Fatal编程技术网
  • debugging/
  • Debugging WinDBG-查找实际(非托管)异常

Debugging WinDBG-查找实际(非托管)异常

debugging exception windbg

Debugging WinDBG-查找实际(非托管)异常,debugging,exception,windbg,Debugging,Exception,Windbg,我试图在托管-非托管混合代码中找到实际的异常 问题是我有一个.Net类,它捕获所有未处理的异常,然后创建一个转储,因此当我查看转储时,会出现混合的托管非托管代码,而我无法真正访问实际的非托管异常。 更糟糕的是,.Net似乎也有自己的例外,所以!analyze-v给了我这个例外 因此,以下是我所拥有的: 我可以找到异常发生的位置(通过查找1003f单词),然后执行.cxr以到达代码中的实际位置 当我做一件事的时候!dumpstack我得到了如下结果: //My module stuff and t

我试图在托管-非托管混合代码中找到实际的异常

问题是我有一个.Net类,它捕获所有未处理的异常,然后创建一个转储,因此当我查看转储时,会出现混合的托管非托管代码,而我无法真正访问实际的非托管异常。
更糟糕的是,.Net似乎也有自己的例外,所以!analyze-v给了我这个例外

因此,以下是我所拥有的:

我可以找到异常发生的位置(通过查找1003f单词),然后执行.cxr以到达代码中的实际位置

当我做一件事的时候!dumpstack我得到了如下结果:

