Re: 崩溃到ntdll.dll的问题
C/C++本地代码调试
崩溃到ntdll.dll的问题
星河
2013-05-23, 21:19 下午
我在一个线程里调用了第三方提供的dll,当我的线程结束之后,就不会再取调用这个dll的任何接口,但是遇到一个奇怪的崩溃日志,日志里总会间断性的出现第三方的调用,不知道是我的程序那里的问题导致, 贴上来大家帮忙分析下:
Application:
千千静听(百度音乐版) 7.0.3 (Unicode) (Build 0521)
System:
Windows XP Professional Service Pack 3 (Build 2600)
Module:
C:\WINDOWS\system32\ntdll.dll
IE:
mshtml.dll: 6.0.2900.6380
Thread:
wWinMain
Exception:
Code: Access Violation
Flags: 0x00000000
Address: 0x7c930a19
Operation: Read
Address: 0x00000000
Context:
EAX: 0x00c9ebc0 EBX: 0x00c90000 ECX: 0x00000000
EDX: 0x00000000 ESI: 0x00c9ebb8 EDI: 0x00c9eb00
EBP: 0x0012e290 EIP: 0x7c930a19 ESP: 0x0012e284
SegCs: 0x0000001b SegDs: 0x00000023 SegEs: 0x00000023
SegFs: 0x0000003b SegGs: 0x00000000 SegSs: 0x00000023
EFLAGS:0x00010246
Load Modules:
0x00400000 - 0x006c3000:TTPlayer
0x7c920000 - 0x7c9b6000:ntdll
0x7c800000 - 0x7c91e000:kernel32
0x77180000 - 0x77283000:COMCTL32
0x77be0000 - 0x77c38000:msvcrt
0x77da0000 - 0x77e49000:ADVAPI32
0x77e50000 - 0x77ee3000:RPCRT4
0x77fc0000 - 0x77fd1000:Secur32
0x77ef0000 - 0x77f39000:GDI32
0x77d10000 - 0x77da0000:USER32
0x77f40000 - 0x77fb6000:SHLWAPI
0x76b10000 - 0x76b3a000:WINMM
0x76680000 - 0x76726000:WININET
0x765e0000 - 0x76673000:CRYPT32
0x76db0000 - 0x76dc2000:MSASN1
0x770f0000 - 0x7717b000:OLEAUT32
0x76990000 - 0x76ace000:ole32
0x76320000 - 0x76367000:comdlg32
0x7d590000 - 0x7dd84000:SHELL32
0x60000000 - 0x60078000:ttpcomm
0x76d30000 - 0x76d48000:iphlpapi
0x71a20000 - 0x71a37000:WS2_32
0x71a10000 - 0x71a18000:WS2HELP
0x762f0000 - 0x762f5000:MSIMG32
0x5adc0000 - 0x5adf7000:UxTheme
0x4ae90000 - 0x4b03b000:gdiplus
0x10000000 - 0x1001c000:bdaucommon
0x76bc0000 - 0x76bcb000:PSAPI
0x76c60000 - 0x76c88000:imagehlp
0x77bd0000 - 0x77bd8000:VERSION
0x73b40000 - 0x73b60000:MSVFW32
0x77bb0000 - 0x77bc5000:MSACM32
0x76300000 - 0x7631d000:IMM32
0x62c20000 - 0x62c29000:LPK
0x73fa0000 - 0x7400b000:USP10
0x67340000 - 0x6747e000:safemon
0x5fdd0000 - 0x5fe25000:NETAPI32
0x74680000 - 0x746cc000:MSCTF
0x73640000 - 0x7366e000:msctfime
0x6ff50000 - 0x70030000:ttpres
0x01170000 - 0x0118f000:netacc
0x78050000 - 0x780b9000:MSVCP100
0x78aa0000 - 0x78b5f000:MSVCR100
0x012a0000 - 0x012b0000:MLocalData
0x012c0000 - 0x012ef000:MNet
0x01440000 - 0x0173d000:SangforTcp
0x73d30000 - 0x73e22000:MFC42
0x7eae0000 - 0x7eb81000:urlmon
0x75ff0000 - 0x76055000:MSVCP60
0x61be0000 - 0x61bed000:MFC42LOC
0x719c0000 - 0x719fe000:mswsock
0x60fd0000 - 0x61025000:hnetcfg
0x71a00000 - 0x71a08000:wshtcpip
0x01380000 - 0x01395000:MUpDownload
0x013b0000 - 0x013c2000:MHttp
