WaitForMultipleObjectsEx 中的句柄数量奇怪
查看 kb 的输出,该线程正在等待某个事件。现在,此方法的第一个参数是其等待的句柄数,但正如您在输出中可以看到的,它的值为 0024e154。我通常会看到 2、3、4 等数字。你知道这是什么意思吗?
ChildEBP RetAddr Args to Child
0024e1a0 75c70208 0024e154 0024e1c8 00000000 kernel32!WaitForMultipleObjectsEx+0x11d
Looking the output of kb, this thread is waiting for some event. Now the first argument for this method is number of handles its waiting for but as you can in the output it has a value of 0024e154. I usually see a number like2, 3, 4 etc. Any ideas what does this mean?
ChildEBP RetAddr Args to Child
0024e1a0 75c70208 0024e154 0024e1c8 00000000 kernel32!WaitForMultipleObjectsEx+0x11d
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
调用堆栈看起来不可靠。有几个问题:
如果已加载正确的符号,最好的方法是查看原始堆栈跟踪。您可以通过确定堆栈的开始和结束位置来完成此操作。这可以通过
确定
!teb
查找 ExceptionBase 和 ExceptionLimit 输出,然后使用转储原始堆栈
dps 开始结束
并分析堆栈
The call stack does not look reliable. A couple of questions:
If the correct symbols have been loaded the best approach is to look at the raw stack trace. You can do this by determining wehre the stack starts and ends. This can be determined with
!teb
Look for ExceptionBase and ExceptionLimit output and then dump the raw stack with
dps begin end
and analyze the stack
+0x11d 是从 WaitForMultipleObjectsEx 的偏移量。 Windbg 会取最近的符号,当你看到这么大的偏移量时,通常意味着你没有好的符号。堆栈帧可能根本不在 WaitForMultipleObjectsEx 中,因此参数看起来毫无意义。
执行一次
在再次查看堆栈之前先 。
如果您看到:
您不能相信输出。
+0x11d is offset from WaitForMultipleObjectsEx. Windbg take the nearest symbol, and when you see a such large offset, it usually mean that you don’t have good symbols. The stack frame are probably not in WaitForMultipleObjectsEx at all and therefore the parameters seems nonsense.
Do a
before looking at your stack again.
If you see the:
you can’t trust the output.