Windows 故障转储中的参数异常
在 Windows 故障转储中,尤其是从 Windows 错误报告中获得的故障转储中,我们经常会看到参数值在调用过程中发生变化,但实际上它们不应该变化。例如:
void foo(int id)
{
...
{
void bar(int id)
{
foo(id);
...
}
根据 WinDbg,“id”的值在 foo() 和 bar() 中莫名其妙地不同。我们很多看到这种情况,并且我们的代码中没有任何内容可以解释它(IOW,在调用 foo 之前我们没有对“id”的值做任何事情)。
有人对此有解释吗?
In Windows crash dumps, especially the ones we get from Windows Error Reporting, we often see parameter values that vary across calls when they shouldn't. For example:
void foo(int id)
{
...
{
void bar(int id)
{
foo(id);
...
}
According to WinDbg, the values of 'id' are inexplicably different in foo() and bar(). We see this a lot, and there's nothing in our code that can account for it (IOW, we aren't doing anything with the value of 'id' before the call to foo).
Does anyone have an explanation for this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
堆栈腐败?您看到的值实际上是堆栈上的值,当调用 foo 时,通过推送当时的值 id 仅为 foo 制作一个副本。因此,如果 foo 更改其本地副本,它显然会具有不同的值,但如果有人溢出数组(我猜这是在 C 中),它也可能会覆盖 id 值。
例如,假设 abc 调用 foo 并在本地声明了一个长度为 120 的数组。有人有一个指向该数组的指针,并将 240 个字节复制到其中,但没有注意到这超出了数组的末尾。好吧,这些额外的 120 个字节将落在 foo 用作局部变量的顶部。
Stack corruption? The values you are seeing are really values on the stack and when foo was called, a copy was made just for foo by pushing the value id had at that time. So if foo changes its local copy it would obviously have a different value, but if someone overruns an array (I'm guessing this is in C) it could also overwrite the id value.
So for example, suppose that abc called foo and had an array of length 120 declared locally. Someone has a pointer to that array and copies 240 bytes into it without noticing that this overruns the end of the array. Well, those extra 120 bytes would land on top of the variables foo is using as locals.