0x01a40000 - 0x01ba5000:SangforNsp
0x76fa0000 - 0x7701f000:CLBCATQ
0x77020000 - 0x770ba000:COMRes
0x76ef0000 - 0x76f17000:DNSAPI
0x76f80000 - 0x76f88000:winrnr
0x76f30000 - 0x76f5c000:WLDAP32
0x76f90000 - 0x76f96000:rasadhlp
0x71a40000 - 0x71a4b000:wsock32
0x68000000 - 0x68036000:rsaenh
0x73b30000 - 0x73b36000:DCIMAN32
0x01d40000 - 0x01d55000:md5extractor
0x02390000 - 0x024a8000:fp_extractor
0x76eb0000 - 0x76eec000:RASAPI32
0x76e60000 - 0x76e72000:rasman
0x76e80000 - 0x76eaf000:TAPI32
0x76e50000 - 0x76e5e000:rtutils
0x7e550000 - 0x7e6c3000:shdocvw
0x75430000 - 0x754a1000:CRYPTUI
0x76c00000 - 0x76c2e000:WINTRUST
0x77c40000 - 0x77c65000:msv1_0
0x76760000 - 0x7676c000:cryptdll
0x71800000 - 0x7187c000:shdoclc
0x02d70000 - 0x032b9000:xpsp2res
0x74cf0000 - 0x74d81000:mlang
0x72240000 - 0x72245000:sensapi
0x7e210000 - 0x7e50d000:mshtml
0x74620000 - 0x74647000:msls31
0x759d0000 - 0x75a7f000:USERENV
0x70e20000 - 0x70e33000:asycfilt
0x76cb0000 - 0x76cd0000:NTMARTA
0x71b70000 - 0x71b83000:SAMLIB
0x74650000 - 0x7467a000:msimtf
0x75bc0000 - 0x75c3d000:jscript
0x75e00000 - 0x75eae000:SXS
0x5dd50000 - 0x5de73000:msxml3
0x73620000 - 0x73627000:msdmo
0x73e70000 - 0x73ecc000:dsound
0x72c90000 - 0x72c99000:wdmaud
0x72c80000 - 0x72c88000:msacm32
0x77ba0000 - 0x77ba7000:midimap
0x73e40000 - 0x73e44000:KsUser
0x66b50000 - 0x66b5c000:ImgUtil
0x5e400000 - 0x5e40c000:pngfilt
0x09040000 - 0x09118000:vgx
0x76af0000 - 0x76b01000:ATL
0x09250000 - 0x0a26f000:Flash32_11_7_700_202
0x73aa0000 - 0x73ab5000:mscms
0x72f70000 - 0x72f96000:WINSPOOL
0x767c0000 - 0x767e9000:schannel
0x753b0000 - 0x75421000:mshtmled
0x68100000 - 0x68126000:dssenh
0x7cf70000 - 0x7d0d9000:quartz
0x07f80000 - 0x07fb7000:EmzMP3SourceFilter
0x67140000 - 0x67180000:iepeers
0x02500000 - 0x025c0000:CutAudio
0x07cd0000 - 0x07d20000:mp3PRO
0x60150000 - 0x6015d000:ttp_asf
0x036f0000 - 0x03737000:ttp_aac
0x03740000 - 0x03761000:ttp_ac3dts
0x11820000 - 0x118dc000:wmadmod
0x0bef0000 - 0x0bf27000:mfplat
0x60350000 - 0x6035c000:ttp_lrcsh
0x68d60000 - 0x68e01000:DBGHELP
Call Stack:
0x7C920000[10A19] ntdll.dll: wcsncpy[+49A](13173224,0,1237832,0)
0x7C920000[1084C] ntdll.dll: wcsncpy[+2CD](13172736,0,13233016,13232880)
0x60000000[10BC4] ttpcomm.dll: Ordinal103[+A364](13233016,123303952,0,123303348)
0x60000000[26EB2] ttpcomm.dll: Ordinal15[+84E2](123303348,123275312,1610735477,123275312)
0x60000000[26063] ttpcomm.dll: Ordinal15[+7693](123275312,123275312,17665080,5670916)
0x60000000[1DF75] ttpcomm.dll: Ordinal18[+15](123275312,17665080,5672195,17665080)
