Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
 
  ACPI调试
Linux内核调试
Windows内核调试
 
  调试战役
调试原理
新工具观察
 
  Linux
Windows Vista
Windows
 
  Linux驱动
WDF
WDM
 
  PCI Express
PCI/PCI-X
USB
无线通信协议
 
  64位CPU
ARM
IA-32
  CPU Info Center
 
  ACPI标准
系统认证
Desktop
服务器
 
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
 
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

WinDbg

帖子发起人: BianChengNan   发起时间: 2015-01-28 15:04 下午   回复: 3

Print Search
帖子排序:    
   2015-01-28, 15:04 下午
BianChengNan 离线,最后访问时间: 2017/7/22 6:43:39 BianChengNan

发帖数前25位
注册: 2013-07-05
发 贴: 39
Stick out tongue [:P] 死锁
Reply Quote
大体情况是这样的,子进程是一个升级程序,父进程会启动子进程,并传递父进程的进程句柄给子进程,子进程在下载好必要的文件后先关闭父进程,然后向父进程的目录开始拷贝文件,拷贝完成后,子进程再启动父进程。今天测试的时候发现了一个死锁,下面是我用windbg分析的情况,有点见鬼的感觉。

执行~*kvn

.  0  Id: dec.404 Suspend: 1 Teb: 7ffde000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 0020f5f0 77196a24 77182264 000000d8 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 0020f5f4 77182264 000000d8 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
02 0020f658 77182148 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
03 0020f680 771b00e1 77227340 776ec362 00000000 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
04 0020f6b8 75327b13 00000001 00000000 0020f6e0 ntdll!LdrLockLoaderLock+0xe4 (FPO: [Non-Fpo])
05 0020f704 75ff215d 00000000 0020f718 00000104 KERNELBASE!GetModuleFileNameW+0x75 (FPO: [Non-Fpo])
06 0020f924 75ff2112 0020f9cc 0020f9b0 75d4ca7c shell32!InRunDllProcess+0x39 (FPO: [Non-Fpo])
07 0020f938 00ef7e39 0020f94c 0020f9cc 0020f9cc shell32!ShellExecuteExW+0x51 (FPO: [Non-Fpo])
08 0020f988 00f02154 bfb688c9 00000004 0020fa0c SsnUpdater!Utility::RunProcess+0x69 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\working\branches\ssn7\src\ssnupdater\processutility.cpp @ 45]
09 0020f9f8 00f01b9f bfb68b71 00f12c94 0020fa6c SsnUpdater!CUpdateHelper::Update+0x264 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\working\branches\ssn7\src\ssnupdater\updatehelper.cpp @ 346]
0a 0020fa40 00efa243 00000001 00000000 0028fc98 SsnUpdater!CUpdateHelper::Excute+0xef (FPO: [Non-Fpo]) (CONV: thiscall) [d:\working\branches\ssn7\src\ssnupdater\updatehelper.cpp @ 264]
0b 0020fb14 00f067ab 00ef0000 00000000 003e1864 SsnUpdater!wWinMain+0x93 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\working\branches\ssn7\src\ssnupdater\ssnupdater.cpp @ 31]
0c 0020fba8 75d53c45 7ffdf000 0020fbf4 771b37f5 SsnUpdater!__tmainCRTStartup+0x158 (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 547]
0d 0020fbb4 771b37f5 7ffdf000 776ece2e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
0e 0020fbf4 771b37c8 00f068de 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
0f 0020fc0c 00000000 00f068de 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   1  Id: dec.f44 Suspend: 1 Teb: 7ffdb000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 0231fac4 771957d4 75321876 00000000 0231fb0c ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 0231fac8 75321876 00000000 0231fb0c b1bc2a84 ntdll!NtDelayExecution+0xc (FPO: [2,0,0])
02 0231fb30 75321818 00000002 00000000 0231fb90 KERNELBASE!SleepEx+0x65 (FPO: [Non-Fpo])
03 0231fb40 6d6901a5 00000002 bc276103 00000000 KERNELBASE!Sleep+0xf (FPO: [Non-Fpo])
04 0231fb90 75d53c45 00000000 0231fbdc 771b37f5 EventHook!FocusCacheThreadProc+0x265 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\working\branches\ssn7\src\eventhook\focuscache.cpp @ 180]
05 0231fb9c 771b37f5 00000000 757fce06 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
06 0231fbdc 771b37c8 6d68ff40 00000000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
07 0231fbf4 00000000 6d68ff40 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   2  Id: dec.ec4 Suspend: 1 Teb: 7ffda000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 024cf7d0 771957d4 75321876 00000000 024cf818 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 024cf7d4 75321876 00000000 024cf818 b1c12988 ntdll!NtDelayExecution+0xc (FPO: [2,0,0])
02 024cf83c 75321818 00000002 00000000 024cf868 KERNELBASE!SleepEx+0x65 (FPO: [Non-Fpo])
03 024cf84c 6d68ce5f 00000002 00000000 00000000 KERNELBASE!Sleep+0xf (FPO: [Non-Fpo])
04 024cf868 75d53c45 00000000 024cf8b4 771b37f5 EventHook!EventCacheThreadProc+0xdf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\working\branches\ssn7\src\eventhook\eventcache.cpp @ 62]
05 024cf874 771b37f5 00000000 7502cd6e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
06 024cf8b4 771b37c8 6d68cd80 00000000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
