Fatal编程技术网
  • windbg/
  • 无法继续AppCrash_w3wp的Windbg分析

无法继续AppCrash_w3wp的Windbg分析

windbg

无法继续AppCrash_w3wp的Windbg分析,windbg,Windbg,我正在为AppCrash_w3wp进行内存转储分析。 当我做一件事的时候!analyze-v我得到以下结果 我的符号设置有问题吗?还是这一分析指向了一些实际问题?有人能告诉我如何进一步分析这个问题吗 ==:> *** WARNING: Unable to verify timestamp for webengine4.dll Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\54c5d3ee1

我正在为AppCrash_w3wp进行内存转储分析。 当我做一件事的时候!analyze-v我得到以下结果

我的符号设置有问题吗?还是这一分析指向了一些实际问题?有人能告诉我如何进一步分析这个问题吗

==:>

*** WARNING: Unable to verify timestamp for webengine4.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\54c5d3ee1f311718f3a2feb337c5fa29\mscorlib.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\987d450520ea6e815c63db8aecba0761\System.Data.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Data.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mvc\9f9155f1c13562534f6cb370b0ad8381\System.Web.Mvc.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.Mvc.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for System.Web.Mvc.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\cb6d38da3ca9a62afed46123b693899e\System.Web.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System\4598449d72d7ebbd53952399ed5fc710\System.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify timestamp for alk_dalkutil64.dll
*** ERROR: Module load completed but symbols could not be loaded for alk_dalkutil64.dll

FAULTING_IP: 
KERNELBASE!RaiseException+39
000007fe`fda8940d 4881c4c8000000  add     rsp,0C8h

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fefda8940d (KERNELBASE!RaiseException+0x0000000000000039)
   ExceptionCode: e0434352 (CLR exception)
  ExceptionFlags: 00000001
NumberParameters: 5
   Parameter[0]: ffffffff80004003
   Parameter[1]: 0000000000000000
   Parameter[2]: 0000000000000000
   Parameter[3]: 0000000000000000
   Parameter[4]: 000007fefa140000

CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
rax=0000000001470000 rbx=000000001791d5d0 rcx=0000000001470000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077be186a rsp=000000001791d498 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000040 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=000000001791d540
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwWaitForMultipleObjects+0xa:
00000000`77be186a c3              ret

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PROCESS_NAME:  w3wp.exe

ERROR_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>

EXCEPTION_PARAMETER1:  ffffffff80004003

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_PARAMETER3:  0000000000000000

EXCEPTION_PARAMETER4: 0

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

APP:  w3wp.exe

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

MANAGED_STACK: 

EXCEPTION_OBJECT: !pe 103f98b08
Exception object: 0000000103f98b08
Exception type:   System.AccessViolationException
Message:          Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
InnerException:   <none>
StackTrace (generated):
<none>
StackTraceString: <none>
HResult: 80004003

MANAGED_OBJECT: !dumpobj ffb11420
Name:        System.String
MethodTable: 000007fef8886500
EEClass:     000007fef81a3750
Size:        26(0x1a) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
0000000000000000  40000aa        8         System.Int32  1 instance                0 m_stringLength
0000000000000000  40000ab        c          System.Char  1 instance                0 m_firstChar
000007fef8886500  40000ac       18        System.String  0   shared           static Empty
                                 >> Domain:Value  0000000002488520:NotInit  0000000002576750:NotInit  <<

EXCEPTION_MESSAGE:  Attempted to read or write protected memory. This is often an indication that other memory is corru

MANAGED_OBJECT_NAME:  SYSTEM.ACCESSVIOLATIONEXCEPTION

MANAGED_STACK_COMMAND:  ** Check field   _remoteStackTraceString **;!do 103f98b08;!do ffb11420

LAST_CONTROL_TRANSFER:  from 000007fefa35565b to 000007fefda8940d

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION

STACK_TEXT:  
00000000`00000000 00000000`00000000 w3wp!Unknown+0x0


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  w3wp!Unknown

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: w3wp

IMAGE_NAME:  w3wp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7afa2

STACK_COMMAND:  ** Check field   _remoteStackTraceString **;!do 103f98b08;!do ffb11420 ; ** Pseudo Context ** ; kb

FAILURE_BUCKET_ID:  WRONG_SYMBOLS_e0434352_w3wp.exe!Unknown

BUCKET_ID:  X64_APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION_w3wp!Unknown

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:wrong_symbols_e0434352_w3wp.exe!unknown

FAILURE_ID_HASH:  {419a5b7f-31d5-d77e-cd0e-fe26c9258bfb}

Followup: MachineOwner
我的符号设置有问题吗?

对。用命令纠正它

.symfix x:\symbols; * Wherever you want the symbols to be
.reload
或者,如果已经设置了其他符号路径:

.symfix+ x:\symbols
.reload
还是该分析指向了一些实际问题?

还有。您的.NET异常导致程序崩溃。这是一个问题

类型是AccessViolation,类似于NullReferenceException。希望固定符号不会在这里造成巨大的冷漠

有人能指导我如何进一步分析吗?

固定符号后,继续执行

.loadby sos clr
!pe
!clrstack
尝试修复MS符号:
.symfix;。重新加载
谢谢@Thomas W我尝试了symfix。我的观察太长,不能作为评论。所以我编辑了这篇文章。基本上,尽管我为_NT_SYMBOL_PATH添加了一个环境变量,但符号没有正确加载。这就是我所关心的。而且“!sym noise”对我没有帮助,或者我不能很好地解释它。环境变量本来是不必要的,但也不坏。符号现在看起来不错。那么
.loadby sos clr;!体育课clrstack
?SOS.dll存在于“C:\Windows\Microsoft.NET\Framework64\v4.0.30319”中,我还将其复制到安装windbg的“C:\Program Files(x86)\Windows Kits\8.1\Debuggers\x64”中。但我仍然收到这个消息-==0:103>;调用LoadLibrary(C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos)失败,Win32错误0n193“%1”不是有效的Win32应用程序。请检查调试器配置和/或网络访问===不需要将SOS.dll复制到某个地方。你用错了WinDbg的比特数。试试32位版本。 
.loadby sos clr
!pe
!clrstack