0x00400000[168804] TTPlayer.exe: CreateStreamOnInet[+5480](17665080,5670975,1,17441528)
0x00400000[168D03] TTPlayer.exe: CreateStreamOnInet[+597F](1,17441528,14405352,5496915)
0x00400000[16883F] TTPlayer.exe: CreateStreamOnInet[+54BB](17665080,0,1238076,6216837)
0x00400000[13E053] TTPlayer.exe: Cdllmd5extractor::operator=[+121ADA](17441528,5466926,17441528,1)
0x00400000[240C7] TTPlayer.exe: Cdllmd5extractor::operator=[+7B4E](17441528,1,0,14405264)
0x00400000[136B2E] TTPlayer.exe: Cdllmd5extractor::operator=[+11A5B5](14405264,14405264,5463388,1)
0x00400000[136A72] TTPlayer.exe: Cdllmd5extractor::operator=[+11A4F9](1,17276936,17319528,4994523)
0x00400000[135D5C] TTPlayer.exe: Cdllmd5extractor::operator=[+1197E3](1,17285384,17276936,17658156)
0x00400000[C35DB] TTPlayer.exe: Cdllmd5extractor::operator=[+A7062](17276936,1,15,1238240)
0x00400000[C303B] TTPlayer.exe: Cdllmd5extractor::operator=[+A6AC2](1,17276936,0,1)
0x00400000[CAD99] TTPlayer.exe: Cdllmd5extractor::operator=[+AE820](13,1,1239208,17276936)
0x00400000[BE755] TTPlayer.exe: Cdllmd5extractor::operator=[+A21DC](590178,2027,13,1)
0x00400000[EA6A] TTPlayer.exe: (17276936,2027,13,1)
0x77D10000[8734] USER32.dll: GetDC[+6D](1542544,590178,2027,13)
0x77D10000[8816] USER32.dll: GetDC[+14F](0,1542544,590178,2027)
0x77D10000[1A013] USER32.dll: IsWindowUnicode[+A1](1542544,590178,2027,13)
0x77D10000[1A039] USER32.dll: CallWindowProcW[+1B](1542544,590178,2027,13)
0x00400000[DDA2D] TTPlayer.exe: Cdllmd5extractor::operator=[+C14B4](2027,13,1,0)
0x00400000[E1A5A] TTPlayer.exe: Cdllmd5extractor::operator=[+C54E1](17318336,2027,13,1)
0x77D10000[8734] USER32.dll: GetDC[+6D](1623608,590178,2027,13)
0x77D10000[8816] USER32.dll: GetDC[+14F](0,0,0,1238736)
0x7C920000[100B8] ntdll.dll: RtlFreeHeap[+18B](0,1623608,590178,2027)
0x77D10000[18EA0] USER32.dll: DefWindowProcW[+180](9521192,2027,13,1)
0x77D10000[18EEC] USER32.dll: DefWindowProcW[+1CC](1238952,24,9521192,2027)
0x7C920000[E473] ntdll.dll: KiUserCallbackDispatcher[+13](2010296130,590178,2027,13)
0x77D10000[94BE] USER32.dll: GetWindowLongA[+61](590178,2027,13,1)
0x77D10000[1AF42] USER32.dll: GetDlgCtrlID[+27](9521192,2027,13,1)
0x77D10000[192E3] USER32.dll: SendMessageW[+49](590178,2027,13,1)
0x00400000[FAA13] TTPlayer.exe: Cdllmd5extractor::operator=[+DE49A](13,1,17276936,1)
0x00400000[D12CA] TTPlayer.exe: Cdllmd5extractor::operator=[+B4D51](17276936,1240072,17276936,0)
0x00400000[BEB89] TTPlayer.exe: Cdllmd5extractor::operator=[+A2610](590178,273,32006,0)
0x00400000[EA6A] TTPlayer.exe: (17276936,273,32006,0)
