求教,程序在erase map时,往程序块地址写数据,造成崩溃,请高手帮忙看看
C/C++本地代码调试
求教,程序在erase map时,往程序块地址写数据,造成崩溃,请高手帮忙看看
henly2
2014-01-06, 13:05 下午
1. 这是使用!analyze -v命令分析出来的。
(自己分析:看上去是非法写到一个内存地址
7480554d
)
0:083> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
FAULTING_IP:
msvcr100!LeadUpVec+10 [f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm @ 232]
74a01f18 8807 mov byte ptr [edi],al
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 74a01f18 (msvcr100!LeadUpVec+0x00000010)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 7480554d
Attempt to write to address
7480554d
DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE
PROCESS_NAME: test.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 7480554d
WRITE_ADDRESS: 7480554d
FOLLOWUP_IP:
msvcr100!LeadUpVec+10 [f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm @ 232]
74a01f18 8807 mov byte ptr [edi],al
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: dzh2.exe
FAULTING_THREAD: 000015f4
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 74a10146 to 74a01f18
STACK_TEXT:
3db4fc18 74a10146 7480554d 05eab5d0 05eab5b8 msvcr100!LeadUpVec+0x10
3db4fc30 3db4fc54
7480554d
44b4d530 05eab5d0 msvcr100!memcpy_s+0x41
WARNING: Frame IP not in any known module. Following frames may be wrong.
3db4fc34
7480554d
44b4d530 05eab5d0 05eab5b8 0x3db4fc54
3db4fc54 747f8e9e 05eab5b8 3db4fc90 3f443f68 dzh_script!std::_Tree<std::_Tmap_traits<test_v2::Code *,int,std::less<test_v2::Code *>,std::allocator<std::pair<test_v2::Code * const,int> >,0> >::erase+0x23d
3db4fc88 747f4353 00000018 cbf3e310 00000000 test_dll!calculate::IDGenerator::ReturnId+0x6e
3db4fcd4 747f43cc 0181ad38 3db4fd34 75008299 test_dll!calculate::CalculateCenter::DoSchedule+0x103
3db4fce0 75008299 0181ad38 cbf3e322 00000000 test_dll!calculate::CalculateCenter::Schedule+0xc
3db4fd34 74a5c6de 3f53ccd8 cbf3e3d3 00000000 test_dll!core::ThreadPool::TaskThreadProc+0xf9
3db4fd6c 74a5c788 00000000 3db4fd84 768033aa msvcr100!_callthreadstartex+0x1b
3db4fd78 768033aa 2c034cd8 3db4fdc4 77e89ef2 msvcr100!_threadstartex+0x64
3db4fd84 77e89ef2 2c034cd8 4aee3364 00000000 kernel32!BaseThreadInitThunk+0xe
3db4fdc4 77e89ec5 74a5c724 2c034cd8 00000000 ntdll!__RtlUserThreadStart+0x70
3db4fddc 00000000 74a5c724 2c034cd8 00000000 ntdll!_RtlUserThreadStart+0x1b
FAULTING_SOURCE_LINE: f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm
FAULTING_SOURCE_FILE: f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm
FAULTING_SOURCE_LINE_NUMBER: 232
FAULTING_SOURCE_CODE:
No source found for 'f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm'
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: msvcr100!LeadUpVec+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr100
IMAGE_NAME: msvcr100.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ba1dbbe
STACK_COMMAND: ~83s; .ecxr ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_msvcr100.dll!LeadUpVec
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_WRITE_msvcr100!LeadUpVec+10
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/dzh2_exe/7_60_0_13521/52575b0a/msvcr100_dll/10_0_30319_1/4ba1dbbe/c0000005/00001f18.htm?Retriage=1
WATSON_IBUCKET: -383651548
WATSON_IBUCKETTABLE: 1
Followup: MachineOwner
---------
2. 在看了一下堆栈
(自己分析:memcpy_s在往
7480554d地址写数据,不知道这个地址是怎么作为参数传进去的?粗体的那一帧很奇怪?
