分析 .dmp 文件
我正在尝试解决仅在生产中发生的 c++ exe 运行时错误问题。我是 C++ 和 Windbg 的新手,但我将分析粘贴在这里。如果有人能告诉我这个错误是如何以及在什么条件下发生的,更重要的是我如何找出哪一行代码导致了这个错误,我将不胜感激。我阅读了很多论坛,但是如果我在 VS 2008 中打开 dmp 文件,我在本地有一个 pdb 文件,并且在本地有一个 exe 文件,但我永远无法启用“转到源代码”菜单选项。关于如何分析这个 .dmp 文件以及如何理解它的快速回复,将不胜感激。谢谢!
- *
- 异常分析
- **
GetPageUrlData 失败,服务器返回 HTTP 状态 404 请求的 URL: http://watson.microsoft .com/StageOne/MYServer_exe/0_0_0_0/MyServer_exe/0_0_0_0/000194ab.htm?Retriage=1
FAULTING_IP: 我的服务器+194ab 004194ab c6040100 mov byte ptr [ecx+eax],0
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) 异常地址:004194ab(我的服务器+0x000194ab) 异常代码:c0000005(访问冲突) 异常标志:00000000 参数数量:2 参数[0]:00000001 参数[1]:00000000 尝试写入地址 00000000
DEFAULT_BUCKET_ID: NULL_POINTER_WRITE
PROCESS_NAME: Myserver.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx 处的指令引用了 0x%08lx 处的内存。内存不能是 %s。
EXCEPTION_CODE:(NTSTATUS) 0xc0000005 - 0x%08lx 处的指令引用了 0x%08lx 处的内存。内存不能是 %s。
EXCEPTION_PARAMETER1:00000001
EXCEPTION_PARAMETER2:00000000
WRITE_ADDRESS:00000000
FOLLOWUP_IP: 我的服务器+194ab 004194ab c6040100 mov byte ptr [ecx+eax],0
MOD_LIST:
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 000004e0
PRIMARY_PROBLEM_CLASS: NULL_POINTER_WRITE
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_WRITE
LAST_ CONTROL_TRANSFER:从 00418a4e 到 004194ab
STACK_TEXT: 警告:堆栈展开信息不可用。以下框架可能是错误的。 087ffa74 00418a4e 0a73b070 087ffc6c 087ffd8c 我的服务器+0x194ab 087ffb64 00410767 0a73b070 087ffd74 087ffd8c 我的服务器+0x18a4e 087ffc6c 0041089b 0a73b0f8 0a727a78 0a73b108 我的服务器+0x10767 087ffd74 00433913 0a73b0f8 0a727a78 0a73b108 我的服务器+0x1089b 087ffe58 0042fbf3 0a73b0f8 0a727a78 00000044 我的服务器+0x33913 087fffb8 7d4dfe37 000006a0 00000000 00000000 我的服务器+0x2fbf3 087fffec 00000000 0042fae0 000006a0 00000000 kernel32!BaseThreadStart+0x34
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Myserver+194ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Myserver
IMAGE_NAME: Myserver.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c2123df
堆栈命令:~86 秒; .ecxr; kb
FAILURE_BUCKET_ID:NULL_POINTER_WRITE_c0000005_Myserver.exe!未知
BUCKET_ID:APPLICATION_FAULT_NULL_POINTER_WRITE_Myserver+194ab
后续:MachineOwner
I am trying to solve a c++ exe run time error issue that happens only in production. I am new to C++ and windbg but I am pasting the enalysis here. I would greatly appreciate if some one can point me to as to how and under what condition this error occurs and more importantly how do I figure out which line of code is causing it. I read lot of forums BUT If I open the dmp file in VS 2008, I have a pdb file locally and the exe locally BUT I can never get the Go To Source code menu option enabled. Quick reply as to how to analyze this .dmp file and how to understand it, would be highly appreciated.. Thanks!