0x77D10000[8734] USER32.dll: GetDC[+6D](1542544,590178,273,32006)
0x77D10000[8816] USER32.dll: GetDC[+14F](0,1542544,590178,273)
0x77D10000[1A013] USER32.dll: IsWindowUnicode[+A1](1542544,590178,273,32006)
0x77D10000[1A039] USER32.dll: CallWindowProcW[+1B](1542544,590178,273,32006)
0x00400000[DDA2D] TTPlayer.exe: Cdllmd5extractor::operator=[+C14B4](273,32006,0,0)
0x00400000[E1A5A] TTPlayer.exe: Cdllmd5extractor::operator=[+C54E1](17318336,273,32006,0)
0x77D10000[8734] USER32.dll: GetDC[+6D](1623608,590178,273,32006)
0x77D10000[8816] USER32.dll: GetDC[+14F](0,1623608,590178,273)
0x77D10000[18EA0] USER32.dll: DefWindowProcW[+180](9521192,273,32006,0)
0x77D10000[18EEC] USER32.dll: DefWindowProcW[+1CC](1239852,24,9521192,273)
0x7C920000[E473] ntdll.dll: KiUserCallbackDispatcher[+13](2010300788,590178,273,32006)
0x77D10000[94BE] USER32.dll: GetWindowLongA[+61](9521192,273,32006,0)
Re: 崩溃到ntdll.dll的问题
星河
2013-05-24, 11:14 上午
我比较疑惑的是,堆栈里来看 没有调用md5extractor相关的内容,为什么会总出现?求前辈们帮忙分析啊....
0x00400000[135D5C] TTPlayer.exe: Cdllmd5extractor::operator=[+1197E3](1,17285384,17276936,17658156)
0x00400000[C35DB] TTPlayer.exe: Cdllmd5extractor::operator=[+A7062](17276936,1,15,1238240)
0x00400000[C303B] TTPlayer.exe: Cdllmd5extractor::operator=[+A6AC2](1,17276936,0,1)
0x00400000[CAD99] TTPlayer.exe: Cdllmd5extractor::operator=[+AE820](13,1,1239208,17276936)
0x00400000[BE755] TTPlayer.exe: Cdllmd5extractor::operator=[+A21DC](590178,2027,13,1)
Re: 崩溃到ntdll.dll的问题
星河
2013-05-24, 14:07 下午
在附上一个完整的dump日志: 不知道为何我的ttplayer.pdb总是加载不上,如何分析是从ttplayer模块的什么地方调到了ttpcom模块
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\develop\sorcecode\7.0.3\bin\TTPlayer.exe_dump_0524131621.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: D:\develop\sorcecode\7.0.3\bin
Executable search path is: D:\develop\sorcecode\7.0.3\bin
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Fri May 24 13:23:17.000 2013 (GMT+8)
System Uptime: not available
Process Uptime: 0 days 0:06:56.000
................................................................
...................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1618.11ec): Access violation - code c0000005 (first/second chance not available)
eax=00e60000 ebx=09d880f8 ecx=00000007 edx=7c92e514 esi=09d880d0 edi=09d88128
eip=7c92e514 esp=0012d7f8 ebp=0012d808 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
ntdll+0xe514:
7c92e514 c3 ret
0:000> !anaylze -v
No export anaylze found
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for ttpcomm.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ttpcomm.dll -
