Windbg 应用程序崩溃转储分析
我试图分析应用程序在使用Citrix XenApp 6.5的Windows 2k8R2终端服务器上启动时崩溃的原因 我创建了一个crashdump,并试图用WinDbg对其进行分析,但我不是一个开发人员,所以我不太明白到底出了什么问题 转储文件: 这是我从WinDbg得到的:Windbg 应用程序崩溃转储分析,windbg,crash-dumps,Windbg,Crash Dumps,我试图分析应用程序在使用Citrix XenApp 6.5的Windows 2k8R2终端服务器上启动时崩溃的原因 我创建了一个crashdump,并试图用WinDbg对其进行分析,但我不是一个开发人员,所以我不太明白到底出了什么问题 转储文件: 这是我从WinDbg得到的: Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserv
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [N:\Shares\Datenaustausch\Kaufmann\atris.exe.21728.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer
Machine Name:
Debug session time: Wed Jul 17 10:51:39.000 2013 (UTC + 2:00)
System Uptime: 0 days 8:18:13.644
Process Uptime: 0 days 0:00:08.000
................................................................
................
Loading unloaded module list
.................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(54e0.2e54): Access violation - code c0000005 (first/second chance not available)
eax=00000070 ebx=038a0000 ecx=00000007 edx=00000000 esi=038a007c edi=0000008c
eip=77b3eb2a esp=00091000 ebp=00091010 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
ntdll!ULongLongToULong+0x2:
77b3eb2a 55 push ebp
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for atris.exe -
FAULTING_IP:
ntdll!ULongLongToULong+2
77b3eb2a 55 push ebp
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77b3eb2a (ntdll!ULongLongToULong+0x00000002)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00090ffc
Attempt to write to address 00090ffc
DEFAULT_BUCKET_ID: INVALID_STACK_ACCESS
PROCESS_NAME: atris.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00090ffc
WRITE_ADDRESS: 00090ffc
FOLLOWUP_IP:
msvcr80!_decode_pointer+3f
74742c18 8bf0 mov esi,eax
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 00002e54
PRIMARY_PROBLEM_CLASS: INVALID_STACK_ACCESS
BUGCHECK_STR: APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 77b3eb8e to 77b3eb2a
STACK_TEXT:
00090ffc 77b3eb8e 00000070 00000000 0009101c ntdll!ULongLongToULong+0x2
00091010 77b3e900 0000008c 00000007 00000010 ntdll!ARRAY_FITS+0x16
0009104c 77b3e9f6 0000077c 00000007 00000002 ntdll!RtlpLocateActivationContextSection+0x126
0009107c 77b3eb12 000910b8 000910dc 000910e0 ntdll!RtlpFindNextActivationContextSection+0x64
00091094 77b3ed19 000910b8 000910dc 000910e0 ntdll!RtlpFindFirstActivationContextSection+0x41
000910e8 77b3f3df 00000003 00000000 00000002 ntdll!RtlFindActivationContextSectionString+0x91
000911a4 77b3f1aa 00000000 00000000 00091390 ntdll!AitFireParentUsageEvent+0x772
00091300 77b3faf6 00000001 00091554 77b3fa84 ntdll!RtlDosApplyFileIsolationRedirection_Ustr+0x23e
00091340 77b3fe2a 00000000 00091554 77b3fa84 ntdll!LdrpApplyFileNameRedirection+0x128
000914c8 77b3fd2f 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x139
000914e4 75a51a35 00000001 00000000 00091554 ntdll!LdrGetDllHandle+0x18
00091538 75a51c49 00091554 0ce8dfd7 00000057 KERNELBASE!GetModuleHandleForUnicodeString+0x22
000919b0 75a51d44 00000001 00000002 030dad10 KERNELBASE!BasepGetModuleHandleExW+0x181
000919c8 75a52ea1 030dad10 76e711e0 001a0018 KERNELBASE!GetModuleHandleW+0x29
000919e0 74742c18 747a49ec 00000000 74742c89 KERNELBASE!GetModuleHandleA+0x34
000919ec 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x3f
000919f8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091a08 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091a0c 7474182c 00000001 74742b11 00091a2c msvcr80!_errno+0x5
00091a14 74742b11 00091a2c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091a30 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091a38 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091a44 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091a54 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091a58 7474182c 00000001 74742b11 00091a78 msvcr80!_errno+0x5