//My module stuff and then:
122bf71c 08bf5242 (MethodDesc 0x4bf71ac +0x5a <Module>.dbg.NativeExceptionHandler())
122bf734 08bf5242 (MethodDesc 0x4bf71ac +0x5a <Module>.dbg.NativeExceptionHandler())
122bf73c 08bf51ce (MethodDesc 0x4bf71dc +0x6 <Module>.dbg.OnUnhandledNativeException(_EXCEPTION_POINTERS*)), calling (MethodDesc 0x4bf71ac +0 <Module>.dbg.NativeExceptionHandler())
122bf75c 08bf51ce (MethodDesc 0x4bf71dc +0x6 <Module>.dbg.OnUnhandledNativeException(_EXCEPTION_POINTERS*)), calling (MethodDesc 0x4bf71ac +0 <Module>.dbg.NativeExceptionHandler())
122bf760 3944bf15 3944bf15
122bf778 7c35f0c3 msvcr71!__CxxUnhandledExceptionFilter+0x46, calling 091f15a2
122bf784 7c864191 kernel32!UnhandledExceptionFilter+0x1c7
122bf7ac 7c812afb kernel32!RaiseException+0x53, calling ntdll!RtlRaiseException
122bf7f4 7857df60 msvcr90!_CxxThrowException+0x48 [f:\prebuild\eh\throw.cpp:161], calling kernel32!RaiseException
122bf828 785436c5 msvcr90!__set_flsgetvalue+0xf [f:\src\tidtable.c:256], calling kernel32!TlsGetValue
122bf834 785438b3 msvcr90!_getptd_noexit+0x74 [f:\src\tidtable.c:616], calling ntdll!RtlSetLastWin32Error
122bf844 785438c5 msvcr90!_getptd+0x8 [f:\src\tidtable.c:641], calling msvcr90!_getptd_noexit [f:\src\tidtable.c:566]
122bf84c 7857c98c msvcr90!__FrameUnwindToState+0xd9 [f:\prebuild\eh\frame.cpp:1161], calling msvcr90!_getptd [f:\src\tidtable.c:640]
122bf850 7857c972 msvcr90!__FrameUnwindToState+0xbf [f:\prebuild\eh\frame.cpp:1182], calling msvcr90!__SEH_epilog4
122bf860 785436c5 msvcr90!__set_flsgetvalue+0xf [f:\src\tidtable.c:256], calling kernel32!TlsGetValue
122bf870 785436c5 msvcr90!__set_flsgetvalue+0xf [f:\src\tidtable.c:256], calling kernel32!TlsGetValue
122bf87c 785438b3 msvcr90!_getptd_noexit+0x74 [f:\src\tidtable.c:616], calling ntdll!RtlSetLastWin32Error
122bf88c 785438c5 msvcr90!_getptd+0x8 [f:\src\tidtable.c:641], calling msvcr90!_getptd_noexit [f:\src\tidtable.c:566]
122bf894 7857d06a msvcr90!CallCatchBlock+0x148 [f:\prebuild\eh\frame.cpp:1503], calling msvcr90!_getptd [f:\src\tidtable.c:640]
122bf898 7857d03c msvcr90!CallCatchBlock+0x11a [f:\prebuild\eh\frame.cpp:1520], calling msvcr90!__SEH_epilog4
122bf8e8 7857d03c msvcr90!CallCatchBlock+0x11a [f:\prebuild\eh\frame.cpp:1520], calling msvcr90!__SEH_epilog4
122bf8ec 7857d486 msvcr90!CatchIt+0x5e [f:\prebuild\eh\frame.cpp:1275], calling msvcr90!CallCatchBlock [f:\prebuild\eh\frame.cpp:1433]
122bf91c 7857d576 msvcr90!FindHandlerForForeignException+0xdb [f:\prebuild\eh\frame.cpp:976], calling msvcr90!CatchIt [f:\prebuild\eh\frame.cpp:1219]
122bf950 785436c5 msvcr90!__set_flsgetvalue+0xf [f:\src\tidtable.c:256], calling kernel32!TlsGetValue
122bf95c 785438b3 msvcr90!_getptd_noexit+0x74 [f:\src\tidtable.c:616], calling ntdll!RtlSetLastWin32Error
122bf96c 785438c5 msvcr90!_getptd+0x8 [f:\src\tidtable.c:641], calling msvcr90!_getptd_noexit [f:\src\tidtable.c:566]
122bf974 7857d8c8 msvcr90!FindHandler+0x334 [f:\prebuild\eh\frame.cpp:879], calling msvcr90!_getptd [f:\src\tidtable.c:640]
122bf988 785436c5 msvcr90!__set_flsgetvalue+0xf [f:\src\tidtable.c:256], calling kernel32!TlsGetValue
122bf994 785438b3 msvcr90!_getptd_noexit+0x74 [f:\src\tidtable.c:616], calling ntdll!RtlSetLastWin32Error
122bf998 7c910323 ntdll!RtlpImageNtHeader+0x56, calling ntdll!_SEH_epilog
122bf9b0 7c90d98a ntdll!NtQueryVirtualMemory+0xc
122bf9b4 7c880b54 kernel32!_ValidateEH3RN+0xb6, calling ntdll!ZwQueryVirtualMemory
122bf9f4 7c83ab50 kernel32!BaseThreadStart+0x4d, calling kernel32!UnhandledExceptionFilter
122bf9fc 7c839b39 kernel32!_except_handler3+0x61
122bfa24 7c9032a8 ntdll!ExecuteHandler2+0x26
122bfa48 7c90327a ntdll!ExecuteHandler+0x24, calling ntdll!ExecuteHandler2
122bfa6c 7c92aa0f ntdll!RtlDispatchException+0xb1, calling ntdll!RtlpExecuteHandlerForException
122bfa98 78591795 msvcr90!_except_handler3+0x69
122bfac0 7c9032a8 ntdll!ExecuteHandler2+0x26
122bfae4 7c90327a ntdll!ExecuteHandler+0x24, calling ntdll!ExecuteHandler2
122bfaf8 7c90e48a ntdll!KiUserExceptionDispatcher+0xe, calling ntdll!RtlDispatchException
122bfdf8 064fdd84 MyModule!Class::MyFunction::Update+0xe4 [c:\MyCode.cpp:12345] ====> Exception cxr@122bfb2c
122bfb60 7c910222 ntdll!RtlpAllocateFromHeapLookaside+0x42, calling ntdll!_SEH_epilog