*** WARNING: Unable to verify timestamp for TTPlayer.exe
*** ERROR: Module load completed but symbols could not be loaded for TTPlayer.exe
*** WARNING: Unable to verify timestamp for user32.dll
*** ERROR: Module load completed but symbols could not be loaded for user32.dll
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
***** OS symbols are WRONG. Please fix symbols to do analysis.
Unable to load image C:\WINDOWS\system32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll
*** ERROR: Module load completed but symbols could not be loaded for ieframe.dll
Unable to load image C:\WINDOWS\system32\ole32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ole32.dll
*** ERROR: Module load completed but symbols could not be loaded for ole32.dll
*** WARNING: Unable to verify timestamp for mshtml.dll
*** ERROR: Module load completed but symbols could not be loaded for mshtml.dll
*** WARNING: Unable to verify timestamp for GdiPlus.dll
*** ERROR: Module load completed but symbols could not be loaded for GdiPlus.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for netacc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvcr100.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MLocalData.dll -
Unable to load image C:\WINDOWS\system32\mswsock.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mswsock.dll
*** ERROR: Module load completed but symbols could not be loaded for mswsock.dll
*** WARNING: Unable to verify timestamp for ws2_32.dll
*** ERROR: Module load completed but symbols could not be loaded for ws2_32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MNet.dll -
*** WARNING: Unable to verify timestamp for wininet.dll
*** ERROR: Module load completed but symbols could not be loaded for wininet.dll
Unable to load image C:\WINDOWS\system32\rpcrt4.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rpcrt4.dll
*** ERROR: Module load completed but symbols could not be loaded for rpcrt4.dll
*** WARNING: Unable to verify timestamp for userenv.dll
*** ERROR: Module load completed but symbols could not be loaded for userenv.dll
*** WARNING: Unable to verify timestamp for wdmaud.drv
*** ERROR: Module load completed but symbols could not be loaded for wdmaud.drv
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
ntdll+10a19
7c930a19 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c930a19 (ntdll+0x00010a19)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000010
Attempt to read from address 00000010
PROCESS_NAME: TTPlayer.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: ttpcomm
FAULTING_MODULE: 7c920000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 519e1482
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000010
READ_ADDRESS: 00000010
FOLLOWUP_IP:
ttpcomm!Ordinal103+a364
60010bc4 e88a310000 call ttpcomm!Ordinal103+0xd4f3 (60013d53)
FAULTING_THREAD: 000011ec
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
IP_ON_HEAP: 00ee0000
FRAME_ONE_INVALID: 1
LAST_CONTROL_TRANSFER: from 00ee0000 to 7c930a19
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0012e73c 00ee0000 0a5047e0 00000000 0012e820 ntdll+0x10a19
0012e74c 7c93084c 00ee0000 00000010 0012e804 0xee0000
0012e820 60010bc4 00ee0000 00000000 0a5047e8 ntdll+0x1084c
0012e85c 6002bbbb 0a5047e8 00000000 0a4eb960 ttpcomm!Ordinal103+0xa364
0012e8c8 004240c7 013ba7b8 00536ace 013ba7b8 ttpcomm!Ordinal19+0x466b
0012e8f8 00536a12 03fd8518 03fd8518 00535cfc TTPlayer+0x240c7
0012e958 004ca762 012f4150 00000001 012f4150 TTPlayer+0x136a12
0012ebc4 004be657 012f4150 04079f54 00000000 TTPlayer+0xca762
0012ebe0 0040ea6a 001104da 00000010 00000001 TTPlayer+0xbe657
0012ec2c 77d18734 012f4150 00000010 00000001 TTPlayer+0xea6a
0012ec58 77d18816 0016f120 001104da 00000010 user32+0x8734
0012ecc0 77d2a013 00000000 0016f120 001104da user32+0x8816
0012ecf0 77d2a039 0016f120 001104da 00000010 user32+0x1a013
0012ed10 004dd9cd 0016f120 001104da 00000010 user32+0x1a039
0012ed6c 77d18734 012fe308 00000010 00000001 TTPlayer+0xdd9cd
0012ed98 77d18816 00178948 001104da 00000010 user32+0x8734
0012ee00 77d189cd 00000000 00178948 001104da user32+0x8816
0012ee60 77d18a10 0012fe04 00000000 00000001 user32+0x89cd
0012ee70 0054731d 0012fe04 7c80934a 0012fe4c user32+0x8a10
0012ee74 0012fe04 7c80934a 0012fe4c 0065d378 TTPlayer+0x14731d
0012ee78 7c80934a 0012fe4c 0065d378 00000000 0x12fe04
0012fe04 00000000 00000001 00000000 00cd5b98 kernel32+0x934a
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: ttpcomm!Ordinal103+a364
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ttpcomm.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_ttpcomm.dll!Ordinal103
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/TTPlayer_exe/7_0_3_0/519ee4a5/ntdll_dll/5_1_2600_6055/4d00f280/c0000005/00010a19.htm?Retriage=1
Followup: MachineOwner
---------
0:000> .reload
................................................................
...................................................