- *
- Exception Analysis *
- *
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/MYServer_exe/0_0_0_0/MyServer_exe/0_0_0_0/000194ab.htm?Retriage=1
FAULTING_IP:
Myserver+194ab
004194ab c6040100 mov byte ptr [ecx+eax],0
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 004194ab (Myserver+0x000194ab)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000000
Attempt to write to address 00000000
DEFAULT_BUCKET_ID: NULL_POINTER_WRITE
PROCESS_NAME: Myserver.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000000
WRITE_ADDRESS: 00000000
FOLLOWUP_IP:
MYServer+194ab
004194ab c6040100 mov byte ptr [ecx+eax],0
MOD_LIST:
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 000004e0
PRIMARY_PROBLEM_CLASS: NULL_POINTER_WRITE
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 00418a4e to 004194ab
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
087ffa74 00418a4e 0a73b070 087ffc6c 087ffd8c Myserver+0x194ab
087ffb64 00410767 0a73b070 087ffd74 087ffd8c Myserver+0x18a4e
087ffc6c 0041089b 0a73b0f8 0a727a78 0a73b108 Myserver+0x10767
087ffd74 00433913 0a73b0f8 0a727a78 0a73b108 Myserver+0x1089b
087ffe58 0042fbf3 0a73b0f8 0a727a78 00000044 Myserver+0x33913
087fffb8 7d4dfe37 000006a0 00000000 00000000 Myserver+0x2fbf3
087fffec 00000000 0042fae0 000006a0 00000000 kernel32!BaseThreadStart+0x34
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Myserver+194ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Myserver
IMAGE_NAME: Myserver.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c2123df
STACK_COMMAND: ~86s; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_POINTER_WRITE_c0000005_Myserver.exe!Unknown
BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_WRITE_Myserver+194ab
Followup: MachineOwner
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
k
将为您提供当前停止线程的堆栈跟踪。~*kb
将为您提供所有线程的堆栈跟踪符号
您可能希望设置符号搜索路径以包含 MS 符号,这将提供更好的堆栈跟踪。
您可以每次使用
.sympath srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
或更永久设置的_NT_SYMBOL_PATH
环境变量来执行此操作(例如作为系统变量)到srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
您可能需要使用以下命令重新加载符号。
碰撞线
如果您想要的只是崩溃的行,那么有一个应用程序“CrashFinder”将加载您的应用程序和 pdb 并允许您输入此
004194ab
报告崩溃的行。k
will give you the stack trace of the current stopped in thread.~*kb
Will give you the stack trace of all threadsSymbols
You might like to set the symbol search path to include MS symbols, this will allow a better stack trace.
You can do this each time using
.sympath srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
or more permanently set_NT_SYMBOL_PATH
environment var (say as a system variable) tosrv*C:\Symbols*http://msdl.microsoft.com/download/symbols
You may need to get the symbols to re load using the following.
Crash line
If all you want is the line of the crash then there is an application 'CrashFinder' which will load your app and pdb and allow you to enter this
004194ab
to report the line of the crash.您还可以使用顶部菜单设置符号路径(其中有应用程序 PDB)和源路径(其中有源)(我认为它显示“设置符号路径”和“设置源路径”)。
对于故障转储,一旦您设置了符号和源路径并加载了转储文件,您就会发现以下命令很有用:
!analyze -v
从您粘贴的报告中,检查以下行:
STACK_COMMAND: ~86s; .ecxr; kb
这一行告诉您导致错误的线程 (86)。刚刚越过该行进入命令窗口即可获取该线程的堆栈:~86s; .ecxr; KB
You can also set the symbol path, where you have your application PDBs, and the source path, where you have your sources, using the top menu (I think it says Set symbol path and Set source path).
For a crash dump, once you have set up symbol and source paths, and loaded the dump file, you'll find useful the command:
!analyze -v
And from the report you pasted, check the line:
STACK_COMMAND: ~86s; .ecxr ; kb
This line tells you the thread that caused the fault (86). Just past that line into the command window to obtain the stack for that thread:~86s; .ecxr ; kb
如果您对 VS 更满意,请不要放弃它。您确实看到反汇编和堆栈,并且只缺少符号?您是否单击了您的模块的堆栈框架,但仍然看不到任何代码?您甚至可以看到模块内的堆栈框架吗?您是否已建立对 MS 公共符号的访问? (无论如何,你可能应该这样做,即使使用 WinDbg)。 WinDbg 是否报告堆栈符号? (它们没有列在您粘贴到此处的代码片段中)。如果不是,则很可能是符号问题。在 WinDbg 和 VS 上都有多种方法可以诊断这些问题。您是否检查了要调试的模块的“符号加载信息”? (VS 中最简单的方法是在模块窗口中右键单击该模块)。
根据这些问题的答案的任意组合可以给出建议。如果您提供更多详细信息,可以帮助集中建议。
If you're more comfortable with VS, don't give up on it yet. You do see disassembly and stack, and lack only symbols? Do you click the stack frame that is your module and still see no code? Can you even see a stack frame that is within your module? Have you established access to the MS public symbols? (you probably should anyway, even with WinDbg). Does WinDbg report the stack symbols? (they're not listed in the snippet you pasted here). If not it's very likely to be a symbol issue. There are ways to diagnose these both on WinDbg and VS. Did you inspect the 'symbol load information' for the modules you wish to debug? (easiest way in VS is right click the module at the modules window).
There are advice to be given based on any combination of answers to these question. If you provide more detail it can help focus the advice.