//我的模块内容,然后:
122bf71c 08bf5242(MethodDesc 0x4bf71ac+0x5a.dbg.NativeExceptionHandler())
122bf734 08bf5242(MethodDesc 0x4bf71ac+0x5a.dbg.NativeExceptionHandler())
122bf73c 08bf51ce(MethodDesc 0x4bf71dc+0x6.dbg.OnUnhandledNativeException(_EXCEPTION_POINTERS*)),调用(MethodDesc 0x4bf71ac+0.dbg.NativeExceptionHandler())
122bf75c 08bf51ce(MethodDesc 0x4bf71dc+0x6.dbg.OnUnhandledNativeException(_EXCEPTION_POINTERS*)),调用(MethodDesc 0x4bf71ac+0.dbg.NativeExceptionHandler())
122bf760 3944bf15 3944bf15
122bf778 7c35f0c3 msvcr71__CXXUNHandleExceptionFilter+0x46,调用091f15a2
122bf784 7c864191内核32!未处理的异常筛选器+0x1c7
122bf7ac 7c812afb内核32!RaiseException+0x53,调用ntdll!RtlRaiseException
122bf7f4 7857df60 msvcr90_CxxThrowException+0x48[f:\prebuild\eh\throw.cpp:161],调用内核32!引起异常
122bf828 785436c5 msvcr90__设置\u flsgetvalue+0xf[f:\src\tidtable.c:256],调用kernel32!TlsGetValue
122bf834 785438b3 msvcr90_getptd_noexit+0x74[f:\src\tidtable.c:616],调用ntdll!RtlSetLastWin32Error
122bf844 785438c5 msvcr90_getptd+0x8[f:\src\tidtable.c:641],调用msvcr90_getptd_noexit[f:\src\tidtable.c:566]
122bf84c 7857c98c msvcr90__FrameUnwindToState+0xd9[f:\prebuild\eh\frame.cpp:1161],调用msvcr90_getptd[f:\src\tidtable.c:640]
122bf850 7857c972 msvcr90__FrameUnwindToState+0xbf[f:\prebuild\eh\frame.cpp:1182],调用msvcr90__SEH_结语4
122bf860 785436c5 msvcr90__设置\u flsgetvalue+0xf[f:\src\tidtable.c:256],调用kernel32!TlsGetValue
122bf870 785436c5 msvcr90__设置\u flsgetvalue+0xf[f:\src\tidtable.c:256],调用kernel32!TlsGetValue
122bf87c 785438b3 msvcr90_getptd_noexit+0x74[f:\src\tidtable.c:616],调用ntdll!RtlSetLastWin32Error
122bf88c 785438c5 msvcr90_getptd+0x8[f:\src\tidtable.c:641],调用msvcr90_getptd_noexit[f:\src\tidtable.c:566]
122bf894 7857d06a msvcr90!CallCatchBlock+0x148[f:\prebuild\eh\frame.cpp:1503],调用msvcr90_getptd[f:\src\tidtable.c:640]
122bf898 7857d03c msvcr90!CallCatchBlock+0x11a[f:\prebuild\eh\frame.cpp:1520],调用msvcr90__SEH_结语4
122bf8e8 7857d03c msvcr90!CallCatchBlock+0x11a[f:\prebuild\eh\frame.cpp:1520],调用msvcr90__SEH_结语4
122bf8ec 7857d486 msvcr90!CatchIt+0x5e[f:\prebuild\eh\frame.cpp:1275],呼叫msvcr90!CallCatchBlock[f:\prebuild\eh\frame.cpp:1433]
122bf91c 7857d576 msvcr90!FindHandlerForForForForForeignException+0xdb[f:\prebuild\eh\frame.cpp:976],调用msvcr90!CatchIt[f:\prebuild\eh\frame.cpp:1219]
122bf950 785436c5 msvcr90__设置\u flsgetvalue+0xf[f:\src\tidtable.c:256],调用kernel32!TlsGetValue
122bf95c 785438b3 msvcr90_getptd_noexit+0x74[f:\src\tidtable.c:616],调用ntdll!RtlSetLastWin32Error
122bf96c 785438c5 msvcr90_getptd+0x8[f:\src\tidtable.c:641],调用msvcr90_getptd_noexit[f:\src\tidtable.c:566]
122bf974 7857d8c8 msvcr90!FindHandler+0x334[f:\prebuild\eh\frame.cpp:879],呼叫msvcr90_getptd[f:\src\tidtable.c:640]
122bf988 785436c5 msvcr90__设置\u flsgetvalue+0xf[f:\src\tidtable.c:256],调用kernel32!TlsGetValue
122bf994 785438b3 msvcr90_getptd_noexit+0x74[f:\src\tidtable.c:616],调用ntdll!RtlSetLastWin32Error
122bf998 7c910323 ntdll!RtlpImageNtHeader+0x56,正在调用ntdll_SEH_尾声
122bf9b0 7c90d98a ntdll!NtQueryVirtualMemory+0xc
122bf9b4 7c880b54内核32_ValidateEH3RN+0xb6,调用ntdll!ZwQueryVirtualMemory
122bf9f4 7c83ab50内核32!BaseThreadStart+0x4d,调用内核32!未处理的异常过滤器
122bf9fc 7c839b39内核32_除手柄3+0x61外
122bfa24 7c9032a8 ntdll!ExecuteHandler2+0x26
122bfa48 7c90327a ntdll!ExecuteHandler+0x24,正在调用ntdll!执行者2
122bfa6c 7c92aa0f ntdll!RtlDispatchException+0xb1,正在调用ntdll!RtlpExecuteHandlerForException
122bfa98 78591795 msvcr90_除手柄3+0x69外
122bfac0 7c9032a8 ntdll!ExecuteHandler2+0x26
122bfae4 7c90327a ntdll!ExecuteHandler+0x24,正在调用ntdll!执行者2
122bfaf8 7c90e48a ntdll!KiUserExceptionDispatcher+0xe,正在调用ntdll!RtlDispatchException
122bfdf8 064fdd84 MyModule!类::MyFunction::Update+0xe4[c:\MyCode.cpp:12345]=>异常cxr@122bfb2c
122bfb60 7c910222 ntdll!RtlpAllocateFromHeapLookaside+0x42,调用ntdll_SEH_尾声
无论如何,问题是,我不能得到实际的异常。我知道这是一个std异常,但我不确定是哪一个(在那一行代码中没有自定义异常,并且可能出现了许多问题)。