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
0:000> !anaylze -v
No export anaylze found
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for ttpcomm.dll
Unable to load image C:\Program Files\TTPlayer\TTPlayer.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TTPlayer.exe
*** ERROR: Module load completed but symbols could not be loaded for TTPlayer.exe
*** WARNING: Unable to verify timestamp for user32.dll
*** ERROR: Module load completed but symbols could not be loaded for user32.dll
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
***** OS symbols are WRONG. Please fix symbols to do analysis.
Unable to load image C:\WINDOWS\system32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll
*** ERROR: Module load completed but symbols could not be loaded for ieframe.dll
Unable to load image C:\WINDOWS\system32\ole32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ole32.dll
*** ERROR: Module load completed but symbols could not be loaded for ole32.dll
*** WARNING: Unable to verify timestamp for mshtml.dll
*** ERROR: Module load completed but symbols could not be loaded for mshtml.dll
*** WARNING: Unable to verify timestamp for GdiPlus.dll
*** ERROR: Module load completed but symbols could not be loaded for GdiPlus.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for netacc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvcr100.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MLocalData.dll -
Unable to load image C:\WINDOWS\system32\mswsock.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mswsock.dll
*** ERROR: Module load completed but symbols could not be loaded for mswsock.dll
*** WARNING: Unable to verify timestamp for ws2_32.dll
*** ERROR: Module load completed but symbols could not be loaded for ws2_32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MNet.dll -
*** WARNING: Unable to verify timestamp for wininet.dll
*** ERROR: Module load completed but symbols could not be loaded for wininet.dll
Unable to load image C:\WINDOWS\system32\rpcrt4.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rpcrt4.dll
*** ERROR: Module load completed but symbols could not be loaded for rpcrt4.dll
*** WARNING: Unable to verify timestamp for userenv.dll
*** ERROR: Module load completed but symbols could not be loaded for userenv.dll
*** WARNING: Unable to verify timestamp for wdmaud.drv
*** ERROR: Module load completed but symbols could not be loaded for wdmaud.drv
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
ntdll+10a19
7c930a19 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c930a19 (ntdll+0x00010a19)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000010
Attempt to read from address 00000010
PROCESS_NAME: TTPlayer.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: ttpcomm
FAULTING_MODULE: 7c920000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 519e1482
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000010
READ_ADDRESS: 00000010
FOLLOWUP_IP:
ttpcomm!MD5String+474 [d:\develop\sorcecode\7.0.3\ttpcomm\md5.cpp @ 350]
60010bc4 e88a310000 call ttpcomm!filter10_std+0xb3 (60013d53)
FAULTING_THREAD: 000011ec
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
IP_ON_HEAP: 00ee0000
FRAME_ONE_INVALID: 1
LAST_CONTROL_TRANSFER: from 00ee0000 to 7c930a19
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0012e73c 00ee0000 0a5047e0 00000000 0012e820 ntdll+0x10a19
0012e74c 7c93084c 00ee0000 00000010 0012e804 0xee0000
0012e820 60010bc4 00ee0000 00000000 0a5047e8 ntdll+0x1084c
0012e85c 6002bbbb 0a5047e8 00000000 0a4eb960 ttpcomm!MD5String+0x474 [d:\develop\sorcecode\7.0.3\ttpcomm\md5.cpp @ 350]
0012e8c8 004240c7 013ba7b8 00536ace 013ba7b8 ttpcomm!math_dfst+0xf01 [d:\develop\sorcecode\7.0.3\ttpcomm\dsp\fftsg.c @ 592]
0012e8f8 00536a12 03fd8518 03fd8518 00535cfc TTPlayer+0x240c7
0012e958 004ca762 012f4150 00000001 012f4150 TTPlayer+0x136a12
0012ebc4 004be657 012f4150 04079f54 00000000 TTPlayer+0xca762
0012ebe0 0040ea6a 001104da 00000010 00000001 TTPlayer+0xbe657