00091a60 74742b11 00091a78 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091a7c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091a84 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091a90 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091aa0 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091aa4 7474182c 00000001 74742b11 00091ac4 msvcr80!_errno+0x5
00091aac 74742b11 00091ac4 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ac8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ad0 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091adc 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091aec 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091af0 7474182c 00000001 74742b11 00091b10 msvcr80!_errno+0x5
00091af8 74742b11 00091b10 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091b14 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091b1c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091b28 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091b38 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091b3c 7474182c 00000001 74742b11 00091b5c msvcr80!_errno+0x5
00091b44 74742b11 00091b5c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091b60 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091b68 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091b74 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091b84 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091b88 7474182c 00000001 74742b11 00091ba8 msvcr80!_errno+0x5
00091b90 74742b11 00091ba8 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091bac 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091bb4 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091bc0 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091bd0 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091bd4 7474182c 00000001 74742b11 00091bf4 msvcr80!_errno+0x5
00091bdc 74742b11 00091bf4 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091bf8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c00 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091c0c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091c1c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091c20 7474182c 00000001 74742b11 00091c40 msvcr80!_errno+0x5
00091c28 74742b11 00091c40 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091c44 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c4c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091c58 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091c68 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091c6c 7474182c 00000001 74742b11 00091c8c msvcr80!_errno+0x5
00091c74 74742b11 00091c8c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091c90 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c98 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091ca4 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091cb4 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091cb8 7474182c 00000001 74742b11 00091cd8 msvcr80!_errno+0x5
00091cc0 74742b11 00091cd8 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091cdc 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ce4 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091cf0 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d00 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d04 7474182c 00000001 74742b11 00091d24 msvcr80!_errno+0x5
