实例2 无效参数(STATUS_INVALID_PARAMETER)。 错误代码:0xc000000d 错误含义:STATUS_INVALID_PARAMETER 第一步、先用「!analyze -v」分析出错误的地方以及由于什么原因导致程序Dump掉的。 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for user32.dll - Unable to load image C:\Windows\Odsv.dll, Win32 error 0n2 *** WARNING: Unable to verify timestamp for Odsv.dll *** ERROR: Module load completed but symbols could not be loaded for Odsv.dll GetPageUrlData failed, server returned HTTP status 404 URL requested: http: //watson.microsoft.com/StageOne/ProcessB_exe/1_0_0_1/4e362265/msvcr80_dll/8_0_50727_6195/4dcdd833/c000000d/0001d5fa.htm?Retriage=1 FAULTING_IP: msvcr80!strncpy_s+10a [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl @ 62] 00000000`74e6d5fa b822000000 mov eax,22h EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0000000074e6d5fa (msvcr80!strncpy_s+0x000000000000010a) ExceptionCode: c000000d ExceptionFlags: 00000000 NumberParameters: 0 PROCESS_NAME: ProcessB.exe ERROR_CODE: (NTSTATUS) 0xc000000d - <Unable to get error code text> EXCEPTION_CODE: (NTSTATUS) 0xc000000d - <Unable to get error code text> MOD_LIST: <ANALYSIS/> NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 LAST_CONTROL_TRANSFER: from 0000000000124250 to 0000000074e5b0ec FAULTING_THREAD: ffffffffffffffff DEFAULT_BUCKET_ID: STATUS_INVALID_PARAMETER PRIMARY_PROBLEM_CLASS: STATUS_INVALID_PARAMETER BUGCHECK_STR: APPLICATION_FAULT_STATUS_INVALID_PARAMETER IP_ON_STACK: +2e32faf01dedf58 00000000`00124250 60 ??? FRAME_ONE_INVALID: 1 STACK_TEXT: 00000000`00124220 00000000`00124250 : 00000000`00000006 00000000`00000000 00000000`00000001 00000000`00000000 : msvcr80!_invalid_parameter+0x6c [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\invarg.c @ 88] 00000000`00124228 00000000`00000006 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : 0x124250 00000000`00124230 00000000`00000000 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00124260 : 0x6 STACK_COMMAND: ~0s; .ecxr ; kb FOLLOWUP_IP: msvcr80!strncpy_s+10a [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl @ 62] 00000000`74e6d5fa b822000000 mov eax,22h FAULTING_SOURCE_CODE: No source found for 'f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl' SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: msvcr80!strncpy_s+10a FOLLOWUP_NAME: MachineOwner MODULE_NAME: msvcr80 IMAGE_NAME: msvcr80.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4dcdd833 FAILURE_BUCKET_ID: STATUS_INVALID_PARAMETER_c000000d_msvcr80.dll!strncpy_s BUCKET_ID: X64_APPLICATION_FAULT_STATUS_INVALID_PARAMETER_msvcr80!strncpy_s+10a WATSON_STAGEONE_URL: http: //watson.microsoft.com/StageOne/ProcessB_exe/1_0_0_1/4e362265/msvcr80_dll/8_0_50727_6195/4dcdd833/c000000d/0001d5fa.htm?Retriage=1 Followup: MachineOwner --------- 这次运气很不好,从「!analyze -v」打出来的结果来看看不出啥东西来,只知道 在调用strncpy_s的时候dmp掉了,无法定位具体是哪个函数出错的原因很多,有可能 客户采集的不是全dmp文件或者dmp文件中的栈被破坏了。 这的确很伤脑筋,就针对这个我可是花了3个星期一行行的解析栈里面的内容 才解决的。 第二步、先用「!teb」看一下这个程序的栈是从哪里到哪里的。 