0012ec2c 77d18734 012f4150 00000010 00000001 TTPlayer+0xea6a
0012ec58 77d18816 0016f120 001104da 00000010 user32+0x8734
0012ecc0 77d2a013 00000000 0016f120 001104da user32+0x8816
0012ecf0 77d2a039 0016f120 001104da 00000010 user32+0x1a013
0012ed10 004dd9cd 0016f120 001104da 00000010 user32+0x1a039
0012ed6c 77d18734 012fe308 00000010 00000001 TTPlayer+0xdd9cd
0012ed98 77d18816 00178948 001104da 00000010 user32+0x8734
0012ee00 77d189cd 00000000 00178948 001104da user32+0x8816
0012ee60 77d18a10 0012fe04 00000000 00000001 user32+0x89cd
0012ee70 0054731d 0012fe04 7c80934a 0012fe4c user32+0x8a10
0012ee74 0012fe04 7c80934a 0012fe4c 0065d378 TTPlayer+0x14731d
0012ee78 7c80934a 0012fe4c 0065d378 00000000 0x12fe04
0012fe04 00000000 00000001 00000000 00cd5b98 kernel32+0x934a
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_SOURCE_CODE:
346:
{
347:
*pCh++ = s_chHexChars[(szDigst
>> 4) & 0x0F];
348:
*pCh++ = s_chHexChars[szDigst
& 0x0F];
349:
}
> 350:
*pCh = '\0';
351:
return szDes;
352: }
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: ttpcomm!MD5String+474
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ttpcomm.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_ttpcomm.dll!MD5String
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/TTPlayer_exe/7_0_3_0/519ee4a5/ntdll_dll/5_1_2600_6055/4d00f280/c0000005/00010a19.htm?Retriage=1
Followup: MachineOwner
---------
0:000> .reload
................................................................
...................................................
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for ttpcomm.dll
Unable to load image C:\Program Files\TTPlayer\TTPlayer.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TTPlayer.exe
*** ERROR: Module load completed but symbols could not be loaded for TTPlayer.exe
*** WARNING: Unable to verify timestamp for user32.dll
*** ERROR: Module load completed but symbols could not be loaded for user32.dll
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
***** OS symbols are WRONG. Please fix symbols to do analysis.
Unable to load image C:\WINDOWS\system32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll
*** ERROR: Module load completed but symbols could not be loaded for ieframe.dll
Unable to load image C:\WINDOWS\system32\ole32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ole32.dll
*** ERROR: Module load completed but symbols could not be loaded for ole32.dll
*** WARNING: Unable to verify timestamp for mshtml.dll
*** ERROR: Module load completed but symbols could not be loaded for mshtml.dll
*** WARNING: Unable to verify timestamp for GdiPlus.dll
*** ERROR: Module load completed but symbols could not be loaded for GdiPlus.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for netacc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvcr100.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MLocalData.dll -
Unable to load image C:\WINDOWS\system32\mswsock.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mswsock.dll
*** ERROR: Module load completed but symbols could not be loaded for mswsock.dll
*** WARNING: Unable to verify timestamp for ws2_32.dll
*** ERROR: Module load completed but symbols could not be loaded for ws2_32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MNet.dll -
*** WARNING: Unable to verify timestamp for wininet.dll
*** ERROR: Module load completed but symbols could not be loaded for wininet.dll
Unable to load image C:\WINDOWS\system32\rpcrt4.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rpcrt4.dll
*** ERROR: Module load completed but symbols could not be loaded for rpcrt4.dll
*** WARNING: Unable to verify timestamp for userenv.dll
*** ERROR: Module load completed but symbols could not be loaded for userenv.dll
*** WARNING: Unable to verify timestamp for wdmaud.drv
*** ERROR: Module load completed but symbols could not be loaded for wdmaud.drv
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
ntdll+10a19
