Prediction_parameter1: 00000001
-
-
- Prediction_parameter2: 00000001
-
-
- Write_address: 00000001
-
-
- Followup_ip:
-
- Test! Ctestdlg: fun3 + 6 [c: \ test \ testdlg. cpp @ 141]
- 00401ca6 c6400100 mov byte PTR [eax + 1], 0
-
-
- Faulting_thread: 00001450
-
-
- Bugcheck_str: application_fault_null_class_ptr_dereference_invalid_pointer_write_wrong_symbols
-
-
- Primary_problem_class: null_class_ptr_dereference
-
-
- Default_bucket_id: null_class_ptr_dereference
-
-
- Last_control_transfer: From 00401c9c to 00401ca6
-
-
- Stack_text:
-
- 0012f89c 00401c9c 00000000 0012f8b4 00401c8c test! Ctestdlg: fun3 + 0x6 [c: \ test \ testdlg. cpp @ 141]
-
- 0012f8a8 00401c8c 00000000 0012f8cc 00401f27 test! Ctestdlg: fun2 + 0xc [c: \ test \ testdlg. cpp @ 137]
- 0012f8b4 00401f27 00000000 73d323eb 73dcf07c test! Ctestdlg: fun1 + 0xc [c: \ test \ testdlg. cpp @ 132]
-
- 0012f8bc 73d323eb 73dcf07c 00000111 0012f8fc test! Ctestdlg: onok + 0x7 [c: \ test \ testdlg. cpp @ 242]
-
- Warning: Stack unwind Information not available. Following frames may be wrong.
-
- 0012f8cc 73d322fd 0012fe94 00000001 00000000 mfc42! Ordinal567 + 0xa2
-
- 0012f8fc 73d976e5 00000001 00000000 00000000 mfc42! Ordinal4424 + 0x108
-
- 0012f920 73d33094 00000001 00000000 00000000 mfc42! Ordinal4431 + 0x1b
-
- 0012f970 73d31b58 00000000 0014120e 0012fe94 mfc42! Ordinal4441 + 0x51
-
- 0012f9f0 73d31b07 00000111 00000001 0014120e mfc42! Ordinal5163 + 0x2f
-
- 0012fa10 73d31a78 00000111 00000001 0014120e mfc42! Ordinal6374 + 0x22
-
- 0012fa70 73d319d0 0012fe94 00000000 00000111 mfc42! Ordinal1109 + 0x91
- 0012fa90 73dbe47c 0018124c 00000111 00000001 mfc42! Ordinal1578 + 0x34
-
- 0012 fabc 77d18734 0018124c 00000111 00000001 mfc42! Ordinal1579 + 0x39
-
- 0012fae8 77d18816 73dbe443 0018124c 00000111 USER32! Getdc + 0x6d
-
- 0012fb50 77d2927b 00000000 73dbe443 0018124c USER32! Getdc + 0x14f
-
- 0012fb8c 77d292e3 006d5120 007101c8 00000001 USER32! Getparent + 0x16c
-
- 0012 fbac 77d4ff7d 0018124c 00000111 00000001 USER32! Sendmessagew + 0x49
-
- 0012fbc4 77d1_d2 007156c0 00000000 007156c0 USER32! Createmdistmwa + 0x1bd
-
- 0012fbe0 77d25e94 001530ec 00000001 00000000 USER32! Deregistershellhookwindow + 0x6312
-
- 0012fc64 77d3b082 007156c0 00000202 00000000 USER32! Isdlgbuttonchecked + 0x109a
-
- 0012fc84 77d18734 0014120e 00000202 00000000 USER32! Softmodalmessagebox + 0xda3
- 0012fcb0 77d18816 77d3b036 0014120e 00000202 USER32! Getdc + 0x6d
-
- 0012fd18 77d189cd 00000000 77d3b036 0014120e USER32! Getdc + 0x14f
-
- 0012fd78 77d18a10 00404314 00000000 0012 fdac USER32! Getwindowlongw + 0x127
-
- 0012fd88 77d274ff 00404314 00404314 0040431c USER32! Dispatchmessagew + 0xf
-
- 0012 fdac 77d3c6d3 0018124c 007156c0 00404314 USER32! Isdialogmessagew + 0xdb
-
- 0012 fdcc 73d45202 0018124c 00404314 0012fe94 USER32! Isdialogmessage + 0x4a
-
- 0012 fddc 73d39be0 00404314 73d451ce 00404314 mfc42! Ordinal4047 + 0x2f
-