00091d0c 74742b11 00091d24 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091d28 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091d30 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091d3c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d4c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d50 7474182c 00000001 74742b11 00091d70 msvcr80!_errno+0x5
00091d58 74742b11 00091d70 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091d74 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091d7c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091d88 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d98 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d9c 7474182c 00000001 74742b11 00091dbc msvcr80!_errno+0x5
00091da4 74742b11 00091dbc 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091dc0 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091dc8 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091dd4 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091de4 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091de8 7474182c 00000001 74742b11 00091e08 msvcr80!_errno+0x5
00091df0 74742b11 00091e08 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091e0c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091e14 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091e20 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091e30 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091e34 7474182c 00000001 74742b11 00091e54 msvcr80!_errno+0x5
00091e3c 74742b11 00091e54 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091e58 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091e60 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091e6c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091e7c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091e80 7474182c 00000001 74742b11 00091ea0 msvcr80!_errno+0x5
00091e88 74742b11 00091ea0 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ea4 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091eac 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091eb8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091ec8 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091ecc 7474182c 00000001 74742b11 00091eec msvcr80!_errno+0x5
00091ed4 74742b11 00091eec 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ef0 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ef8 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f04 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091f14 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091f18 7474182c 00000001 74742b11 00091f38 msvcr80!_errno+0x5
00091f20 74742b11 00091f38 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091f3c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091f44 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f50 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091f60 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091f64 7474182c 00000001 74742b11 00091f84 msvcr80!_errno+0x5
00091f6c 74742b11 00091f84 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091f88 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091f90 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f9c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091fac 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091fb0 7474182c 00000001 74742b11 00091fd0 msvcr80!_errno+0x5
00091fb8 74742b11 00091fd0 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091fd4 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091fdc 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091fe8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091ff8 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091ffc 7474182c 00000001 74742b11 0009201c msvcr80!_errno+0x5
