Re: 浏览器无响应【在百度图片浏览图片过程】

WinDbg

浏览器无响应【在百度图片浏览图片过程】

巫师 2011-10-12, 01:15 上午

通过spy++查看窗口,发现是d80.60c线程无响应。

用windbg.exe附加上进程,保存dump文件。然后切换到60c号线程,栈回溯如下:

ChildEBP RetAddr  Args to Child             
1170e804 77395cac 756668cc 00000001 1170e858 ntdll!KiFastSystemCallRet
1170e808 756668cc 00000001 1170e858 00000001 ntdll!ZwWaitForMultipleObjects+0xc
1170e8a4 76e9f0ca 1170e858 1170e8cc 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100
1170e8ec 772190be 00000001 7ffde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
1170e940 772159fe 000009d0 00000000 00001388 user32!RealMsgWaitForMultipleObjectsEx+0x13c
1170e95c 66d72c92 00000000 00000000 00000000 user32!MsgWaitForMultipleObjects+0x1f
1170e9d4 66b3017c 161046e8 6713aad4 0a20bea8 mshtml!CXMLHttpRequest::Synchronize+0x8e
1170e9ec 66738eb3 161046e8 00000001 1170ec74 mshtml!CXMLHttpRequest::send+0xd6
1170ea28 669bade1 161046e8 04211800 0a20bea8 mshtml!Method_void_o0oVARIANT+0xe2
1170eaa8 668a6c6f 161046e8 000003f3 00000001 mshtml!CBase::ContextInvokeEx+0x84c
1170ead4 668c87bc 161046e8 000003f3 00000001 mshtml!CSelectionObject::InvokeEx+0x2b
1170eb00 668c83c4 161046e8 000003f3 00000001 mshtml!CBase::VersionedInvokeEx+0x37
1170eb40 6ee596bb 161046e8 000003f3 00000001 mshtml!CBase::PrivateInvokeEx+0x82
1170eb88 6ee8dff4 04211800 000003f3 00000001 jscript9!HostDispatch::CallInvokeEx+0x106
1170ebb0 6ee8df3e 000003f3 00000001 00000001 jscript9!HostDispatch::InvokeMarshaled+0x4d
1170ec74 6ee8dd59 0ca7f000 000003f3 00000000 jscript9!HostDispatch::InvokeByDispId+0x408
1170ec90 6ee8dd2d 10000002 1170ecb8 0ca7f000 jscript9!DispMemberProxy::DefaultInvoke+0x22
1170ed9c 76881145 0bdae460 0bdae420 0e349c90 jscript9!DispMemberProxy::DefaultInvoke+0x20
1170edb0 0e338000 0badbea0 0e338270 0badbe90 ole32!CRetailMalloc_GetSize+0x21
WARNING: Frame IP not in any known module. Following frames may be wrong.
1170edd4 6ededbbc 0000003d 0e4c0ba0 0e349c90 0xe338000
记得张老师说过,断在ntdll!KiFastSystemCallRet,都是卡在内核态了。

