利用WinDbg找出程序崩溃的代码行号

更新时间：2022-09-13 23:03:08

之前碰到论坛里有几个好友，说程序不时的崩溃，什么xxoo不能read的！

如果光要是这个内存地址，估计你会疯掉~~

所以分享一下基本的调试技巧，需要准备的工具有WinDbg + VC6.0，

下面是自己整理的一份自动生成DUMP文件的源代码，只需要添加到工程即可，源代码如下：

MiniDump.h
MiniDump.cpp

<具体请参考附件SRC中，太大就不贴了>

1、在CXXDlg::OnInitDialog()中添加这样一段：

BOOL CTestDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// ......
SetUnhandledExceptionFilter(CrashReportEx);
HMODULE hKernel32;
// Try to get MiniDumpWriteDump() address.
hDbgHelp = LoadLibrary("DBGHELP.DLL");
MiniDumpWriteDump_ = (MINIDUMP_WRITE_DUMP)GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
// d("hDbgHelp=%X, MiniDumpWriteDump_=%X", hDbgHelp, MiniDumpWriteDump_);
// Try to get Tool Help library functions.
hKernel32 = GetModuleHandle("KERNEL32");
CreateToolhelp32Snapshot_ = (CREATE_TOOL_HELP32_SNAPSHOT)GetProcAddress(hKernel32, "CreateToolhelp32Snapshot");
Module32First_ = (MODULE32_FIRST)GetProcAddress(hKernel32, "Module32First");
Module32Next_ = (MODULE32_NEST)GetProcAddress(hKernel32, "Module32Next");
}

复制代码

下面是工程中的测试代码：

class CTestDlg : public CDialog
{
// Construction
public:
CTestDlg(CWnd* pParent = NULL); // standard constructor
void Fun1(char *pszBuffer);
void Fun2(char *pszBuffer);
void Fun3(char *pszBuffer);
};

复制代码

void CTestDlg::Fun1(char *pszBuffer)
{
Fun2(pszBuffer);
}
void CTestDlg::Fun2(char *pszBuffer)
{
Fun3(pszBuffer);
}
void CTestDlg::Fun3(char *pszBuffer)
{
pszBuffer[1] = 0x00;
}

复制代码

我们在双击确定按钮时的响应代码如下：

void CTestDlg::OnOK()
{
// TODO: Add extra validation here
Fun1(NULL);
}

复制代码

2、设置VC编译选项，勾选生成MAP和Debug Info、Progma Datebase:

3、将编译生成的Release目录中的pdb、map文件保存起来，以后调试会用到：

4、运行程序，单击确定按钮出现异常后自动重启，并创建一个Log文件夹，里面生成dump文件:

5、我们打开WinDbg，设置一下相关路径
A、设置pdb路径（File \ Symbol File Path）

B、设置源代码路径( File \ Source File Path )

C、设置Exe路径( File \ Image File Path )