00092004 74742b11 0009201c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092020 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092028 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092034 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092044 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00092048 7474182c 00000001 74742b11 00092068 msvcr80!_errno+0x5
00092050 74742b11 00092068 76e60000 00000000 msvcr80!_get_winmajor+0x10
0009206c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092074 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092080 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092090 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00092094 7474182c 00000001 74742b11 000920b4 msvcr80!_errno+0x5
0009209c 74742b11 000920b4 76e60000 00000000 msvcr80!_get_winmajor+0x10
000920b8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
000920c0 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
000920cc 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
000920dc 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
000920e0 7474182c 00000001 74742b11 00092100 msvcr80!_errno+0x5
000920e8 74742b11 00092100 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092104 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
0009210c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092118 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092128 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
0009212c 7474182c 00000001 74742b11 0009214c msvcr80!_errno+0x5
00092134 74742b11 0009214c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092150 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092158 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092164 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092174 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: f
SYMBOL_NAME: msvcr80!_decode_pointer+3f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr80
IMAGE_NAME: msvcr80.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ca2b271
FAILURE_BUCKET_ID: INVALID_STACK_ACCESS_c0000005_msvcr80.dll!_decode_pointer
BUCKET_ID: APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE_msvcr80!_decode_pointer+3f
Followup: MachineOwner
---------
0:000> lmvm msvcr80
start end module name
74740000 747db000 msvcr80 (pdb symbols) c:\symbols\msvcr80.i386.pdb\769BC0A2E0054674A3F542BCBBD95BA81\msvcr80.i386.pdb
Loaded symbol image file: msvcr80.dll
Image path: C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
Image name: msvcr80.dll
Timestamp: Wed Sep 29 05:28:49 2010 (4CA2B271)
CheckSum: 000A606B
ImageSize: 0009B000
File version: 8.0.50727.4940
Product version: 8.0.50727.4940
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Visual Studio® 2005
InternalName: MSVCR80.DLL
OriginalFilename: MSVCR80.DLL
ProductVersion: 8.00.50727.4940
FileVersion: 8.00.50727.4940
FileDescription: Microsoft® C Runtime Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
Microsoft(R)Windows调试器版本6.12.0002.633 X86
版权所有(c)微软公司。版权所有。
正在加载转储文件[N:\Shares\Datenaustausch\Kaufmann\atris.exe.21728.dmp]
内存已满的用户小型转储文件:只有应用程序数据可用
符号搜索路径为:SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
可执行搜索路径为:
Windows 7版本7601(Service Pack 1)MP(4个进程)免费x86兼容
产品:服务器,套件:终端服务器
计算机名称:
调试会话时间:2013年7月17日星期三10:51:39.000(UTC+2:00)
系统正常运行时间:0天8:18:13.644
进程正常运行时间:0天0:00:08.000
................................................................
................
加载卸载模块列表
.................
此转储文件中存储了感兴趣的异常。
存储的异常信息可以通过.ecxr访问。
(54e0.2e54):访问违规-代码c0000005(第一次/第二次机会不可用)
eax=00000070 ebx=038a0000 ecx=00000007 edx=00000000 esi=038a007c edi=0000008c
eip=77b3eb2a esp=00091000 ebp=00091010 iopl=0 nv向上ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
ntdll!乌龙头龙+0x2:
77b3eb2a 55推式ebp
0:000> !分析-v
*******************************************************************************
* *