于是开启LocalKernel,观察内核态60c线程,如下

lkd> !thread 86ec8030
THREAD 86ec8030  Cid 0d80.060c  Teb: 7ff83000 Win32Thread: fe59c008 WAIT: (Suspended) KernelMode Non-Alertable
SuspendCount 1
FreezeCount 1
    86ec81f8  Semaphore Limit 0x2
Not impersonating
DeviceMap                 ad0115b0
Owning Process            87271030       Image:         360se.exe
Wait Start TickCount      412276         Ticks: 9151 (0:00:02:22.756)
Context Switch Count      266486            
UserTime                  00:00:40.700
KernelTime                00:00:08.673
Win32 Start Address 0x00454640
Stack Init aecaffd0 Current aecaf600 Base aecb0000 Limit aecad000 Call 0
Priority 12 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child             
aecaf618 84073c75 86ec8030 00000000 8412ed20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
aecaf650 84072573 86ec80f0 86ec8030 86ec81f8 nt!KiSwapThread+0x266
aecaf678 8406c40f 86ec8030 86ec80f0 00000000 nt!KiCommitThreadWait+0x1df
aecaf6f4 840af128 86ec81f8 00000005 00000000 nt!KeWaitForSingleObject+0x393
aecaf70c 840ad169 00000000 00000000 00000000 nt!KiSuspendThread+0x18 (FPO: [3,0,0])
aecaf754 84073c5d 00000000 00000000 00000000 nt!KiDeliverApc+0x17f
aecaf798 84072573 00000000 86ec8030 86ec8114 nt!KiSwapThread+0x24e
aecaf7c0 8406e82f 86ec8030 86ec80f0 00000084 nt!KiCommitThreadWait+0x1df
aecaf93c 84237b85 00000001 aecafa74 00000001 nt!KeWaitForMultipleObjects+0x535
aecafbc8 842378f2 00000001 aecafbf8 00000001 nt!ObpWaitForMultipleObjects+0x262
aecafd18 840483ea 00000001 1170e858 00000001 nt!NtWaitForMultipleObjects+0xcd
aecafd18 77396344 00000001 1170e858 00000001 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ aecafd34)
WARNING: Frame IP not in any known module. Following frames may be wrong.
1170e8a4 00000000 00000000 00000000 00000000 0x77396344
后面要怎么分析呢?请张老师指教一下。完全Dump已经保存下来,需要的话发您邮箱,多谢啦!

Re: 浏览器无响应【在百度图片浏览图片过程】

巫师 2011-10-12, 01:20 上午

lkd> dd aecaf6f4
aecaf6f4  aecaf754 840af128 86ec81f8 00000005
aecaf704  00000000 8d300120 8412ed20 00000000
aecaf714  0000000a 00000000 0000000a aecaf75c
aecaf724  84073e47 00000000 8412ed20 8413063c
aecaf734  00000206 86ec8030 8441ab48 00000000
aecaf744  8412ed20 aecafbb8 00000000 8406caa6
aecaf754  aecaf798 86ec8030 8412ed20 8413063c
aecaf764  84073c75 86ec8030 84131f08 8412ed20

 

lkd> dd 86ec81f8
86ec81f8  00050005 00000000 86ec8200 86ec8200
86ec8208  00000002 00000000 86f35b68 88ca5f28
86ec8218  86ec8218 86ec8218 00000000 00000000
86ec8228  00000000 00000000 0bbf5d5e 01cc8831
86ec8238  86ec8238 86ec8238 00000000 00000000
86ec8248  77396328 00000000 00000000 86ec8254
86ec8258  86ec8254 00000d80 0000060c 00050005
86ec8268  00000000 86ec826c 86ec826c 00000001

Re: 浏览器无响应【在百度图片浏览图片过程】

格蠹老雷 2011-10-12, 12:51 下午

两个思路:

一个是追踪这个线程所等待的对象,通过分析参数,找到对象句柄(用户态)和对象指针(内核态),然后看哪个线程拥有这个对象。

另一方面,从栈回溯来看,这个线程在正在执行JavaScript,似乎是在执行类似下面这样的send语句:

        http_request.open('POST', 'default.aspx', true);
        http_request.setRequestHeader( " Content-Type " , " application/x-www-form-urlencoded " ); 
        http_request.send('ajax=1&b=5');
因此也可以从网络方面进行分析...

Re: 浏览器无响应【在百度图片浏览图片过程】

Thomson 2011-10-15, 00:01 上午

前面一个是测试能不能回帖的。

lz可以把dump上传上来看一看。

Re: 浏览器无响应【在百度图片浏览图片过程】

格蠹老雷 2011-10-15, 14:49 下午
恭喜Tom,你终于可以发帖了 :-)

Powered by Community Server Powered by CnForums.Net