C# 了解 WinDbg 输出
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/759365/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
understanding WinDbg output
提问by Anya
I have a Winform application (C#) which imports some functions from dll.
我有一个 Winform 应用程序(C#),它从 dll 中导入一些函数。
Sometimes when running the application i get the following exception:
有时在运行应用程序时,我会收到以下异常:
System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
System.AccessViolationException: 试图读取或写入受保护的内存。这通常表明其他内存已损坏。
I catch it in AppDomain.CurrentDomain.UnhandledException.
我抓住了它AppDomain.CurrentDomain.UnhandledException。
So i tried to debug it with WinDbg. I was able to catch the exception and get the following output:
所以我尝试用 WinDbg 调试它。我能够捕获异常并获得以下输出:
!analyze -v
!analyze -v
FAULTING_IP:
KERNEL32!SetErrorMode+14b
77e6c427 8a08 mov cl,byte ptr [eax]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77e6c427 (KERNEL32!SetErrorMode+0x0000014b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 087deadc
Attempt to read from address 087deadc
FAULTING_THREAD: 00000b1c
PROCESS_NAME: App.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 087deadc
READ_ADDRESS: 087deadc
FOLLOWUP_IP:
KERNEL32!SetErrorMode+14b
77e6c427 8a08 mov cl,byte ptr [eax]
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0xb1c (34)
Current frame:
ChildEBP RetAddr Caller,Callee
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [UnloadedModule_Arch_AX] from Frame:[0] on thread:[b1c] ; Enable Pageheap/AutoVerifer
DEFAULT_BUCKET_ID: HEAP_CORRUPTION
PRIMARY_PROBLEM_CLASS: HEAP_CORRUPTION
BUGCHECK_STR: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ
LAST_CONTROL_TRANSFER: from 7a0aa797 to 77e6c427
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
08bddc6c 7a0aa797 00000000 00000001 087deadc KERNEL32!SetErrorMode+0x14b
08bddd68 7c82a124 056306e8 08bddf9c 7c82a0b8 mscorwks!CorLaunchApplication+0x281f8
08bddd74 7c82a0b8 7c82a0fc 00000001 00000004 ntdll!RtlpAllocateFromHeapLookaside+0x13
08bddf9c 00000000 00000000 00000000 00000000 ntdll!RtlAllocateHeap+0x1dd
STACK_COMMAND: .ecxr ; ~~[b1c] ; .frame 0 ; ~34s ; kb
SYMBOL_NAME: ure.dll!Unloaded
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ure.dll
IMAGE_NAME: ure.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 750063
FAILURE_BUCKET_ID: HEAP_CORRUPTION_c0000005_ure.dll!Unloaded
BUCKET_ID: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ_ure.dll!Unloaded
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/App_exe/1_2009_403_12/49e707a9/KERNEL32_dll/5_2_3790_4062/46264680/c0000005/0002c427.htm?Retriage=1
Followup: MachineOwner
What does that mean? and what should i do with it?
这意味着什么?我该怎么办?
Thanks in advance for any tips!!
提前感谢您的任何提示!!
回答by Mark
It looks like ure.dllhas been unloaded, and a call to NlsAnsiToUnicodeMultiByteToWideChar() referring to it is failing. You could run .symfixbefore !analyze -vto confirm that.
它看起来ure.dll已被卸载,并且对NlsAnsiToUnicodeMultiByteToWideChar()的调用失败了。你可以运行.symfix之前!analyze -v确认。
Is that the DLL you're importing? If not, you have memory corruption. Otherwise, the bug is probably in that DLL. Are you using P/Invoke to import it?
那是您要导入的DLL吗?如果没有,则内存损坏。否则,该错误可能在该 DLL 中。您是否使用 P/Invoke 来导入它?
Yup, the unloaded DLL information has been corrupted. As you might guess, it's .NET's culture.dll, and Windbg is reading the 'cult' part of that as the timestamp and checksum. Try restarting and doing the following:
是的,卸载的 DLL 信息已损坏。正如您可能猜到的那样,它是 .NET 的 .NET culture.dll,而 Windbg 正在将其中的“邪教”部分读取为时间戳和校验和。尝试重新启动并执行以下操作:
.symfix
sxe ud
g
and when the breakpoint hits:
当断点命中时:
kb
(That's telling Windbg to run until the DLL is unloaded, and then dump the stack)
(这告诉 Windbg 运行直到 DLL 被卸载,然后转储堆栈)
Run for a bit to let the module unload, and execute the following command. Then let Windbg run until you get the exception, and do this command again to compare:
运行一段时间让模块卸载,然后执行以下命令。然后让 Windbg 运行直到出现异常,再次执行此命令进行比较:
db ntdll!RtlpUnloadEventTrace
(That's the beginning of the unloaded module table, which is getting corrupted.)
(这是已损坏的卸载模块表的开头。)
