|
报错栈信息如下
0:009> kbn
# ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 039ef990 764bc4e7 002d0d58 00000090 00000000 <Unloaded_NetVideo.ocx>+0xe468b
01 039ef9bc 764bc5e7 08ba468b 002d0d58 00000090 user32!InternalCallWinProc+0x23
02 039efa34 764b4f0e 0052e9cc 08ba468b 002d0d58 user32!UserCallWinProcCheckWow+0x14b
03 039efa90 764b4f7d 007a2090 00000090 00000000 user32!DispatchClientMessage+0xda
04 039efab8 77b16fee 039efad0 00000018 039efb58 user32!__fnDWORD+0x24
05 039efae4 764ab300 6d9fd0c0 002d0aee 00000000 ntdll!KiUserCallbackDispatcher+0x2e
06 039efae8 6d9fd0c0 002d0aee 00000000 00000001 user32!NtUserDestroyWindow+0xc
07 039efb1c 7615ed6c 00000000 039efb68 77b337f5 ieframe!Ordinal160+0x4a49
08 039efb28 77b337f5 004941c0 74feb9e3 00000000 kernel32!BaseThreadInitThunk+0x12
09 039efb68 77b337c8 7194313c 004941c0 ffffffff ntdll!__RtlUserThreadStart+0x70
0a 039efb80 00000000 7194313c 004941c0 00000000 ntdll!_RtlUserThreadStart+0x1b
IDA查询看<Unloaded_NetVideo.ocx>+0xe468b代码是AfxWndProc(HWND__ *,uint,uint,long)
刚开始以为是定时器或线程没关导致,对比定时器消息和内部消息的栈发现那些消息都是直接从user32通过DispatchMessage传到OCX,不会出现上面种过了ntdll后调用DispatchClientMessage的栈。而且根本不会有0x90号消息。
对windows消息底层不是十分熟悉,请教各位前辈帮忙分析
|