)
0:083> kb
ChildEBP RetAddr Args to Child
3db4f300 7706149d 000014e4 00000000 3db4f348 ntdll!ZwWaitForSingleObject+0x15
3db4f36c 76801194 000014e4 00003a98 00000000 KERNELBASE!WaitForSingleObjectEx+0x98
3db4f384 76801148 000014e4 00003a98 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
3db4f398 006d0663 000014e4 00003a98 cbf2dd90 kernel32!WaitForSingleObject+0x12
3db4f598 7c37fdb4 3db4f65c 768d030c 7684003f test!MyUnhandledExceptionFilter+0x1f2
3db4f5a4 7684003f 3db4f65c cbee8b46 00000000 MSVCR71!__CxxUnhandledExceptionFilter+0x46
3db4f62c 77ec74df 3db4f65c 77ec73bc 00000000 kernel32!UnhandledExceptionFilter+0x127
3db4f634 77ec73bc 00000000 3db4fdc4 77e7c530 ntdll!__RtlUserThreadStart+0x62
3db4f648 77ec7261 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12
3db4f670 77eab459 fffffffe 3db4fdb4 3db4f7ac ntdll!_except_handler4+0x8e
3db4f694 77eab42b 3db4f75c 3db4fdb4 3db4f7ac ntdll!ExecuteHandler2+0x26
3db4f6b8 77eab3ce 3db4f75c 3db4fdb4 3db4f7ac ntdll!ExecuteHandler+0x24
3db4f744 77e60133 00b4f75c 3db4f7ac 3db4f75c ntdll!RtlDispatchException+0x127
3db4f744 74a01f18 00b4f75c 3db4f7ac 3db4f75c ntdll!KiUserExceptionDispatcher+0xf
3db4fc18 74a10146
7480554d
05eab5d0 05eab5b8 msvcr100!LeadUpVec+0x10 [f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\memcpy.asm @ 232]
3db4fc30 3db4fc54
7480554d
44b4d530 05eab5d0 msvcr100!memcpy_s+0x41 [f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c @ 67]
WARNING: Frame IP not in any known module. Following frames may be wrong.
3db4fc34
7480554d
44b4d530 05eab5d0 05eab5b8
0x3db4fc54
3db4fc54 747f8e9e 05eab5b8 3db4fc90 3f443f68 test_dll!std::_Tree<std::_Tmap_traits<test_v2::Code *,int,std::less<test_v2::Code *>,std::allocator<std::pair<test_v2::Code * const,int> >,0> >::erase+0x23d [c:\program files\microsoft visual studio 10.0\vc\include\xtree @ 1372]
3db4fc88 747f4353 00000018 cbf3e310 00000000 test_dll!calculate::IDGenerator::ReturnId+0x6e
3db4fcd4 747f43cc 0181ad38 3db4fd34 75008299 test_dll!calculate::CalculateCenter::DoSchedule+0x103 [
3db4fce0 75008299 0181ad38 cbf3e322 00000000 test_dll!calculate::CalculateCenter::Schedule+0xc
3db4fd34 74a5c6de 3f53ccd8 cbf3e3d3 00000000 test_dll!core::ThreadPool::TaskThreadProc+0xf9 [
3db4fd6c 74a5c788 00000000 3db4fd84 768033aa msvcr100!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 314]
3db4fd78 768033aa 2c034cd8 3db4fdc4 77e89ef2 msvcr100!_threadstartex+0x64 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 292]
3db4fd84 77e89ef2 2c034cd8 4aee3364 00000000 kernel32!BaseThreadInitThunk+0xe
3db4fdc4 77e89ec5 74a5c724 2c034cd8 00000000 ntdll!__RtlUserThreadStart+0x70
3db4fddc 00000000 74a5c724 2c034cd8 00000000 ntdll!_RtlUserThreadStart+0x1b
3. 最后看了一下那个地址的信息
(自己分析:很奇怪为什么往这个地址写数据,这个地址是image属性啊!!)
0:083> !address 7480554d
Mapping file section regions...
Mapping module regions...
Mapping PEB regions...
Mapping TEB and stack regions...
Mapping heap regions...
Mapping page heap regions...
Mapping other regions...
Mapping stack trace database regions...
Mapping activation context regions...
Usage: Image
Base Address: 747f1000
End Address: 7487d000
Region Size: 0008c000
State: <info not present at the target>
Protect: <info not present at the target>
Type: <info not present at the target>
Allocation Base: <info not present at the target>
Allocation Protect: <info not present at the target>
Image Path: E:\test\test_dll.dll
Module Name: test_dll
Loaded Image Name: test_dll.dll
Mapped Image Name:
More info: lmv m test_dll
More info: !lmi test_dll
More info: ln 0x7480554d
More info: !dh 0x747f0000