VS2003 在push edi 的时候AV
原贴地址:
http://eparg.spaces.msn.com/Blog/cns!1pnPgEC6RF6WtiSBWIHdc5qQ!379.entry
原贴时间:
2005-11-1
原贴作者:
eparg
个月做一个case的时候,需要激活vs2003的unmanaged debugging. 激活后用f5调试,程序还没有起来,vs2003 IDE就crash了 :(
当时比较忙,一直留到今天才来仔细观察这个问题. windbg上去后,看到crash的信息如下:
(9ec.dfc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
好,不就是熟悉的AV么,看看EIP:
0:018> u eip
AcSpecfc!NS_NatDbgDM::JumpBuffer:
7150b698 57 push edi
AcSpecfc!NS_NatDbgDM::JumpBuffer:
7150b698 57 push edi
恩,push居然都会AV,没天理阿。仔细想想,有两种可能:
1) IP地址不可读写
2) ESP不可读写
可是:
0:018> !address eip
714d0000 : 7150b000 - 00005000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:/WINDOWS/AppPatch/AcSpecfc.dll
0:018> !address esp
104d0000 : 105cb000 - 00005000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageStack
Pid.Tid 9ec.dfc
714d0000 : 7150b000 - 00005000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:/WINDOWS/AppPatch/AcSpecfc.dll
0:018> !address esp
104d0000 : 105cb000 - 00005000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageStack
Pid.Tid 9ec.dfc
傻了吧。有人知道怎么做么?(提示,该问题在打了win2k3 sp1前不会发生)
==================
解决方法,对vs2003 IDE进程取消"data execution prevention"保护。关于data execution prevention:
不过vs2003居然触发DEP,可以考虑file一个bug了
data execution prevention