6、用WiinDbg打开dump文件（File \ Open Crash Dump）

7、输入命令!analyze -v，等待几秒后会打印出错误信息，函数调用栈如下图：

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Test\Release\Log\2012-05-29 160059.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: C:\Test\Release
Executable search path is: C:\Test\Release
Windows XP Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Tue May 29 16:00:59.000 2012 (GMT+8)
System Uptime: not available
Process Uptime: 0 days 0:00:01.000
...................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1710.1450): Access violation - code c0000005 (first/second chance not available)
eax=00a80000 ebx=00157ea8 ecx=00000007 edx=7c92e514 esi=00157e80 edi=00157ed8
eip=7c92e514 esp=0012e830 ebp=0012e840 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!KiFastSystemCallRet:
7c92e514 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mfc42.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for user32.dll -
***** OS symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for kernel32.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: IMAGE_NT_HEADERS32 ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for advapi32.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
00401ca6 c6400100 mov byte ptr [eax+1],0
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00401ca6 (Test!CTestDlg::Fun3+0x00000006)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000001
Attempt to write to address 00000001
PROCESS_NAME: Test.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: Test
FAULTING_MODULE: 7c920000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 4fc48236
ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000001
WRITE_ADDRESS: 00000001
FOLLOWUP_IP:
Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
00401ca6 c6400100 mov byte ptr [eax+1],0
FAULTING_THREAD: 00001450
BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 00401c9c to 00401ca6
STACK_TEXT:
0012f89c 00401c9c 00000000 0012f8b4 00401c8c Test!CTestDlg::Fun3+0x6 [C:\Test\TestDlg.cpp @ 141]
0012f8a8 00401c8c 00000000 0012f8cc 00401f27 Test!CTestDlg::Fun2+0xc [C:\Test\TestDlg.cpp @ 137]
0012f8b4 00401f27 00000000 73d323eb 73dcf07c Test!CTestDlg::Fun1+0xc [C:\Test\TestDlg.cpp @ 132]
0012f8bc 73d323eb 73dcf07c 00000111 0012f8fc Test!CTestDlg::OnOK+0x7 [C:\Test\TestDlg.cpp @ 242]
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f8cc 73d322fd 0012fe94 00000001 00000000 mfc42!Ordinal567+0xa2
0012f8fc 73d976e5 00000001 00000000 00000000 mfc42!Ordinal4424+0x108
0012f920 73d33094 00000001 00000000 00000000 mfc42!Ordinal4431+0x1b
0012f970 73d31b58 00000000 0014120e 0012fe94 mfc42!Ordinal4441+0x51
0012f9f0 73d31b07 00000111 00000001 0014120e mfc42!Ordinal5163+0x2f
0012fa10 73d31a78 00000111 00000001 0014120e mfc42!Ordinal6374+0x22
0012fa70 73d319d0 0012fe94 00000000 00000111 mfc42!Ordinal1109+0x91
0012fa90 73dbe47c 0018124c 00000111 00000001 mfc42!Ordinal1578+0x34
0012fabc 77d18734 0018124c 00000111 00000001 mfc42!Ordinal1579+0x39
0012fae8 77d18816 73dbe443 0018124c 00000111 user32!GetDC+0x6d
0012fb50 77d2927b 00000000 73dbe443 0018124c user32!GetDC+0x14f
0012fb8c 77d292e3 006d5120 007101c8 00000001 user32!GetParent+0x16c
0012fbac 77d4ff7d 0018124c 00000111 00000001 user32!SendMessageW+0x49
0012fbc4 77d465d2 007156c0 00000000 007156c0 user32!CreateMDIWindowA+0x1bd
0012fbe0 77d25e94 001530ec 00000001 00000000 user32!DeregisterShellHookWindow+0x6312
0012fc64 77d3b082 007156c0 00000202 00000000 user32!IsDlgButtonChecked+0x109a
0012fc84 77d18734 0014120e 00000202 00000000 user32!SoftModalMessageBox+0xda3
0012fcb0 77d18816 77d3b036 0014120e 00000202 user32!GetDC+0x6d
0012fd18 77d189cd 00000000 77d3b036 0014120e user32!GetDC+0x14f
0012fd78 77d18a10 00404314 00000000 0012fdac user32!GetWindowLongW+0x127
0012fd88 77d274ff 00404314 00404314 0040431c user32!DispatchMessageW+0xf
0012fdac 77d3c6d3 0018124c 007156c0 00404314 user32!IsDialogMessageW+0xdb
0012fdcc 73d45202 0018124c 00404314 0012fe94 user32!IsDialogMessage+0x4a
0012fddc 73d39be0 00404314 73d451ce 00404314 mfc42!Ordinal4047+0x2f
0012ff00 73d3c1cf 006f0072 00142373 00000000 mfc42!Ordinal5278+0x29
004034c0 00401c20 004019f0 00401a00 00401a10 mfc42!Ordinal1576+0x47
004034c4 004019ef 00401a00 00401a10 00402130 Test!CTestDlg::`scalar deleting destructor'
004034c8 004019ff 00401a10 00402130 0040212a Test!CTestDlg::~CTestDlg+0xf
004034cc 00401a0f 00402130 0040212a 0040203a Test!CObject::Serialize+0xf
004034d0 00402130 0040212a 0040203a 00402034 Test!CObject::AssertValid+0xf
004034d4 0040212a 0040203a 00402034 0040202e Test!CDialog::OnCmdMsg
004034d8 0040203a 00402034 0040202e 00402028 Test!CWnd::OnFinalRelease
004034dc 00402034 0040202e 00402028 00402022 Test!CCmdTarget::IsInvokeAllowed
004034e0 0040202e 00402028 00402022 00401c70 Test!CCmdTarget::GetDispatchIID
004034e4 00402028 00402022 00401c70 0040201c Test!CCmdTarget::GetTypeInfoCount
004034e8 00402022 00401c70 0040201c 00402016 Test!CCmdTarget::GetTypeLibCache
004034ec 00401c6f 0040201c 00402016 00402010 Test!CCmdTarget::GetTypeLib
004034f0 0040201c 00402016 00402010 0040200a Test!CTestDlg::_GetBaseMessageMap+0xf
004034f4 00402016 00402010 0040200a 00402004 Test!CCmdTarget::GetCommandMap
004034f8 00402010 0040200a 00402004 00401ffe Test!CCmdTarget::GetDispatchMap
004034fc 0040200a 00402004 00401ffe 00401ff8 Test!CCmdTarget::GetConnectionMap
00403500 00402004 00401ffe 00401ff8 00401ff2 Test!CCmdTarget::GetInterfaceMap
00403504 00401ffe 00401ff8 00401ff2 00401fec Test!CCmdTarget::GetEventSinkMap
00403508 00401ff8 00401ff2 00401fec 00402124 Test!CCmdTarget::OnCreateAggregates
00403608 004022fc 00402310 00000000 19930520 Test!CCmdTarget::GetInterfaceHook
0040360c 00402310 00000000 19930520 00000008 Test!WinMainCRTStartup+0x13e
00403610 00000000 19930520 00000008 00403638 Test!WinMainCRTStartup+0x152
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_SOURCE_CODE:
137: }
138:
139: void CTestDlg::Fun3(char *pszBuffer)
140: {
> 141: pszBuffer[1] = 0x00;
142: }
143:
144: BOOL CTestDlg::OnInitDialog()
145: {
146: CDialog::OnInitDialog();
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Test!CTestDlg::Fun3+6
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: Test.exe
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_c0000005_Test.exe!CTestDlg::Fun3
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Test_exe/1_0_0_1/4fc48236/Test_exe/1_0_0_1/4fc48236/c0000005/00001ca6.htm?Retriage=1
Followup: MachineOwner
---------

复制代码

OK ，这样我们就能在发布版本的程序中，准确的定位到哪个函数出了问题，所以发布程序时，一定要记得生成pdb、map文件，不然客户运行出错的话，你不死也残！

测试工程下载地址：

<ignore_js_op> 利用WinDbg找出程序崩溃的代码行号

DumpTest.rar (31.39 KB, 下载次数: 539)

原文链接:
http://blog.csdn.net/wangningyu/article/details/6748138

上一篇 : ：linux signal 用法和注意事项下一篇 : minidump详细介绍

利用WinDbg找出程序崩溃的代码行号

相关阅读

推荐文章