*异常分析*
* *
*******************************************************************************
***错误:找不到符号文件。默认为为atris.exe导出符号-
断层IP:
ntdll!乌龙头龙+2
77b3eb2a 55推式ebp
异常记录:ffffffff--(.exr 0xffffffffffffffff)
例外地址:77b3eb2a(ntdll!ulonglongtoolong+0x00000002)
例外代码:c0000005(访问冲突)
例外标志:00000000
数字参数:2
参数[0]:00000001
参数[1]:00090ffc
尝试写入地址00090ffc
默认\u BUCKET\u ID:无效的\u堆栈\u访问
进程名称:atris.exe
错误代码:(NTSTATUS)0xc0000005-在0x%08lx verweist auf Speicher 0x%08lx中出现错误。这是一个很好的例子。
异常代码:(NTSTATUS)0xc0000005-在0x%08lx verweist auf Speicher 0x%08lx中的Die ANWEISSUNG。这是一个很好的例子。
异常参数1:0000000 1
异常参数2:00090ffc
写入地址:00090ffc
后续行动(IP):
msvcr80_解码\u指针+3f
74742c18 8bf0 mov esi,eax
模块列表:
NTGLOBALFLAG:0
应用程序\验证程序\标志:0
断裂螺纹:00002e54
主要\u问题\u类:无效的\u堆栈\u访问
错误检查\u STR:应用程序\u错误\u无效\u堆栈\u访问\u无效\u指针\u写入
最后一次控制转移:从77b3eb8e到77b3eb2a
堆栈文本:
00090ffc 77b3eb8e 00000070 00000000 0009101c ntdll!乌龙头龙+0x2
00091010 77b3e900 000000 8C 0000000 7 000000 10 ntdll!数组_适合+0x16
0009104c 77b3e9f6 0000077c 0000000 7 0000000 2 ntdll!RtlpLocateActivationContextSection+0x126
0009107c 77b3eb12 000910b8 000910dc 000910e0 ntdll!RTLPFindTextActivationContextSection+0x64
00091094 77b3ed19 000910b8 000910dc 000910e0 ntdll!RtlpFindFirstActivationContextSection+0x41
000910e8 77b3f3df 0000000 3 00000000 0000000 2 ntdll!RtlFindActivationContextSectionString+0x91
000911a4 77b3f1aa 00000000 00000000 00091390 ntdll!AitFireParentUsageEvent+0x772
00091300 77b3faf6 0000000 1 00091554 77b3fa84 ntdll!RtlDosApplyFileIsolationRedirection\u Ustr+0x23e
00091340 77b3fe2a 00000000 00091554 77b3fa84 ntdll!LdrpApplyFileNameRedirection+0x128
000914c8 77b3fd2f 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x139
000914e4 75a51a35 00000001 00000000 00091554 ntdll!LdrGetDllHandle+0x18
00091538 75a51c49 00091554 0ce8dfd7 00000057内核库!GetModuleHandleForUnicode销毁+0x22
000919b0 75a51d44 00000001 00000002 030dad10内核库!BasepGetModuleHandleExW+0x181
000919c8 75a52ea1 030dad10 76e711e0 001a0018内核库!GetModuleHandleW+0x29
000919e0 74742c18 747a49ec 00000000 74742c89内核库!GetModuleHandleA+0x34
000919ec 74742c89 00000000 00000000 74742dc7 msvcr80_解码\u指针+0x3f
000919F874742DC7 FFFFFFFF00000057 00000000 msvcr80__设置\u flsgetvalue+0x1e
00091a08 74744351 7474182c 0000000 1 742B11 msvcr80_getptd_noexit+0x15
00091a0c 7474182c 0000000 1 742B11 00091a2c msvcr80_错误号+0x5
00091a14 74742b11 00091a2c 76E600000000000 msvcr80_获取_winmajor+0x10
00091a30 74742c23 00000000 74742c89 00000000 msvcr80_beginthreadex+0xc9
00091a38 74742c89 00000000 00000000 74742dc7 msvcr80_解码_指针+0x4a
00091a44 74742dc7 FFFFFFFF000000 5700000000 msvcr80__设置\u flsgetvalue+0x1e
00091a54 74744351 7474182c 0000000 1 742B11 msvcr80_getptd_noexit+0x15
00091a58 7474182c 0000000 1 742B11 00091a78 msvcr80_错误号+0x5
00091a60 74742b11 00091a78 76E600000000000 msvcr80_获取_winmajor+0x10
00091a7c 74742c23 00000000 74742c89 00000000 msvcr80_beginthreadex+0xc9
00091a84 74742c89 00000000 00000000 74742dc7 msvcr80_解码_指针+0x4a
00091a90 74742dc7 FFFFFFFF00000057 00000000 msvcr80__设置\u flsgetvalue+0x1e
00091aa0 74744351 7474182c 0000000 1 742B11 msvcr80_getptd_noexit+0x15
00091aa4 7474182c 0000000 1 74742b11 00091ac4 msvcr80_错误号+0x5
00091aac 74742b11 00091ac4 76E600000000000 msvcr80_获取_winmajor+0x10
00091ac8 74742c23 00000000 74742c89 00000000 msvcr80_beginthreadex+0xc9
00091ad0 74742c89 00000000 00000000 74742dc7 msvcr80_解码_指针+0x4a
00091 ADC 74742dc7 FFFFFFFF000000 57 00000000
FAULTING_IP:
ntdll!ULongLongToULong+2 [e:\obj.x86fre\minkernel\published\base\objfre\i386\intsafe.h @ 5610]
77b3eb2a 55 push ebp
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77b3eb2a (ntdll!ULongLongToULong+0x00000002)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00090ffc
Attempt to write to address 00090ffc