您可以尝试在进程内存中查找上下文签名:

s-d 0 L10000000/4 0001003f

幸运的是,这将返回一个找到上下文的内存地址,然后您可以使用.cxr将当前上下文设置到此位置

这是因为在引发异常时创建的windows中的上下文结构总是以0001003f值开始(仅对X86有效!)

(提示摘自《高级Windows调试手册》)

切换上下文应该会让您进入RaiseException()调用。如果您查找它,它会在参数块中接受一个异常代码和一组特定于应用程序/编译器的参数。Visual studio编译器将异常对象作为参数之一传递,即:

0:003:x86> .cxr <addr-of-context-record>
0:003:x86> dds 2bffb28 la
02bffb28  02bffb60
02bffb2c  7222872d MSVCR100!CxxThrowException+0x45  ; this is the RaiseException() call
02bffb30  e06d7363 ; c++ exception code
02bffb34  00000001 ; flags
02bffb38  00000003 ; number of parameters
02bffb3c  02bffb54 ; parameters
...

0:003:x86> dpp 02bffb54 l3
02bffb54  19930520 ; compiler magic
02bffb58  02bffb70 0016c8b0 mymodule!std::bad_alloc::`vftable'
02bffb5c  0016f088 ; exception descriptor area (compiler-specific)
...

0:003:x86>.cxr
0:003: