共计 11129 个字符,预计需要花费 28 分钟才能阅读完成。
一、前言
在理论工作中,咱们不能保障公布进来的产品是完满的,就算通过测试没有发现问题,有可能在用户环境就呈现了,这也是失常的。如果在用户那边产品解体了咱们能够怎么查看解体的起因呢?上面就简略的记录一下。
二、步骤
1、首先要拿到 dump 文件,最好是非 minidump
2、关上 windng
3、运行命令!analyze -v
显示以后异样相干信息
内容如下:
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for QaxEngPluginManager.dll -
*** WARNING: Unable to verify checksum for Test.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Test.exe -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for IPCManager32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for QKEntDATPBDCtrl32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for QKEntDATPCtrl32.dll -
Failed calling InternetOpenUrl, GLE=12029
FAULTING_IP:
KERNELBASE!RaiseException+58
75b6b760 c9 leave
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 75b6b760 (KERNELBASE!RaiseException+0x00000058)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 3
Parameter[0]: 19930520
Parameter[1]: 0017ede0
Parameter[2]: 656546f8
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: Test.exe
ERROR_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>
EXCEPTION_PARAMETER1: 19930520
EXCEPTION_PARAMETER2: 0017ede0
EXCEPTION_PARAMETER3: 656546f8
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 0000046c
PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT
BUGCHECK_STR: APPLICATION_FAULT_APPLICATION_FAULT
LAST_CONTROL_TRANSFER: from 6560a043 to 75b6b760
STACK_TEXT:
0017ed98 6560a043 e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58
0017edd0 656079a5 0017ede0 656546f8 6563b2e0 Rule32!_CxxThrowException+0x48 [f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\throw.cpp @ 161]
0017edec 65597c55 ded84442 0017f8ac 691837b0 Rule32!operator new+0x64 [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 63]
0017ee04 655967f2 6f6c2221 00000000 0017f6c0 Rule32!std::_Allocate<wchar_t>+0x45 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xmemory @ 43]
0017ee18 655973b4 6f6c2221 65617437 0017f630 Rule32!std::allocator<wchar_t>::allocate+0x12 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xmemory @ 145]
0017f63c 65596709 6f6c2220 00000000 0017f658 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Copy+0xd4 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 2097]
0017f654 6559655a 6f6c2220 00000000 0017f6c0 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Grow+0x39 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 2123]
0017f668 6559d575 20200a7b 6f6c2220 0017f6c0 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign+0x4a [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 1074]
0017f680 6559c95d 20200a7b 6f6c2220 b8793bcb Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >+0x35 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 640]
0017f72c 691a9b6a 00f342d8 009da020 00000000 Rule32!QKMatchWhiteRule::DoAction+0xbd [c:\jenkins\workspace\scc\client_eilcode_exportinterfacelayer@2\code\modules\matchwhiterule\qkmatchwhiterule.cpp @ 115]
WARNING: Stack unwind information not available. Following frames may be wrong.
0017f7f0 691a62ec 00f342d8 009da020 00000000 QaxEngPluginManager!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1fa9a
0017f844 00e93d39 00f342d8 009da020 00000000 QaxEngPluginManager!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1c21c
0017f8d8 774e8424 0000000e 00000008 07192c94 Test!boost::serialization::singleton_module::is_locked+0x1e69
0017f974 774e8662 0017f990 4a78a2bd fffffffe sechost!ScDispatcherLoop+0x4a6
0017f9b4 00e93745 0017f9c4 00f4ce60 009df150 sechost!StartServiceCtrlDispatcherW+0xb0
0017f9d4 00e9c881 4a075889 009d9f08 0000002e Test!boost::serialization::singleton_module::is_locked+0x1875
0017fa98 00e9caa3 0017fb24 ffffffff 00000024 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8021
0017fb44 00effc8e 00e90000 00000000 0034172a Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8243
0017fbd4 773e3c45 7ffdd000 0017fc20 778137f5 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x6b42e
0017fbe0 778137f5 7ffdd000 77814858 00000000 kernel32!BaseThreadInitThunk+0xe
0017fc20 778137c8 00effcf9 7ffdd000 ffffffff ntdll!__RtlUserThreadStart+0x70
0017fc38 00000000 00effcf9 7ffdd000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
FOLLOWUP_IP:
Rule32!operator new+64 [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 63]
656079a5 cc int 3
FAULTING_SOURCE_CODE:
No source found for 'f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp'
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: rule32!operator new+64
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rule32
IMAGE_NAME: Rule32.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 607947d6
FAILURE_BUCKET_ID: APPLICATION_FAULT_e06d7363_Rule32.dll!operator_new
BUCKET_ID: APPLICATION_FAULT_APPLICATION_FAULT_rule32!operator_new+64
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Test_exe/2_0_0_23/608ac54d/KERNELBASE_dll/6_1_7601_17514/4ce7b8f0/e06d7363/0000b760.htm?Retriage=1
Followup: MachineOwner
---------
4、点击 MODULE_NAME 显示的蓝色模块名,获取异样模块的信息
或者应用命令 lmvm 模块名查问模块信息
5、设置符号和代码门路
依据 Timestamp 和 File version 获取到对应的 pdb 文件和代码
1)设置代码门路
点击 windbg 的 File——Source File Path——输出模块代码所在门路——点击 ok
或者 Ctrl+ P 关上
2)设置符号表门路
点击 windbg 的 File——Symbol File Path——输出模块 pdb 文件门路——点击 reload——点击 ok
或者间接 Ctrl+ S 关上设置 pdb 文件门路