CONTEXT: 00000000 -- (.cxr 0x0;r)
eax=00000070 ebx=038a0000 ecx=00000007 edx=00000000 esi=038a007c edi=0000008c
eip=77b3eb2a esp=00091000 ebp=00091010 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
ntdll!ULongLongToULong+0x2:
77b3eb2a 55 push ebp
DEFAULT_BUCKET_ID: STACK_CORRUPTION
PROCESS_NAME: atris.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00090ffc
WRITE_ADDRESS: 00090ffc
FOLLOWUP_IP:
ntdll!ULongLongToULong+2 [e:\obj.x86fre\minkernel\published\base\objfre\i386\intsafe.h @ 5610]
77b3eb2a 55 push ebp
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: atris.exe
ANALYSIS_VERSION: 6.13.0015.1825 (debuggers(dbg).130504-0129) x86fre
FAULTING_THREAD: 00002e54
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 77b3eb8e to 77b3eb2a
PRIMARY_PROBLEM_CLASS: STACK_CORRUPTION
BUGCHECK_STR: APPLICATION_FAULT_STACK_CORRUPTION_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE
STACK_TEXT:
00091000 77b3eb8e ntdll!ARRAY_FITS+0x16
00091014 77b3e900 ntdll!RtlpLocateActivationContextSection+0x126
00091038 77b3ec62 ntdll!bsearch+0x70
00091044 77b3eba1 ntdll!ARRAY_FITS+0x2d
00091050 77b3e9f6 ntdll!RtlpFindNextActivationContextSection+0x64
00091080 77b3eb12 ntdll!RtlpFindFirstActivationContextSection+0x41
00091098 77b3ed19 ntdll!RtlFindActivationContextSectionString+0x91
000910ec 77b3f3df ntdll!sxsisol_SearchActCtxForDllName+0x90
00091154 77b3f442 ntdll!sxsisol_SearchActCtxForDllName+0x1ab
000911a0 7600311b shell32!_GUID_70577d41_432e_45c1_9245_816af8da9136+0xf
000911a8 77b3f1aa ntdll!RtlDosApplyFileIsolationRedirection_Ustr+0x23e
000911c8 00800000 atris!QuantifySaveData+0x373ff0
000912e8 77b3fb2e ntdll!ApiSetResolveToHost+0x28
000912f0 77b3fb48 ntdll!`string'+0x0
000912fc 760033bf shell32![thunk]:CResultSetManager::AddRef`adjustor{60}'+0x8
00091304 77b3faf6 ntdll!LdrpApplyFileNameRedirection+0x128
00091344 77b3fe2a ntdll!LdrGetDllHandleEx+0x139
00091380 77b3fa84 ntdll!LdrpDefaultExtension+0x0
000913a8 77b3e1b2 ntdll!zzz_AsmCodeRange_End+0x0
000913b0 760035ab shell32!CResultSetManager::~CResultSetManager+0x4d
000913fc 760035df shell32!CResultSetManager::~CResultSetManager+0x81
00091448 76003513 shell32!CResultSetManager::Release+0x1a
00091478 77c101a0 ntdll!LdrpDefaultPath+0x0
0009148c 01b3e1b2 atris!QuantifySaveData+0x16b21a2
00091490 77b40000 ntdll!LdrGetDllHandleEx+0x324
00091494 76003547 shell32!CResultSetManager::`scalar deleting destructor'+0xf
0009149c 77b3fd17 ntdll!LdrGetDllHandle+0x0
000914ac 76003477 shell32!CItem::~CItem+0x28
000914e8 75a51a35 kernelbase!GetModuleHandleForUnicodeString+0x22
0009150c 01ba9a3f atris!QuantifySaveData+0x171da2f
00091514 77b40078 ntdll!LdrGetDllHandleEx+0x451
00091518 77b3fd2f ntdll!LdrGetDllHandle+0x18
0009153c 75a51c49 kernelbase!BasepGetModuleHandleExW+0x181
00091820 02080000 atris!QuantifySaveData+0x1bf3ff0
00091830 75a51ac0 kernelbase!GetModuleHandleForUnicodeString+0xad
00091834 75a7737e kernelbase!__SEH_epilog4_GS+0xa
00091864 76003857 shell32!CResultSetManager::s_ClearSetInfo+0x58
00091884 75a51cfb kernelbase!BasepGetModuleHandleExW+0x233
000918b0 7600398b shell32!ShouldSuppressGrouping+0x26
000918fc 7600393f shell32!ILCompareHiddenStackData+0x76
00091948 76003973 shell32!ShouldSuppressGrouping+0xe
00091964 77b3e752 ntdll!RtlAnsiStringToUnicodeString+0x97
00091978 77b3e785 ntdll!RtlAnsiStringToUnicodeString+0xf2
0009197c 76003913 shell32![thunk]:CDefView::Release`adjustor{92}'+0x9
000919b4 75a51d44 kernelbase!GetModuleHandleW+0x29
000919cc 75a52ea1 kernelbase!GetModuleHandleA+0x34
000919d4 76e711e0 kernel32!TlsGetValueStub+0x0
000919e4 74742c18 msvcr80!_decode_pointer+0x3f
000919e8 747a49ec msvcr80!`string'+0x0
0018f054 74742c23 msvcr80!_decode_pointer+0x4a
0018f05c 74742c89 msvcr80!__set_flsgetvalue+0x1e
