Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
转储分析
wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
troygou
2014-01-07, 15:07 下午
wininet中调用CPubINetworkListManager::GetNetworks导致系统崩溃,请教张老师,这个是什么原因啊
先面试异常的上下文中的栈信息
这个导致的程序崩溃太多了,不知道啥原因,网上也查了,没找到原因,求张老师指导下
0:066> r
Last set context:
eax=0035ebb0 ebx=0854f2d0 ecx=0035ef48 edx=0854f2a0 esi=75879af4 edi=0854f2c0
eip=00000000 esp=0854f284 ebp=0854f2c4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
00000000 ?? ???
0:066> k
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
0854f280 7587477d 0x0
0854f2c4 75872f59 ole32!AddPartitionID+0x71 [d:\w7rtm\com\ole32\com\objact\objact.cxx @ 198]
0854fa90 75879e25 ole32!ICoCreateInstanceEx+0x243 [d:\w7rtm\com\ole32\com\objact\objact.cxx @ 1218]
0854faf0 75879d86 ole32!CComActivator::DoCreateInstance+0xd9 [d:\w7rtm\com\ole32\com\objact\immact.hxx @ 343]
0854fb14 75879d3f ole32!CoCreateInstanceEx+0x38 [d:\w7rtm\com\ole32\com\objact\actapi.cxx @ 157]
0854fb44 6ec72505 ole32!CoCreateInstance+0x37 [d:\w7rtm\com\ole32\com\objact\actapi.cxx @ 110]
0854fb70 6ec733fd netprofm!CPubINetworkListManager::EnsureNLPConnected+0x58
0854fb84 75c215ea netprofm!CPubINetworkListManager::GetNetworks+0x39
0854fc08 75bfafeb wininet+0x1315ea
0854fc2c 75c219e6 wininet+0x10afeb
0854fc4c 75c21c24 wininet+0x1319e6
0854fcb4 75c2a2a0 wininet+0x131c24
0854fd50 75c2e25d wininet+0x13a2a0
0854fda4 75b2dbae wininet+0x13e25d
0854fdb4 76f2d897 wininet+0x3dbae
0854fe28 76f30846 ntdll!RtlpTpWorkCallback+0x11d
0854ff88 769eed5c ntdll!TppWorkerThread+0x572
0854ff94 76f637eb kernel32!BaseThreadInitThunk+0xe
0854ffd4 76f637be ntdll!__RtlUserThreadStart+0x70
0854ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
troygou
2014-01-07, 18:01 下午
在跟一个同类的
Loading unloaded module list
................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(9c8.4114): Unknown exception - code c0000096 (first/second chance not available)
eax=00000000 ebx=158b8468 ecx=002df6f0 edx=1170f2a0 esi=158b8428 edi=1170d098
eip=77140c42 esp=1170cd58 ebp=1170cd68 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtGetContextThread+0x12:
77140c42 83c404 add esp,4
0:080> .ecxr
eax=002df4c8 ebx=1170f2d0 ecx=002df6f0 edx=1170f2a0 esi=74cb9af4 edi=1170f2c0
eip=74cb8665 esp=1170f284 ebp=1170f2c4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
ole32!`string'+0x9:
74cb8665 6c ins byte ptr es:[edi],dx es:002b:1170f2c0=49
0:080> k
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr
1170f2c4 74cb2f59 ole32!`string'+0x9
1170fa90 74cb9e25 ole32!ICoCreateInstanceEx+0x243
1170faf0 74cb9d86 ole32!CComActivator::DoCreateInstance+0xd9
1170fb14 74cb9d3f ole32!CoCreateInstanceEx+0x38
1170fb44 726f2505 ole32!CoCreateInstance+0x37
1170fb70 726f33fd netprofm!CPubINetworkListManager::EnsureNLPConnected+0x58
Unable to load image wininet.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for wininet.dll
*** ERROR: Module load completed but symbols could not be loaded for wininet.dll
1170fb84 763e15ea netprofm!CPubINetworkListManager::GetNetworks+0x39
WARNING: Stack unwind information not available. Following frames may be wrong.