- 0012ff00 73d3c1cf 006f0072 00142373 00000000 mfc42! Ordinal5278 + 0x29
-
- 004034c0 00401c20 004019f0 00401a00 00401a10 mfc42! Ordinal1576 + 0x47
-
- 004034c4 004019ef 00401a00 00401a10 00402130 test! Ctestdlg: 'scalar deleting destructor'
- 004034c8 004019ff 00401a10 00402130 0040212a test! Ctestdlg ::~ Ctestdlg + 0xf
-
- 004034cc 00401a0f 00402130 0040212a 0040203a test! Cobject: serialize + 0xf
-
- 004034d0 00402130 0040212a 0040203a 00402034 test! Cobject: assertvalid + 0xf
-
- 004034d4 0040212a 0040203a 00402034 0040202e test! Cdialog: on1_msg
-
- 004034d8 0040203a 00402034 0040202e 00402028 test! Cwnd: onfinalrelease
-
- 004034dc 00402034 0040202e 00402028 00402022 test! Cve-target: isinvokeallowed
-
- 004034e0 0040202e 00402028 00402022 00401c70 test! Csf-target: getdispatchiid
-
- 004034e4 00402028 00402022 00401c70 0040201c test! Csf-target: gettypeinfocount
-
- 004034e8 00402022 00401c70 0040201c 00402016 test! Csf-target: gettypelibcache
-
- 004034ec 00401c6f 0040201c 00402016 00402010 test! Csf-target: gettypelib
- 004034f0 0040201c 00402016 00402010 0040200a test! Ctestdlg: _ getbasemessagemap + 0xf
-
- 004034f4 00402016 00402010 0040200a 00402004 test! Csf-target: getcommandmap
-
- 004034f8 00402010 0040200a 00402004 00401ffe test! Csf-target: getdispatchmap
-
- 004034fc 0040200a 00402004 00401ffe 00401ff8 test! Ccmdtarget: getconnectionmap
-
- 00403500 00402004 00401ffe 00401ff8 00401ff2 test! Csf-target: getinterfacemap
-
- 00403504 00401ffe 00401ff8 00401ff2 00401fec test! Csf-target: geteventsinkmap
-
- 00403508 00401ff8 00401ff2 00401fec 00402124 test! Csf-target: oncreateaggregates
-
- 00403608 004022fc 00402310 00000000 19930520 test! Csf-target: getinterfacehook
-
- 0040360c 00402310 00000000 19930520 00000008 test! Winmaincrtstartup + 0x13e
-
- 00403610 00000000 19930520 00000008 00403638 test! Winmaincrtstartup + 0x152
-
-
- Stack_command :~ 0 s;. ecxr; KB
-
-
- Faulting_source_code:
-
- 137 :}
-
- 138:
-
- 139: void ctestdlg: fun3 (char * pszbuffer)
-
- 140 :{
-
- > 141: pszbuffer [1] = 0x00;
-
- 142 :}
-
- 143:
-
- 144: bool ctestdlg: oninitdialog ()
-
- 145 :{
-
- 146: cdialog: oninitdialog ();
-
-
-
- Symbol_stack_index: 0
-
-
- Symbol_name: test! Ctestdlg: fun3 + 6
-
- Followup_name: machineowner
-
-
- Image_name: test.exe
-
-
- Bucket_id: wrong_symbols
-
-
- Failure_bucket_id: null_class_ptr_dereference_c0000005_test.exe! Ctestdlg: fun3
-
-
- Watson_stageone_url: http://watson.microsoft.com/StageOne/Test_exe/1_0_0_1/4fc48236/Test_exe/1_0_0_1/4fc48236/c0000005/00001ca6.htm? Retriage = 1
-
-
- Followup: machineowner
-
- ---------
Copy code
OK, so that we can accurately locate which function has a problem in the released version of the program, so remember to generate the PDB and map files when releasing the program, otherwise, if the customer fails to run, you will not die!
Test Project:
Dumptest.rar
original article:
http://blog.csdn.net/wangningyu/article/details/6748138