0018f068 74742dc7 msvcr80!_getptd_noexit+0x15
0018f078 74744351 msvcr80!_errno+0x5
0018f07c 7474182c msvcr80!_get_winmajor+0x10
0018f084 74742b11 msvcr80!_use_encode_pointer+0x1b
0018f09c 77b3e046 ntdll!RtlAllocateHeap+0x0
0018f0a0 74742bac msvcr80!_encode_pointer+0x4a
0018f0a8 74742bd7 msvcr80!_encoded_null+0x7
0018f0b0 747410de msvcr80!_set_error_mode+0x5
0018f0b4 74741c91 msvcr80!_FF_MSGBANNER+0x7
0018f0bc 74744d31 msvcr80!malloc+0x28
0018f0cc 76e71484 kernel32!InterlockedCompareExchangeStub+0x0
0018f0d0 7474474a msvcr80!_malloc_crt+0xd
0018f0d8 72b0e440 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x6460
0018f0e0 72af4e19 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x329
0018f0e8 72b0a1d0 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21f0
0018f0ec 74741762 msvcr80!_initterm_e+0x15
0018f0f4 72af4efe ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x40e
0018f0f8 72b0a1cc ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21ec
0018f0fc 72b0a1d4 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21f4
0018f110 72af5084 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x594
0018f144 72af553d ctxwsapi!CtxWSAppKilledNotifyPrivileged+0xa4d
0018f154 72af5150 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x660
0018f184 72af0000 ctxwsapi+0x0
0018f1e0 77b4da1b ntdll!LdrpHandleTlsData+0x2f
0018f1e4 68590000 sehook20+0x0
0018f1f0 77b4da2d ntdll!LdrpHandleTlsData+0x323
0018f1f4 7611d2d3 shell32!CUndoManager::GetOpenParentState+0x49
0018f23c 72af5133 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x643
0018f250 00b4bc9e atris!QuantifySaveData+0x6bfc8e
0018f270 77b4d78c ntdll!LdrpLoadDll+0x4d1
0018f284 77b329ba ntdll! ?? ::FNODOBFM::`string'+0x0
0018f2ac 010db390 atris!QuantifySaveData+0xc4f380
0018f2c4 758f18a3 imm32!CtfImmTIMActivate+0x32
0018f2e4 7595b546 user32!ImeSystemHandler+0x2a6
0018f374 75a76fd0 kernelbase!_except_handler4+0x0
0018f380 75a55a0b kernelbase!LocalAlloc+0x19a
0018f390 7595cfef user32!RealDefWindowProcA+0x4a
0018f394 75a5e949 kernelbase!BasepIncInstanceRefCount+0x1e
0018f398 75a81810 kernelbase!DllSearchPath+0x10
0018f3a4 75a81800 kernelbase!DllSearchPath+0x0
0018f3b4 75a5eac2 kernelbase!BaseEndReadingCache+0x3a
0018f3b8 77b74393 ntdll!RtlWow64EnableFsRedirectionEx+0x70
0018f3bc 7611d367 shell32!CEnumOleUndoUnit::Skip+0x12
0018f3d0 01ba9dbf atris!QuantifySaveData+0x171ddaf
0018f3dc 77b4c4d5 ntdll!LdrLoadDll+0xaa
0018f3f8 77b47d93 ntdll!RtlInitUnicodeStringEx+0x0
0018f414 75a52c95 kernelbase!LoadLibraryExW+0x1f1
0018f450 7595aac3 user32!__ClientLoadLibrary+0x66
0018f590 77b2010a ntdll!KiUserCallbackDispatcher+0x2e
0018f5a0 77b20070 ntdll!KiUserCallbackExceptionHandler+0x0
0018f5bc 00680066 atris!QuantifySaveData+0x1f4056
0018f5cc 7595a95d user32!NtUserCreateWindowEx+0x15
0018f5d0 7595a8e8 user32!VerNtUserCreateWindowEx+0x1a9
0018f690 77b438be ntdll!RtlpFreeHeap+0xbb1
0018f69c 7611d7c3 shell32!CEnumOleUndoUnit::Next+0x35
0018f6e4 02000002 atris!QuantifySaveData+0x1b73ff2
0018f724 77b43c94 ntdll!RtlpAllocateHeap+0xab2
0018f72c 7611d743 shell32!_GUID_df7b49a5_e292_4b38_b6df_bb4b621e7282+0x3
0018f754 01000001 atris!QuantifySaveData+0xb73ff1
0018f760 01010000 atris!QuantifySaveData+0xb83ff0
0018f774 01bae8ef atris!QuantifySaveData+0x17228df
0018f77c 77b4389a ntdll!RtlpFreeHeap+0xb7a
0018f780 77b43492 ntdll!RtlFreeHeap+0x142
0018f7e0 01000000 atris!QuantifySaveData+0xb73ff0
0018f7f4 01bae8cf atris!QuantifySaveData+0x17228bf
0018f7fc 77b43cc3 ntdll!RtlpAllocateHeap+0xe73
0018f800 77b43cee ntdll!RtlAllocateHeap+0x23a
0018f850 01baee67 atris!QuantifySaveData+0x1722e57
0018f858 77b3f55e ntdll!RtlImageNtHeaderEx+0x117
0018f85c 77b4319f ntdll!RtlImageNtHeader+0x1b
0018f864 00400000 atris+0x0