07 024cf8cc 00000000 6d68cd80 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   3  Id: dec.b24 Suspend: 1 Teb: 7ffd9000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 025ef6a0 77196a04 7717fe3b 00000003 00417708 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 025ef6a4 7717fe3b 00000003 00417708 00000001 ntdll!NtWaitForMultipleObjects+0xc (FPO: [5,0,0])
02 025ef838 75d53c45 00000000 025ef884 771b37f5 ntdll!TppWaiterpThread+0x33d (FPO: [Non-Fpo])
03 025ef844 771b37f5 004176d8 7510cd5e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
04 025ef884 771b37c8 7717fd0f 004176d8 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
05 025ef89c 00000000 7717fd0f 004176d8 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   4  Id: dec.cf4 Suspend: 1 Teb: 7ffdc000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 027cf7f4 77196a24 77182264 000000d8 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 027cf7f8 77182264 000000d8 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
02 027cf85c 77182148 00000000 00000000 00000000 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
03 027cf884 7717f6a8 77227340 7532ccc6 00416810 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
04 027cf91c 7717f63b 00000002 00000000 027cfa88 ntdll!LdrShutdownThread+0x50 (FPO: [Non-Fpo])
05 027cf92c 7717f9be 00000000 7532cf52 00000000 ntdll!RtlExitUserThread+0x2a (FPO: [Non-Fpo])
06 027cfa88 75d53c45 00416810 027cfad4 771b37f5 ntdll!TppWorkerThread+0x856 (FPO: [Non-Fpo])
07 027cfa94 771b37f5 00416810 7532cf0e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
08 027cfad4 771b37c8 771803e7 00416810 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
09 027cfaec 00000000 771803e7 00416810 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   5  Id: dec.9ec Suspend: 1 Teb: 7ffd8000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 0290fe14 77196a34 771814df 00000130 0290fecc ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 0290fe18 771814df 00000130 0290fecc 75decaa2 ntdll!ZwWaitForWorkViaWorkerFactory+0xc (FPO: [2,0,0])
02 0290ff78 75d53c45 00416810 0290ffc4 771b37f5 ntdll!TppWorkerThread+0x216 (FPO: [Non-Fpo])
03 0290ff84 771b37f5 00416810 75deca1e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
04 0290ffc4 771b37c8 771803e7 00416810 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
05 0290ffdc 00000000 771803e7 00416810 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   6  Id: dec.c70 Suspend: 1 Teb: 7ffd7000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 02baf6a4 77196a24 77182264 000000d8 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 02baf6a8 77182264 000000d8 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
02 02baf70c 77182148 00000000 00000000 76c20000 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
03 02baf734 771ac908 77227340 75f4c2ae 76c20000 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
04 02baf774 7532763c 76c20000 00423370 00423370 ntdll!LdrUnloadDll+0x2a (FPO: [Non-Fpo])
05 02baf788 76c4d893 76c20000 00000000 00000000 KERNELBASE!FreeLibraryAndExitThread+0x56 (FPO: [Non-Fpo])
06 02baf7a0 75d53c45 00423370 02baf7ec 771b37f5 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\w7rtm\com\ole32\com\dcomrem\threads.cxx @ 72]
07 02baf7ac 771b37f5 00423370 75f4c236 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
08 02baf7ec 771b37c8 76c4d864 00423370 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
09 02baf804 00000000 76c4d864 00423370 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   7  Id: dec.60c Suspend: 1 Teb: 7ffd5000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 02aafb30 77196a24 77182264 000000d8 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 02aafb34 77182264 000000d8 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
02 02aafb98 77182148 00000000 00000000 74ce0000 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
03 02aafbc0 771ac908 77227340 75e4c9da 74d16050 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
04 02aafc00 7532763c 74ce0000 00000102 c0000000 ntdll!LdrUnloadDll+0x2a (FPO: [Non-Fpo])
05 02aafc14 74ce63a3 74ce0000 00000000 00000000 KERNELBASE!FreeLibraryAndExitThread+0x56 (FPO: [Non-Fpo])
06 02aafc34 75d53c45 74ce64b3 02aafc80 771b37f5 mswsock!SockAsyncThread+0xf5 (FPO: [Non-Fpo])
07 02aafc40 771b37f5 0041aec8 75e4c95a 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
08 02aafc80 771b37c8 74ce62ee 0041aec8 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
09 02aafc98 00000000 74ce62ee 0041aec8 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