也能够在 windbg 窗口输出.reload 加载 pdb 文件
3)运行命令!analyze -v
同上
4)执行 STACK_COMMAND 的命令
如下:
eax=022f0000 ebx=06971020 ecx=00000007 edx=777f70b4 esi=06970fe0 edi=0017c5d4
eip=777f70b4 esp=0017c294 ebp=0017c2a4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
777f70b4 c3 ret
eax=0017ed48 ebx=65597398 ecx=00000003 edx=00000000 esi=6565f424 edi=0017f630
eip=75b6b760 esp=0017ed48 ebp=0017ed98 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
KERNELBASE!RaiseException+0x58:
75b6b760 c9 leave
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
0017ed98 6560a043 e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58
0017edd0 656079a5 0017ede0 656546f8 6563b2e0 Rule32!_CxxThrowException+0x48 [f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\throw.cpp @ 161]
0017edec 65597c55 ded84442 0017f8ac 691837b0 Rule32!operator new+0x64 [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 63]
0017ee04 655967f2 6f6c2221 00000000 0017f6c0 Rule32!std::_Allocate<wchar_t>+0x45 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xmemory @ 43]
0017ee18 655973b4 6f6c2221 65617437 0017f630 Rule32!std::allocator<wchar_t>::allocate+0x12 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xmemory @ 145]
0017f63c 65596709 6f6c2220 00000000 0017f658 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Copy+0xd4 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 2097]
0017f654 6559655a 6f6c2220 00000000 0017f6c0 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Grow+0x39 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 2123]
0017f668 6559d575 20200a7b 6f6c2220 0017f6c0 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign+0x4a [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 1074]
0017f680 6559c95d 20200a7b 6f6c2220 b8793bcb Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >+0x35 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xstring @ 640]
0017f72c 691a9b6a 00f342d8 009da020 00000000 Rule32!QKMatchWhiteRule::DoAction+0xbd [c:\jenkins\workspace\scc\client_eilcode_exportinterfacelayer@2\code\modules\matchwhiterule\qkmatchwhiterule.cpp @ 115]
WARNING: Stack unwind information not available. Following frames may be wrong.
0017f7f0 691a62ec 00f342d8 009da020 00000000 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1fa9a
0017f844 00e93d39 00f342d8 009da020 00000000 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1c21c
0017f8d8 774e8424 0000000e 00000008 07192c94 Test!boost::serialization::singleton_module::is_locked+0x1e69
0017f974 774e8662 0017f990 4a78a2bd fffffffe sechost!ScDispatcherLoop+0x4a6
0017f9b4 00e93745 0017f9c4 00f4ce60 009df150 sechost!StartServiceCtrlDispatcherW+0xb0
0017f9d4 00e9c881 4a075889 009d9f08 0000002e Test!boost::serialization::singleton_module::is_locked+0x1875
0017fa98 00e9caa3 0017fb24 ffffffff 00000024 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8021
0017fb44 00effc8e 00e90000 00000000 0034172a Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8243
0017fbd4 773e3c45 7ffdd000 0017fc20 778137f5 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x6b42e
0017fbe0 778137f5 7ffdd000 77814858 00000000 kernel32!BaseThreadInitThunk+0xe
0017fc20 778137c8 00effcf9 7ffdd000 ffffffff ntdll!__RtlUserThreadStart+0x70
0017fc38 00000000 00effcf9 7ffdd000 00000000 ntdll!_RtlUserThreadStart+0x1b5)执行 knL
0:000> knL
*** Stack trace for last set context - .thread/.cxr resets it
# ChildEBP RetAddr
00 0017ed98 6560a043 KERNELBASE!RaiseException+0x58
01 0017edd0 656079a5 Rule32!_CxxThrowException+0x48
02 0017edec 65597c55 Rule32!operator new+0x64
03 0017ee04 655967f2 Rule32!std::_Allocate<wchar_t>+0x45
04 0017ee18 655973b4 Rule32!std::allocator<wchar_t>::allocate+0x12
05 0017f63c 65596709 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Copy+0xd4
06 0017f654 6559655a Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::_Grow+0x39
07 0017f668 6559d575 Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign+0x4a
08 0017f680 6559c95d Rule32!std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >+0x35
09 0017f72c 691a9b6a Rule32!Rule::DoAction+0xbd
WARNING: Stack unwind information not available. Following frames may be wrong.
0a 0017f7f0 691a62ec Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1fa9a
0b 0017f844 00e93d39 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x1c21c
0c 0017f8d8 774e8424 Test!boost::serialization::singleton_module::is_locked+0x1e69
0d 0017f974 774e8662 sechost!ScDispatcherLoop+0x4a6
0e 0017f9b4 00e93745 sechost!StartServiceCtrlDispatcherW+0xb0
0f 0017f9d4 00e9c881 Test!boost::serialization::singleton_module::is_locked+0x1875
10 0017fa98 00e9caa3 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8021
11 0017fb44 00effc8e Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x8243
12 0017fbd4 773e3c45 Test!boost::serialization::singleton<CGetEnglog>::get_mutable_instance+0x6b42e
13 0017fbe0 778137f5 kernel32!BaseThreadInitThunk+0xe
14 0017fc20 778137c8 ntdll!__RtlUserThreadStart+0x70
15 0017fc38 00000000 ntdll!_RtlUserThreadStart+0x1b6)执行.frame 9
由 5)可知,在线程 9 开始异样(也能够在执行 STACK_COMMAND 的命令时按程序从 00 开始,获取对应序号值)
如上,若代码和 pdb 匹配,执行命令后会跳转到代码对应地位
7)查看该接口的参数值
点击 windbg 菜单的 Locals 或者 Alt+3
之后呈现下图弹窗:
到这里,咱们就能够查看参数值,判断为什么解体了,由堆栈信息可知,是在申请空间的时候解体了,联合代码发现,需申请
这么大的空间,然而内存空间有余,同时没有异样解决机制,所以解体了。
正文完