0:000>!teb TEB at 000007ffffeee000 ExceptionList: 0000000000000000 StackBase: 0000000008d50000 StackLimit: 0000000008d4d000 SubSystemTib: 0000000000000000 FiberData: 0000000000001e00 ArbitraryUserPointer: 0000000000000000 Self: 000007ffffeee000 EnvironmentPointer: 0000000000000000 ClientId: 0000000000001bdc . 0000000000001868 RpcHandle: 0000000000000000 Tls Storage: 000007ffffeee058 PEB Address: 000007fffffd6000 LastErrorValue: 87 LastStatusValue: c000000d Count Owned Locks: 0 HardErrorMode: 0 第三步、先用「dps」看一下这个程序的栈中的内存的内容。 下面截取其中比较重要的一段。 ------------------------------------------------------------------------------------------------------------------------------- 00000000`001247d8 00000000`74e6d5fa msvcr80!strncpy_s+0x10a [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl @ 62] 00000000`001247e0 00000000`009c01e0 00000000`001247e8 00000000`030f5810 00000000`001247f0 00000000`0057e310 ProcessB2!work ★「ProcessB2!work」的内容本应该是像这样的数据「DNxxxxxxxx_150_109」 但是现在「ProcessB2!work」中的内容却是「VIP_rtcrx00184-004a/b-y3b-d」这个。 00000000`001247f8 00000000`005782c0 ProcessB2!trcData ▲「ProcessB2!trcData」的内容是「Function:testB call」。 函数List::testB の trace( "testB" , __FILE__, __LINE__, TRCLV_3); 00000000`00124800 00000000`00000000 00000000`00124808 00000000`00000000 00000000`00124810 00000000`004a3150 ProcessB2!`string' ▲「 ProcessB2!`string'」的内容是「e:\ProcessB\FunctionB.cpp __FILE__」。 00000000`00124818 00000000`00455b65 ProcessB2!List::testB+0x55 [e:\ProcessB\Listset.cpp @ 719] 00000000`00124820 00000000`009c01e0 00000000`00124828 00000000`030f5810 00000000`00124830 00000000`0057e310 ProcessB2!work 00000000`00124838 00000000`001249e0 00000000`00124840 32322e35`322e3000 00000000`00124848 30614031`33312e34 00000000`00124850 7097fb8e`bc923730 00000000`00124858 5049565f`5753334c 00000000`00124860 00000000`0000125f 00000000`00124868 000082bd`b1200d5e 00000000`00124870 00000000`009c01e0 00000000`00124878 00000000`00467bda ProcessB2!FunctionB+0x73a [e:\ProcessB\FunctionB.cpp @ 181] ------------------------------------------------------------------------------------------------------------------------------- 这里终于定位到是哪个函数出问题。搞清楚这些函数的功能,然后打印出所有可能打印的内容,发现 函数传递了一个不合法的数据。在这里要说一下为啥传的数据不合法就会Dmp掉。 首先 strncpy 这个函数在使用的时候只要有个宏定义(默认是有的)在编译的时候就会使用strncpy_s这个安全函数。 详情可以参考下面微软的说明文档。 http: //msdn.microsoft.com/zh-cn/LIBRARY/ms175759(v=vs.80) 其次说明一下为什么会dmp掉。 strncpy 在使用的时候如果转化成strncpy_s的时候是这样一种形式。 char dst[5]; strncpy (dst, "a long string" , 5); ----> strncpy_s(dst, 5, "a long string" , 5); 而这样就会到时报STATUS_INVALID_PARAMETER这个错误这是strncpy_s的特性。具体使用方法可以参考下面的文档。 http: //msdn.microsoft.com/zh-cn/library/5dae5d43(v=vs.90).aspx 节选: char dst[5]; strncpy_s(dst, 5, "a long string" , 5); means that we are asking strncpy_s to copy five characters into a buffer five bytes long ; this would leave no space for the null terminator, hence strncpy_s zeroes out the string and calls the invalid parameter handler. If truncation behavior is needed, use _TRUNCATE or (size – 1): strncpy_s(dst, 5, "a long string" , _TRUNCATE); strncpy_s(dst, 5, "a long string" , 4); |