   8  Id: dec.90c Suspend: 1 Teb: 7ffdd000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 035df680 77196a24 77182264 000000d8 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
01 035df684 77182264 000000d8 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
02 035df6e8 77182148 00000000 00000000 00000000 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
03 035df710 7717f6a8 77227340 7413c272 00417910 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
04 035df7a8 7717f63b 00000002 00000000 035df914 ntdll!LdrShutdownThread+0x50 (FPO: [Non-Fpo])
05 035df7b8 7717f9be 00000000 7413ccce 00000000 ntdll!RtlExitUserThread+0x2a (FPO: [Non-Fpo])
06 035df914 75d53c45 00417910 035df960 771b37f5 ntdll!TppWorkerThread+0x856 (FPO: [Non-Fpo])
07 035df920 771b37f5 00417910 7413ccba 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
08 035df960 771b37c8 771803e7 00417910 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
09 035df978 00000000 771803e7 00417910 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

#  9  Id: dec.42c Suspend: 1 Teb: 7ffd6000 Unfrozen
 # ChildEBP RetAddr  Args to Child              
00 030bfe38 771ef161 7445cbb2 00000000 00000000 ntdll!DbgBreakPoint (FPO: [0,0,0])
01 030bfe68 75d53c45 00000000 030bfeb4 771b37f5 ntdll!DbgUiRemoteBreakin+0x3c (FPO: [Non-Fpo])
02 030bfe74 771b37f5 00000000 7445cb6e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
03 030bfeb4 771b37c8 771ef125 00000000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
04 030bfecc 00000000 771ef125 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

0 4 6 7 8号线程都在进入关键段(貌似为了线程同步)后停住了,都在等000000d8,
其它几个线程都在各自等待,跟这里的死锁没啥关联,略过了。

0:000> !cs -l
-----------------------------------------
DebugInfo          = 0x77227540
Critical section   = 0x77227340 (ntdll!LdrpLoaderLock+0x0)
LOCKED
LockCount          = 0x5
WaiterWoken        = No
OwningThread       = 0x0000080c
RecursionCount     = 0x1
LockSemaphore      = 0xD8
SpinCount          = 0x00000000

现存的线程中没有id为0x0000080c的,但是这个关键段却被它所拥有,进而导致整个进程锁住了,还望张老师指点。
掌握的知识还是少,所以猜不出怎么才回导致现在的这种情况,所以会有见鬼的感觉。
by the way,非常非常感谢张老师的《软件调试》,写的真心给力,不知道啥时候出第二版!


IP 地址: 已记录   报告
   2015-01-28, 20:51 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: 死锁
Reply Quote
80c线程可能在拥有关键区的时候发生了一个异常,这个异常被不好的处理器捕捉到并掩盖了,而后这个线程退出了...

应该找重现的方法,然后挂windbg或者用adplus监视

IP 地址: 已记录   报告
   2015-01-29, 08:38 上午
BianChengNan 离线,最后访问时间: 2017/7/22 6:43:39 BianChengNan

发帖数前25位
注册: 2013-07-05
发 贴: 39
Re: 死锁
Reply Quote
多谢张老师,应该是这样的,这种现象偶然发生,只能再等机会了。
IP 地址: 已记录   报告
   2015-02-05, 14:59 下午
BianChengNan 离线,最后访问时间: 2017/7/22 6:43:39 BianChengNan

发帖数前25位
注册: 2013-07-05
发 贴: 39
Re: 死锁
Reply Quote
代码里有对TerminateThread的调用,刚才用测试程序重现了这个问题,已经去除了对TerminateThread的调用。
再次感谢张老师的《软件调试》和《格蠹汇编》,很是期待软件调试2啊

IP 地址: 已记录   报告
高端调试 » 软件调试 » WinDbg » Re: 死锁

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.