求助一个Crash Dump的INVALID_POINTER_READ问题

WinDbg

求助一个Crash Dump的INVALID_POINTER_READ问题

---

saviola 2016-06-02, 19:40 下午
不好意思，这个问题我刚发到C/C++版块了。。。但是感觉可能也跟windbg本身的使用有关，是不是我没用对命令找到真正的exception？
求windbg大神们帮忙分析下
http://advdbg.org/forums/6941/ShowPost.aspx

主要内容就是一个程序crash生成dump（程序自身逻辑做的WriteMiniDump，不是Crash时人为去抓的Dump）

用.ecxr得到了触发异常的指令，但是，它执行的指令不该触发异常啊，请看下这怎么解释？


0:005> !analyze -v

FAULTING_IP:
ProgramName!FAsyncTask<FSceneRenderer::FAsyncVisibilityCull>::FinishThreadedWork+3
0199ac63 83bfb003000000  cmp     dword ptr [edi+3B0h],0

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0199ac63 (ProgramName!FAsyncTask<FSceneRenderer::FAsyncVisibilityCull>::FinishThreadedWork+0x00000003)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: abe904dc
Attempt to read from address abe904dc

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ


0:005> .ecxr
eax=00000000 ebx=0007781f ecx=abe9012c edx=00000002 esi=007cfd20 edi=abe9012c
eip=0199ac63 esp=077efcc4 ebp=077efce8 iopl=0         nv up ei pl zr na pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010247
ProgramName!FAsyncTask<FSceneRenderer::FAsyncVisibilityCull>::FinishThreadedWork+0x3:
0199ac63 83bfb003000000  cmp     dword ptr [edi+3B0h],0 ds:002b:abe904dc=00000000

0:005> !address abe904dc
 ProcessParametrs 00bd13e8 in range 00bd0000 00cd0000
 Environment 00bd07f0 in range 00bd0000 00cd0000
    abe90000 : abe90000 - 0001e000
                    Type     00020000 MEM_PRIVATE
                    Protect  00000004 PAGE_READWRITE
                    State    00001000 MEM_COMMIT
                    Usage    RegionUsageIsVAD

0:005> dd abe904dc-20h L10
abe904bc  00000000 00000001 00000001 00000028
abe904cc  00000000 00000000 00000000 00000000
abe904dc  00000000 00000000 02b041c4 abe90058
abe904ec  7f7fffff 00000025 00000008 55804600

这块内存完全是可以被读到内容的呀，是个正常的READWRITE Page，哪怕是指针指坏了不该读那儿，但不管怎样是能读到的呀！为什么异常了？