软件出现的一个异常,报错弹框:Access violation at address 7C80983E in module 'kernel32.dll'. Write of address 00000000.动态库是vc写的, 可执行程序是cb写的,dbg符号已经导入,全部的符号都有,但还是看不懂哪引起的av错误。本人windbg菜鸟,刚买了张老师软件调试没多久,看了看dump,不知道如何下手了。请教各位高手,这种情况如何调试?求思路...
winbg部分调试信息:
0:000> kbn # ChildEBP RetAddr Args to Child 00 0012e244 77d19418 77d2770a 0017003a 00000000 ntdll!KiFastSystemCallRet01 0012e27c 77d249c4 00710192 0017003a 00000001 user32!NtUserWaitMessage+0xc02 0012e2a4 77d3a956 77d10000 0014e768 0017003a user32!InternalDialogBox+0xd003 0012e564 77d3a2bc 0012e6c0 00000000 ffffffff user32!SoftModalMessageBox+0x93804 0012e6b4 77d663fd 0012e6c0 00000028 0017003a user32!MessageBoxWorker+0x2ba05 0012e70c 77d664a2 0017003a 001576c0 0018b8c8 user32!MessageBoxTimeoutW+0x7a06 0012e740 77d50877 0017003a 009ad67c 009ad6e4 user32!MessageBoxTimeoutA+0x9c07 0012e760 77d5082f 0017003a 009ad67c 009ad6e4 user32!MessageBoxExA+0x1b08 0012e77c 00459cc7 0017003a 009ad67c 009ad6e4 user32!MessageBoxA+0x4509 0012e800 00459dde 00000010 0012f108 00459dff TestSwitch!_fastcall Forms::TApplication::HelpKeyword(const System::AnsiString)+0x30a 0012e928 00459bc3 00000000 0046604d 0046605c TestSwitch!_fastcall Forms::TApplication::SetShowHint(bool)+0x320b 0012f124 00418fc2 00000010 00000000 00000000 TestSwitch!_fastcall Forms::TApplication::InvokeHelp(unsigned short, int)+0x2f0c 0012f13c 77d18734 005601f0 00000010 00000000 TestSwitch!_fastcall Classes::initialization()+0x360d 0012f168 77d18816 00af0fd5 005601f0 00000010 user32!InternalCallWinProc+0x280e 0012f1d0 77d28ea0 00000000 00af0fd5 005601f0 user32!UserCallWinProcCheckWow+0x1500f 0012f224 77d28eec 007289f8 00000010 00000000 user32!DispatchClientMessage+0xa310 0012f24c 7c92e453 0012f25c 00000018 007289f8 user32!__fnDWORD+0x2411 0012f270 77d194be 77d28e0d 005601f0 00000112 ntdll!KiUserCallbackDispatcher+0x1312 0012f2c4 77d2c228 005601f0 00000112 0000f060 user32!NtUserMessageCall+0xc13 0012f2e0 5adc3bc2 005601f0 00000112 0000f060 user32!RealDefWindowProcA+0x4714 0012f2f8 5addc7f6 0012f324 003e43b0 0012f358 uxtheme!DoMsgDefault+0x2d15 0012f308 5adc1ac7 003e43b0 0012f324 0012f424 uxtheme!OnDwpSysCommand+0x3d16 0012f358 5addc2b1 5addc7cb 00000000 0000f060 uxtheme!_ThemeDefWindowProc+0x13a17 0012f374 77d2f15c 005601f0 00000112 0000f060 uxtheme!ThemeDefWindowProcA+0x1818 0012f3bc 77d18734 005601f0 00000112 0000f060 user32!DefWindowProcA+0x6b19 0012f3e8 77d18816 0048ea58 005601f0 00000112 user32!InternalCallWinProc+0x281a 0012f450 77d2a013 00000000 0048ea58 005601f0 user32!UserCallWinProcCheckWow+0x1501b 0012f480 77d2a998 0048ea58 005601f0 00000112 user32!CallWindowProcAorW+0x981c 0012f4a0 00466488 0048ea58 005601f0 00000112 user32!CallWindowProcA+0x1b1d 0012f4e8 00455846 009a2600 0012f6ac 00409661 TestSwitch!_fastcall Controls::TWinControl::PaintControls(unsigned int, Controls::TControl *)+0xcc1e 0012f504 00463513 008c04ce 0012f6ac 009a2600 TestSwitch!_fastcall Forms::TCustomForm::WMHelp(Messages::TWMHelp&)+0x721f 0012f62c 004663a4 0012f650 3f800000 3f800000 TestSwitch!_fastcall Controls::TControl::WMLButtonDown(Messages::TWMMouse&)+0xf20 0012f674 0046601f 0012f688 00466037 0012f6a4 TestSwitch!_fastcall Controls::TWinControl::PaintWindow(unsigned int)+0x1421 0012f6a4 00418fc2 00000112 0000f060 008c04ce TestSwitch!_fastcall Controls::TWinControl::WndProc(Messages::TMessage&)+0x5f22 0012f6bc 77d18734 005601f0 00000112 0000f060 TestSwitch!_fastcall Classes::initialization()+0x3623 0012f6e8 77d2bdf1 00af0fd5 005601f0 00000112 user32!InternalCallWinProc+0x2824 0012f750 77d2927b 00000000 00af0fd5 005601f0 user32!UserCallWinProcCheckWow+0xea25 0012f78c 77d292e3 007289f8 006de6f8 0000f060 user32!SendMessageWorker+0x4a526 0012f7ac 5ade8895 005601f0 00000112 0000f060 user32!SendMessageW+0x7f27 0012f7d0 5adc1ac7 003e43b0 0012f7ec 0012f8ec uxtheme!OnDwpNcLButtonDown+0xa828 0012f820 5addc2b1 5ade87ed 00000000 00000014 uxtheme!