0018f87c 7595aa3c user32!_CreateWindowEx+0x210
0018f8d0 01baf2e7 atris!QuantifySaveData+0x17232d7
0018f8d8 77b3e38c ntdll!RtlpLowFragHeapAllocFromContext+0xaec
0018f8dc 77b3e0f2 ntdll!RtlAllocateHeap+0x206
0018f900 77b32260 ntdll!RtlLeaveCriticalSection+0x0
0018f904 50008f45 gwbase!GwMemoryPool::allocate+0x5e
0018f930 7595d261 user32!CreateWindowExA+0x33
0018f96c 50168de1 gwcore!GwGritSync::GwGritSync+0x6f
0018f9ac 50168e42 gwcore!GwGritSync::wnd_proc+0x0
0018f9cc 502280a8 gwcore!gwtogitm_atom_tab+0x1b8
0018f9d0 50230438 gwcore!GwDDE::dde_sync+0x0
0018f9d8 501a6166 gwcore!GwDDEerror_message+0x2f2
0018f9dc 5022424c gwcore!GwDDE_Client::`vftable'+0x5cfe8
0018f9e0 501a4969 gwcore!GwDDESync::operator=+0x67
0018f9e4 754cc167 msvcrt!_initterm+0x13
0018f9f0 501a7b99 gwcore!GwDDEerror_message+0x1d25
0018f9f4 50224000 gwcore!GwDDE_Client::`vftable'+0x5cd9c
0018f9f8 50224254 gwcore!GwDDE_Client::`vftable'+0x5cff0
0018fa00 501a7c51 gwcore!GwDDEerror_message+0x1ddd
0018fa20 77b49950 ntdll!zzz_AsmCodeRange_End+0x0
0018fa40 77b4d8c9 ntdll!LdrpRunInitializeRoutines+0x26f
0018fa48 50100000 gwcore+0x0
0018fa54 7611db8f shell32!CCommonParentUndoUnit::GetMarshalSizeMax+0x76
0018fa64 77b4c913 ntdll!SbUpdateSwitchContextBasedOnDll+0x267
0018fa68 77b4ea4b ntdll!LdrpHandleOneOldFormatImportDescriptor+0x11d
0018fa7c 77b4c95c ntdll!SbSupportedOsList+0x1c
0018fa88 77b4c940 ntdll!SbSupportedOsList+0x0
0018faa8 77b4df9d ntdll!LdrpProcessStaticImports+0x2b4
0018fab0 77b4dfc4 ntdll!LdrpProcessStaticImports+0x2d0
0018fab4 77b4dfb4 ntdll!LdrpProcessStaticImports+0x1ab
0018fab8 7611db93 shell32!CCommonParentUndoUnit::GetMarshalSizeMax+0x7a
0018fac0 77b566bc ntdll!Kernel32DllName+0x0
0018fae4 77b4d8a8 ntdll!LdrpRunInitializeRoutines+0x24b
0018fb00 501a7c00 gwcore!GwDDEerror_message+0x1d8c
0018fb28 01ba9e0f atris!QuantifySaveData+0x171ddff
0018fb34 77b5681c ntdll!LdrpInitializeProcess+0x1400
0018fb44 77c1206c ntdll!LdrpProcessInitialized+0x0
0018fbc4 77b55838 ntdll!KnownDllPathString+0x0
0018fbd8 77b33cbe ntdll! ?? ::FNODOBFM::`string'+0x0
0018fbe4 77b100d8 ntdll!CsrPortMemoryRemoteDelta+0x0
0018fbfc 76e60000 kernel32!ConsolePortHeap+0x0
0018fc20 0208001c atris!QuantifySaveData+0x1bf400c
0018fc40 00400118 atris+0x118
0018fcac 7611dc0f shell32!CCommonParentUndoUnit::MarshalInterface+0x45
0018fcb4 77b552d6 ntdll!_LdrpInitialize+0x78
0018fcc0 7611ddbf shell32!CEnumOleUndoUnit::Release+0x23
0018fce4 77c12088 ntdll!__security_cookie+0x0
0018fcf4 77b871d5 ntdll!_except_handler4+0x0
0018fcf8 01ba9e2f atris!QuantifySaveData+0x171de1f
0018fd04 77b49e79 ntdll!LdrInitializeThunk+0x10
0018fd1c 77b10000 ntdll!CsrPortMemoryRemoteDelta+0x0
0018fdac 016718a3 atris!QuantifySaveData+0x11e5893
0018fdd4 01b2f7e2 atris!QuantifySaveData+0x16a37d2
0018fddc 77b201b4 ntdll!RtlUserThreadStart+0x0
SYMBOL_STACK_INDEX: 49
SYMBOL_NAME: ctxwsapi
FOLLOWUP_NAME: wintriag
MODULE_NAME: ctxwsapi
IMAGE_NAME: ctxwsapi.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 51b5cf53
STACK_COMMAND: dpS 91000 190000 ; dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dps 91000 ; kb
FAILURE_BUCKET_ID: STACK_CORRUPTION_c0000005_ctxwsapi.dll!Unknown
BUCKET_ID: APPLICATION_FAULT_STACK_CORRUPTION_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE_ctxwsapi
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:stack_corruption_c0000005_ctxwsapi.dll!unknown
FAILURE_ID_HASH: {25f34e8f-b24e-3ec8-95d5-cbe76e2a9281}
0:000> !teb
TEB at 7efdd000
ExceptionList: 000914b8
StackBase: 00190000
StackLimit: 00091000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: 7efdd000
EnvironmentPointer: 00000000
ClientId: 000054e0 . 00002e54
RpcHandle: 00000000
Tls Storage: 7efdd02c
PEB Address: 7efde000
LastErrorValue: 87
LastStatusValue: c000000d