1170fc08 763bafeb wininet+0x1315ea
1170fc2c 763e19e6 wininet+0x10afeb
1170fc4c 763e1c24 wininet+0x1319e6
1170fcb4 763ea2a0 wininet+0x131c24
1170fd50 763ee25d wininet+0x13a2a0
1170fda4 762edbae wininet+0x13e25d
1170fdb4 77189512 wininet+0x3dbae
1170fe28 77174429 ntdll!RtlpTpWorkCallback+0x11d
1170ff88 75ae336a ntdll!TppWorkerThread+0x572
1170ff94 77159f72 kernel32!BaseThreadInitThunk+0xe
1170ffd4 77159f45 ntdll!__RtlUserThreadStart+0x70
1170ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
troygou
2014-01-07, 18:01 下午
在跟一个同类的
Loading unloaded module list
................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(9c8.4114): Unknown exception - code c0000096 (first/second chance not available)
eax=00000000 ebx=158b8468 ecx=002df6f0 edx=1170f2a0 esi=158b8428 edi=1170d098
eip=77140c42 esp=1170cd58 ebp=1170cd68 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtGetContextThread+0x12:
77140c42 83c404 add esp,4
0:080> .ecxr
eax=002df4c8 ebx=1170f2d0 ecx=002df6f0 edx=1170f2a0 esi=74cb9af4 edi=1170f2c0
eip=74cb8665 esp=1170f284 ebp=1170f2c4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
ole32!`string'+0x9:
74cb8665 6c ins byte ptr es:[edi],dx es:002b:1170f2c0=49
0:080> k
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr
1170f2c4 74cb2f59 ole32!`string'+0x9
1170fa90 74cb9e25 ole32!ICoCreateInstanceEx+0x243
1170faf0 74cb9d86 ole32!CComActivator::DoCreateInstance+0xd9
1170fb14 74cb9d3f ole32!CoCreateInstanceEx+0x38
1170fb44 726f2505 ole32!CoCreateInstance+0x37
1170fb70 726f33fd netprofm!CPubINetworkListManager::EnsureNLPConnected+0x58
Unable to load image wininet.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for wininet.dll
*** ERROR: Module load completed but symbols could not be loaded for wininet.dll
1170fb84 763e15ea netprofm!CPubINetworkListManager::GetNetworks+0x39
WARNING: Stack unwind information not available. Following frames may be wrong.
1170fc08 763bafeb wininet+0x1315ea
1170fc2c 763e19e6 wininet+0x10afeb
1170fc4c 763e1c24 wininet+0x1319e6
1170fcb4 763ea2a0 wininet+0x131c24
1170fd50 763ee25d wininet+0x13a2a0
1170fda4 762edbae wininet+0x13e25d
1170fdb4 77189512 wininet+0x3dbae
1170fe28 77174429 ntdll!RtlpTpWorkCallback+0x11d
1170ff88 75ae336a ntdll!TppWorkerThread+0x572
1170ff94 77159f72 kernel32!BaseThreadInitThunk+0xe
1170ffd4 77159f45 ntdll!__RtlUserThreadStart+0x70
1170ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
格蠹老雷
2014-01-07, 20:19 下午
栈上的缓冲区(局部变量)溢出了,函数的返回地址被覆盖掉了,第一种情况意外返回到地址0,后面是意外返回到数据区——字符串...
Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
troygou
2014-01-08, 10:35 上午
Raymond老师, 这些函数都是微软的,这些函数出错概率应该比较小吧,你说是溢出,从哪里看的出来是溢出了啊?
Re: wininet中调用CPubINetworkListManager::GetNetworks导致程序崩溃
sgeocla
2014-08-08, 14:28 下午
This is a MS code error. See this bug https://bugzilla.mozilla.org/show_bug.cgi?id=854176 .
The cause of it is comment 85 : https://bugzilla.mozilla.org/show_bug.cgi?id=854176#c85