_ThemeDefWindowProc+0x13a29 0012f83c 77d2f15c 005601f0 000000a1 00000014 uxtheme!ThemeDefWindowProcA+0x182a 0012f884 77d18734 005601f0 000000a1 00000014 user32!DefWindowProcA+0x6b2b 0012f8b0 77d18816 0048ea58 005601f0 000000a1 user32!InternalCallWinProc+0x282c 0012f918 77d2a013 00000000 0048ea58 005601f0 user32!UserCallWinProcCheckWow+0x1502d 0012f948 77d2a998 0048ea58 005601f0 000000a1 user32!CallWindowProcAorW+0x982e 0012f968 00466488 0048ea58 005601f0 000000a1 user32!CallWindowProcA+0x1b2f 0012f9c4 00463513 0012fbe4 0012fb6c 009a2600 TestSwitch!_fastcall Controls::TWinControl::PaintControls(unsigned int, Controls::TControl *)+0xcc30 0012faec 004663a4 006b99d0 00000006 00050006 TestSwitch!_fastcall Controls::TControl::WMLButtonDown(Messages::TWMMouse&)+0xf31 0012fb34 0046601f 0012fb48 00466037 0012fb64 TestSwitch!_fastcall Controls::TWinControl::PaintWindow(unsigned int)+0x1432 0012fb64 00418fc2 000000a1 00000014 008c04ce TestSwitch!_fastcall Controls::TWinControl::WndProc(Messages::TMessage&)+0x5f33 0012fb7c 77d18734 005601f0 000000a1 00000014 TestSwitch!_fastcall Classes::initialization()+0x3634 0012fba8 77d18816 00af0fd5 005601f0 000000a1 user32!InternalCallWinProc+0x2835 0012fc10 77d189cd 00000000 00af0fd5 005601f0 user32!UserCallWinProcCheckWow+0x15036 0012fc70 77d196c7 0012fca0 00000001 0012fcec user32!DispatchMessageWorker+0x30637 0012fc80 004598a8 0012fca0 0012fc00 00000000 user32!DispatchMessageA+0xf38 0012fcec 00401667 00000000 0048f034 001423ba TestSwitch!_fastcall Forms::TApplication::Run()+0xe439 0012fd30 00489aef 00400000 00000000 001423ba TestSwitch!WinMain+0x4b3a 0012fde0 77f44136 7c8106f5 0000001b 00000200 TestSwitch!c2064_4+0x633b 0012ffc0 7c817067 80000001 0d7dda84 7ffdf000 shlwapi!RegOpenKeyExWrapW+0x713c 0012fff0 00000000 00401000 00000000 78746341 kernel32!BaseProcessStart+0x230:000> da 009ad67c 009ad67c "Access violation at address 7C80"009ad69c "983E in module 'kernel32.dll'. W"009ad6bc "rite of address 00000000."0:000> dt 007289f8 tagMsgSymbol tagMsg not found.
.ecxr 回到异常上下文
再kp看栈回溯
谢谢张老师,我试了一下:
0:000> .ecxreax=7ffdf000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005eip=7c92120e esp=0100ffcc ebp=0100fff4 iopl=0 nv up ei pl zr na pe nccs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246ntdll!DbgBreakPoint:7c92120e cc int 30:000> kp *** Stack trace for last set context - .thread/.cxr resets itChildEBP RetAddr 0100ffc8 7c970010 ntdll!DbgBreakPoint0100fff4 00000000 ntdll!DbgUiRemoteBreakin+0x2d
我自己又看了看,上网找了找资料,如下流程:
0:000> !tebTEB at 7ffde000 ExceptionList: 0012e794 StackBase: 00130000 StackLimit: 00128000 SubSystemTib: 00000000 FiberData: 00001e00 ArbitraryUserPointer: 00000000 Self: 7ffde000 EnvironmentPointer: 00000000 ClientId: 00001324 . 00001034 RpcHandle: 00000000 Tls Storage: 00143008 PEB Address: 7ffdf000 LastErrorValue: 2 LastStatusValue: c0000034 Count Owned Locks: 0 HardErrorMode: 00:000> dps 00128000 00130000
...
00129208 7c92e46a ntdll!KiUserExceptionDispatcher+0xe
0:000> .cxr 00129238 eax=00129508 ebx=03463980 ecx=00000000 edx=00000000 esi=00129584 edi=0012eac4eip=7c812aeb esp=00129504 ebp=00129558 iopl=0 nv up ei pl nz na po nccs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202kernel32!RaiseException+0x53:7c812aeb 5e pop esi0:000> kp *** Stack trace for last set context - .thread/.cxr resets itChildEBP RetAddr 00129558 0012956c kernel32!RaiseException+0x53WARNING: Frame IP not in any known module. Following frames may be wrong.0012956c 0012eac4 <Unloaded_L>+0x1f2de00129570 0012ea80 <Unloaded_L>+0x248360012eac4 80000000 <Unloaded_L>+0x247f200000000 00000000 0x80000000
通过上面的代码,基本找出出错时的信息了,不知道这样看对不对
两次贴出的信息是针对同一个dump么?