7c930a19 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c930a19 (ntdll+0x00010a19)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000010
Attempt to read from address 00000010
PROCESS_NAME: TTPlayer.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: ttpcomm
FAULTING_MODULE: 7c920000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 519e1482
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000010
READ_ADDRESS: 00000010
FOLLOWUP_IP:
ttpcomm!MD5String+474 [d:\develop\sorcecode\7.0.3\ttpcomm\md5.cpp @ 350]
60010bc4 e88a310000 call ttpcomm!filter10_std+0xb3 (60013d53)
FAULTING_THREAD: 000011ec
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
IP_ON_HEAP: 00ee0000
FRAME_ONE_INVALID: 1
LAST_CONTROL_TRANSFER: from 00ee0000 to 7c930a19
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0012e73c 00ee0000 0a5047e0 00000000 0012e820 ntdll+0x10a19
0012e74c 7c93084c 00ee0000 00000010 0012e804 0xee0000
0012e820 60010bc4 00ee0000 00000000 0a5047e8 ntdll+0x1084c
0012e85c 6002bbbb 0a5047e8 00000000 0a4eb960 ttpcomm!MD5String+0x474 [d:\develop\sorcecode\7.0.3\ttpcomm\md5.cpp @ 350]
0012e8c8 004240c7 013ba7b8 00536ace 013ba7b8 ttpcomm!math_dfst+0xf01 [d:\develop\sorcecode\7.0.3\ttpcomm\dsp\fftsg.c @ 592]
0012e8f8 00536a12 03fd8518 03fd8518 00535cfc TTPlayer+0x240c7
0012e958 004ca762 012f4150 00000001 012f4150 TTPlayer+0x136a12
0012ebc4 004be657 012f4150 04079f54 00000000 TTPlayer+0xca762
0012ebe0 0040ea6a 001104da 00000010 00000001 TTPlayer+0xbe657
0012ec2c 77d18734 012f4150 00000010 00000001 TTPlayer+0xea6a
0012ec58 77d18816 0016f120 001104da 00000010 user32+0x8734
0012ecc0 77d2a013 00000000 0016f120 001104da user32+0x8816
0012ecf0 77d2a039 0016f120 001104da 00000010 user32+0x1a013
0012ed10 004dd9cd 0016f120 001104da 00000010 user32+0x1a039
0012ed6c 77d18734 012fe308 00000010 00000001 TTPlayer+0xdd9cd
0012ed98 77d18816 00178948 001104da 00000010 user32+0x8734
0012ee00 77d189cd 00000000 00178948 001104da user32+0x8816
0012ee60 77d18a10 0012fe04 00000000 00000001 user32+0x89cd
0012ee70 0054731d 0012fe04 7c80934a 0012fe4c user32+0x8a10
0012ee74 0012fe04 7c80934a 0012fe4c 0065d378 TTPlayer+0x14731d
0012ee78 7c80934a 0012fe4c 0065d378 00000000 0x12fe04
0012fe04 00000000 00000001 00000000 00cd5b98 kernel32+0x934a
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_SOURCE_CODE:
346:
{
347:
*pCh++ = s_chHexChars[(szDigst
>> 4) & 0x0F];
348:
*pCh++ = s_chHexChars[szDigst
& 0x0F];
349:
}
> 350:
*pCh = '\0';
351:
return szDes;
352: }
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: ttpcomm!MD5String+474
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ttpcomm.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_ttpcomm.dll!MD5String
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/TTPlayer_exe/7_0_3_0/519ee4a5/ntdll_dll/5_1_2600_6055/4d00f280/c0000005/00010a19.htm?Retriage=1
Followup: MachineOwner
---------
0:000> g
^ No runnable debuggees error in 'g'
0:000> .reload
................................................................
...................................................
Unable to load image C:\WINDOWS\system32\ntdll.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
0:000> .reload /f @"C:\Program Files\TTPlayer\TTPlayer.exe"
Unable to load image C:\Program Files\TTPlayer\TTPlayer.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TTPlayer.exe
*** ERROR: Module load completed but symbols could not be loaded for TTPlayer.exe
Re: 崩溃到ntdll.dll的问题
星河
2013-05-24, 14:13 下午
看到张老师说用.ecxr可以查看当时的上下文,可是 我打出来怎么是这样的,如何分析呢?
0:000> .ecxr
eax=0a509fe8 ebx=00ee0000 ecx=00000010 edx=00ee0198 esi=0a509fe0 edi=0a5047e0
eip=7c930a19 esp=0012e740 ebp=0012e74c iopl=0 nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210283
ntdll+0x10a19:
7c930a19 ?? ???
Re: 崩溃到ntdll.dll的问题
格蠹老雷
2013-05-26, 20:07 下午
比较典型的无效指针(非法内存访问),建议先解决符号问题,Google或者参考《软件调试》中关于符号文件的部分...
Re: 崩溃到ntdll.dll的问题
星河
2013-05-27, 11:22 上午
多谢老师回复,正在努力复现dump加载正确的符号文件
Re: 崩溃到ntdll.dll的问题
frankiewang008
2013-05-30, 10:09 上午
已经显示报错的代码行了,就好办啦~~~内存越界